]> git.mxchange.org Git - quix0rs-gnu-social.git/commitdiff
add a method to Action to check session token
authorEvan Prodromou <evan@status.net>
Sat, 7 Nov 2009 23:51:57 +0000 (18:51 -0500)
committerEvan Prodromou <evan@status.net>
Sat, 7 Nov 2009 23:51:57 +0000 (18:51 -0500)
lib/action.php

index 1b2f7375211364561a9f05409d55758294b5c325..78ca9137a5ec336552bb1734d8bede4a8d3669d0 100644 (file)
@@ -1101,4 +1101,22 @@ class Action extends HTMLOutputter // lawsuit
     {
         return Design::siteDesign();
     }
+
+    /**
+     * Check the session token.
+     *
+     * Checks that the current form has the correct session token,
+     * and throw an exception if it does not.
+     *
+     * @return void
+     */
+
+    function checkSessionToken()
+    {
+        // CSRF protection
+        $token = $this->trimmed('token');
+        if (empty($token) || $token != common_session_token()) {
+            $this->clientError(_('There was a problem with your session token.'));
+        }
+    }
 }