Commit 1aeb86df by Qiang Xue

refactored Request::validateCsrfToken().

parent 4f555a57
...@@ -1027,16 +1027,12 @@ class Request extends \yii\base\Request ...@@ -1027,16 +1027,12 @@ class Request extends \yii\base\Request
*/ */
public function validateCsrfToken() public function validateCsrfToken()
{ {
if (!$this->enableCsrfValidation) { $method = $this->getMethod();
if (!$this->enableCsrfValidation || !in_array($method, array('POST', 'PUT', 'PATCH', 'DELETE'), true)) {
return true; return true;
} }
$method = $this->getMethod();
if ($method === 'POST' || $method === 'PUT' || $method === 'PATCH' || $method === 'DELETE') {
$trueToken = $this->getCookies()->getValue($this->csrfVar); $trueToken = $this->getCookies()->getValue($this->csrfVar);
switch ($method) { switch ($method) {
case 'POST':
$token = $this->getPost($this->csrfVar);
break;
case 'PUT': case 'PUT':
$token = $this->getPut($this->csrfVar); $token = $this->getPut($this->csrfVar);
break; break;
...@@ -1045,11 +1041,11 @@ class Request extends \yii\base\Request ...@@ -1045,11 +1041,11 @@ class Request extends \yii\base\Request
break; break;
case 'DELETE': case 'DELETE':
$token = $this->getDelete($this->csrfVar); $token = $this->getDelete($this->csrfVar);
break;
default:
$token = $this->getPost($this->csrfVar);
break;
} }
return $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
return !empty($token) && $token === $trueToken || $this->getCsrfTokenFromHeader() === $trueToken;
} else {
return true;
}
} }
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment