From 64862f96ca05bd907d067fbc696532197d746ad7 Mon Sep 17 00:00:00 2001
From: Carsten Brandt <mail@cebe.cc>
Date: Wed, 20 Nov 2013 14:35:08 +0100
Subject: [PATCH] disable CSRF validation after validation has failed

this allows to be able to call error action.

fixes #1244
---
 framework/yii/web/Controller.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/framework/yii/web/Controller.php b/framework/yii/web/Controller.php
index 3b08b7e..49e1ba6 100644
--- a/framework/yii/web/Controller.php
+++ b/framework/yii/web/Controller.php
@@ -92,6 +92,8 @@ class Controller extends \yii\base\Controller
 	{
 		if (parent::beforeAction($action)) {
 			if ($this->enableCsrfValidation && !Yii::$app->getRequest()->validateCsrfToken()) {
+				// avoid checking again if errorAction is called to display exception
+				Yii::$app->getRequest()->enableCsrfValidation = false;
 				throw new HttpException(400, Yii::t('yii', 'Unable to verify your data submission.'));
 			}
 			return true;