Jingga/phpOMS
1
0
Fork 0
mirror of https://github.com/Karaka-Management/phpOMS.git synced 2026-02-11 14:38:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

improve csrf check

Browse Source
This commit is contained in:
Dennis Eichhorn 2019-06-05 22:24:55 +02:00
parent 7ad7e9be41
commit 44a003b787
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Router/Router.php
View File

@ -43,8 +43,9 @@ final class Router
* Files need to return a php array of the following structure: * Files need to return a php array of the following structure:
* return [ * return [
* '{REGEX_PATH}' => [ * '{REGEX_PATH}' => [
* 'dest' => '{DESTINATION_NAMESPACE:method}', // can also be static by using :: between namespace and functio name * 'dest' => '{DESTINATION_NAMESPACE:method}', // can also be static by using :: between namespace and function name
* 'verb' => RouteVerb::{VERB}, * 'verb' => RouteVerb::{VERB},
* 'csrf' => true,
* 'permission' => [ // optional * 'permission' => [ // optional
* 'module' => '{MODULE_NAME}', * 'module' => '{MODULE_NAME}',
* 'type' => PermissionType::{TYPE}, * 'type' => PermissionType::{TYPE},
@ -131,7 +132,7 @@ final class Router
|| ($verb & $d['verb']) === $verb || ($verb & $d['verb']) === $verb
) { ) {
// if csrf is required but not set // if csrf is required but not set
if (isset($d['csrf']) && $csrf === null) { if (isset($d['csrf']) && $d['csrf'] && $csrf === null) {
\array_merge($bound, $this->route('/' . $app . '/e403', $csrf, $verb)); \array_merge($bound, $this->route('/' . $app . '/e403', $csrf, $verb));
continue; continue;