Skip to content
This repository has been archived by the owner on Nov 8, 2020. It is now read-only.

Commit

Permalink
Post has precedence
Browse files Browse the repository at this point in the history
  • Loading branch information
@klapuch
klapuch committed Nov 19, 2016
1 parent 3ea9613 commit 37b5664
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion Core/StoredCsrf.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,6 @@ private function solid(string $token): bool {
* @return string
*/
private function twin(): string {
return ($this->get + $this->post)[self::NAME] ?? self::INVALID_TOKEN;
return ($this->post + $this->get)[self::NAME] ?? self::INVALID_TOKEN;
}
}
6 changes: 3 additions & 3 deletions Tests/Unit/StoredCsrf.phpt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,10 +128,10 @@ final class StoredCsrf extends Tester\TestCase {
Assert::true($csrf->abused());
}

public function testMatchingGetWithPrecedence() {
public function testMatchingPostWithPrecedence() {
$this->session[Csrf\Csrf::NAME] = str_repeat('a', 22);
$this->get[Csrf\Csrf::NAME] = str_repeat('a', 22);
$this->post[Csrf\Csrf::NAME] = str_repeat('b', 30);
$this->get[Csrf\Csrf::NAME] = str_repeat('b', 30);
$this->post[Csrf\Csrf::NAME] = str_repeat('a', 22);
$csrf = new Csrf\StoredCsrf($this->session, $this->post, $this->get);
Assert::false($csrf->abused());
}
Expand Down

0 comments on commit 37b5664

Please sign in to comment.