diff options
author | Craig Andrews <candrews@integralblue.com> | 2010-09-05 17:35:43 -0400 |
---|---|---|
committer | Craig Andrews <candrews@integralblue.com> | 2010-09-07 13:45:52 -0400 |
commit | 3dd734b2c3ea49c55467cfbfd4b3a5fb38456e87 (patch) | |
tree | 330d8ebb3b178d9705c9669e7b7074206fee14f9 /plugins | |
parent | 86a702953a8082b062e48c8f6eea60a7f749ef12 (diff) |
Remove CSRF protection from username/password login and from OpenID login.
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/OpenID/openidlogin.php | 9 |
1 files changed, 0 insertions, 9 deletions
diff --git a/plugins/OpenID/openidlogin.php b/plugins/OpenID/openidlogin.php index 20d6e070c..f3a5c8847 100644 --- a/plugins/OpenID/openidlogin.php +++ b/plugins/OpenID/openidlogin.php @@ -42,14 +42,6 @@ class OpenidloginAction extends Action oid_assert_allowed($openid_url); - # CSRF protection - $token = $this->trimmed('token'); - if (!$token || $token != common_session_token()) { - // TRANS: Message given when there is a problem with the user's session token. - $this->showForm(_m('There was a problem with your session token. Try again, please.'), $openid_url); - return; - } - $rememberme = $this->boolean('rememberme'); common_ensure_session(); @@ -136,7 +128,6 @@ class OpenidloginAction extends Action $this->elementStart('fieldset'); // TRANS: OpenID plugin logon form legend. $this->element('legend', null, _m('OpenID login')); - $this->hidden('token', common_session_token()); $this->elementStart('ul', 'form_data'); $this->elementStart('li'); |