Skip to content

Y
yii2
Commit 1aeb86df by Qiang Xue
Options

refactored Request::validateCsrfToken().

parent 4f555a57
Showing with 7 additions and 11 deletions
framework/yii/web/Request.php
......@@ -1027,16 +1027,12 @@ class Request extends \yii\base\Request
*/
public function validateCsrfToken()
{
if (!$this->enableCsrfValidation) {
$method = $this->getMethod();
if (!$this->enableCsrfValidation || !in_array($method, array('POST', 'PUT', 'PATCH', 'DELETE'), true)) {
return true;
}
$method = $this->getMethod();
if ($method === 'POST' || $method === 'PUT' || $method === 'PATCH' || $method === 'DELETE') {
$trueToken = $this->getCookies()->getValue($this->csrfVar);
switch ($method) {
case 'POST':
$token = $this->getPost($this->csrfVar);
break;
case 'PUT':
$token = $this->getPut($this->csrfVar);
break;
......@@ -1045,11 +1041,11 @@ class Request extends \yii\base\Request
break;
case 'DELETE':
$token = $this->getDelete($this->csrfVar);
break;
default:
$token = $this->getPost($this->csrfVar);
break;
}
return !empty($token) && $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
} else {
return true;
}
return $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment