-
Notifications
You must be signed in to change notification settings - Fork 255
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Override $DECODED_ARGS with the (decoded) arguments from the CSRF token
The menuing code examines $m->request_args to determine some menu state. Unfortunately, when returning from a CSRF interstitial the args provided to the component have been inflated, but $m->request_args has not been, and will only be observed to have one argument, CSRF_Token. While one could, during CSRF argument inflation, replace $m->request_args by reaching inside the object, this is not only naughty, but incorrect: the query parameters stored in the CSRF token are already-decoded parameters, while $m->request_args is expected to contain encoded parameters. The newly-introduced $DECODED_ARGS provides a centralized location which is expected to contain decoded parameters. Replace calls to $m->request_args with $DECODED_ARGS, and ensure that the latter is updated when returning from a CSRF interstitial.
- Loading branch information
Showing
2 changed files
with
24 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters