Skip to content

Commit ddaca7a

Browse files
mevdscheemevdschee
committed
use PSR-7 for Xsrf
1 parent 531befb commit ddaca7a

File tree

2 files changed

+12
-10
lines changed

2 files changed

+12
-10
lines changed

api.include.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9161,13 +9161,14 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
91619161

91629162
class XsrfMiddleware extends Middleware
91639163
{
9164-
private function getToken(): string
9164+
private function getToken(ServerRequestInterface $request): string
91659165
{
91669166
$cookieName = $this->getProperty('cookieName', 'XSRF-TOKEN');
9167-
if (isset($_COOKIE[$cookieName])) {
9168-
$token = $_COOKIE[$cookieName];
9167+
$cookieParams = $request->getCookieParams();
9168+
if (isset($cookieParams[$cookieName])) {
9169+
$token = $cookieParams[$cookieName];
91699170
} else {
9170-
$secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
9171+
$secure = $request->getUri()->getScheme() == 'https';
91719172
$token = bin2hex(random_bytes(8));
91729173
if (!headers_sent()) {
91739174
setcookie($cookieName, $token, 0, '/', '', $secure);
@@ -9178,7 +9179,7 @@ private function getToken(): string
91789179

91799180
public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
91809181
{
9181-
$token = $this->getToken();
9182+
$token = $this->getToken($request);
91829183
$method = $request->getMethod();
91839184
$excludeMethods = $this->getArrayProperty('excludeMethods', 'OPTIONS,GET');
91849185
if (!in_array($method, $excludeMethods)) {

api.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -9161,13 +9161,14 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
91619161

91629162
class XsrfMiddleware extends Middleware
91639163
{
9164-
private function getToken(): string
9164+
private function getToken(ServerRequestInterface $request): string
91659165
{
91669166
$cookieName = $this->getProperty('cookieName', 'XSRF-TOKEN');
9167-
if (isset($_COOKIE[$cookieName])) {
9168-
$token = $_COOKIE[$cookieName];
9167+
$cookieParams = $request->getCookieParams();
9168+
if (isset($cookieParams[$cookieName])) {
9169+
$token = $cookieParams[$cookieName];
91699170
} else {
9170-
$secure = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on';
9171+
$secure = $request->getUri()->getScheme() == 'https';
91719172
$token = bin2hex(random_bytes(8));
91729173
if (!headers_sent()) {
91739174
setcookie($cookieName, $token, 0, '/', '', $secure);
@@ -9178,7 +9179,7 @@ private function getToken(): string
91789179

91799180
public function process(ServerRequestInterface $request, RequestHandlerInterface $next): ResponseInterface
91809181
{
9181-
$token = $this->getToken();
9182+
$token = $this->getToken($request);
91829183
$method = $request->getMethod();
91839184
$excludeMethods = $this->getArrayProperty('excludeMethods', 'OPTIONS,GET');
91849185
if (!in_array($method, $excludeMethods)) {

0 commit comments

Comments
 (0)