BeforeUrlCheck: Difference between revisions
From LimeSurvey Manual
Markusfluer (talk | contribs) (Created page with "{{FeatureStarting|3.0.0}} '''When''' This event is fired when a request is posted to LimeSurvey that needs to be tested for CSRF compatibility '''Input''' The event recei...") |
Markusfluer (talk | contribs) No edit summary |
||
| Line 29: | Line 29: | ||
<syntaxhighlight lang="php"> | <syntaxhighlight lang="php"> | ||
$oEvent = $this->getEvent(); | $oEvent = $this->getEvent(); | ||
$aRoutes = $oEvent->get(' | $aParams = $oEvent->get('params'); | ||
$aRoutes = $oEvent->get('routes'); | |||
$ | $aParams['unsaferequestparamkey'] = 'unsaferequestparamvalue' ; | ||
$oEvent->set('params', $aRoutes); | $aRoutes[] = 'admin/unsaferouteineed'; | ||
$oEvent->set('params', $aParams); | |||
$oEvent->set('routes', $aRoutes); | |||
</syntaxhighlight> | </syntaxhighlight> | ||
[[Category:Plugins events]] | [[Category:Plugins events]] | ||
Revision as of 11:47, 22 June 2018
When
This event is fired when a request is posted to LimeSurvey that needs to be tested for CSRF compatibility
Input
The event receives the following information:
| Name | Type | Description |
|---|---|---|
| routes | array | The routes where CSRF check is disabled for |
| params | array | The parameters where the CSRF check is disabled for |
Possible output
The default values in csrf disabled routes are:
- 'remotecontrol', - 'plugins/unsecure'
Example
$oEvent = $this->getEvent();
$aParams = $oEvent->get('params');
$aRoutes = $oEvent->get('routes');
$aParams['unsaferequestparamkey'] = 'unsaferequestparamvalue' ;
$aRoutes[] = 'admin/unsaferouteineed';
$oEvent->set('params', $aParams);
$oEvent->set('routes', $aRoutes);