swap around some stuff to show the form correctly on a CSRF error in openidlogin

author Evan Prodromou <evan@prodromou.name>

Fri, 29 Aug 2008 04:09:25 +0000 (00:09 -0400)

committer Evan Prodromou <evan@prodromou.name>

Fri, 29 Aug 2008 04:09:25 +0000 (00:09 -0400)
author Evan Prodromou <evan@prodromou.name>
Fri, 29 Aug 2008 04:09:25 +0000 (00:09 -0400)
committer Evan Prodromou <evan@prodromou.name>
Fri, 29 Aug 2008 04:09:25 +0000 (00:09 -0400)
diff --git a/actions/openidlogin.php b/actions/openidlogin.php

index 136421cb0d85066e9c597215cb0e5325b45660fd..b066b9aa4ecdb349381d1e0c4fbd38e7aa7b563b 100644 (file)
--- a/actions/openidlogin.php
+++ b/actions/openidlogin.php
@@ -28,14 +28,15 @@ class OpenidloginAction extends Action {
                 if (common_logged_in()) {
                         common_user_error(_('Already logged in.'));
                 } else if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+                       $openid_url = $this->trimmed('openid_url');
+
                         # CSRF protection
                         $token = $this->trimmed('token');
                         if (!$token || $token != common_session_token()) {
-                               $this->show_form(_('There was a problem with your session token. Try again, please.'));
+                               $this->show_form(_('There was a problem with your session token. Try again, please.'), $openid_url);
                                 return;
                         }
  
-                       $openid_url = $this->trimmed('openid_url');
                         $result = oid_authenticate($openid_url,
                                                                            'finishopenidlogin');
                         if (is_string($result)) { # error message
author	Evan Prodromou <evan@prodromou.name>
	Fri, 29 Aug 2008 04:09:25 +0000 (00:09 -0400)
committer	Evan Prodromou <evan@prodromou.name>
	Fri, 29 Aug 2008 04:09:25 +0000 (00:09 -0400)