Add header support for security token check

This commit is contained in:
Hypolite Petovan 2018-04-11 23:28:51 -04:00
parent cc40dcf83c
commit 54b75026fc

View file

@ -405,12 +405,21 @@ function get_form_security_token($typename = '')
function check_form_security_token($typename = '', $formname = 'form_security_token') function check_form_security_token($typename = '', $formname = 'form_security_token')
{ {
if (!x($_REQUEST, $formname)) { $hash = null;
return false;
if (!empty($_REQUEST[$formname])) {
/// @TODO Careful, not secured!
$hash = $_REQUEST[$formname];
} }
/// @TODO Careful, not secured! if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
$hash = $_REQUEST[$formname]; /// @TODO Careful, not secured!
$hash = $_SERVER['HTTP_X_CSRF_TOKEN'];
}
if (empty($hash)) {
return false;
}
$max_livetime = 10800; // 3 hours $max_livetime = 10800; // 3 hours