79377637

Date: 2025-01-22 12:11:00
Score: 3
Natty:
Report link

did you find solution?

I dont understand similar thing. I create and pass token to template.

Each refresh will regenerate token:

$expectedToken = $csrfTokenManager->getToken('_mysecret_csrf_token')->getValue(); //bba0920c884cf93c0bdaa8fbf.-EEwG_RGb1YwNQuxeaYCDDboDth3CbvTsdZT1wHTA3Y.1StTarsqCBJbTXjfNfNkRm68aIk0MIzq25ACg3mGbh6pMXh4nyE9AURnSg

Then in template I manually update this token to "123" and submit

if($request->isMethod(Request::METHOD_POST)) {
            $submittedToken = $request->getPayload()->get('token'); // NOTICE 123 123bba0920c884cf93c0bdaa8fbf.-EEwG_RGb1YwNQuxeaYCDDboDth3CbvTsdZT1wHTA3Y.1StTarsqCBJbTXjfNfNkRm68aIk0MIzq25ACg3mGbh6pMXh4nyE9AURnSg
            if ($this->isCsrfTokenValid('_mysecret_csrf_token', $submittedToken)) {
                
                echo 'ok';
            } else {
                echo 'Invalid CSRF token.';
            }

it will print ok however I added "123" to submitted token but when I change submitted token to something totally different like "Hi Peter" then it will print Invalid CSRF token I thought those generated and submitted tokens HAVE to MATCH EXACTLY and not partially

Reasons:
  • RegEx Blacklisted phrase (3): did you find solution
  • Long answer (-1):
  • Has code block (-0.5):
  • Contains question mark (0.5):
  • Starts with a question (0.5): did you find solution
  • Low reputation (0.5):
Posted by: user1508136