revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-02-17 09:18:44 +01:00
Code Issues Releases Wiki Activity

Minor, fix CSRF error caused by D1329.

Browse source
This commit is contained in:
epriestley 2012-01-09 13:47:33 -08:00
parent a2349e82ba
commit 5f8711ebf8
1 changed files with 17 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/applications/people/storage/user/PhabricatorUser.php
View file

@ -265,9 +265,13 @@ class PhabricatorUser extends PhabricatorUserDAO {
$existing_sessions = array_keys($sessions); $existing_sessions = array_keys($sessions);
// UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$retries = 0; $retries = 0;
while (true) { while (true) {
// Choose which 'type' we'll actually establish, i.e. what number we're // Choose which 'type' we'll actually establish, i.e. what number we're
// going to append to the basic session type. To do this, just check all // going to append to the basic session type. To do this, just check all
// the numbers sequentially until we find an available session. // the numbers sequentially until we find an available session.
@ -301,9 +305,6 @@ class PhabricatorUser extends PhabricatorUserDAO {
$expect_key = $oldest['sessionKey']; $expect_key = $oldest['sessionKey'];
} }
// UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
// This is so that we'll only overwrite the session if it hasn't been // This is so that we'll only overwrite the session if it hasn't been
// refreshed since we read it. If it has, the session key will be // refreshed since we read it. If it has, the session key will be
// different and we know we're racing other processes. Whichever one // different and we know we're racing other processes. Whichever one
@ -319,8 +320,6 @@ class PhabricatorUser extends PhabricatorUserDAO {
$establish_type, $establish_type,
$expect_key); $expect_key);
unset($unguarded);
if ($conn_w->getAffectedRows()) { if ($conn_w->getAffectedRows()) {
// The update worked, so the session is valid. // The update worked, so the session is valid.
break; break;