diff options
author | wclouser@mozilla.com <wclouser@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2008-05-02 16:42:02 (GMT) |
---|---|---|
committer | wclouser@mozilla.com <wclouser@mozilla.com@4eb1ac78-321c-0410-a911-ec516a8615a5> | 2008-05-02 16:42:02 (GMT) |
commit | a01e35c3d312359c4aa33e42fc9a10781f164e11 (patch) | |
tree | 3fa6279c1fa9abe4fc57be2a9dcd403f64f7f177 /site/app/app_controller.php | |
parent | 8c606cfbcddeca3864a1ebeea39796d500fbb33e (diff) |
Fix bug 431855
git-svn-id: http://svn.mozilla.org/addons/trunk@12785 4eb1ac78-321c-0410-a911-ec516a8615a5
Diffstat (limited to 'site/app/app_controller.php')
-rw-r--r-- | site/app/app_controller.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/site/app/app_controller.php b/site/app/app_controller.php index 2b71f80..2ab63bd 100644 --- a/site/app/app_controller.php +++ b/site/app/app_controller.php @@ -215,7 +215,7 @@ class AppController extends Controller * CSRF detection is done. */ function checkCSRF() { - if($_SERVER['REQUEST_METHOD'] == 'POST' && !stristr($_SERVER['REQUEST_URI'], "/users/login")) { + if($_SERVER['REQUEST_METHOD'] == 'POST' && !stristr($_SERVER['REQUEST_URI'], "/users/login") && !stristr($_SERVER['REQUEST_URI'], "/users/register")) { $sessionuser = $this->Session->read('User'); $id = htmlentities($sessionuser['id']); |