"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "core-bundle/src/EventListener/CsrfTokenCookieListener.php" between
contao-4.8.1.tar.gz and contao-4.8.2.tar.gz

About: Contao (fka TYPOlight) is a content management system (CMS). Latest release.

CsrfTokenCookieListener.php  (contao-4.8.1):CsrfTokenCookieListener.php  (contao-4.8.2)
skipping to change at line 70 skipping to change at line 70
return; return;
} }
$request = $event->getRequest(); $request = $event->getRequest();
$response = $event->getResponse(); $response = $event->getResponse();
if ($this->requiresCsrf($request, $response)) { if ($this->requiresCsrf($request, $response)) {
$this->setCookies($request, $response); $this->setCookies($request, $response);
} else { } else {
$this->removeCookies($request, $response); $this->removeCookies($request, $response);
$this->replaceTokenOccurrences($response);
} }
} }
private function requiresCsrf(Request $request, Response $response): bool private function requiresCsrf(Request $request, Response $response): bool
{ {
foreach ($request->cookies as $key => $value) { foreach ($request->cookies as $key => $value) {
if (!$this->isCsrfCookie($key, $value)) { if (!$this->isCsrfCookie($key, $value)) {
return true; return true;
} }
} }
skipping to change at line 117 skipping to change at line 118
} }
$expires = null === $value ? 1 : 0; $expires = null === $value ? 1 : 0;
$response->headers->setCookie( $response->headers->setCookie(
new Cookie($cookieKey, $value, $expires, $basePath, null, $isSec ure, true, false, Cookie::SAMESITE_LAX) new Cookie($cookieKey, $value, $expires, $basePath, null, $isSec ure, true, false, Cookie::SAMESITE_LAX)
); );
} }
} }
private function replaceTokenOccurrences(Response $response): void
{
// Return if the response is not a HTML document
if (false === stripos((string) $response->headers->get('Content-Type'),
'text/html')) {
return;
}
$content = $response->getContent();
foreach ($this->tokenStorage->getUsedTokens() as $value) {
$content = str_replace($value, '', $content);
}
$response->setContent($content);
}
private function removeCookies(Request $request, Response $response): void private function removeCookies(Request $request, Response $response): void
{ {
$isSecure = $request->isSecure(); $isSecure = $request->isSecure();
$basePath = $request->getBasePath() ?: '/'; $basePath = $request->getBasePath() ?: '/';
foreach ($request->cookies as $key => $value) { foreach ($request->cookies as $key => $value) {
if ($this->isCsrfCookie($key, $value)) { if ($this->isCsrfCookie($key, $value)) {
$response->headers->clearCookie($key, $basePath, null, $isSecure ); $response->headers->clearCookie($key, $basePath, null, $isSecure );
} }
} }
 End of changes. 2 change blocks. 
0 lines changed or deleted 18 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)