Mibew/mibew
1
0
Fork 0
mirror of https://github.com/Mibew/mibew.git synced 2025-04-07 08:40:11 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Remove legacy code from csrf_check_token function

Browse Source
This commit is contained in:
Dmitriy Simushev 2014-06-03 13:18:00 +00:00
parent 3346a0c90f
commit 457045d81a
1 changed files with 7 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/mibew/libs/common/csrf.php
View File

@ -25,15 +25,11 @@ use Mibew\Http\Exception\BadRequestException;
* $_POST and $_GET arrays will be used. * $_POST and $_GET arrays will be used.
* *
* @throws BadRequestException If CSRF token check is faild. * @throws BadRequestException If CSRF token check is faild.
*
* @todo Remove legacy code, related with $_POST and $_GET arrays.
*/ */
function csrf_check_token(Request $request = null) function csrf_check_token(Request $request)
{ {
set_csrf_token(); set_csrf_token();
// If the request instance is provided use it to get the token.
if ($request) {
$token = $request->isMethod('POST') $token = $request->isMethod('POST')
? $token = $request->request->get('csrf_token', false) ? $token = $request->request->get('csrf_token', false)
: $token = $request->query->get('csrf_token', false); : $token = $request->query->get('csrf_token', false);
@ -43,19 +39,6 @@ function csrf_check_token(Request $request = null)
} }
return; return;
}
// Check the turing code for post requests and del requests
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// If token match
if (!isset($_POST['csrf_token']) || ($_POST['csrf_token'] != $_SESSION['csrf_token'])) {
die("CSRF failure");
}
} elseif (isset($_GET['act'])) {
if (($_GET['act'] == 'del' || $_GET['act'] == 'delete') && $_GET['csrf_token'] != $_SESSION['csrf_token']) {
die("CSRF failure");
}
}
} }
function get_csrf_token_input() function get_csrf_token_input()