Dev: preparing an event for the SAML integration

LimeSurvey · Jun 22, 2018 · 03fda43 · 03fda43
1 parent 07af548
commit 03fda43
Showing 1 changed file with 19 additions and 1 deletion.
diff --git a/application/core/LSHttpRequest.php b/application/core/LSHttpRequest.php
@@ -151,14 +151,32 @@ protected function normalizeRequest()
 
         $route = Yii::app()->getUrlManager()->parseUrl($this);
         if ($this->enableCsrfValidation) {
-            foreach ($this->noCsrfValidationRoutes as $cr) {
+
+            $beforeUrlCheck = new PluginEvent('beforeUrlCheck');
+            $beforeUrlCheck->set('routes', $this->noCsrfValidationRoutes);
+            $beforeUrlCheck->set('params', []);
+            App()->getPluginManager()->dispatchEvent($beforeUrlCheck);
+            $validationRoutes = $beforeUrlCheck->get('routes');
+            $validationParams = $beforeUrlCheck->get('params');
+
+            foreach ($validationRoutes as $cr) {
                 if (preg_match('#'.$cr.'#', $route)) {
                     Yii::app()->detachEventHandler('onBeginRequest',
                         array($this, 'validateCsrfToken'));
                     Yii::trace('Route "'.$route.' passed without CSRF validation');
                     break; // found first route and break
                 }
             }
+
+            foreach ($validationParams as $key => $value) {
+                if (isset($_GET[$key]) && $_GET[$key] === $value) {
+                    Yii::app()->detachEventHandler('onBeginRequest',
+                        array($this, 'validateCsrfToken'));
+                    Yii::trace('Route "'.$route.' passed without CSRF validation');
+                    break; // found first param and break
+                }
+            }
+
         }
     }