Added default message for InvalidCsrfTokenException

Updated thrown exception messages to be more descriptive of the cause
cakephp · May 23, 2015 · 08a0e8c · 08a0e8c
1 parent fb5a79e
commit 08a0e8c
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/src/Controller/Component/CsrfComponent.php b/src/Controller/Component/CsrfComponent.php
@@ -145,11 +145,11 @@ protected function _validateToken(Request $request)
         $header = $request->header('X-CSRF-Token');
 
         if (empty($cookie)) {
-            throw new InvalidCsrfTokenException(__d('cake', 'Invalid CSRF token.'));
+            throw new InvalidCsrfTokenException(__d('cake', 'Missing CSRF token cookie'));
         }
 
         if ($post !== $cookie && $header !== $cookie) {
-            throw new InvalidCsrfTokenException(__d('cake', 'Invalid CSRF token.'));
+            throw new InvalidCsrfTokenException(__d('cake', 'CSRF token mismatch.'));
         }
     }
 }
diff --git a/src/Network/Exception/InvalidCsrfTokenException.php b/src/Network/Exception/InvalidCsrfTokenException.php
@@ -16,7 +16,20 @@
  * Represents an HTTP 403 error caused by an invalid CSRF token
  *
  */
-class InvalidCsrfTokenException extends ForbiddenException
+class InvalidCsrfTokenException extends HttpException
 {
 
+    /**
+     * Constructor
+     *
+     * @param string $message If no message is given 'Invalid  CSRF Token' will be the message
+     * @param int $code Status code, defaults to 403
+     */
+    public function __construct($message = null, $code = 403)
+    {
+        if (empty($message)) {
+            $message = 'Invalid  CSRF Token';
+        }
+        parent::__construct($message, $code);
+    }
 }