Home Explore Help
Register Sign In
VendorSoftware
/
symfony
2
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[Security/Http] use deep parameter for CSRF parameter

Johannes Schmitt 14 years ago
parent
0eb7564f7d
commit
bd9bfafd9c
1 changed files with 1 additions and 1 deletions
Unified View Show Diff Stats
  1. 1 1
      src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php

+ 1 - 1
src/Symfony/Component/Security/Http/Firewall/UsernamePasswordFormAuthenticationListener.php
View File 

@@ -63,7 +63,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL
 
         }
 
         }
 
 
 
         if (null !== $this->csrfProvider) {
 
         if (null !== $this->csrfProvider) {
 
-            $csrfToken = $request->get($this->options['csrf_parameter']);
 
+            $csrfToken = $request->get($this->options['csrf_parameter'], null, true);
 
 
 
             if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
 
             if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) {
 
                 throw new InvalidCsrfTokenException('Invalid CSRF token.');
 
                 throw new InvalidCsrfTokenException('Invalid CSRF token.');