Commit 1aeb86df by Qiang Xue

refactored Request::validateCsrfToken().

parent 4f555a57
...@@ -1027,29 +1027,25 @@ class Request extends \yii\base\Request ...@@ -1027,29 +1027,25 @@ class Request extends \yii\base\Request
*/ */
public function validateCsrfToken() public function validateCsrfToken()
{ {
if (!$this->enableCsrfValidation) {
return true;
}
$method = $this->getMethod(); $method = $this->getMethod();
if ($method === 'POST' || $method === 'PUT' || $method === 'PATCH' || $method === 'DELETE') { if (!$this->enableCsrfValidation || !in_array($method, array('POST', 'PUT', 'PATCH', 'DELETE'), true)) {
$trueToken = $this->getCookies()->getValue($this->csrfVar);
switch ($method) {
case 'POST':
$token = $this->getPost($this->csrfVar);
break;
case 'PUT':
$token = $this->getPut($this->csrfVar);
break;
case 'PATCH':
$token = $this->getPatch($this->csrfVar);
break;
case 'DELETE':
$token = $this->getDelete($this->csrfVar);
}
return !empty($token) && $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
} else {
return true; return true;
} }
$trueToken = $this->getCookies()->getValue($this->csrfVar);
switch ($method) {
case 'PUT':
$token = $this->getPut($this->csrfVar);
break;
case 'PATCH':
$token = $this->getPatch($this->csrfVar);
break;
case 'DELETE':
$token = $this->getDelete($this->csrfVar);
break;
default:
$token = $this->getPost($this->csrfVar);
break;
}
return $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment