diff options
| author | Matthew Somerville <matthew-github@dracos.co.uk> | 2017-01-12 15:48:18 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew-github@dracos.co.uk> | 2017-01-12 15:48:18 +0000 |
| commit | a65d8b57f3be2585a5b835e18bb0940170d4b448 (patch) | |
| tree | e59a6bca9e16665b98d8d04af49b8bf4db1da9a7 /perllib/FixMyStreet/App/Controller/Auth.pm | |
| parent | 940bd236650b2bf7208d9b06c33ee30ad94492f6 (diff) | |
| parent | 831f0addbac7eb3e6641877c936f90279d1bb186 (diff) | |
Merge branch 'listshort'
Diffstat (limited to 'perllib/FixMyStreet/App/Controller/Auth.pm')
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth.pm | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth.pm b/perllib/FixMyStreet/App/Controller/Auth.pm index c448f8749..6e8057723 100644 --- a/perllib/FixMyStreet/App/Controller/Auth.pm +++ b/perllib/FixMyStreet/App/Controller/Auth.pm @@ -516,11 +516,12 @@ sub check_csrf_token : Private { $token =~ s/ /+/g; my ($time) = $token =~ /^(\d+)-[0-9a-zA-Z+\/]+$/; $c->stash->{csrf_time} = $time; + my $gen_token = $c->forward('get_csrf_token'); + delete $c->stash->{csrf_time}; $c->detach('no_csrf_token') unless $time && $time > time() - 3600 - && $token eq $c->forward('get_csrf_token'); - delete $c->stash->{csrf_time}; + && $token eq $gen_token; } sub no_csrf_token : Private { |