Add missing CSRF checks

This commit is contained in:
Frédéric Guillot
2021-06-05 14:33:19 -07:00
committed by fguillot
parent 41102ec161
commit 71123b0f37
23 changed files with 58 additions and 17 deletions

View File

@@ -33,6 +33,13 @@ abstract class BaseController extends Base
}
}
protected function checkReusableGETCSRFParam()
{
if (! $this->token->validateReusableCSRFToken($this->request->getStringParam('csrf_token'))) {
throw new AccessForbiddenException();
}
}
protected function checkCSRFForm()
{
if (! $this->token->validateCSRFToken($this->request->getRawValue('csrf_token'))) {