Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix: [users] Avoid POSTing forms not linked to the login page resulti…
…ng in unwanted actions

- As reported by Michael Kerscher
  • Loading branch information
mokaddem committed Sep 15, 2020
1 parent 5d3dee3 commit 1649631
Showing 1 changed file with 4 additions and 1 deletion.
5 changes: 4 additions & 1 deletion app/View/Users/login.ctp
Expand Up @@ -81,7 +81,10 @@ function submitLoginForm() {
$form[0].reportValidity()
} else {
fetchFormDataAjax(url, function(html) {
var formHTML = $(html).find('form')
var formHTML = $(html).find('form#UserLoginForm')
if (!formHTML.length) {
window.location = baseurl + '/users/login'
}
$('body').append($('<div id="temp" style="display: none"/>').append(formHTML))
var $tmpForm = $('#temp form')
$tmpForm.find('#UserEmail').val(email)
Expand Down

0 comments on commit 1649631

Please sign in to comment.