minor #13216 Fixed CSRF check in controller (HeahDude)

javiereguiluz · javiereguiluz · commit 325c6d78b5ca · 2020-02-22T12:08:26.000+01:00
This PR was merged into the 3.4 branch. Discussion ---------- Fixed CSRF check in controller Commits ------- ee481e9 Fixed CSRF check in controller
diff --git a/controller/csrf_token_validation.rst b/controller/csrf_token_validation.rst
@@ -9,9 +9,11 @@ want to use the Symfony Form component. If, for example, you are implementing
 a DELETE action, you can use the :method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid`
 method to check the validity of a CSRF token::
 
-    public function deleteAction()
+    use Symfony\Component\HttpFoundation\Request;
+
+    public function deleteAction(Request $request)
     {
-        if ($this->isCsrfTokenValid('token_id', $submittedToken)) {
+        if ($this->isCsrfTokenValid('token_id', $request->request->get('token_param'))) {
             // ... do something, like deleting an object
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -9,9 +9,11 @@ want to use the Symfony Form component. If, for example, you are implementing`
`9`	`9`	a DELETE action, you can use the :method:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller::isCsrfTokenValid`
`10`	`10`	`method to check the validity of a CSRF token::`
`11`	`11`
`12`		`- public function deleteAction()`
	`12`	`+ use Symfony\Component\HttpFoundation\Request;`
	`13`	`+`
	`14`	`+ public function deleteAction(Request $request)`
`13`	`15`	`{`
`14`		`- if ($this->isCsrfTokenValid('token_id', $submittedToken)) {`
	`16`	`+ if ($this->isCsrfTokenValid('token_id', $request->request->get('token_param'))) {`
`15`	`17`	`// ... do something, like deleting an object`
`16`	`18`	`}`
`17`	`19`	`}`