From 5bc1bea2e6f44a3182e5f64ba8b5d0347c88088c Mon Sep 17 00:00:00 2001 From: Michi Lehr Date: Sun, 9 Oct 2016 14:03:18 +0200 Subject: [PATCH] sets new csrf token in form when session has expired without losing entered data --- lib/form/sfForm.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/form/sfForm.class.php b/lib/form/sfForm.class.php index 4d206a7d3..20b183904 100644 --- a/lib/form/sfForm.class.php +++ b/lib/form/sfForm.class.php @@ -908,7 +908,7 @@ public function addCSRFProtection($secret = null) $token = $this->getCSRFToken($secret); $this->validatorSchema[self::$CSRFFieldName] = new sfValidatorCSRFToken(array('token' => $token)); - $this->widgetSchema[self::$CSRFFieldName] = new sfWidgetFormInputHidden(); + $this->widgetSchema[self::$CSRFFieldName] = new sfWidgetFormInputHidden(array(), array('value' => $token)); $this->setDefault(self::$CSRFFieldName, $token); return $this;