cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Prevent CSRF bypass with login form

Browse source
This commit is contained in:
Tom Hughes 2021-02-10 19:37:51 +00:00
parent a17bd24f82
commit 1f136a84a6
5 changed files with 33 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/users_controller.rb
View file

@ -276,7 +276,7 @@ class UsersController < ApplicationController
session[:referer] = safe_referer(params[:referer]) if params[:referer]
if params[:username].present? && params[:password].present?
if request.post?
session[:remember_me] ||= params[:remember_me]
password_authentication(params[:username], params[:password])
end