Skip to content

Commit

Permalink
Fixes CSRF token for pages with multiple forms
Browse files Browse the repository at this point in the history
  • Loading branch information
@sebthebert
sebthebert committed Nov 13, 2016
1 parent fb9a799 commit 512cab1
Showing 1 changed file with 13 additions and 4 deletions.
17 changes: 13 additions & 4 deletions usr/share/aat/INC/AAT_Form_Begin.inc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,20 @@
<%
if ((!defined $arg{method}) || ($arg{method} eq "") || ($arg{method} =~ /^POST$/i))
{
use Data::GUID;
my $token = undef;

my $guid = Data::GUID->new;
my $token = $guid->as_string;
$Session->{CSRFtoken} = $token;
if (defined $Session->{CSRFtoken})
{ # not the first form on the page
$token = $Session->{CSRFtoken};
}
else
{
use Data::GUID;

my $guid = Data::GUID->new;
$token = $guid->as_string;
$Session->{CSRFtoken} = $token;
}
%>
<AAT:Form_Hidden name="CSRFtoken" value="$token" />
<%
Expand Down

0 comments on commit 512cab1

Please sign in to comment.