meineerde/redmine
1
0
Fork 0
mirror of https://github.com/meineerde/redmine.git synced 2025-12-19 15:01:14 +00:00
Code Issues Releases Wiki Activity

Merged r3051 from trunk with some changes for 0.8 sessions.

Browse Source 
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/branches/0.8-stable@3053 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Eric Davis 2009-11-14 20:19:03 +00:00
parent ce41d4f9b0
commit 051741f05c
5 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/application.rb
View File

@ -23,6 +23,7 @@ class ApplicationController < ActionController::Base
before_filter :user_setup, :check_if_login_required, :set_localization before_filter :user_setup, :check_if_login_required, :set_localization
filter_parameter_logging :password filter_parameter_logging :password
protect_from_forgery :secret => session.first[:secret]
include Redmine::MenuManager::MenuController include Redmine::MenuManager::MenuController
helper Redmine::MenuManager::MenuHelper helper Redmine::MenuManager::MenuHelper

3
config/environments/test.rb
View File

@ -15,3 +15,6 @@ config.action_controller.perform_caching = false
config.action_mailer.perform_deliveries = true config.action_mailer.perform_deliveries = true
config.action_mailer.delivery_method = :test config.action_mailer.delivery_method = :test
# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
config.action_controller.allow_forgery_protection = false

4
config/environments/test_pgsql.rb
View File

@ -15,3 +15,7 @@ config.action_controller.perform_caching = false
config.action_mailer.perform_deliveries = true config.action_mailer.perform_deliveries = true
config.action_mailer.delivery_method = :test config.action_mailer.delivery_method = :test
# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
config.action_controller.allow_forgery_protection = false

3
config/environments/test_sqlite3.rb
View File

@ -15,3 +15,6 @@ config.action_controller.perform_caching = false
config.action_mailer.perform_deliveries = true config.action_mailer.perform_deliveries = true
config.action_mailer.delivery_method = :test config.action_mailer.delivery_method = :test
# Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
config.action_controller.allow_forgery_protection = false

1
doc/CHANGELOG
View File

@ -11,6 +11,7 @@ http://www.redmine.org/
* Fixed: First date of the date range not included in the time report with SQLite * Fixed: First date of the date range not included in the time report with SQLite
* Fixed: Password field not styled correctly on alternative stylesheet * Fixed: Password field not styled correctly on alternative stylesheet
* Fixed: Error when sumbitting a POST request that requires a login * Fixed: Error when sumbitting a POST request that requires a login
* Fixed: CSRF vulnerabilities
== 2009-11-04 v0.8.6 == 2009-11-04 v0.8.6