github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-12-13 07:03:35 +08:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity

CSRF protection on logout action

Browse Source
This commit is contained in:
Toby Zerner 2015-07-07 15:30:13 +09:30
parent 23eec806e6
commit c6e297e849
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
framework/core/src/Forum/Actions/LogoutAction.php
View File

@ -1,5 +1,6 @@
<?php namespace Flarum\Forum\Actions;
use Flarum\Api\AccessToken;
use Flarum\Forum\Events\UserLoggedOut;
use Flarum\Support\Action;
use Psr\Http\Message\ServerRequestInterface as Request;
@ -18,6 +19,10 @@ class LogoutAction extends Action
$user = app('flarum.actor');
if ($user->exists) {
$token = array_get($request->getQueryParams(), 'token');
AccessToken::where('user_id', $user->id)->findOrFail($token);
$user->accessTokens()->delete();
event(new UserLoggedOut($user));