Home Explore Help
Sign In
githab
/
cakephp
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #7525 from cakephp/csrf-token

Unset CSRF token from request data after token validation.

This omits the csrf token in prg workflows.
Mark Story 10 years ago
parent
7df65e63bb 5f76c1c30e
commit
29cfdc64de
2 changed files with 2 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      src/Controller/Component/CsrfComponent.php
  2. 1 0
      tests/TestCase/Controller/Component/CsrfComponentTest.php

+ 1 - 0
src/Controller/Component/CsrfComponent.php
View File 

@@ -94,6 +94,7 @@ class CsrfComponent extends Component
 
         }
 
         if ($request->is(['patch', 'put', 'post', 'delete'])) {
 
             $this->_validateToken($request);
 
+            unset($request->data[$this->_config['field']]);
 
         }
 
     }

+ 1 - 0
tests/TestCase/Controller/Component/CsrfComponentTest.php
View File 

@@ -156,6 +156,7 @@ class CsrfComponentTest extends TestCase
 
         $event = new Event('Controller.startup', $controller);
 
         $result = $this->component->startup($event);
 
         $this->assertNull($result, 'No exception means valid.');
 
+        $this->assertFalse(isset($controller->request->data['_csrfToken']));
 
     }
 
 
     /**