/** * Validate that the page has a CSRF token in the POST data * and that the token is legit/not expired. If the token is valid * it will be removed from the list of valid tokens. * * @since version 0.83.3 * * @param $data array $_POST datas * * @return boolean Valid csrf token. **/ public static function validateCSRF($data) { if (!isset($data['_glpi_csrf_token'])) { Session::cleanCSRFTokens(); return false; } $requestToken = $data['_glpi_csrf_token']; if (isset($_SESSION['glpicsrftokens'][$requestToken]) && $_SESSION['glpicsrftokens'][$requestToken] >= time()) { if (!defined('GLPI_KEEP_CSRF_TOKEN')) { /* When post open a new windows */ unset($_SESSION['glpicsrftokens'][$requestToken]); } Session::cleanCSRFTokens(); return true; } Session::cleanCSRFTokens(); return false; }
/** * Validate that the page has a CSRF token in the POST data * and that the token is legit/not expired. If the token is valid * it will be removed from the list of valid tokens. * * @since version 0.83.3 * * @param $data array $_POST datas * * @return boolean Valid csrf token. **/ public static function validateCSRF($data) { if (!isset($data['_glpi_csrf_token'])) { Session::cleanCSRFTokens(); return false; } $requestToken = $data['_glpi_csrf_token']; if (isset($_SESSION['glpicsrftokens'][$requestToken]) && $_SESSION['glpicsrftokens'][$requestToken] >= time()) { unset($_SESSION['glpicsrftokens'][$requestToken]); Session::cleanCSRFTokens(); return true; } Session::cleanCSRFTokens(); return false; }