public static function validate() { $csrfToken = self::getCsrfToken(); if (!isset($_COOKIE['csrftoken']) || $_COOKIE['csrftoken'] != $csrfToken) { self::_throwException(); } $headerToken = Arrays::getValue(RequestHeaders::all(), 'X-Csrftoken'); $postToken = Arrays::getValue($_POST, 'csrftoken'); if ($headerToken != $csrfToken && $postToken != $csrfToken) { self::_throwException(); } }
/** * @test */ public function shouldGetArrayOfAllHeaders() { //given $_SERVER['HTTP_ACCEPT'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'; $_SERVER['HTTP_ACCEPT_CHARSET'] = 'UTF-8,*;q=0.5'; $_SERVER['HTTP_ACCEPT_ENCODING'] = 'gzip,deflate,sdch'; $_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'en-US,en;q=0.8'; $_SERVER['HTTP_CACHE_CONTROL'] = 'max-age=0'; $_SERVER['HTTP_CONNECTION'] = 'keep-alive'; $_SERVER['HTTP_COOKIE'] = '__utmz=179618234.1309856897.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=179618234.703966342.1309856897.1309856897.1309856897.1'; $_SERVER['HTTP_HOST'] = 'www.yoursite.com'; $_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30'; //when $all = RequestHeaders::all(); //then Assert::thatArray($all)->hasSize(9)->containsKeyAndValue(array('Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Accept-Charset' => 'UTF-8,*;q=0.5', 'Accept-Encoding' => 'gzip,deflate,sdch', 'Accept-Language' => 'en-US,en;q=0.8', 'Cache-Control' => 'max-age=0', 'Connection' => 'keep-alive', 'Cookie' => '__utmz=179618234.1309856897.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utma=179618234.703966342.1309856897.1309856897.1309856897.1', 'Host' => 'www.yoursite.com', 'User-Agent' => 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Ubuntu/11.04 Chromium/12.0.742.112 Chrome/12.0.742.112 Safari/534.30')); }