mirror of
https://github.com/discourse/discourse.git
synced 2025-09-08 12:06:51 +08:00
SECURITY: prevent reuse of password reset
This commit is contained in:
Sam
parent
eb2db23b40
commit
e0ff57ca75
4 changed files with 50 additions and 7 deletions
|
|
@ -9,6 +9,7 @@ require_dependency 'json_error'
|
|||
require_dependency 'letter_avatar'
|
||||
require_dependency 'distributed_cache'
|
||||
require_dependency 'global_path'
|
||||
require_dependency 'secure_session'
|
||||
|
||||
class ApplicationController < ActionController::Base
|
||||
include CurrentUser
|
||||
|
|
@ -381,6 +382,11 @@ class ApplicationController < ActionController::Base
|
|||
end
|
||||
end
|
||||
|
||||
|
||||
def secure_session
|
||||
SecureSession.new(session["secure_session_id"] ||= SecureRandom.hex)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def locale_from_header
|
||||
|
|
@ -558,6 +564,7 @@ class ApplicationController < ActionController::Base
|
|||
render_to_string status: status, layout: layout, formats: [:html], template: '/exceptions/not_found'
|
||||
end
|
||||
|
||||
|
||||
protected
|
||||
|
||||
def render_post_json(post, add_raw=true)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue
