/** * Normalizes the request data. * This method strips off slashes in request data if get_magic_quotes_gpc() returns true. * It also performs CSRF validation if {@link enableCsrfValidation} is true. */ protected function normalizeRequest() { parent::normalizeRequest(); if ($this->getIsPostRequest() && $this->enableCsrfValidation && $this->checkCurrentRoute()) { Yii::app()->detachEventHandler('onbeginRequest', array($this, 'validateCsrfToken')); } }
/** * @see CHttpRequest::normalizeRequest() */ protected function normalizeRequest() { $this->normalizeEOL($_POST); $this->normalizeEOL($_GET); $this->normalizeEOL($_REQUEST); parent::normalizeRequest(); }
protected function normalizeRequest() { parent::normalizeRequest(); if ($this->enableCsrfValidation) { $url = Yii::app()->getUrlManager()->parseUrl($this); if (in_array($url, $this->noValidationRoutes)) { Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken')); } } }
protected function normalizeRequest() { //attach event handlers for CSRFin the parent parent::normalizeRequest(); //remove the event handler CSRF if this is a route we want skipped if (!Common::isCli() && $this->enableCsrfValidation) { $url = Yii::app()->getUrlManager()->parseUrl($this); foreach ($this->noCsrfValidationRoutes as $route) { if (strpos($url, $route) === 0) { Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken')); } } } }
protected function normalizeRequest() { //attach event handlers for CSRFin the parent parent::normalizeRequest(); //remove the event handler CSRF if this is a route we want skipped if ($this->enableCsrfValidation) { $url = Yii::app()->getUrlManager()->parseUrl($this); $t = strpos($url, "/"); if ($t !== FALSE) { $url = substr($url, 0, $t); if (in_array($url, $this->noCsrfValidationRoutes)) { Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken')); } } } }
protected function normalizeRequest(){ parent::normalizeRequest(); if($_SERVER['REQUEST_METHOD'] != 'POST') return; $route = Yii::app()->getUrlManager()->parseUrl($this); if($this->enableCsrfValidation){ foreach($this->noCsrfValidationRoutes as $cr){ if(preg_match('#'.$cr.'#', $route)){ Yii::app()->detachEventHandler('onBeginRequest', array($this,'validateCsrfToken')); Yii::trace('Route "'.$route.' passed without CSRF validation'); break; // found first route and break } } } }
protected function normalizeRequest() { //attach event handlers for CSRFin the parent parent::normalizeRequest(); //remove the event handler CSRF if this is a route we want skipped if ($this->enableCsrfValidation) { //$url=Yii::app()->getUrlManager()->parseUrl($this); $route1 = Yii::app()->createController(Yii::app()->getUrlManager()->parseUrl(new CHttpRequest())); $url = $route1 ? $route1[0]->id : ""; foreach ($this->noCsrfValidationRoutes as $route) { $url = strtolower($url); $route = strtolower($route); if (strpos($url, $route) === 0) { Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken')); } } } }
/** *Extends CHttpRequest::normalizeRequest to support 'enableCsrfValidationRoutes' attribute * The new attribute allows you to enable CSRF token validation on a list of routes */ protected function normalizeRequest() { //attach event handlers for CSRFin the parent parent::normalizeRequest(); //remove the event handler CSRF if this is a route we want skipped if ($this->enableCsrfValidation) { $url = $_SERVER['REQUEST_URI']; $enableValidation = false; foreach ($this->enableCsrfValidationRoutes as $route) { if (strpos($url, $route) === 0) { $enableValidation = true; break; } } if (!$enableValidation) { Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken')); } } }
/** * Normalize request. * Disable CSRF for payment controller */ protected function normalizeRequest() { parent::normalizeRequest(); if ($this->enableCsrfValidation && $this->isCLI() === false) { $url = $this->getRequestUri(); foreach ($this->noCsrfValidationRoutes as $route) { if (substr($url, 0, strlen($route)) === $route) { Yii::app()->detachEventHandler('onBeginRequest', array($this, 'validateCsrfToken')); } } } }