From 1aeb86df78148bd3793ebac2047150ec4e2c57ce Mon Sep 17 00:00:00 2001
From: Qiang Xue <qiang.xue@gmail.com>
Date: Thu, 19 Sep 2013 08:24:06 -0400
Subject: [PATCH] refactored Request::validateCsrfToken().

---
 framework/yii/web/Request.php | 38 +++++++++++++++++---------------------
 1 file changed, 17 insertions(+), 21 deletions(-)

diff --git a/framework/yii/web/Request.php b/framework/yii/web/Request.php
index 6b805ea..a07deaa 100644
--- a/framework/yii/web/Request.php
+++ b/framework/yii/web/Request.php
@@ -1027,29 +1027,25 @@ class Request extends \yii\base\Request
 	 */
 	public function validateCsrfToken()
 	{
-		if (!$this->enableCsrfValidation) {
-			return true;
-		}
 		$method = $this->getMethod();
-		if ($method === 'POST' || $method === 'PUT' || $method === 'PATCH' || $method === 'DELETE') {
-			$trueToken = $this->getCookies()->getValue($this->csrfVar);
-			switch ($method) {
-				case 'POST':
-					$token = $this->getPost($this->csrfVar);
-					break;
-				case 'PUT':
-					$token = $this->getPut($this->csrfVar);
-					break;
-				case 'PATCH':
-					$token = $this->getPatch($this->csrfVar);
-					break;
-				case 'DELETE':
-					$token = $this->getDelete($this->csrfVar);
-			}
-
-			return !empty($token) && $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
-		} else {
+		if (!$this->enableCsrfValidation || !in_array($method, array('POST', 'PUT', 'PATCH', 'DELETE'), true)) {
 			return true;
 		}
+		$trueToken = $this->getCookies()->getValue($this->csrfVar);
+		switch ($method) {
+			case 'PUT':
+				$token = $this->getPut($this->csrfVar);
+				break;
+			case 'PATCH':
+				$token = $this->getPatch($this->csrfVar);
+				break;
+			case 'DELETE':
+				$token = $this->getDelete($this->csrfVar);
+				break;
+			default:
+				$token = $this->getPost($this->csrfVar);
+				break;
+		}
+		return $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
 	}
 }