From 8071beaa75257a6e763bf8b2d6dd586fe0935d6b Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 15 Oct 2011 20:53:56 +0200 Subject: bind security token to username This makes the security token more robust agains session fixation attacks. A CSRF warning will no longer abort a page save but lead to the preview mode to avoid information loss when a user logs in during editing (eg in another tab). --- inc/actions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/actions.php') diff --git a/inc/actions.php b/inc/actions.php index 1a0ae4028..ddfafc554 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -101,7 +101,7 @@ function act_dispatch(){ if(checkSecurityToken()){ $ACT = act_save($ACT); }else{ - $ACT = 'show'; + $ACT = 'preview'; } } -- cgit v1.2.3 From d5a9514cb7286254b1dcf65ba764234e199b8b7f Mon Sep 17 00:00:00 2001 From: Adrian Lang Date: Sun, 30 Oct 2011 11:15:13 +0100 Subject: Remove references to (un)?subscribens. --- inc/actions.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc/actions.php') diff --git a/inc/actions.php b/inc/actions.php index ddfafc554..4a2e200ae 100644 --- a/inc/actions.php +++ b/inc/actions.php @@ -215,7 +215,7 @@ function act_clean($act){ //disable all acl related commands if ACL is disabled if(!$conf['useacl'] && in_array($act,array('login','logout','register','admin', 'subscribe','unsubscribe','profile','revert', - 'resendpwd','subscribens','unsubscribens',))){ + 'resendpwd'))){ msg('Command unavailable: '.htmlspecialchars($act),-1); return 'show'; } @@ -227,7 +227,7 @@ function act_clean($act){ 'preview','search','show','check','index','revisions', 'diff','recent','backlink','admin','subscribe','revert', 'unsubscribe','profile','resendpwd','recover', - 'draftdel','subscribens','unsubscribens','sitemap','media')) && substr($act,0,7) != 'export_' ) { + 'draftdel','sitemap','media')) && substr($act,0,7) != 'export_' ) { msg('Command unknown: '.htmlspecialchars($act),-1); return 'show'; } -- cgit v1.2.3