merge from master (post-CSRF changes)

author: Seb Bacon <seb.bacon@gmail.com> 2011-03-09 14:58:30 +0000
committer: Seb Bacon <seb.bacon@gmail.com> 2011-03-09 14:58:30 +0000
commit: b4585af18e9c3a033f6cfe27213f0575af795a66 (patch)
tree: 996efa1487ac0d8cb7e4f53ee6478ad625b9d27d /app/controllers/admin_controller.rb
parent: 224b8a4ba3a24af91068505c7907724448a4096d (diff)
parent: 4cc2cf2a6d935adfd263ea4fd7791a6d84f704da (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/app/controllers/admin_controller.rb b/app/controllers/admin_controller.rb
index 4734146a8..004d460c5 100644
--- a/app/controllers/admin_controller.rb
+++ b/app/controllers/admin_controller.rb
@@ -11,6 +11,12 @@ require 'fileutils'
 class AdminController < ApplicationController
     layout "admin"
     before_filter :assign_http_auth_user
+    protect_from_forgery # See ActionController::RequestForgeryProtection for details
+
+    # action to take if expecting an authenticity token and one isn't received
+    def handle_unverified_request
+        raise(ActionController::InvalidAuthenticityToken)
+    end
 
     # Always give full stack trace for admin interface
     def local_request?
author	Seb Bacon <seb.bacon@gmail.com>	2011-03-09 14:58:30 +0000
committer	Seb Bacon <seb.bacon@gmail.com>	2011-03-09 14:58:30 +0000
commit	b4585af18e9c3a033f6cfe27213f0575af795a66 (patch)
tree	996efa1487ac0d8cb7e4f53ee6478ad625b9d27d /app/controllers/admin_controller.rb
parent	224b8a4ba3a24af91068505c7907724448a4096d (diff)
parent	4cc2cf2a6d935adfd263ea4fd7791a6d84f704da (diff)