geckon01/simple-php-router
1
0
Fork 0
mirror of https://github.com/skipperbent/simple-php-router.git synced 2026-06-17 00:37:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

[FEATURE] Support for custom csrf verifier

Browse Source 
- Added support for custom csrf verifier.
- Updated documentation.
This commit is contained in:
Simon Sessingø
2015-10-21 19:07:45 +02:00
parent 9d6a3c328f
commit 03cac14e8e
2 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+31 -1
View File
@@ -11,9 +11,39 @@ class BaseCsrfVerifier extends Middleware {
const POST_KEY = 'csrf-token';
const HEADER_KEY = 'X-CSRF-TOKEN';
protected $except;
/**
* Check if the url matches the urls in the except property
* @param Request $request
* @return bool
*/
protected function skip(Request $request) {
if($this->except === null || !is_array($this->except)) {
return false;
}
foreach($this->except as $url) {
$url = rtrim($url, '/');
if($url[strlen($url)-1] === '*') {
$url = rtrim($url, '*');
$skip = (stripos($request->getUri(), $url) === 0);
} else {
$skip = ($url === rtrim($request->getUri(), '/'));
}
if($skip) {
return true;
}
}
return false;
}
public function handle(Request $request) {
if($request->getMethod() != 'get') {
if($request->getMethod() != 'get' && !$this->skip($request)) {
$token = (isset($_POST[self::POST_KEY])) ? $_POST[self::POST_KEY] : null;