csrf: align documentation with reality

Also implement the wrongly documented event.
tigron · Jul 19, 2024 · eeed2b1 · eeed2b1
1 parent 444a7ed
commit eeed2b1
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -443,9 +443,9 @@ can be found below.
 The `csrf_validate_success` method allows you to override the check result after
 a successful validation. It expects a boolean as a return value.
 
-##### csrf_validation_failed
+##### csrf_validate_failed
 
-The `csrf_validation_failed` method allows you to override the check result
+The `csrf_validate_failed` method allows you to override the check result
 after a failed validation. It expects a boolean as a return value.
 
 ##### csrf_generate_session_token

diff --git a/lib/Skeleton/Core/Application/Web.php b/lib/Skeleton/Core/Application/Web.php
@@ -178,7 +178,10 @@ public function run() {
 		$csrf = \Skeleton\Core\Web\Security\Csrf::get();
 
 		if ($session_properties['resumed'] === true && !$csrf->validate()) {
-			if ($this->event_exists('security', 'csrf_validation_failed')) {
+			if ($this->event_exists('security', 'csrf_validate_failed')) {
+				$this->call_event_if_exists('security', 'csrf_validate_failed');
+			} elseif ($this->event_exists('security', 'csrf_validation_failed')) {
+				// This should be deprecated, documentation inconsistency
 				$this->call_event_if_exists('security', 'csrf_validation_failed');
 			} else {
 				\Skeleton\Core\Web\HTTP\Status::code_403('CSRF validation failed');