Working on Foundation middleware.

src/Illuminate/Foundation/Console/Optimize/config.php

@@ -67,6 +67,7 @@
     $basePath.'/vendor/laravel/framework/src/Illuminate/Http/Middleware/FrameGuard.php',
     $basePath.'/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php',
     $basePath.'/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/CheckForMaintenanceMode.php',
+    $basePath.'/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/VerifyPostSize.php',
     $basePath.'/vendor/symfony/http-foundation/Request.php',
     $basePath.'/vendor/symfony/http-foundation/ParameterBag.php',
     $basePath.'/vendor/symfony/http-foundation/FileBag.php',

src/Illuminate/Foundation/Http/Middleware/VerifyPostSize.php → src/Illuminate/Foundation/Http/Middleware/ValidatePostSize.php

@@ -5,7 +5,7 @@
 use Closure;
 use Illuminate\Http\Exception\PostTooLargeException;
 
-class VerifyPostSize
+class ValidatePostSize
 {
     /**
      * Handle an incoming request.

src/Illuminate/Foundation/Http/Middleware/VerifyCsrfToken.php

@@ -59,7 +59,7 @@ public function handle($request, Closure $next)
         if (
             $this->isReading($request) ||
             $this->runningUnitTests() ||
-            $this->shouldPassThrough($request) ||
+            $this->inExceptArray($request) ||
             $this->tokensMatch($request)
         ) {
             return $this->addCookieToResponse($request, $next($request));
@@ -68,13 +68,34 @@ public function handle($request, Closure $next)
         throw new TokenMismatchException;
     }
 
+    /**
+     * Determine if the HTTP request uses a ‘read’ verb.
+     *
+     * @param  \Illuminate\Http\Request  $request
+     * @return bool
+     */
+    protected function isReading($request)
+    {
+        return in_array($request->method(), ['HEAD', 'GET', 'OPTIONS']);
+    }
+
+    /**
+     * Determine if the application is running unit tests.
+     *
+     * @return bool
+     */
+    protected function runningUnitTests()
+    {
+        return $this->app->runningInConsole() && $this->app->runningUnitTests();
+    }
+
     /**
      * Determine if the request has a URI that should pass through CSRF verification.
      *
      * @param  \Illuminate\Http\Request  $request
      * @return bool
      */
-    protected function shouldPassThrough($request)
+    protected function inExceptArray($request)
     {
         foreach ($this->except as $except) {
             if ($except !== '/') {
@@ -90,36 +111,35 @@ protected function shouldPassThrough($request)
     }
 
     /**
-     * Determine if the application is running unit tests.
+     * Determine if the session and input CSRF tokens match.
      *
+     * @param  \Illuminate\Http\Request  $request
      * @return bool
      */
-    protected function runningUnitTests()
+    protected function tokensMatch($request)
     {
-        return $this->app->runningInConsole() && $this->app->runningUnitTests();
+        $token = $this->getTokenFromRequest($request);
+
+        return is_string($request->session()->token()) &&
+               is_string($token) &&
+               hash_equals($request->session()->token(), $token);
     }
 
     /**
-     * Determine if the session and input CSRF tokens match.
+     * Get the CSRF token from the request.
      *
      * @param  \Illuminate\Http\Request  $request
-     * @return bool
+     * @return string
      */
-    protected function tokensMatch($request)
+    protected function getTokenFromRequest($request)
     {
-        $sessionToken = $request->session()->token();
-
         $token = $request->input('_token') ?: $request->header('X-CSRF-TOKEN');
 
         if (! $token && $header = $request->header('X-XSRF-TOKEN')) {
             $token = $this->encrypter->decrypt($header);
         }
 
-        if (! is_string($sessionToken) || ! is_string($token)) {
-            return false;
-        }
-
-        return hash_equals($sessionToken, $token);
+        return $token;
     }
 
     /**
@@ -142,15 +162,4 @@ protected function addCookieToResponse($request, $response)
 
         return $response;
     }
-
-    /**
-     * Determine if the HTTP request uses a ‘read’ verb.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     * @return bool
-     */
-    protected function isReading($request)
-    {
-        return in_array($request->method(), ['HEAD', 'GET', 'OPTIONS']);
-    }
 }