Browse Source

refactored Request::validateCsrfToken().

tags/2.0.0-beta
Qiang Xue 11 years ago
parent
commit
1aeb86df78
  1. 18
      framework/yii/web/Request.php

18
framework/yii/web/Request.php

@ -1027,16 +1027,12 @@ class Request extends \yii\base\Request
*/
public function validateCsrfToken()
{
if (!$this->enableCsrfValidation) {
$method = $this->getMethod();
if (!$this->enableCsrfValidation || !in_array($method, array('POST', 'PUT', 'PATCH', 'DELETE'), true)) {
return true;
}
$method = $this->getMethod();
if ($method === 'POST' || $method === 'PUT' || $method === 'PATCH' || $method === 'DELETE') {
$trueToken = $this->getCookies()->getValue($this->csrfVar);
switch ($method) {
case 'POST':
$token = $this->getPost($this->csrfVar);
break;
case 'PUT':
$token = $this->getPut($this->csrfVar);
break;
@ -1045,11 +1041,11 @@ class Request extends \yii\base\Request
break;
case 'DELETE':
$token = $this->getDelete($this->csrfVar);
break;
default:
$token = $this->getPost($this->csrfVar);
break;
}
return !empty($token) && $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
} else {
return true;
}
return $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
}
}

Loading…
Cancel
Save