From 5c718b13b8c68fc89661edbdbd40822bb55f544a Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Mon, 1 Aug 2016 08:52:50 +0200 Subject: [PATCH] We should properly check for 'true' instaed of the bool --- .../AppFramework/Middleware/Security/SecurityMiddleware.php | 2 +- .../Middleware/Security/SecurityMiddlewareTest.php | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index 08af42b5216..3bfef2df025 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -153,7 +153,7 @@ class SecurityMiddleware extends Middleware { */ if(!$this->request->passesCSRFCheck() && !( $controller instanceof OCSController && - $this->request->getHeader('OCS_APIREQUEST') === true)) { + $this->request->getHeader('OCS-APIREQUEST') === 'true')) { throw new CrossSiteRequestForgeryException(); } } diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php index 6f675932135..bfd810bc6b9 100644 --- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php +++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php @@ -383,7 +383,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { [$controller, true, true], [$ocsController, false, true], - [$ocsController, true, true], + [$ocsController, true, false], ]; } @@ -396,6 +396,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { public function testCsrfOcsController(Controller $controller, $hasOcsApiHeader, $exception) { $this->request ->method('getHeader') + ->with('OCS-APIREQUEST') ->willReturn($hasOcsApiHeader ? 'true' : null); $this->request->expects($this->once()) ->method('passesStrictCookieCheck') -- 2.39.5