From 92c73abaae4a9de6bf01ae3f950c04a7ebf7fa2e Mon Sep 17 00:00:00 2001
From: ivica <ivica.nedeljkovic@gmail.com>
Date: Thu, 1 Mar 2012 16:47:18 +0100
Subject: [PATCH] Enabled CSRF validation

---
 app/protected/config/common.php                              | 2 +-
 .../modules/zurmo/components/BeginRequestBehavior.php        | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/protected/config/common.php b/app/protected/config/common.php
index 5937e0a56..a81b77a3f 100644
--- a/app/protected/config/common.php
+++ b/app/protected/config/common.php
@@ -163,7 +163,7 @@
                 'timeZone'             => 'America/Chicago',
             ),
             'request' => array(
-                'enableCsrfValidation' => false,
+                'enableCsrfValidation' => true,
                 'enableCookieValidation' => false, //keep off until we can fix it on linux/windows servers.
             ),
             'urlManager' => array (
diff --git a/app/protected/modules/zurmo/components/BeginRequestBehavior.php b/app/protected/modules/zurmo/components/BeginRequestBehavior.php
index 9d8210386..0baa6042d 100644
--- a/app/protected/modules/zurmo/components/BeginRequestBehavior.php
+++ b/app/protected/modules/zurmo/components/BeginRequestBehavior.php
@@ -28,6 +28,11 @@ class BeginRequestBehavior extends CBehavior
     {
         public function attach($owner)
         {
+            if(Yii::app()->apiRequest->isApiRequest())
+            {
+                Yii::app()->detachEventHandler('onBeginRequest',array(Yii::app()->request,'validateCsrfToken'));
+            }
+
             $owner->attachEventHandler('onBeginRequest', array($this, 'handleImports'));
             if (Yii::app()->apiRequest->isApiRequest())
             {