php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-26 14:26:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #15496: CSRF token is now regenerated on changing identity

Browse Source
This commit is contained in:
Alexander Makarov
2018-01-14 02:13:24 +03:00
committed by GitHub
parent 7adf3152cb
commit 6c0540aa2d
3 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
framework/CHANGELOG.md
View File

@ -3,6 +3,8 @@ Yii Framework 2 Change Log
2.0.14 under development 2.0.14 under development
------------------------ ------------------------
- Enh #15496: CSRF token is now regenerated on changing identity (samdark, rhertogh)
- Enh #15417: Added `yii\validators\FileValidator::$minFiles` (vladis84) - Enh #15417: Added `yii\validators\FileValidator::$minFiles` (vladis84)
- Bug #8983: Only truncate the original log file for rotation (matthewyang, developeruz) - Bug #8983: Only truncate the original log file for rotation (matthewyang, developeruz)
- Bug #14157: Add support for loading default value `CURRENT_TIMESTAMP` of MySQL `datetime` field (rossoneri) - Bug #14157: Add support for loading default value `CURRENT_TIMESTAMP` of MySQL `datetime` field (rossoneri)

3
framework/web/User.php
View File

@ -641,6 +641,9 @@ class User extends Component
$this->sendIdentityCookie($identity, $duration); $this->sendIdentityCookie($identity, $duration);
} }
} }
// regenerate CSRF token
Yii::$app->getRequest()->getCsrfToken(true);
} }
/** /**

1
tests/framework/helpers/UrlTest.php
View File

@ -29,6 +29,7 @@ class UrlTest extends TestCase
'components' => [ 'components' => [
'request' => [ 'request' => [
'class' => 'yii\web\Request', 'class' => 'yii\web\Request',
'cookieValidationKey' => '123',
'scriptUrl' => '/base/index.php', 'scriptUrl' => '/base/index.php',
'hostInfo' => 'http://example.com/', 'hostInfo' => 'http://example.com/',
'url' => '/base/index.php&r=site%2Fcurrent&id=42', 'url' => '/base/index.php&r=site%2Fcurrent&id=42',