]> git.mxchange.org Git - friendica.git/blobdiff - include/security.php
projects / friendica.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge branch 'develop' of https://github.com/friendica/friendica into develop
[friendica.git] / include / security.php
diff --git a/include/security.php b/include/security.php
index af424df26c65c6122ff76a2070c936b426cdc46d..b13a507cf483c124e5e1de3ed3817b205784d3aa 100644 (file)
--- a/include/security.php
+++ b/include/security.php
@@ -405,12 +405,21 @@ function get_form_security_token($typename = '')
 
 function check_form_security_token($typename = '', $formname = 'form_security_token')
 {
-       if (!x($_REQUEST, $formname)) {
-               return false;
+       $hash = null;
+
+       if (!empty($_REQUEST[$formname])) {
+               /// @TODO Careful, not secured!
+               $hash = $_REQUEST[$formname];
+       }
+
+       if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
+               /// @TODO Careful, not secured!
+               $hash = $_SERVER['HTTP_X_CSRF_TOKEN'];
        }
 
-       /// @TODO Careful, not secured!
-       $hash = $_REQUEST[$formname];
+       if (empty($hash)) {
+               return false;
+       }
 
        $max_livetime = 10800; // 3 hours
 
Unnamed repository; edit this file 'description' to name the repository.