Merge pull request #301 from skipperbent/v3-development

Version 3.4.5.3
Merge pull request #300 from skipperbent/csrf-documentation
2026-06-21 18:51:26 +00:00 · 2017-10-23 22:08:09 +02:00 · 2017-10-23 22:05:41 +02:00 · 2017-10-23 22:05:27 +02:00 · 2017-10-23 22:04:28 +02:00 · 2017-10-23 22:01:19 +02:00
4 changed files with 71 additions and 21 deletions
@@ -249,7 +249,8 @@ We recommend that you add these helper functions to your project. These will all
 To implement the functions below, simply copy the code to a new file and require the file before initializing the router or copy the `helpers.php` we've included in this library.

 ```php
-<?php
+use Pecee\SimpleRouter\SimpleRouter as Router;
+
 /**
 * Get url for a route by using either name/alias, class or method name.
 *
@@ -269,7 +270,7 @@ To implement the functions below, simply copy the code to a new file and require
 */
 function url($name = null, $parameters = null, $getParams = null)
 {
-    return SimpleRouter::getUrl($name, $parameters, $getParams);
+    return Router::getUrl($name, $parameters, $getParams);
 }

 /**
@@ -277,7 +278,7 @@ function url($name = null, $parameters = null, $getParams = null)
 */
 function response()
 {
-    return SimpleRouter::response();
+    return Router::response();
 }

 /**
@@ -285,7 +286,7 @@ function response()
 */
 function request()
 {
-    return SimpleRouter::request();
+    return Router::request();
 }

 /**
@@ -297,8 +298,7 @@ function request()
 */
 function input($index = null, $defaultValue = null, $methods = null)
 {
-    if($index !== null)
-    {
+    if ($index !== null) {
        return request()->getInput()->get($index, $defaultValue, $methods);
    }

@@ -313,6 +313,20 @@ function redirect($url, $code = null)

    response()->redirect($url);
 }
+
+/**
+ * Get current csrf-token
+ * @return string|null
+ */
+function csrf_token()
+{
+    $baseVerifier = Router::router()->getCsrfVerifier();
+    if ($baseVerifier !== null) {
+        return $baseVerifier->getToken();
+    }
+
+    return null;
+}
 ```

 ---
@@ -695,6 +709,20 @@ You can get the CSRF-token by calling the helper method:
 csrf_token();
 ```

+The default name/key for the input-field is `csrf_token` and is defined in the `POST_KEY` constant in the `BaseCsrfVerifier` class.
+You can change the key by overwriting the constant in your own CSRF-verifier class.
+
+**Example:**
+
+The example below will post to the current url with a hidden field "`csrf_token`".
+
+```html
+<form method="post" action="<?= url(); ?>">
+    <input type="hidden" name="csrf_token" value="<?= csrf_token(); ?>">
+    <!-- other input elements here -->
+</form>
+```
+
 ---

 # Middlewares
@@ -63,4 +63,18 @@ function redirect($url, $code = null)
    }

    response()->redirect($url);
+}
+
+/**
+ * Get current csrf-token
+ * @return string|null
+ */
+function csrf_token()
+{
+    $baseVerifier = Router::router()->getCsrfVerifier();
+    if ($baseVerifier !== null) {
+        return $baseVerifier->getToken();
+    }
+
+    return null;
 }
@@ -1,4 +1,5 @@
 <?php
+
 namespace Pecee\Http\Middleware;

 use Pecee\CsrfToken;
@@ -285,7 +285,8 @@ class Router
        }

        if ($routeNotAllowed === true) {
-            $this->handleException(new HttpException('Route or method not allowed', 403));
+			$message = sprintf('Route "%s" or method "%s" not allowed.', $this->request->getUri()->getPath(), $this->request->getMethod());
+            $this->handleException(new HttpException($message, 403));
        }

        if ($this->request->getLoadedRoute() === null) {
@@ -329,25 +330,31 @@ class Router
                throw new HttpException('Exception handler must implement the IExceptionHandler interface.', 500);
            }

-            if ($handler->handleError($this->request, $e) !== null) {
+            try {

-                $rewriteRoute = $this->request->getRewriteRoute();
+                if ($handler->handleError($this->request, $e) !== null) {

-                if ($rewriteRoute !== null) {
-                    $rewriteRoute->loadMiddleware($this->request);
+                    $rewriteRoute = $this->request->getRewriteRoute();

-                    return $rewriteRoute->renderRoute($this->request);
+                    if ($rewriteRoute !== null) {
+                        $rewriteRoute->loadMiddleware($this->request);
+
+                        return $rewriteRoute->renderRoute($this->request);
+                    }
+
+                    $rewriteUrl = $this->request->getRewriteUrl();
+
+                    /* If the request has changed */
+                    if ($rewriteUrl !== null && $rewriteUrl !== $url) {
+                        unset($this->exceptionHandlers[$i]);
+                        $this->exceptionHandlers = array_values($this->exceptionHandlers);
+
+                        return $this->routeRequest(true);
+                    }
                }

-                $rewriteUrl = $this->request->getRewriteUrl();
+            } catch (\Exception $e) {

-                /* If the request has changed */
-                if ($rewriteUrl !== null && $rewriteUrl !== $url) {
-                    unset($this->exceptionHandlers[$i]);
-                    $this->exceptionHandlers = array_values($this->exceptionHandlers);
-
-                    return $this->routeRequest(true);
-                }
            }
        }

@@ -588,4 +595,4 @@ class Router
        return $this;
    }

-}
+}
Author	SHA1	Message	Date
Simon Sessingø	a565f66c4c	Merge pull request #301 from skipperbent/v3-development Version 3.4.5.3	2017-10-23 22:08:09 +02:00
Simon Sessingø	832ef992a3	Merge pull request #300 from skipperbent/csrf-documentation Added CSRF form-example in documentation (issue: #299)	2017-10-23 22:05:41 +02:00
Simon Sessingø	cc5e417db9	Update README.md	2017-10-23 22:05:27 +02:00
Simon Sessingø	2cc90e28d0	Update README.md	2017-10-23 22:04:28 +02:00
Simon Sessingø	eb63a5d6ba	Added CSRF form-example in documentation (issue: #299 )	2017-10-23 22:01:19 +02:00
Simon Sessingø	a07b30a80d	Merge pull request #298 from jatubio/patch-2 Added more info on route or method not allowed exception	2017-10-12 15:53:03 +02:00
Juan Antonio Tubio	c45cd6347a	Added more info on route or method not allowed exception	2017-10-11 16:02:26 +02:00
Simon Sessingø	4a353efc97	Merge pull request #296 from skipperbent/v3 V3	2017-10-07 17:53:27 +02:00
Simon Sessingø	f7ce440c56	Merge pull request #295 from skipperbent/v3-development Fixed: try next exception-handler if one throws error.	2017-10-07 17:53:17 +02:00
Simon Sessingø	41705f030a	Fixed: try next exception-handler if one throws error.	2017-10-07 12:33:24 +01:00
Simon Sessingø	18fa0f9610	Merge pull request #294 from skipperbent/v3 V3	2017-09-25 08:51:13 +02:00
Simon Sessingø	66ecf0ee33	Merge pull request #293 from skipperbent/v3-development Readded csrf_token helper function - don't run away this time.	2017-09-25 08:51:02 +02:00
Simon Sessingø	4ba15033d9	Readded csrf_token helper function - don't run away this time.	2017-09-09 01:40:44 +01:00
Simon Sessingø	60393a3722	Merge pull request #291 from skipperbent/v3 V3	2017-09-03 19:43:22 +02:00
Simon Sessingø	3df3ef36ef	Merge pull request #288 from skipperbent/v3 V3	2017-08-31 13:05:45 +02:00
Simon Sessingø	c723ca7e61	Merge pull request #283 from skipperbent/v3 V3	2017-08-24 16:53:29 +02:00
Simon Sessingø	e3b6899375	Merge pull request #280 from skipperbent/v3 V3	2017-08-24 03:13:06 +02:00
Simon Sessingø	a179450018	Merge pull request #277 from skipperbent/v3 V3	2017-08-23 23:50:26 +02:00
Simon Sessingø	ac3e9ed2ac	Merge pull request #274 from skipperbent/v3 V3	2017-08-23 22:31:00 +02:00