Bug #42083
CSRF token is not appended for actions with mixed case characters
Status:
Resolved
Priority:
Must have
Assignee:
Category:
Security
Target version:
Start date:
2012-10-17
Due date:
% Done:
100%
Estimated time:
PHP Version:
Has patch:
No
Complexity:
Description
Since the update (I don't know what exactly broke this), the CrsfProtectionAspect
no longer appends the CSRF token when the target action contains uppercase characters (e.g. someSpecialAction
).
The reason is, that in the aspect the action method name is retrieved all lowercase thus ReflectionService::hasMethod($className, $actionMethodName)
returns FALSE if $actionMethodName is not correctly cased.
Related issues