revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 15:22:41 +01:00
Code Issues Releases Wiki Activity

Minor, fix CSRF error caused by D1329.

Browse source
This commit is contained in:
epriestley 2012-01-09 13:47:33 -08:00
parent a2349e82ba
commit 5f8711ebf8
1 changed files with 17 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/applications/people/storage/user/PhabricatorUser.php
View file

@ -265,9 +265,13 @@ class PhabricatorUser extends PhabricatorUserDAO {
$existing_sessions = array_keys($sessions);
// UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
$retries = 0;
while (true) {
// Choose which 'type' we'll actually establish, i.e. what number we're
// going to append to the basic session type. To do this, just check all
// the numbers sequentially until we find an available session.
@ -301,9 +305,6 @@ class PhabricatorUser extends PhabricatorUserDAO {
$expect_key = $oldest['sessionKey'];
}
// UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet.
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
// This is so that we'll only overwrite the session if it hasn't been
// refreshed since we read it. If it has, the session key will be
// different and we know we're racing other processes. Whichever one
@ -319,8 +320,6 @@ class PhabricatorUser extends PhabricatorUserDAO {
$establish_type,
$expect_key);
unset($unguarded);
if ($conn_w->getAffectedRows()) {
// The update worked, so the session is valid.
break;