Merge branch 'release/1.0.7'

2026-05-06 15:16:33 +02:00 · 2016-01-07 14:21:56 -07:00
parent 4549574908 eff72b73ab
commit 8ca14c7c65
2 changed files with 6 additions and 0 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -31,6 +31,7 @@
    * Fix for markdown attributes on external URLs
    * Fixed issue where `data:` page header was acting as `publish_date:`
    * Fix for special characters in URL parameters (e.g. /tag:c++) #541
+    * Safety check for an array of nonces to only use the first one

 # v1.0.6
 ## 12/22/2015
--- a/system/src/Grav/Common/Utils.php
+++ b/system/src/Grav/Common/Utils.php
@@ -560,6 +560,11 @@ abstract class Utils
     */
    public static function verifyNonce($nonce, $action)
    {
+        //Safety check for multiple nonces
+        if (is_array($nonce)) {
+            $nonce = array_shift($nonce);
+        }
+
        //Nonce generated 0-12 hours ago
        if ($nonce == self::getNonce($action)) {
            return true;