Fix CSRF hash regeneration

Workoverflow · web-flow · commit 1b11917444e5 · 2019-05-27T21:43:47.000+03:00
For CSRF hash regeneration, $this-&gt;CSRFHash must be set to NULL when user set $this-&gt;CSRFRegenerate to TRUE, because in CSRFSetHash() you compare it with NULL, but $this-&gt;CSRFHash !== NULL after request.
diff --git a/system/Security/Security.php b/system/Security/Security.php
@@ -221,6 +221,7 @@ public function CSRFVerify(RequestInterface $request)
 		if ($this->CSRFRegenerate)
 		{
 			// Nothing should last forever
+			$this->CSRFHash = null;
 			unset($_COOKIE[$this->CSRFCookieName]);
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -221,6 +221,7 @@ public function CSRFVerify(RequestInterface $request)`
`221`	`221`	`if ($this->CSRFRegenerate)`
`222`	`222`	`{`
`223`	`223`	`// Nothing should last forever`
	`224`	`+ $this->CSRFHash = null;`
`224`	`225`	`unset($_COOKIE[$this->CSRFCookieName]);`
`225`	`226`	`}`
`226`	`227`