diff options
| author | Johannes Schmitt <schmittjoh@gmail.com> | 2011-05-18 13:01:54 +0200 |
|---|---|---|
| committer | Johannes Schmitt <schmittjoh@gmail.com> | 2011-05-18 13:01:54 +0200 |
| commit | 303b16819cedd109a568a2f336490f8ed88ee9c1 (patch) | |
| tree | bebe55c0cb639d2e71df811ce1ee554539f0edc3 | |
| parent | 0aa3a442b2b3c4957dcf8a661cbc08eb2030b8a8 (diff) | |
| download | symfony-security-303b16819cedd109a568a2f336490f8ed88ee9c1.zip symfony-security-303b16819cedd109a568a2f336490f8ed88ee9c1.tar.gz symfony-security-303b16819cedd109a568a2f336490f8ed88ee9c1.tar.bz2 | |
[Security/Http] use deep parameter for CSRF parameter
| -rw-r--r-- | Http/Firewall/UsernamePasswordFormAuthenticationListener.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 51546c0..e76b1bf 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -63,7 +63,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL } if (null !== $this->csrfProvider) { - $csrfToken = $request->get($this->options['csrf_parameter']); + $csrfToken = $request->get($this->options['csrf_parameter'], null, true); if (false === $this->csrfProvider->isCsrfTokenValid($this->options['intention'], $csrfToken)) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); |