Support the ongoing development of Laravel.io →
alnux
posted 10 years ago
Security
Last updated 1 year ago.
0
citricsquid
replied 10 years ago

Filters are ran outside of your controller, the beforeFilter method registers the filter but does not run it, it will never throw an exception: https://github.com/laravel/framework/blob/master/src/Illuminat...

If you want to catch filter exceptions you can add a handler to app/start/global.php: http://laravel.com/docs/errors#handling-errors

This article contains more information: http://fideloper.com/laravel4-error-handling

Last updated 1 year ago.
0
alnux
replied 10 years ago
Solution

citricsquid said:

Filters are ran outside of your controller, the beforeFilter method registers the filter but does not run it, it will never throw an exception: https://github.com/laravel/framework/blob/master/src/Illuminat...

If you want to catch filter exceptions you can add a handler to app/start/global.php: http://laravel.com/docs/errors#handling-errors

This article contains more information: http://fideloper.com/laravel4-error-handling

Hi citricsquid and thanks for you answear. But Traying i'd find a simple solution for this replacing the trow option for Redirect class, as show below. It is a good practice? doing this.

filters.php

Route::filter('csrf', function()
{
	if (Session::token() != Input::get('_token'))
	{
		//throw new Illuminate\Session\TokenMismatchException;
		//dd($errors='eureka');
		$errors='Fatal Error: If you try this procedure again in any page of the site will be permanently banned';
		return Redirect::back()->withInput()->withErrors($errors);
	}

BaseController.php

public function __construct()
	{

		$this->beforeFilter('csrf', array('on' => 'post'));
	}

ScreenShot

ScreenShot

By the way what is including on _token becouse when i developed in pure php (I'm retaking php with this fabulous framework) in this token was included all form fields, radios,etc

Last updated 1 year ago.
0
unfortunatetoast
replied 8 years ago

In Laravel 5.1, app/Exceptions/Handler.php, you just check for a TokenMismatchException in the render method and return a redirect

public function render($request, Exception $e)
    {
        if($e instanceof TokenMismatchException){
            return redirect('/');
        }
        
        return parent::render($request, $e);
    }
0

Sign in to participate in this thread!

Eventy

Your banner here too?

alnux alnux Joined 20 Feb 2014

Moderators

We'd like to thank these amazing companies for supporting us

Eventy
Fathom
Forge
Envoyer
Beyond Code
Skynet Technologies
Steadfast Collective
BairesDev
Remotely Works

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

Laravel.io

Forum Articles Pastebin

Socials

X Twitter GitHub

The community

Laravel Laravel Laravel News Laravel News
Laracasts Laracasts Laravel Podcast Laravel Podcast
© 2024 Laravel.io - All rights reserved.
Terms of service Privacy policy Advertise