[BUGFIX] Fixed issue with BaseCsrfVerifier matching urls against urls with parameters.

- Added optional $includeParams parameter to Url::getRelativeUrl method.
2026-06-15 18:23:26 +03:00 · 2021-04-01 03:04:32 +02:00
parent ca8fbf2b27
commit 52c6c226c0
5 changed files with 15 additions and 7 deletions
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -50,12 +50,12 @@ class BaseCsrfVerifier implements IMiddleware
                $url = rtrim($url, '*');
                $skip = $request->getUrl()->contains($url);
            } else {
-                $skip = ($url === $request->getUrl()->getOriginalUrl());
+                $skip = ($url === $request->getUrl()->getRelativeUrl(false));
            }

            if ($skip === true) {

-                if($this->include !== null && count($this->include) > 0) {
+                if(is_array($this->include) === true && count($this->include) > 0) {
                    foreach($this->include as $includeUrl) {
                        $includeUrl = rtrim($includeUrl, '/');
                        if ($includeUrl[strlen($includeUrl) - 1] === '*') {
@@ -64,7 +64,7 @@ class BaseCsrfVerifier implements IMiddleware
                            break;
                        }

-                        $skip = !($includeUrl === $request->getUrl()->getOriginalUrl());
+                        $skip = !($includeUrl === $request->getUrl()->getRelativeUrl(false));
                    }
                }

--- a/src/Pecee/Http/Middleware/IpRestrictAccess.php
+++ b/src/Pecee/Http/Middleware/IpRestrictAccess.php
@@ -34,6 +34,10 @@ abstract class IpRestrictAccess implements IMiddleware
        return true;
    }

+    /**
+     * @param Request $request
+     * @throws HttpException
+     */
    public function handle(Request $request): void
    {
        if($this->validate((string)$request->getIp()) === false) {
--- a/src/Pecee/Http/Url.php
+++ b/src/Pecee/Http/Url.php
@@ -427,10 +427,15 @@ class Url implements JsonSerializable
    /**
     * Returns the relative url
     *
+     * @param bool $includeParams
     * @return string
     */
-    public function getRelativeUrl(): string
+    public function getRelativeUrl($includeParams = true): string
    {
+        if($includeParams === false) {
+            return rtrim($this->path, '/');
+        }
+
        $params = $this->getQueryString();

        $path = $this->path ?? '';
--- a/src/Pecee/SimpleRouter/Route/RouteGroup.php
+++ b/src/Pecee/SimpleRouter/Route/RouteGroup.php
@@ -183,7 +183,6 @@ class RouteGroup extends Route implements IGroupRoute
     */
    public function setSettings(array $settings, bool $merge = false): IRoute
    {
-
        if (isset($settings['prefix']) === true) {
            $this->setPrefix($settings['prefix'] . $this->prefix);
        }
--- a/src/Pecee/SimpleRouter/SimpleRouter.php
+++ b/src/Pecee/SimpleRouter/SimpleRouter.php
@@ -4,8 +4,8 @@
 * Router helper class
 * ---------------------------
 *
- * This class is added so calls can be made statically like Router::get() making the code look pretty.
- * It also adds some extra functionality like default-namespace.
+ * This class is added so calls can be made statically like SimpleRouter::get() making the code look pretty.
+ * It also adds some extra functionality like default-namespace etc.
 */

 namespace Pecee\SimpleRouter;