Skip to content

Instantly share code, notes, and snippets.

@digitalpianism
Created November 15, 2016 10:53
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save digitalpianism/9750b55c021832514a25c92695d735d9 to your computer and use it in GitHub Desktop.
Security fix in 1.9.3.1
diff --git a/app/code/core/Mage/Customer/Model/Session.php b/app/code/core/Mage/Customer/Model/Session.php
index 623fa39..b5e5eda 100644
--- a/app/code/core/Mage/Customer/Model/Session.php
+++ b/app/code/core/Mage/Customer/Model/Session.php
@@ -222,6 +222,7 @@ class Mage_Customer_Model_Session extends Mage_Core_Model_Session_Abstract
{
$this->setCustomer($customer);
$this->renewSession();
+ Mage::getSingleton('core/session')->renewFormKey();
Mage::dispatchEvent('customer_login', array('customer'=>$customer));
return $this;
}
@@ -307,6 +308,7 @@ class Mage_Customer_Model_Session extends Mage_Core_Model_Session_Abstract
$this->setId(null);
$this->setCustomerGroupId(Mage_Customer_Model_Group::NOT_LOGGED_IN_ID);
$this->getCookie()->delete($this->getSessionName());
+ Mage::getSingleton('core/session')->renewFormKey();
return $this;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment