Skip to content
Permalink
Browse files Browse the repository at this point in the history
API Restrict MemberLoginForm to POST requests for increased security
CVE-2013-2653 - Thanks to Fara Rustein of Deloitte Argentina for reporting.
  • Loading branch information
chillu committed May 8, 2013
1 parent 14c59be commit 3e88c98
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions security/MemberLoginForm.php
Expand Up @@ -89,6 +89,9 @@ public function __construct($controller, $name, $fields = null, $actions = null,
$fields->push(new HiddenField('BackURL', 'BackURL', $backURL));
}

// Reduce attack surface by enforcing POST requests
$this->setFormMethod('POST', true);

parent::__construct($controller, $name, $fields, $actions);

// Focus on the email input when the page is loaded
Expand Down

0 comments on commit 3e88c98

Please sign in to comment.