Updating csrf token but leaving backwards compatibility

andrewelkins · Mar 15, 2013 · 3a39c60 · 3a39c60
1 parent ee08bcf
commit 3a39c60
Show file tree

Hide file tree

Showing 12 changed files with 12 additions and 12 deletions.
diff --git a/app/controllers/user/UserController.php b/app/controllers/user/UserController.php
@@ -81,7 +81,7 @@ public function postLogin()
     {
         $input = array(
             'email'    => Input::get( 'email' ), // May be the username too
-            'username'    => Input::get( 'email' ), // May be the username too
+            'username' => Input::get( 'email' ), // May be the username too
             'password' => Input::get( 'password' ),
             'remember' => Input::get( 'remember' ),
         );

diff --git a/app/filters.php b/app/filters.php
@@ -60,7 +60,7 @@
 
 Route::filter('csrf', function()
 {
-	if (Session::getToken() != Input::get('csrf_token'))
+	if (Session::getToken() != Input::get('csrf_token') &&  Session::getToken() != Input::get('_token'))
 	{
 		throw new Illuminate\Session\TokenMismatchException;
 	}

diff --git a/app/views/admin/blogs/create.blade.php b/app/views/admin/blogs/create.blade.php
@@ -27,7 +27,7 @@
 
 <form class="form-horizontal" method="post" action="" autocomplete="off">
 	<!-- CSRF Token -->
-	<input type="hidden" name="csrf_token" value="{{{ csrf_token() }}}" />
+	<input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
 	<!-- ./ csrf token -->
 
 	<!-- Tabs Content -->

diff --git a/app/views/admin/blogs/edit.blade.php b/app/views/admin/blogs/edit.blade.php
@@ -27,7 +27,7 @@
 
 <form class="form-horizontal" method="post" action="" autocomplete="off">
 	<!-- CSRF Token -->
-	<input type="hidden" name="csrf_token" value="{{{ csrf_token() }}}" />
+	<input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
 	<!-- ./ csrf token -->
 
 	<!-- Tabs Content -->

diff --git a/app/views/admin/comments/edit.blade.php b/app/views/admin/comments/edit.blade.php
@@ -27,7 +27,7 @@
 
 <form class="form-horizontal" method="post" action="" autocomplete="off">
 	<!-- CSRF Token -->
-	<input type="hidden" name="csrf_token" value="{{{ csrf_token() }}}" />
+	<input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
 	<!-- ./ csrf token -->
 
 	<!-- Tabs Content -->

diff --git a/app/views/admin/roles/create.blade.php b/app/views/admin/roles/create.blade.php
@@ -27,7 +27,7 @@
 
 <form class="form-horizontal" method="post" action="" autocomplete="off">
 	<!-- CSRF Token -->
-	<input type="hidden" name="csrf_token" value="{{{ csrf_token() }}}" />
+	<input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
 	<!-- ./ csrf token -->
 
 	<!-- Tabs Content -->

diff --git a/app/views/admin/roles/edit.blade.php b/app/views/admin/roles/edit.blade.php
@@ -27,7 +27,7 @@
 
 <form class="form-horizontal" method="post" action="" autocomplete="off">
 	<!-- CSRF Token -->
-	<input type="hidden" name="csrf_token" value="{{{ csrf_token() }}}" />
+	<input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
 	<!-- ./ csrf token -->
 
 	<!-- Tabs Content -->

diff --git a/app/views/admin/users/create.blade.php b/app/views/admin/users/create.blade.php
@@ -26,7 +26,7 @@
 
 <form class="form-horizontal" method="post" action="" autocomplete="off">
 	<!-- CSRF Token -->
-	<input type="hidden" name="csrf_token" value="{{{ csrf_token() }}}" />
+	<input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
 	<!-- ./ csrf token -->
 
 	<!-- Tabs Content -->

diff --git a/app/views/admin/users/edit.blade.php b/app/views/admin/users/edit.blade.php
@@ -26,7 +26,7 @@
 
 <form class="form-horizontal" method="post" action="{{ URL::to('admin/users/' . $user->id . '/edit') }}" autocomplete="off">
 	<!-- CSRF Token -->
-	<input type="hidden" name="csrf_token" value="{{{ csrf_token() }}}" />
+	<input type="hidden" name="_token" value="{{{ csrf_token() }}}" />
 	<!-- ./ csrf token -->
 
 	<!-- Tabs Content -->

diff --git a/app/views/site/blog/view_post.blade.php b/app/views/site/blog/view_post.blade.php
@@ -77,7 +77,7 @@
 @else
 <h4>Add a Comment</h4>
 <form method="post" action="{{{ URL::to($post->slug) }}}">
-	<input type="hidden" name="csrf_token" value="{{{ Session::getToken() }}}" />
+	<input type="hidden" name="_token" value="{{{ Session::getToken() }}}" />
 
 	<textarea class="input-block-level" rows="4" name="comment" id="comment">{{{ Request::old('comment') }}}</textarea>
 

diff --git a/app/views/site/user/index.blade.php b/app/views/site/user/index.blade.php
@@ -21,7 +21,7 @@
 </div>
 <form method="post" action="" class="form-horizontal" autocomplete="off">
 	<!-- CSRF Token -->
-	<input type="hidden" name="csrf_token" id="csrf_token" value="{{{ csrf_token() }}}" />
+	<input type="hidden" name="_token" id="csrf_token" value="{{{ csrf_token() }}}" />
 	<!-- ./ csrf token -->
 
 	<!-- First Name -->

diff --git a/app/views/site/user/login.blade.php b/app/views/site/user/login.blade.php
@@ -12,7 +12,7 @@
 	<h1>Login into your account</h1>
 </div>
 <form method="POST" action="{{ URL::to('user/login') }}" accept-charset="UTF-8">
-    <input type="hidden" name="csrf_token" value="{{ Session::getToken() }}">
+    <input type="hidden" name="_token" value="{{ Session::getToken() }}">
     <fieldset>
         <label for="email">{{ Lang::get('confide::confide.username_e_mail') }}</label>
         <input tabindex="1" placeholder="{{ Lang::get('confide::confide.username_e_mail') }}" type="text" name="email" id="email" value="{{ Input::old('email') }}">