mcndave/picea-ui
1
0
Fork 0
Code Issues Pull Requests Projects 1 Releases Wiki Activity

- Fixed CSRF missing from sent form

Browse Source
This commit is contained in:
Dave M. 2025-11-06 17:17:45 +00:00
parent 6e7a8f12fb
commit 2e3788a295
2 changed files with 6 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Form/UiForm.php
View File

@ -85,7 +85,7 @@ class UiForm extends UiElement implements Extension {
if ($this->csrf) { if ($this->csrf) {
$token = md5($name . microtime()); $token = md5($name . microtime());
$key = "picea-ui:form:{$name}"; $key = "picea-ui.form:{$name}";
if (count($_SESSION[$key] ?? []) > 100) { if (count($_SESSION[$key] ?? []) > 100) {
array_shift($_SESSION[$key]); array_shift($_SESSION[$key]);

15
src/Method/FormContext.php
View File

@ -31,13 +31,8 @@ class FormContext implements FormContextInterface
public function __construct( public function __construct(
public ServerRequestInterface $formContextRequest, public ServerRequestInterface $formContextRequest,
? string $formName = null public readonly ? string $formName = null
) ) {
{
if ( $formName ) {
$this->formName = $formName;
}
$this->formContextValues = $formContextRequest->getParsedBody() ?: []; $this->formContextValues = $formContextRequest->getParsedBody() ?: [];
if ( ! $this->formContextValues ) { if ( ! $this->formContextValues ) {
@ -77,11 +72,11 @@ class FormContext implements FormContextInterface
{ {
$valid = in_array($this->requestMethod(), $this->formContextCatchedMethods); $valid = in_array($this->requestMethod(), $this->formContextCatchedMethods);
if ( ! $this->formSkipCsrf && ($this->formName ?? false) ) { if ( (! $this->formSkipCsrf) && ! empty($this->formName) ) {
$token = $this->get('picea-ui-form')[$this->formName] ?? false; $token = $this->get('picea-ui-form')[$this->formName] ?? false;
if ( $token ) { if ( $token ) {
if ($this->validateCsrfToken) { if (! $this->formSkipCsrf) {
$valid = in_array($token, $_SESSION["picea-ui.form:{$this->formName}"] ?? []); $valid = in_array($token, $_SESSION["picea-ui.form:{$this->formName}"] ?? []);
} }
else { else {
@ -211,7 +206,7 @@ class FormContext implements FormContextInterface
} }
elseif ($types instanceof \ReflectionIntersectionType || $types instanceof \ReflectionUnionType) { elseif ($types instanceof \ReflectionIntersectionType || $types instanceof \ReflectionUnionType) {
foreach($types->getTypes() as $type) { foreach($types->getTypes() as $type) {
return $value = $cast($type->getName()); return $cast($type->getName());
} }
} }