Commit 5904abc4 authored by Emma's avatar Emma 🦉

avoid 5xx on validateCsrf when user is naughty

parent b7b6ef93
......@@ -12,8 +12,14 @@ abstract class AbstractController extends BaseAbstractController {
return SubmissionPager::getParamsFromRequest($sortBy, $request);
}
protected function validateCsrf(string $id, string $token) {
if (!$this->isCsrfTokenValid($id, $token)) {
/**
* @param string $id
* @param string|mixed $token
*
* @throws BadRequestHttpException if the token isn't valid
*/
protected function validateCsrf(string $id, $token): void {
if (!\is_string($token) || !$this->isCsrfTokenValid($id, $token)) {
throw new BadRequestHttpException('Invalid CSRF token');
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment