Actions

BeforeUrlCheck

From LimeSurvey Manual

Revision as of 10:45, 5 September 2018 by Markusfluer (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Notice.png
Hint: This features is available starting in version 4.0.0


When

This event is fired when a request is posted to LimeSurvey that needs to be tested for CSRF compatibility

Input

The event receives the following information:

Name Type Description
routes array The routes where CSRF check is disabled for
params array The parameters where the CSRF check is disabled for


Possible output

The default values in csrf disabled routes are:

- 'remotecontrol',
- 'plugins/unsecure'

Example

        $oEvent = $this->getEvent();
        $aParams = $oEvent->get('params');
        $aRoutes = $oEvent->get('routes');

        $aParams['unsaferequestparamkey'] = 'unsaferequestparamvalue' ;
        $aRoutes[] = 'admin/unsaferouteineed';

        $oEvent->set('params', $aParams);
        $oEvent->set('routes', $aRoutes);