Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: check for CSRF token in the raw body #7915

Merged
merged 7 commits into from
Sep 18, 2023

Conversation

michalsn
Copy link
Member

@michalsn michalsn commented Sep 9, 2023

Description
CSRF check for PUT, PATCH, and DELETE type of requests is made only for JSON data. This PR fixes that by adding the raw input data to check.

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

Copy link
Member

@MGatner MGatner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good pending Kenjis comments.

@michalsn
Copy link
Member Author

I have no idea what the PHPStan error means because every occurrence of empty was removed from the file, even though I did not change that particular part of the code.

@paulbalandan
Copy link
Member

@michalsn run vendor/bin/phpstan analyse --generate-baseline phpstan-baseline.php

@michalsn
Copy link
Member Author

@paulbalandan Thanks!

Copy link
Member

@kenjis kenjis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@kenjis kenjis merged commit e90be66 into codeigniter4:develop Sep 18, 2023
@kenjis kenjis added the enhancement PRs that improve existing functionalities label Sep 18, 2023
@michalsn michalsn deleted the fix/security branch November 13, 2023 07:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement PRs that improve existing functionalities
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants