Commit 4b569f3e by Qiang Xue

Fixed CSRF token masking issue.

parent eb4385d4
...@@ -1039,7 +1039,8 @@ class Request extends \yii\base\Request ...@@ -1039,7 +1039,8 @@ class Request extends \yii\base\Request
if ($this->_maskedCsrfToken === null) { if ($this->_maskedCsrfToken === null) {
$token = $this->getCsrfToken(); $token = $this->getCsrfToken();
$mask = Security::generateRandomKey(self::CSRF_MASK_LENGTH); $mask = Security::generateRandomKey(self::CSRF_MASK_LENGTH);
$this->_maskedCsrfToken = base64_encode($mask . $this->xorTokens($token, $mask)); // The + sign may be decoded as blank space later, which will fail the validation
$this->_maskedCsrfToken = str_replace('+', '.', base64_encode($mask . $this->xorTokens($token, $mask)));
} }
return $this->_maskedCsrfToken; return $this->_maskedCsrfToken;
} }
...@@ -1120,7 +1121,7 @@ class Request extends \yii\base\Request ...@@ -1120,7 +1121,7 @@ class Request extends \yii\base\Request
private function validateCsrfTokenInternal($token, $trueToken) private function validateCsrfTokenInternal($token, $trueToken)
{ {
$token = base64_decode($token); $token = str_replace('.', '+', base64_decode($token));
$n = StringHelper::byteLength($token); $n = StringHelper::byteLength($token);
if ($n <= self::CSRF_MASK_LENGTH) { if ($n <= self::CSRF_MASK_LENGTH) {
return false; return false;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment