Browse Source

disable CSRF validation after validation has failed

this allows to be able to call error action.

fixes #1244
tags/2.0.0-beta
Carsten Brandt 11 years ago
parent
commit
64862f96ca
  1. 2
      framework/yii/web/Controller.php

2
framework/yii/web/Controller.php

@ -92,6 +92,8 @@ class Controller extends \yii\base\Controller
{
if (parent::beforeAction($action)) {
if ($this->enableCsrfValidation && !Yii::$app->getRequest()->validateCsrfToken()) {
// avoid checking again if errorAction is called to display exception
Yii::$app->getRequest()->enableCsrfValidation = false;
throw new HttpException(400, Yii::t('yii', 'Unable to verify your data submission.'));
}
return true;

Loading…
Cancel
Save