From 5c718b13b8c68fc89661edbdbd40822bb55f544a Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <roeland@famdouma.nl>
Date: Mon, 1 Aug 2016 08:52:50 +0200
Subject: [PATCH] We should properly check for 'true' instaed of the bool
---
.../AppFramework/Middleware/Security/SecurityMiddleware.php | 2 +-
.../Middleware/Security/SecurityMiddlewareTest.php | 3 ++-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index 08af42b5216..3bfef2df025 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -153,7 +153,7 @@ class SecurityMiddleware extends Middleware {
*/
if(!$this->request->passesCSRFCheck() && !(
$controller instanceof OCSController &&
- $this->request->getHeader('OCS_APIREQUEST') === true)) {
+ $this->request->getHeader('OCS-APIREQUEST') === 'true')) {
throw new CrossSiteRequestForgeryException();
}
}
diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
index 6f675932135..bfd810bc6b9 100644
--- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
@@ -383,7 +383,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
[$controller, true, true],
[$ocsController, false, true],
- [$ocsController, true, true],
+ [$ocsController, true, false],
];
}
@@ -396,6 +396,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
public function testCsrfOcsController(Controller $controller, $hasOcsApiHeader, $exception) {
$this->request
->method('getHeader')
+ ->with('OCS-APIREQUEST')
->willReturn($hasOcsApiHeader ? 'true' : null);
$this->request->expects($this->once())
->method('passesStrictCookieCheck')
--
GitLab