[FrameworkBundle] Added Crontoller::isCsrfTokenValid
This commit is contained in:
parent
3baea1f370
commit
479c83351c
@ -1,6 +1,11 @@
|
||||
CHANGELOG
|
||||
=========
|
||||
|
||||
2.6.0
|
||||
-----
|
||||
|
||||
* Added `Controller::isCsrfTokenValid` helper
|
||||
|
||||
2.5.0
|
||||
-----
|
||||
|
||||
|
@ -19,6 +19,7 @@ use Symfony\Component\DependencyInjection\ContainerAware;
|
||||
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
|
||||
use Symfony\Component\HttpKernel\HttpKernelInterface;
|
||||
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
||||
use Symfony\Component\Security\Csrf\CsrfToken;
|
||||
use Symfony\Component\Form\FormTypeInterface;
|
||||
use Symfony\Component\Form\Form;
|
||||
use Symfony\Component\Form\FormBuilder;
|
||||
@ -273,4 +274,21 @@ class Controller extends ContainerAware
|
||||
{
|
||||
return $this->container->get($id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks the validity of a CSRF token
|
||||
*
|
||||
* @param string $id The id used when generating the token
|
||||
* @param string $token The actual token sent with the request that should be validated
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
protected function isCsrfTokenValid($id, $token)
|
||||
{
|
||||
if (!$this->container->has('security.csrf.token_manager')) {
|
||||
throw new \LogicException('CSRF protection is not enabled in your application.');
|
||||
}
|
||||
|
||||
return $this->container->get('security.csrf.token_manager')->isTokenValid(new CsrfToken($id, $token));
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user