Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fixes #15496: CSRF token is now regenerated on changing identity
  • Loading branch information
samdark committed Jan 13, 2018
1 parent 7adf315 commit 6c0540a
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 0 deletions.
2 changes: 2 additions & 0 deletions framework/CHANGELOG.md
Expand Up @@ -3,6 +3,8 @@ Yii Framework 2 Change Log

2.0.14 under development
------------------------

- Enh #15496: CSRF token is now regenerated on changing identity (samdark, rhertogh)
- Enh #15417: Added `yii\validators\FileValidator::$minFiles` (vladis84)
- Bug #8983: Only truncate the original log file for rotation (matthewyang, developeruz)
- Bug #14157: Add support for loading default value `CURRENT_TIMESTAMP` of MySQL `datetime` field (rossoneri)
Expand Down
3 changes: 3 additions & 0 deletions framework/web/User.php
Expand Up @@ -641,6 +641,9 @@ public function switchIdentity($identity, $duration = 0)
$this->sendIdentityCookie($identity, $duration);
}
}

// regenerate CSRF token
Yii::$app->getRequest()->getCsrfToken(true);
}

/**
Expand Down
1 change: 1 addition & 0 deletions tests/framework/helpers/UrlTest.php
Expand Up @@ -29,6 +29,7 @@ protected function setUp()
'components' => [
'request' => [
'class' => 'yii\web\Request',
'cookieValidationKey' => '123',
'scriptUrl' => '/base/index.php',
'hostInfo' => 'http://example.com/',
'url' => '/base/index.php&r=site%2Fcurrent&id=42',
Expand Down

0 comments on commit 6c0540a

Please sign in to comment.