Fixed problems with the inability to locally disable antiForgeryToken.

meet-aleksey · meet-aleksey · commit 175f2b8bc476 · 2018-05-29T07:04:12.000+03:00
Added support for arrays in the function actionNameEquals() and controllerNameEquals().
diff --git a/src/ActionContext.php b/src/ActionContext.php
@@ -176,12 +176,25 @@ public function getActionName() {
     /**
      * Checks the equivalence of the specified string with the name of the action.
      * 
-     * @param string $name The string to compare.
+     * @param string|array $name The string or string array to compare.
      * 
      * @return bool
      */
     public function actionNameEquals($name) {
-        return strtolower($this->actionName) == strtolower($name);
+        $actionName = strtolower($this->actionName);
+
+        if (is_array($name)) {
+            foreach ($name as $n) {
+                if ($actionName == strtolower($n)) {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+        else {
+            return $actionName == strtolower($name);
+        }
     }
 
     /**
@@ -196,12 +209,25 @@ public function getControllerName() {
     /**
      * Checks the equivalence of the specified string with the name of the controller.
      * 
-     * @param string $name The string to compare.
+     * @param string|array $name The string or string array to compare.
      * 
      * @return bool
      */
     public function controllerNameEquals($name) {
-        return strtolower($this->getControllerName()) == strtolower($name);
+        $controllerName = strtolower($this->getControllerName());
+
+        if (is_array($name)) {
+            foreach ($name as $n) {
+                if ($controllerName == strtolower($n)) {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+        else {
+            return $controllerName == strtolower($name);
+        }
     }
 
     /**
diff --git a/src/AppBuilder.php b/src/AppBuilder.php
@@ -890,7 +890,11 @@ private static function validation() {
 
                 if (!isset($post)) { $post = array(); }
 
-                if ((isset($expected) && (!isset($post['__requestVerificationToken']) || $post['__requestVerificationToken'] != $expected)) || (isset($post['__requestVerificationToken']) && empty($expected))) {
+                if (
+                    (isset($expected) && $expected !== 'false' && (!isset($post['__requestVerificationToken']) || $post['__requestVerificationToken'] != $expected)) ||
+                    (isset($expected) && $expected === 'false' && !empty($post['__requestVerificationToken'])) ||
+                    (isset($post['__requestVerificationToken']) && empty($expected))
+                   ) {
                     throw new HttpAntiForgeryException();
                 }
             }
diff --git a/src/Html.php b/src/Html.php
@@ -343,6 +343,9 @@ public static function beginForm($actionName, $controllerName = null, $routeValu
         elseif (is_array($antiforgery)) {
             $result .= self::antiForgeryToken(true);
         }
+        else {
+            self::$viewContext->getHttpContext()->getResponse()->addCookie('__requestVerificationToken', 'false', 0, '/', '', false, true);
+        }
 
         return $result;
     }
diff --git a/src/Info.php b/src/Info.php
@@ -30,6 +30,6 @@
  */
 final class Info {
 
-    const VERSION = '1.1.0';
+    const VERSION = '1.1.1';
 
 }

Original file line number	Diff line number	Diff line change
`@@ -890,7 +890,11 @@ private static function validation() {`
`890`	`890`
`891`	`891`	`if (!isset($post)) { $post = array(); }`
`892`	`892`
`893`		`- if ((isset($expected) && (!isset($post['__requestVerificationToken']) \|\| $post['__requestVerificationToken'] != $expected)) \|\| (isset($post['__requestVerificationToken']) && empty($expected))) {`
	`893`	`+ if (`
	`894`	`+ (isset($expected) && $expected !== 'false' && (!isset($post['__requestVerificationToken']) \|\| $post['__requestVerificationToken'] != $expected)) \|\|`
	`895`	`+ (isset($expected) && $expected === 'false' && !empty($post['__requestVerificationToken'])) \|\|`
	`896`	`+ (isset($post['__requestVerificationToken']) && empty($expected))`
	`897`	`+ ) {`
`894`	`898`	`throw new HttpAntiForgeryException();`
`895`	`899`	`}`
`896`	`900`	`}`
Original file line number	Diff line number	Diff line change
`@@ -343,6 +343,9 @@ public static function beginForm($actionName, $controllerName = null, $routeValu`
`343`	`343`	`elseif (is_array($antiforgery)) {`
`344`	`344`	`$result .= self::antiForgeryToken(true);`
`345`	`345`	`}`
	`346`	`+ else {`
	`347`	`+ self::$viewContext->getHttpContext()->getResponse()->addCookie('__requestVerificationToken', 'false', 0, '/', '', false, true);`
	`348`	`+ }`
`346`	`349`
`347`	`350`	`return $result;`
`348`	`351`	`}`
Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,6 @@`
`30`	`30`	`*/`
`31`	`31`	`final class Info {`
`32`	`32`
`33`		`- const VERSION = '1.1.0';`
	`33`	`+ const VERSION = '1.1.1';`
`34`	`34`
`35`	`35`	`}`