CSRF validation always fails if form enctype is multipart/form-data

mzur / kirby-form

A form helper for Kirby CMS based websites and apps, using the Post/Redirect/Get pattern.

MIT License

8 stars 6 forks source link

CSRF validation always fails if form enctype is multipart/form-data #3

Closed bezin closed 4 years ago

bezin commented 4 years ago

Hi there,

thanks for this awesome plugin. I implement an application form with file upload, but unfortunately the csrf validation fails. This is due to the fact that the Kirby Request object does not parse multipart/form-data encoded form data and hence $token === null in Form.php#157.

Am I missing out on something or is this considered a bug?

Cheerio

bezin commented 4 years ago

Never mind, the issue lies indeed within the uploaded PDF document 🤔