X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fsecurity.php;h=b13a507cf483c124e5e1de3ed3817b205784d3aa;hb=dc4b38441483a6267c81b39bba2c267b1e7819e9;hp=af424df26c65c6122ff76a2070c936b426cdc46d;hpb=d42f86e2189efd5d097209542210e0d80b4dca3b;p=friendica.git

diff --git a/include/security.php b/include/security.php
index af424df26c..b13a507cf4 100644
--- a/include/security.php
+++ b/include/security.php
@@ -405,12 +405,21 @@ function get_form_security_token($typename = '')
 
 function check_form_security_token($typename = '', $formname = 'form_security_token')
 {
-	if (!x($_REQUEST, $formname)) {
-		return false;
+	$hash = null;
+
+	if (!empty($_REQUEST[$formname])) {
+		/// @TODO Careful, not secured!
+		$hash = $_REQUEST[$formname];
+	}
+
+	if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
+		/// @TODO Careful, not secured!
+		$hash = $_SERVER['HTTP_X_CSRF_TOKEN'];
 	}
 
-	/// @TODO Careful, not secured!
-	$hash = $_REQUEST[$formname];
+	if (empty($hash)) {
+		return false;
+	}
 
 	$max_livetime = 10800; // 3 hours