diff options
author | Evan Prodromou <evan@status.net> | 2010-01-11 08:40:22 +0000 |
---|---|---|
committer | root <root@ip-10-250-162-129.ec2.internal> | 2010-01-11 08:40:22 +0000 |
commit | 5ec25a9691cac0f7bfa02fb2f6237f91fc1a2e82 (patch) | |
tree | d1fba218b733db73927bfa3c1d89964d7415dd4e /actions/login.php | |
parent | ae7469a127a3d95237085335b46077460c536814 (diff) |
inject session before redirect for login
Diffstat (limited to 'actions/login.php')
-rw-r--r-- | actions/login.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/actions/login.php b/actions/login.php index 9c47d88b1..8ea3c800b 100644 --- a/actions/login.php +++ b/actions/login.php @@ -103,6 +103,15 @@ class LoginAction extends Action // CSRF protection - token set in NoticeForm $token = $this->trimmed('token'); if (!$token || $token != common_session_token()) { + $st = common_session_token(); + if (empty($token)) { + common_log(LOG_WARNING, 'No token provided by client.'); + } else if (empty($st)) { + common_log(LOG_WARNING, 'No session token stored.'); + } else { + common_log(LOG_WARNING, 'Token = ' . $token . ' and session token = ' . $st); + } + $this->clientError(_('There was a problem with your session token. '. 'Try again, please.')); return; @@ -135,6 +144,7 @@ class LoginAction extends Action if ($url) { // We don't have to return to it again common_set_returnto(null); + $url = common_inject_session($url); } else { $url = common_local_url('all', array('nickname' => |