From: Hypolite Petovan <mrpetovan@gmail.com>
Date: Thu, 12 Apr 2018 03:28:51 +0000 (-0400)
Subject: Add header support for security token check
X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=54b75026fce057829f65eb194fb1ff231b2fbf78;p=friendica.git

Add header support for security token check
---

diff --git a/include/security.php b/include/security.php
index af424df26c..b13a507cf4 100644
--- a/include/security.php
+++ b/include/security.php
@@ -405,12 +405,21 @@ function get_form_security_token($typename = '')
 
 function check_form_security_token($typename = '', $formname = 'form_security_token')
 {
-	if (!x($_REQUEST, $formname)) {
-		return false;
+	$hash = null;
+
+	if (!empty($_REQUEST[$formname])) {
+		/// @TODO Careful, not secured!
+		$hash = $_REQUEST[$formname];
+	}
+
+	if (!empty($_SERVER['HTTP_X_CSRF_TOKEN'])) {
+		/// @TODO Careful, not secured!
+		$hash = $_SERVER['HTTP_X_CSRF_TOKEN'];
 	}
 
-	/// @TODO Careful, not secured!
-	$hash = $_REQUEST[$formname];
+	if (empty($hash)) {
+		return false;
+	}
 
 	$max_livetime = 10800; // 3 hours