Fixed bug in CSRFGuard session checking code.

ziadoz · ziadoz · commit 50efe4d39cba · 2012-08-14T16:04:06.000-06:00
Before this fix is applied an exception is thrown if the sessions are enabled. An exception should only be thrown if sessions are disabled.
diff --git a/Middleware/CsrfGuard.php b/Middleware/CsrfGuard.php
@@ -54,7 +54,7 @@ public function call() {
      */
     public function check() {
         // Create token
-        if ( session_id() === "" ){
+        if ( session_id() !== "" ){
             if ( ! isset( $_SESSION[ $this->key ] ) ){
                 $_SESSION[ $this->key ] = sha1( serialize( $_SERVER ) . rand( 0, 0xffffffff ) );
             }

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public function call() {`
`54`	`54`	`*/`
`55`	`55`	`public function check() {`
`56`	`56`	`// Create token`
`57`		`- if ( session_id() === "" ){`
	`57`	`+ if ( session_id() !== "" ){`
`58`	`58`	`if ( ! isset( $_SESSION[ $this->key ] ) ){`
`59`	`59`	`$_SESSION[ $this->key ] = sha1( serialize( $_SERVER ) . rand( 0, 0xffffffff ) );`
`60`	`60`	`}`