Yii Framework Forum

validateCsrfToken and Post Request not working


(ylandsman) #1

I am using framework version 1.1.20. I have noticed that validateCSRFToken is not working with a POST request. In investigating further I discovered that the token value store in $_POST is UrlEncoded, and thus does not get unmasked by unmaskToken.

To prove this, I changed line 1370 in CHttpRequest.php from
$maskedUserToken=$this->getPost($this->csrfTokenName);

to
$makedUserToken= urldecode($this->getPost($this->csrfTokenName));

This solved the problem, but I am wondering if there is a way to resolve this without changing the framework.