Please sign in to comment.
convert numeric to string on hash creation in FormHelper::secure()
Security hash may contain serialized form data values. Form values in request are send as strings. For security check to pass numeric values must be converted to string on form creation. Otherwise the serialized- output differs and the security-check on the incoming request fails.
- Loading branch information...
Showing with 11 additions and 3 deletions.