mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-27 09:12:41 +01:00
Minor, fix CSRF error caused by D1329.
This commit is contained in:
parent
a2349e82ba
commit
5f8711ebf8
1 changed files with 17 additions and 18 deletions
|
@ -265,9 +265,13 @@ class PhabricatorUser extends PhabricatorUserDAO {
|
|||
|
||||
$existing_sessions = array_keys($sessions);
|
||||
|
||||
// UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet.
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
|
||||
$retries = 0;
|
||||
while (true) {
|
||||
|
||||
|
||||
// Choose which 'type' we'll actually establish, i.e. what number we're
|
||||
// going to append to the basic session type. To do this, just check all
|
||||
// the numbers sequentially until we find an available session.
|
||||
|
@ -301,9 +305,6 @@ class PhabricatorUser extends PhabricatorUserDAO {
|
|||
$expect_key = $oldest['sessionKey'];
|
||||
}
|
||||
|
||||
// UNGUARDED WRITES: Logging-in users don't have CSRF stuff yet.
|
||||
$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
|
||||
|
||||
// This is so that we'll only overwrite the session if it hasn't been
|
||||
// refreshed since we read it. If it has, the session key will be
|
||||
// different and we know we're racing other processes. Whichever one
|
||||
|
@ -319,8 +320,6 @@ class PhabricatorUser extends PhabricatorUserDAO {
|
|||
$establish_type,
|
||||
$expect_key);
|
||||
|
||||
unset($unguarded);
|
||||
|
||||
if ($conn_w->getAffectedRows()) {
|
||||
// The update worked, so the session is valid.
|
||||
break;
|
||||
|
|
Loading…
Reference in a new issue