I think you misunderstood the concept behind it. CSRFProtection is used in forms, not in simple links.
Michael On 10 Apr., 15:40, dziobacz <[email protected]> wrote: > I have read about csrf protection but I still don't understand > everything. > > I have in settings.yml: > csrf_secret: secret12 > > I have something like that in template: > User A adds user B to fiends. User B can accept it - then I have link: > <a href="/profile/users/accept/<?php echo $z->getId() ?>" >accept</a> > or not accept it - then link: > <a href="/profile/users/notaccept/<?php echo $z->getId() ?>" >not > accept</a> > > Then I in file actions.class.php take id like that: > $id = (int)$request->getParameter('accept'); > $id = (int)$request->getParameter('notaccept'); > > and add or delete row to/from database. Should I in both cases write: > $request->checkCSRFProtection() ?? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---
