Againg symfony shitty:

look - I want to validate csrf. I found docs how to do it.


"if ($this->isCsrfTokenValid('token_id', $submittedToken)) {
// ... do something, like deleting an object

But how the fuck should I know what is token_id from this stupid writing?

I have debugged their code to find it out. What a fucking waste of time !!! Free shit. Companies could probably pay small fee for the symfony if they could find people who do better job. Because by paying salaries for finding such shit costs them anyway.

And there was a htmls where the token was:

<form name="form" method="post" action="/admin/policy/47/push-im-xml">
<button class="btn btn-xs btn-info" type="submit">Push IM XML to GA</button>
<input type="hidden" id="form__token" name="form[_token]" value="LDVrl52CYtbT-kDudsjzrNAdJuIyFZhafsgk9QDnWGs"></form>

Guess what was token_id : form

:D whf. How the fuck could I know? I have tried various ways before debugging liek form_token, form[_token], _token

Who could fucking think its 'form' ?!!!! Wth. This is a joke.

Add Comment