Skip to content
GitLab
Commit faf31225 authored by Guillaume Perréal's avatar Guillaume Perréal
Browse files

FileUpload: génère une erreur correcte si le token CSRF n'est pas bon.

parent a3da09fb
master 0.1.x 1.x 3.x 4.x 5-migration-vers-la-nouvelle-architecture-basee-sur-webpack-npm 6-supprimer-isdevtools 8-enrichir-le-dossier-test-sur-la-base-de-la-nouvelle-architecture 8-enrichir-le-dossier-test-sur-la-base-de-la-nouvelle-architecture-2 remplacer_assetic_par_webpack symfony3.4_ramsey_compatibility 2.1.0 2.0.2 2.0.1 2.0.0 1.0.1 1.0.0 0.1.5 0.1.4 0.1.3 0.1.2 0.1.1 0.1
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 2 deletions
+3 -2
Controller/UploadController.php
+ 3
2
View file @ faf31225
......@@ -16,6 +16,7 @@ use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\Routing\RouterInterface;
/**
......@@ -115,12 +116,12 @@ class UploadController extends Controller
/**
*
* @param Request $request
* @throws JsonReponse
* @throws HttpException
*/
protected function validateToken(Request $request)
{
if(!$this->csrfProvider->isCsrfTokenValid("file-upload", $request->query->get('token', null))) {
throw $this->createResponse(Response::HTTP_BAD_REQUEST, 'Invalid CRSF token');
throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid token');
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment