/** * Validate the request data against the cookie token. * * @param \Cake\Network\Request $request The request to validate against. * @throws \Cake\Network\Exception\InvalidCsrfTokenException when the CSRF token is invalid or missing. * @return void */ protected function _validateToken(Request $request) { $cookie = $request->cookie($this->_config['cookieName']); $post = $request->data($this->_config['field']); $header = $request->header('X-CSRF-Token'); if (empty($cookie)) { throw new InvalidCsrfTokenException(__d('cake', 'Missing CSRF token cookie')); } if ($post !== $cookie && $header !== $cookie) { throw new InvalidCsrfTokenException(__d('cake', 'CSRF token mismatch.')); } }
/** * Validate the request data against the cookie token. * * @param \Cake\Network\Request $request The request to validate against. * @throws \Cake\Network\Exception\ForbiddenException when the CSRF token is invalid or missing. * @return void */ protected function _validateToken(Request $request) { $cookie = $request->cookie($this->_config['cookieName']); $post = $request->data($this->_config['field']); $header = $request->header('X-CSRF-Token'); if ($post !== $cookie && $header !== $cookie) { throw new ForbiddenException(__d('cake', 'Invalid CSRF token.')); } }
/** * Test the cookie() method. * * @return void */ public function testReadCookie() { $request = new Request(['cookies' => ['testing' => 'A value in the cookie']]); $result = $request->cookie('testing'); $this->assertEquals('A value in the cookie', $result); $result = $request->cookie('not there'); $this->assertNull($result); }
/** * Read the value of the $_COOKIE[$key]; * * Optional [Name.], required key * $this->Cookie->read(Name.key); * * @param string $key Key of the value to be obtained. If none specified, obtain map key => values * @return string or null, value for specified key * @link http://book.cakephp.org/2.0/en/core-libraries/components/cookie.html#CookieComponent::read */ public function read($key = null) { $cookieName = $this->config('name'); $values = $this->_request->cookie($cookieName); if (empty($this->_values[$cookieName]) && $values) { $this->_values[$cookieName] = $this->_decrypt($values); } if (empty($this->_values[$cookieName])) { $this->_values[$cookieName] = array(); } if ($key === null) { return $this->_values[$cookieName]; } if (strpos($key, '.') !== false) { $names = explode('.', $key, 2); $key = $names[0]; } if (!isset($this->_values[$cookieName][$key])) { return null; } if (!empty($names[1])) { return Hash::get($this->_values[$cookieName][$key], $names[1]); } return $this->_values[$cookieName][$key]; }