Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check token correctly #78

Merged
merged 4 commits into from
Dec 17, 2020
Merged

Check token correctly #78

merged 4 commits into from
Dec 17, 2020

Conversation

tijsverkoyen
Copy link
Member

The previous fix only fixed checking if the token was submitted.
Further on in the code the submitted value was not used, instead the value of the automagically added field was used. Which made the check useless as it will alway be the same...

@tijsverkoyen
Store the submitted token in a variable
492ac8e
@tijsverkoyen
Use our previously stored variable
fca1103 
If we use `$this->getField('form_token')->getValue();` it will use the field
that is automagically added, instead of the real submitted value.
@tijsverkoyen tijsverkoyen requested review from carakas and a team December 16, 2020 15:38
carakas
carakas requested changes Dec 16, 2020
View reviewed changes
spoon/form/form.php Outdated
if ($this->getMethod() === 'get' && !isset($_GET['form_token'])
|| $this->getMethod() === 'post' && !isset($_POST['form_token'])) {
$submittedToken = '';
if ($this->getMethod() === 'get' && !isset($_GET['form_token']) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i think there is still something wrong here. You are checking if the method is get and if there isn't a form token in $_GET. If that is the case you try to get the not existing token out of $_GET.
The same happens with $_POST

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You also forgot to close a ) here and with the post one

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in 68eb811

carakas
carakas requested changes Dec 16, 2020
View reviewed changes
spoon/form/form.php Outdated
if ($this->getMethod() === 'get' && !isset($_GET['form_token'])
|| $this->getMethod() === 'post' && !isset($_POST['form_token'])) {
$submittedToken = '';
if ($this->getMethod() === 'get' && !isset($_GET['form_token']) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You also forgot to close a ) here and with the post one

@carakas carakas merged commit e86d149 into forkcms:master Dec 17, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carakas carakas carakas requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tijsverkoyen @carakas