Merge pull request #9067 from MrPetovan/bug/9065-csrf-anonymous
Re-allow anonymous use of CSRF tokens
This commit is contained in:
commit
5ab4503140
1 changed files with 1 additions and 5 deletions
|
@ -140,11 +140,7 @@ abstract class BaseModule
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($a->user)) {
|
$sec_hash = hash('whirlpool', ($a->user['guid'] ?? '') . ($a->user['prvkey'] ?? '') . session_id() . $x[0] . $typename);
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
$sec_hash = hash('whirlpool', $a->user['guid'] . $a->user['prvkey'] . session_id() . $x[0] . $typename);
|
|
||||||
|
|
||||||
return ($sec_hash == $x[1]);
|
return ($sec_hash == $x[1]);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue