Fixed problems with the inability to locally disable antiForgeryToken.

Added support for arrays in the function actionNameEquals() and controllerNameEquals().
php-mvc-project · May 29, 2018 · 175f2b8 · 175f2b8
1 parent 3ed8e1c
commit 175f2b8
Show file tree

Hide file tree

Showing 4 changed files with 39 additions and 6 deletions.
diff --git a/src/ActionContext.php b/src/ActionContext.php
@@ -176,12 +176,25 @@ public function getActionName() {
     /**
      * Checks the equivalence of the specified string with the name of the action.
      * 
-     * @param string $name The string to compare.
+     * @param string|array $name The string or string array to compare.
      * 
      * @return bool
      */
     public function actionNameEquals($name) {
-        return strtolower($this->actionName) == strtolower($name);
+        $actionName = strtolower($this->actionName);
+
+        if (is_array($name)) {
+            foreach ($name as $n) {
+                if ($actionName == strtolower($n)) {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+        else {
+            return $actionName == strtolower($name);
+        }
     }
 
     /**
@@ -196,12 +209,25 @@ public function getControllerName() {
     /**
      * Checks the equivalence of the specified string with the name of the controller.
      * 
-     * @param string $name The string to compare.
+     * @param string|array $name The string or string array to compare.
      * 
      * @return bool
      */
     public function controllerNameEquals($name) {
-        return strtolower($this->getControllerName()) == strtolower($name);
+        $controllerName = strtolower($this->getControllerName());
+
+        if (is_array($name)) {
+            foreach ($name as $n) {
+                if ($controllerName == strtolower($n)) {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+        else {
+            return $controllerName == strtolower($name);
+        }
     }
 
     /**

diff --git a/src/AppBuilder.php b/src/AppBuilder.php
@@ -890,7 +890,11 @@ private static function validation() {
 
                 if (!isset($post)) { $post = array(); }
 
-                if ((isset($expected) && (!isset($post['__requestVerificationToken']) || $post['__requestVerificationToken'] != $expected)) || (isset($post['__requestVerificationToken']) && empty($expected))) {
+                if (
+                    (isset($expected) && $expected !== 'false' && (!isset($post['__requestVerificationToken']) || $post['__requestVerificationToken'] != $expected)) ||
+                    (isset($expected) && $expected === 'false' && !empty($post['__requestVerificationToken'])) ||
+                    (isset($post['__requestVerificationToken']) && empty($expected))
+                   ) {
                     throw new HttpAntiForgeryException();
                 }
             }

diff --git a/src/Html.php b/src/Html.php
@@ -343,6 +343,9 @@ public static function beginForm($actionName, $controllerName = null, $routeValu
         elseif (is_array($antiforgery)) {
             $result .= self::antiForgeryToken(true);
         }
+        else {
+            self::$viewContext->getHttpContext()->getResponse()->addCookie('__requestVerificationToken', 'false', 0, '/', '', false, true);
+        }
 
         return $result;
     }

diff --git a/src/Info.php b/src/Info.php
@@ -30,6 +30,6 @@
  */
 final class Info {
 
-    const VERSION = '1.1.0';
+    const VERSION = '1.1.1';
 
 }