Commit faf31225 authored by Guillaume Perréal's avatar Guillaume Perréal
Browse files

FileUpload: génère une erreur correcte si le token CSRF n'est pas bon.

Showing with 3 additions and 2 deletions
+3 -2
...@@ -16,6 +16,7 @@ use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface; ...@@ -16,6 +16,7 @@ use Symfony\Component\Form\Extension\Csrf\CsrfProvider\CsrfProviderInterface;
use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\HttpException;
use Symfony\Component\Routing\RouterInterface; use Symfony\Component\Routing\RouterInterface;
/** /**
...@@ -115,12 +116,12 @@ class UploadController extends Controller ...@@ -115,12 +116,12 @@ class UploadController extends Controller
/** /**
* *
* @param Request $request * @param Request $request
* @throws JsonReponse * @throws HttpException
*/ */
protected function validateToken(Request $request) protected function validateToken(Request $request)
{ {
if(!$this->csrfProvider->isCsrfTokenValid("file-upload", $request->query->get('token', null))) { if(!$this->csrfProvider->isCsrfTokenValid("file-upload", $request->query->get('token', null))) {
throw $this->createResponse(Response::HTTP_BAD_REQUEST, 'Invalid CRSF token'); throw new HttpException(Response::HTTP_FORBIDDEN, 'Invalid token');
} }
} }
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment