##// END OF EJS Templates
jro_apps » redmine
RSS
Merged r3051 from trunk with some changes for 0.8 sessions....
Eric Davis -
r2939:051741f05c17
parent child
Show More
Side by Side Unified
Context file:
r2939:051741f05c17 Loading diff...:
Show file before | Show file after | Hide comments
@@ -23,6 +23,7 class ApplicationController < ActionController::Base
23 23
24 24 before_filter :user_setup, :check_if_login_required, :set_localization
25 25 filter_parameter_logging :password
26 protect_from_forgery :secret => session.first[:secret]
26 27
27 28 include Redmine::MenuManager::MenuController
28 29 helper Redmine::MenuManager::MenuHelper
Show file before | Show file after | Hide comments
@@ -15,3 +15,6 config.action_controller.perform_caching = false
15 15
16 16 config.action_mailer.perform_deliveries = true
17 17 config.action_mailer.delivery_method = :test
18
19 # Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
20 config.action_controller.allow_forgery_protection = false
Show file before | Show file after | Hide comments
@@ -15,3 +15,7 config.action_controller.perform_caching = false
15 15
16 16 config.action_mailer.perform_deliveries = true
17 17 config.action_mailer.delivery_method = :test
18
19 # Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
20 config.action_controller.allow_forgery_protection = false
21
Show file before | Show file after | Hide comments
@@ -15,3 +15,6 config.action_controller.perform_caching = false
15 15
16 16 config.action_mailer.perform_deliveries = true
17 17 config.action_mailer.delivery_method = :test
18
19 # Skip protect_from_forgery in requests http://m.onkey.org/2007/9/28/csrf-protection-for-your-existing-rails-application
20 config.action_controller.allow_forgery_protection = false
Show file before | Show file after | Hide comments
@@ -11,6 +11,7 http://www.redmine.org/
11 11 * Fixed: First date of the date range not included in the time report with SQLite
12 12 * Fixed: Password field not styled correctly on alternative stylesheet
13 13 * Fixed: Error when sumbitting a POST request that requires a login
14 * Fixed: CSRF vulnerabilities
14 15
15 16 == 2009-11-04 v0.8.6
16 17
General Comments 0
You need to be logged in to leave comments. Login now