[BUGFIX] Fixed issue with BaseCsrfVerifier matching urls against urls with parameters.

- Added optional $includeParams parameter to Url::getRelativeUrl method.
2026-06-14 09:43:42 +03:00 · 2021-04-01 03:04:32 +02:00
parent ca8fbf2b27
commit 52c6c226c0
5 changed files with 15 additions and 7 deletions
--- a/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+++ b/src/Pecee/Http/Middleware/BaseCsrfVerifier.php
@@ -50,12 +50,12 @@ class BaseCsrfVerifier implements IMiddleware
                $url = rtrim($url, '*');
                $skip = $request->getUrl()->contains($url);
            } else {
-                $skip = ($url === $request->getUrl()->getOriginalUrl());
+                $skip = ($url === $request->getUrl()->getRelativeUrl(false));
            }

            if ($skip === true) {

-                if($this->include !== null && count($this->include) > 0) {
+                if(is_array($this->include) === true && count($this->include) > 0) {
                    foreach($this->include as $includeUrl) {
                        $includeUrl = rtrim($includeUrl, '/');
                        if ($includeUrl[strlen($includeUrl) - 1] === '*') {
@@ -64,7 +64,7 @@ class BaseCsrfVerifier implements IMiddleware
                            break;
                        }

-                        $skip = !($includeUrl === $request->getUrl()->getOriginalUrl());
+                        $skip = !($includeUrl === $request->getUrl()->getRelativeUrl(false));
                    }
                }