From 2fe84ec895f686e4e473d5c3dfdcb029f72cd4aa Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Tue, 16 Jul 2013 23:54:15 -0700 Subject: [PATCH] Release 1.0.4 Signed-off-by: Edward Z. Yang --- NEWS.txt | 18 ++++++++++++++++++ csrf-magic.php | 2 +- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/NEWS.txt b/NEWS.txt index 9628a8c..66d52f6 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,6 +1,24 @@ [[ news ]] +1.0.4 released 2013-07-17 + + [SECURITY FIXES] + + - When secret key was not explicitly set, it was not being used + by the csrf_hash() function. Thanks sparticvs for reporting. + + [FEATURES] + + - The default 'CSRF check failed' page now offers a handy 'Try + again' button, which resubmits the form. + + [BUG FIXES] + + - The fix for 1.0.3 inadvertantly turned off XMLHttpRequest + overloading for all browsers; it has now been fixed to only + apply to IE. + 1.0.3 released 2012-01-31 [BUG FIXES] diff --git a/csrf-magic.php b/csrf-magic.php index 45f833e..58f4eba 100644 --- a/csrf-magic.php +++ b/csrf-magic.php @@ -131,7 +131,7 @@ // FUNCTIONS: // Don't edit this! -$GLOBALS['csrf']['version'] = '1.0.1'; +$GLOBALS['csrf']['version'] = '1.0.4'; /** * Rewrites
on the fly to add CSRF tokens to them. This can also