nilsteampassnet /
TeamPass
| @@ 188-197 (lines=10) @@ | ||
| 185 | if (!static::isURLallowed()) { |
|
| 186 | ||
| 187 | //currently for same origin only |
|
| 188 | if (!(isset($_GET[self::$config['CSRFP_TOKEN']]) |
|
| 189 | && isset($_SESSION[self::$config['CSRFP_TOKEN']]) |
|
| 190 | && (self::isValidToken($_GET[self::$config['CSRFP_TOKEN']])) |
|
| 191 | )) { |
|
| 192 | ||
| 193 | //action in case of failed validation |
|
| 194 | self::failedValidationAction(); |
|
| 195 | } else { |
|
| 196 | self::refreshToken(); //refresh token for successfull validation |
|
| 197 | } |
|
| 198 | } else if ($_SERVER['REQUEST_METHOD'] === 'POST') { |
|
| 199 | ||
| 200 | //set request type to POST |
|
| @@ 204-213 (lines=10) @@ | ||
| 201 | self::$requestType = "POST"; |
|
| 202 | ||
| 203 | //currently for same origin only |
|
| 204 | if (!(isset($_POST[self::$config['CSRFP_TOKEN']]) |
|
| 205 | && isset($_SESSION[self::$config['CSRFP_TOKEN']]) |
|
| 206 | && (self::isValidToken($_POST[self::$config['CSRFP_TOKEN']])) |
|
| 207 | )) { |
|
| 208 | ||
| 209 | //action in case of failed validation |
|
| 210 | self::failedValidationAction(); |
|
| 211 | } else { |
|
| 212 | self::refreshToken(); //refresh token for successfull validation |
|
| 213 | } |
|
| 214 | } |
|
| 215 | } |
|
| 216 | ||
