- Fixed CSRF missing from sent form
This commit is contained in:
parent
6e7a8f12fb
commit
2e3788a295
@ -85,7 +85,7 @@ class UiForm extends UiElement implements Extension {
|
||||
|
||||
if ($this->csrf) {
|
||||
$token = md5($name . microtime());
|
||||
$key = "picea-ui:form:{$name}";
|
||||
$key = "picea-ui.form:{$name}";
|
||||
|
||||
if (count($_SESSION[$key] ?? []) > 100) {
|
||||
array_shift($_SESSION[$key]);
|
||||
|
||||
@ -31,13 +31,8 @@ class FormContext implements FormContextInterface
|
||||
|
||||
public function __construct(
|
||||
public ServerRequestInterface $formContextRequest,
|
||||
? string $formName = null
|
||||
)
|
||||
{
|
||||
if ( $formName ) {
|
||||
$this->formName = $formName;
|
||||
}
|
||||
|
||||
public readonly ? string $formName = null
|
||||
) {
|
||||
$this->formContextValues = $formContextRequest->getParsedBody() ?: [];
|
||||
|
||||
if ( ! $this->formContextValues ) {
|
||||
@ -77,11 +72,11 @@ class FormContext implements FormContextInterface
|
||||
{
|
||||
$valid = in_array($this->requestMethod(), $this->formContextCatchedMethods);
|
||||
|
||||
if ( ! $this->formSkipCsrf && ($this->formName ?? false) ) {
|
||||
if ( (! $this->formSkipCsrf) && ! empty($this->formName) ) {
|
||||
$token = $this->get('picea-ui-form')[$this->formName] ?? false;
|
||||
|
||||
if ( $token ) {
|
||||
if ($this->validateCsrfToken) {
|
||||
if (! $this->formSkipCsrf) {
|
||||
$valid = in_array($token, $_SESSION["picea-ui.form:{$this->formName}"] ?? []);
|
||||
}
|
||||
else {
|
||||
@ -211,7 +206,7 @@ class FormContext implements FormContextInterface
|
||||
}
|
||||
elseif ($types instanceof \ReflectionIntersectionType || $types instanceof \ReflectionUnionType) {
|
||||
foreach($types->getTypes() as $type) {
|
||||
return $value = $cast($type->getName());
|
||||
return $cast($type->getName());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user