There was an error fetching the commit references. Please try again later.
Smarter CSRF handling. (#1211)
- Do not create multiple tokens per request. - Clear tokens after successful verification to save session space. - Limit the number of tokens that can be generated before successful verification.
Showing
- module/VuFind/config/module.config.php 2 additions, 1 deletionmodule/VuFind/config/module.config.php
- module/VuFind/src/VuFind/Auth/Manager.php 14 additions, 7 deletionsmodule/VuFind/src/VuFind/Auth/Manager.php
- module/VuFind/src/VuFind/Auth/ManagerFactory.php 1 addition, 1 deletionmodule/VuFind/src/VuFind/Auth/ManagerFactory.php
- module/VuFind/src/VuFind/Controller/MyResearchController.php 4 additions, 1 deletionmodule/VuFind/src/VuFind/Controller/MyResearchController.php
- module/VuFind/src/VuFind/Validator/Csrf.php 70 additions, 0 deletionsmodule/VuFind/src/VuFind/Validator/Csrf.php
- module/VuFind/src/VuFind/Validator/CsrfFactory.php 4 additions, 4 deletionsmodule/VuFind/src/VuFind/Validator/CsrfFactory.php
- module/VuFind/tests/unit-tests/src/VuFindTest/Auth/ManagerTest.php 1 addition, 1 deletion...Find/tests/unit-tests/src/VuFindTest/Auth/ManagerTest.php
- module/VuFind/tests/unit-tests/src/VuFindTest/Validator/CsrfTest.php 91 additions, 0 deletions...nd/tests/unit-tests/src/VuFindTest/Validator/CsrfTest.php
- themes/bootstrap3/templates/Auth/AbstractBase/login.phtml 1 addition, 1 deletionthemes/bootstrap3/templates/Auth/AbstractBase/login.phtml
- themes/bootstrap3/templates/myresearch/deleteaccount.phtml 1 addition, 1 deletionthemes/bootstrap3/templates/myresearch/deleteaccount.phtml
- themes/bootstrap3/templates/myresearch/newpassword.phtml 1 addition, 1 deletionthemes/bootstrap3/templates/myresearch/newpassword.phtml
Please register or sign in to comment