geckon01/simple-php-router
1
0
Fork 0
mirror of https://github.com/skipperbent/simple-php-router.git synced 2026-06-17 08:47:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

[BUGFIX] Bugfix

Browse Source 
- Fixed csrf-token cookie not being set on some paths.
- Changed RouterException in BaseCsrfVerifier to TokenMismatchException.
This commit is contained in:
Simon Sessingø
2015-10-22 19:33:20 +02:00
parent bdb5b2dead
commit 63dfbb24af
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Pecee/Exception/TokenMismatchException.php
+4
View File
@@ -0,0 +1,4 @@
<?php
namespace Pecee\Exception;
class TokenMismatchException extends \Exception {}
src/Pecee/Http/Middleware/BaseCsrfVerifier.php
+9 -5
View File
@@ -1,10 +1,9 @@
<?php <?php
namespace Pecee\Http\Middleware; namespace Pecee\Http\Middleware;
use Pecee\CsrfToken; use Pecee\CsrfToken;
use Pecee\Exception\TokenMismatchException;
use Pecee\Http\Request; use Pecee\Http\Request;
use Pecee\SimpleRouter\RouterException;
class BaseCsrfVerifier extends Middleware { class BaseCsrfVerifier extends Middleware {
@@ -12,6 +11,12 @@ class BaseCsrfVerifier extends Middleware {
const HEADER_KEY = 'X-CSRF-TOKEN'; const HEADER_KEY = 'X-CSRF-TOKEN';
protected $except; protected $except;
protected $csrfToken;
public function __construct() {
$this->csrfToken = new CsrfToken();
}
/** /**
* Check if the url matches the urls in the except property * Check if the url matches the urls in the except property
@@ -52,9 +57,8 @@ class BaseCsrfVerifier extends Middleware {
$token = $request->getHeader(self::HEADER_KEY); $token = $request->getHeader(self::HEADER_KEY);
} }
$tokenValidator = new CsrfToken(); if( !$this->csrfToken->validate( $token ) ) {
if( !$tokenValidator->validate( $token ) ) { throw new TokenMismatchException('Invalid csrf-token.');
throw new RouterException('Invalid csrf-token.');
} }
} }