Jingga/phpOMS
1
0
Fork 0
mirror of https://github.com/Karaka-Management/phpOMS.git synced 2026-01-20 05:18:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

improve csrf check

Browse Source
This commit is contained in:
Dennis Eichhorn 2019-06-05 22:24:55 +02:00
parent 7ad7e9be41
commit 44a003b787
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Router/Router.php
View File

@ -43,8 +43,9 @@ final class Router
* Files need to return a php array of the following structure:
* return [
* '{REGEX_PATH}' => [
* 'dest' => '{DESTINATION_NAMESPACE:method}', // can also be static by using :: between namespace and functio name
* 'dest' => '{DESTINATION_NAMESPACE:method}', // can also be static by using :: between namespace and function name
* 'verb' => RouteVerb::{VERB},
* 'csrf' => true,
* 'permission' => [ // optional
* 'module' => '{MODULE_NAME}',
* 'type' => PermissionType::{TYPE},
@ -131,7 +132,7 @@ final class Router
|| ($verb & $d['verb']) === $verb
) {
// if csrf is required but not set
if (isset($d['csrf']) && $csrf === null) {
if (isset($d['csrf']) && $d['csrf'] && $csrf === null) {
\array_merge($bound, $this->route('/' . $app . '/e403', $csrf, $verb));
continue;