Last modified: 2014-01-04 00:24:48 UTC
Sorry for the late notice of this, but when I reviewed the Scholarship app originally, I missed reporting my note that it didn't have any csrf protection on its forms. Needs to be added to public application, login form, and the admin forms that update the application's data. Probably doesn't prevent turning on the site next week, but should get fixed soon.
Created attachment 14224 [details] CSRF middleware patch I whipped up a quick and dirty CSRF middleware. It could be fancier (no token rotation or expiration) but it is a lot better than nothing. I'm a little embarrassed that I didn't think of the need for this before. And I'm more than a little disappointed that the Slim framework doesn't come with a solution for this out of the box.