- session removal fix (CSRF)

Marius Cramer

2015-05-21 c8b685ac05228a5ce5bf967d70560b880bb243bb

- session removal fix (CSRF)

 interface/lib/classes/tform_base.inc.php

@@ -714,8 +714,8 @@
                    unset($_POST);
                    unset($record);
                }
                $_SESSION['_csrf'][$_csrf_id] = ' ';
                $_SESSION['_csrf_timeout'][$_csrf_id] = ' ';
                $_SESSION['_csrf'][$_csrf_id] = null;
                $_SESSION['_csrf_timeout'][$_csrf_id] = null;
                unset($_SESSION['_csrf'][$_csrf_id]);
                unset($_SESSION['_csrf_timeout'][$_csrf_id]);
                
@@ -725,6 +725,8 @@
                        if($timeout < time()) $to_unset[] = $_csrf_id;
                    }
                    foreach($to_unset as $_csrf_id) {
                        $_SESSION['_csrf'][$_csrf_id] = null;
                        $_SESSION['_csrf_timeout'][$_csrf_id] = null;
                        unset($_SESSION['_csrf'][$_csrf_id]);
                        unset($_SESSION['_csrf_timeout'][$_csrf_id]);
                    }