From f3bcb705f74622afae785d9df793a0bbed3a11d3 Mon Sep 17 00:00:00 2001
From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Wed, 25 Nov 2009 20:45:16 +0000
Subject: [PATCH] Display an error when authenticity token is invalid.

git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@3094 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 app/controllers/application_controller.rb | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 071d48ef0..a794b3b28 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -38,6 +38,8 @@ class ApplicationController < ActionController::Base
   filter_parameter_logging :password
   protect_from_forgery
   
+  rescue_from ActionController::InvalidAuthenticityToken, :with => :invalid_authenticity_token
+  
   include Redmine::Search::Controller
   include Redmine::MenuManager::MenuController
   helper Redmine::MenuManager::MenuHelper
@@ -189,6 +191,10 @@ class ApplicationController < ActionController::Base
     render :text => '', :layout => !request.xhr?, :status => 500
   end
   
+  def invalid_authenticity_token
+    render_error "Invalid form authenticity token."
+  end
+  
   def render_feed(items, options={})    
     @items = items || []
     @items.sort! {|x,y| y.event_datetime <=> x.event_datetime }
-- 
GitLab