From 80208ca4d8d1724072055023f1b8a8bd20f5a70b Mon Sep 17 00:00:00 2001 From: ADmad Date: Fri, 21 Apr 2017 06:38:54 +0530 Subject: [PATCH] Don't pass by reference. --- src/Http/Middleware/CsrfProtectionMiddleware.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/Http/Middleware/CsrfProtectionMiddleware.php b/src/Http/Middleware/CsrfProtectionMiddleware.php index cce0ebf476d..4396b4490ce 100644 --- a/src/Http/Middleware/CsrfProtectionMiddleware.php +++ b/src/Http/Middleware/CsrfProtectionMiddleware.php @@ -102,7 +102,7 @@ public function __invoke(ServerRequestInterface $request, ResponseInterface $res $method = $request->getMethod(); if ($method === 'GET' && $cookieData === null) { - $this->_setToken($request, $response); + list($request, $response) = $this->_setToken($request, $response); return $next($request, $response); } @@ -140,9 +140,9 @@ protected function _validateAndUnsetTokenField(ServerRequestInterface $request) * * @param \Psr\Http\Message\ServerRequestInterface $request The request object. * @param \Psr\Http\Message\ResponseInterface $response The response object. - * @return void + * @return array */ - protected function _setToken(ServerRequestInterface &$request, ResponseInterface &$response) + protected function _setToken(ServerRequestInterface $request, ResponseInterface $response) { $expiry = new Time($this->_config['expiry']); $value = hash('sha512', Security::randomBytes(16), false); @@ -158,6 +158,8 @@ protected function _setToken(ServerRequestInterface &$request, ResponseInterface 'secure' => $this->_config['secure'], 'httpOnly' => $this->_config['httpOnly'], ]); + + return [$request, $response]; } /**