projects / GitHub / WoltLab / WCF.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 63e1f63)
Move `DisableXsrfCheck` into a separate class file
authorAlexander Ebert <ebert@woltlab.com>
Tue, 15 Nov 2022 11:26:03 +0000 (12:26 +0100)
committerAlexander Ebert <ebert@woltlab.com>
Tue, 15 Nov 2022 11:26:03 +0000 (12:26 +0100)
wcfsetup/install/files/lib/http/attribute/DisableXsrfCheck.class.php [new file with mode: 0644] patch | blob
wcfsetup/install/files/lib/http/middleware/Xsrf.class.php patch | blob | blame | history

diff --git a/wcfsetup/install/files/lib/http/attribute/DisableXsrfCheck.class.php b/wcfsetup/install/files/lib/http/attribute/DisableXsrfCheck.class.php
new file mode 100644 (file)
index 0000000..90a3ee3
--- /dev/null
+++ b/wcfsetup/install/files/lib/http/attribute/DisableXsrfCheck.class.php
@@ -0,0 +1,17 @@
+<?php
+
+namespace wcf\http\attribute;
+
+/**
+ * Disables the built-in XSRF validation of PSR-15 controllers.
+ *
+ * @author Alexander Ebert
+ * @copyright 2001-2022 WoltLab GmbH
+ * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
+ * @package WoltLabSuite\Core\Http\Attribute
+ * @since 6.0
+ */
+#[\Attribute(\Attribute::TARGET_CLASS)]
+final class DisableXsrfCheck
+{
+}
diff --git a/wcfsetup/install/files/lib/http/middleware/Xsrf.class.php b/wcfsetup/install/files/lib/http/middleware/Xsrf.class.php
index 94b8fabd091f36c9b85b162e484e18752b20ac25..fa8d6ad68800018e99f2e0621fd4a0c55a77d1f0 100644 (file)
--- a/wcfsetup/install/files/lib/http/middleware/Xsrf.class.php
+++ b/wcfsetup/install/files/lib/http/middleware/Xsrf.class.php
@@ -6,6 +6,7 @@ use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Psr\Http\Server\MiddlewareInterface;
 use Psr\Http\Server\RequestHandlerInterface;
+use wcf\http\attribute\DisableXsrfCheck;
 use wcf\system\exception\InvalidSecurityTokenException;
 use wcf\system\request\Request;
 use wcf\system\request\RequestHandler;
@@ -71,7 +72,7 @@ final class Xsrf implements MiddlewareInterface
         }
 
         $reflectionClass = new \ReflectionClass($request->getClassName());
-        if ($reflectionClass->getAttributes('DisableXsrfCheck') !== []) {
+        if ($reflectionClass->getAttributes(DisableXsrfCheck::class) !== []) {
             // Controller has opted out of the XSRF check.
             return;
         }
@@ -81,8 +82,3 @@ final class Xsrf implements MiddlewareInterface
         }
     }
 }
-
-#[\Attribute(\Attribute::TARGET_CLASS)]
-final class DisableXsrfCheck
-{
-}
WoltLab Suite Core (previously WoltLab Community Framework)