mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-08-04 23:47:32 +02:00
Code Issues Releases Wiki Activity

Remove deprecated CSRF wildcard path match

Browse Source
This commit is contained in:
Alexander Skvortsov
2021-01-19 19:09:06 -05:00
parent 4561f56fb9
commit a10da427ff
3 changed files with 1 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/Extend/Csrf.php
View File

@@ -28,18 +28,6 @@ class Csrf implements ExtenderInterface
return $this;
}
/**
* Exempt a path from csrf checks. Wildcards are supported.
*
* @deprecated beta 15, remove beta 16. Exempt routes should be used instead.
*/
public function exemptPath(string $path)
{
$this->csrfExemptRoutes[] = $path;
return $this;
}
public function extend(Container $container, Extension $extension = null)
{
$container->extend('flarum.http.csrfExemptPaths', function ($existingExemptPaths) {

6
src/Http/Middleware/CheckCsrfToken.php
View File

@@ -26,12 +26,8 @@ class CheckCsrfToken implements Middleware
public function process(Request $request, Handler $handler): Response
{
$path = $request->getAttribute('originalUri')->getPath();
foreach ($this->exemptRoutes as $exemptRoute) {
/**
* @deprecated path match should be removed in beta 16, only route name match should be supported.
*/
if ($exemptRoute === $request->getAttribute('routeName') || fnmatch($exemptRoute, $path)) {
if ($exemptRoute === $request->getAttribute('routeName')) {
return $handler->handle($request);
}
}