Add header support for security token check
This commit is contained in:
parent
cc40dcf83c
commit
54b75026fc
1 changed files with 13 additions and 4 deletions
|
@ -405,12 +405,21 @@ function get_form_security_token($typename = '')
|
||||||
|
|
||||||
function check_form_security_token($typename = '', $formname = 'form_security_token')
|
function check_form_security_token($typename = '', $formname = 'form_security_token')
|
||||||
{
|
{
|
||||||
if (!x($_REQUEST, $formname)) {
|
$hash = null;
|
||||||
return false;
|
|
||||||
|
if (!empty($_REQUEST[$formname])) {
|
||||||
|
/// @TODO Careful, not secured!
|
||||||
|
$hash = $_REQUEST[$formname];
|
||||||
}
|
}
|
||||||
|
|
||||||
/// @TODO Careful, not secured!
|
if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
|
||||||
$hash = $_REQUEST[$formname];
|
/// @TODO Careful, not secured!
|
||||||
|
$hash = $_SERVER['HTTP_X_CSRF_TOKEN'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if (empty($hash)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
$max_livetime = 10800; // 3 hours
|
$max_livetime = 10800; // 3 hours
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue