From 8071beaa75257a6e763bf8b2d6dd586fe0935d6b Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 15 Oct 2011 20:53:56 +0200
Subject: bind security token to username

This makes the security token more robust agains session fixation
attacks. A CSRF warning will no longer abort a page save but lead to the
preview mode to avoid information loss when a user logs in during
editing (eg in another tab).
---
 inc/actions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/actions.php')

diff --git a/inc/actions.php b/inc/actions.php
index 1a0ae4028..ddfafc554 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -101,7 +101,7 @@ function act_dispatch(){
             if(checkSecurityToken()){
                 $ACT = act_save($ACT);
             }else{
-                $ACT = 'show';
+                $ACT = 'preview';
             }
         }
 
-- 
cgit v1.2.3