[Form] throw an exception if session_id() is empty when a csrf token is generated
This commit is contained in:
parent
4c340c5cc9
commit
a198bbcf43
@ -176,7 +176,11 @@ class Form extends FieldGroup
|
||||
*/
|
||||
protected function generateCsrfToken($secret)
|
||||
{
|
||||
return md5($secret.session_id().get_class($this));
|
||||
$sessId = session_id();
|
||||
if (!$sessId) {
|
||||
throw new \LogicException('The session must be started in order to generate a proper CSRF Token');
|
||||
}
|
||||
return md5($secret.$sessId.get_class($this));
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -47,6 +47,11 @@ class FormTest extends \PHPUnit_Framework_TestCase
|
||||
protected $validator;
|
||||
protected $form;
|
||||
|
||||
public static function setUpBeforeClass()
|
||||
{
|
||||
@session_start();
|
||||
}
|
||||
|
||||
protected function setUp()
|
||||
{
|
||||
Form::disableDefaultCsrfProtection();
|
||||
|
Reference in New Issue
Block a user