summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2010-01-11 08:40:22 +0000
committerroot <root@ip-10-250-162-129.ec2.internal>2010-01-11 08:40:22 +0000
commit5ec25a9691cac0f7bfa02fb2f6237f91fc1a2e82 (patch)
treed1fba218b733db73927bfa3c1d89964d7415dd4e
parentae7469a127a3d95237085335b46077460c536814 (diff)
inject session before redirect for login
-rw-r--r--actions/login.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/actions/login.php b/actions/login.php
index 9c47d88b1..8ea3c800b 100644
--- a/actions/login.php
+++ b/actions/login.php
@@ -103,6 +103,15 @@ class LoginAction extends Action
// CSRF protection - token set in NoticeForm
$token = $this->trimmed('token');
if (!$token || $token != common_session_token()) {
+ $st = common_session_token();
+ if (empty($token)) {
+ common_log(LOG_WARNING, 'No token provided by client.');
+ } else if (empty($st)) {
+ common_log(LOG_WARNING, 'No session token stored.');
+ } else {
+ common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st);
+ }
+
$this->clientError(_('There was a problem with your session token. '.
'Try again, please.'));
return;
@@ -135,6 +144,7 @@ class LoginAction extends Action
if ($url) {
// We don't have to return to it again
common_set_returnto(null);
+ $url = common_inject_session($url);
} else {
$url = common_local_url('all',
array('nickname' =>