1<?php 2/** 3 * webtrees: online genealogy 4 * Copyright (C) 2018 webtrees development team 5 * This program is free software: you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation, either version 3 of the License, or 8 * (at your option) any later version. 9 * This program is distributed in the hope that it will be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * You should have received a copy of the GNU General Public License 14 * along with this program. If not, see <http://www.gnu.org/licenses/>. 15 */ 16declare(strict_types=1); 17 18namespace Fisharebest\Webtrees\Http\Middleware; 19 20use Closure; 21use Fisharebest\Webtrees\I18N; 22use Fisharebest\Webtrees\Session; 23use Symfony\Component\HttpFoundation\Request; 24use Symfony\Component\HttpFoundation\Response; 25use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; 26 27/** 28 * Middleware to wrap a request in a transaction. 29 */ 30class CheckCsrf implements MiddlewareInterface { 31 /** 32 * @param Request $request 33 * @param Closure $next 34 * 35 * @return Response 36 * @throws AccessDeniedHttpException 37 */ 38 public function handle(Request $request, Closure $next): Response { 39 $client_token = $request->get('csrf', $request->headers->get('X_CSRF_TOKEN')); 40 $session_token = Session::get('CSRF_TOKEN'); 41 42 if ($client_token !== $session_token) { 43 throw new AccessDeniedHttpException(I18N::translate('This form has expired. Try again.')); 44 } 45 46 return $next($request); 47 } 48} 49