Merge pull request #10918 from samdjstevens/5.1

taylorotwell · taylorotwell · commit 9a050335f6cc · 2015-11-12T21:20:11.000-06:00
[5.1] Fix issue where "/" route cannot be excluded from default CSRF token verification
diff --git a/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php b/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php
@@ -62,7 +62,11 @@ public function handle($request, Closure $next)
     protected function shouldPassThrough($request)
     {
         foreach ($this->except as $except) {
-            if ($request->is(trim($except, '/'))) {
+            if ($except !== '/') {
+                $except = trim($except, '/');
+            }
+
+            if ($request->is($except)) {
                 return true;
             }
         }

Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,11 @@ public function handle($request, Closure $next)`
`62`	`62`	`protected function shouldPassThrough($request)`
`63`	`63`	`{`
`64`	`64`	`foreach ($this->except as $except) {`
`65`		`- if ($request->is(trim($except, '/'))) {`
	`65`	`+ if ($except !== '/') {`
	`66`	`+ $except = trim($except, '/');`
	`67`	`+ }`
	`68`	`+`
	`69`	`+ if ($request->is($except)) {`
`66`	`70`	`return true;`
`67`	`71`	`}`
`68`	`72`	`}`