Check form and querystring when validating ufprt in ValidateUmbracoFormRouteStringAttribute (#11957)
* Check form and querystring when validating ufprt Checks to see if the request has form data before validating the `ufprt` parameter, and if it doesn't assumes it must be on the querystring * Create GetUfprt extension method * Use GetUfprt extension * Update UmbracoRouteValueTransformer to use GetUfrpt() * Added missing using statement * Check for StringValues.Empty
This commit is contained in:
Matt Brailsford
@@ -6,6 +6,7 @@ using System.Threading.Tasks;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Microsoft.AspNetCore.Http.Extensions;
|
||||
using Microsoft.Extensions.DependencyInjection;
|
||||
using Microsoft.Extensions.Primitives;
|
||||
using Umbraco.Cms.Core.Configuration.Models;
|
||||
using Umbraco.Cms.Core.Routing;
|
||||
|
||||
@@ -136,5 +137,25 @@ namespace Umbraco.Extensions
|
||||
|
||||
return new Uri(routingSettings.UmbracoApplicationUrl);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Umbraco `ufprt` encrypted string from the current request
|
||||
/// </summary>
|
||||
/// <param name="request">The current request</param>
|
||||
/// <returns>The extracted `ufprt` token.</returns>
|
||||
public static string GetUfprt(this HttpRequest request)
|
||||
{
|
||||
if (request.HasFormContentType && request.Form.TryGetValue("ufprt", out StringValues formVal) && formVal != StringValues.Empty)
|
||||
{
|
||||
return formVal.ToString();
|
||||
}
|
||||
|
||||
if (request.Query.TryGetValue("ufprt", out StringValues queryVal) && queryVal != StringValues.Empty)
|
||||
{
|
||||
return queryVal.ToString();
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user