I have read about csrf protection but I still don't understand
everything.
I have in settings.yml:
csrf_secret: secret12
I have something like that in template:
User A adds user B to fiends. User B can accept it - then I have link:
<a href="/profile/users/accept/<?php echo $z->getId() ?>" >accept</a>
or not accept it - then link:
<a href="/profile/users/notaccept/<?php echo $z->getId() ?>" >not
accept</a>
Then I in file actions.class.php take id like that:
$id = (int)$request->getParameter('accept');
$id = (int)$request->getParameter('notaccept');
and add or delete row to/from database. Should I in both cases write:
$request->checkCSRFProtection() ??
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony users" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
-~----------~----~----~----~------~----~------~--~---
