C5-8.2.1: How to check if token protection and $bID check work?
Permalink
Hello,
Following these examples:
https://documentation.concrete5.org/developers/working-with-blocks/c... , and
https://documentation.concrete5.org/developers/security/protecting-a... ,
is there any way to check if the form submission token protection and block $bID check actually work?
controller.php:
view.php:
Looks like a token is passed from view, but both the token and bID are checked in the controller - is it smart enough to extract and check them individually? Where's the $bID coming from? How does the controller know the block's ID?
Thank you.
Following these examples:
https://documentation.concrete5.org/developers/working-with-blocks/c... , and
https://documentation.concrete5.org/developers/security/protecting-a... ,
is there any way to check if the form submission token protection and block $bID check actually work?
controller.php:
public function action_submit($token = false, $bID = false) { if ($this->bID != $bID) { return false; } if (Core::make('token')->validate('contact_form', $token) && $this->validate_form()) { $this->mail_form(); return true; } else { return false; } exit; }
view.php:
$formAction = $view->action('submit', Core::make('token')->generate('contact_form'));
Looks like a token is passed from view, but both the token and bID are checked in the controller - is it smart enough to extract and check them individually? Where's the $bID coming from? How does the controller know the block's ID?
Thank you.
