Actions

Difference between revisions of "BeforeUrlCheck"

From LimeSurvey Manual

(Created page with "{{FeatureStarting|3.0.0}} '''When''' This event is fired when a request is posted to LimeSurvey that needs to be tested for CSRF compatibility '''Input''' The event recei...")
 
Line 29: Line 29:
 
<syntaxhighlight lang="php">
 
<syntaxhighlight lang="php">
 
         $oEvent = $this->getEvent();
 
         $oEvent = $this->getEvent();
         $aRoutes = $oEvent->get('params');
+
        $aParams = $oEvent->get('params');
 +
         $aRoutes = $oEvent->get('routes');
  
         $aRoutes['request'] = 'acs' ;
+
         $aParams['unsaferequestparamkey'] = 'unsaferequestparamvalue' ;
         $oEvent->set('params', $aRoutes);
+
        $aRoutes[] = 'admin/unsaferouteineed';
 +
 
 +
         $oEvent->set('params', $aParams);
 +
        $oEvent->set('routes', $aRoutes);
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 
[[Category:Plugins events]]
 
[[Category:Plugins events]]

Revision as of 10:47, 22 June 2018

Notice.png
Hint: This features is available starting in version 3.0.0


When

This event is fired when a request is posted to LimeSurvey that needs to be tested for CSRF compatibility

Input

The event receives the following information:

Name Type Description
routes array The routes where CSRF check is disabled for
params array The parameters where the CSRF check is disabled for


Possible output

The default values in csrf disabled routes are:

- 'remotecontrol',
- 'plugins/unsecure'

Example

        $oEvent = $this->getEvent();
        $aParams = $oEvent->get('params');
        $aRoutes = $oEvent->get('routes');

        $aParams['unsaferequestparamkey'] = 'unsaferequestparamvalue' ;
        $aRoutes[] = 'admin/unsaferouteineed';

        $oEvent->set('params', $aParams);
        $oEvent->set('routes', $aRoutes);