mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-26 19:20:21 +02:00
Code Issues Releases Wiki Activity

CSRF protection on logout action

Browse Source
This commit is contained in:
Toby Zerner
2015-07-07 15:30:13 +09:30
parent 23eec806e6
commit c6e297e849
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
framework/core/src/Forum/Actions/LogoutAction.php
View File

@@ -1,5 +1,6 @@
<?php namespace Flarum\Forum\Actions; <?php namespace Flarum\Forum\Actions;
use Flarum\Api\AccessToken;
use Flarum\Forum\Events\UserLoggedOut; use Flarum\Forum\Events\UserLoggedOut;
use Flarum\Support\Action; use Flarum\Support\Action;
use Psr\Http\Message\ServerRequestInterface as Request; use Psr\Http\Message\ServerRequestInterface as Request;
@@ -18,6 +19,10 @@ class LogoutAction extends Action
$user = app('flarum.actor'); $user = app('flarum.actor');
if ($user->exists) { if ($user->exists) {
$token = array_get($request->getQueryParams(), 'token');
AccessToken::where('user_id', $user->id)->findOrFail($token);
$user->accessTokens()->delete(); $user->accessTokens()->delete();
event(new UserLoggedOut($user)); event(new UserLoggedOut($user));