php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-08-22 03:18:00 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fixes #1634: Use masked CSRF tokens to prevent BREACH exploits

Browse Source
This commit is contained in:
Qiang Xue
2013-12-26 17:51:14 -05:00
parent 2686403c0e
commit c8960168c5
4 changed files with 60 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
framework/yii/helpers/BaseHtml.php
View File

@ -241,7 +241,7 @@ class BaseHtml
$method = 'post';
}
if ($request->enableCsrfValidation && !strcasecmp($method, 'post')) {
$hiddenInputs[] = static::hiddenInput($request->csrfVar, $request->getCsrfToken());
$hiddenInputs[] = static::hiddenInput($request->csrfVar, $request->getMaskedCsrfToken());
}
}