Beispiel #1
0
/**
 * Validates the presence of action tokens.
 *
 * This function is called for all actions.  If action tokens are missing,
 * the user will be forwarded to the site front page and an error emitted.
 *
 * This function verifies form input for security features (like a generated token),
 * and forwards if they are invalid.
 *
 * @return mixed True if valid or redirects.
 * @access private
 */
function action_gatekeeper()
{
    if (validate_action_token()) {
        return TRUE;
    }
    forward(REFERER, 'csrf');
}
/**
 * Action gatekeeper.
 * This function verifies form input for security features (like a generated token), and forwards
 * the page if they are invalid.
 * 
 * Place at the head of actions.
 */
function action_gatekeeper()
{
    if (validate_action_token()) {
        return true;
    }
    forward();
    exit;
}
Beispiel #3
0
 /**
  * @see action_gatekeeper
  * @access private
  */
 public function gatekeeper($action)
 {
     if ($action === 'login') {
         if ($this->validateActionToken(false)) {
             return true;
         }
         $token = get_input('__elgg_token');
         $ts = (int) get_input('__elgg_ts');
         if ($token && $this->validateTokenTimestamp($ts)) {
             // The tokens are present and the time looks valid: this is probably a mismatch due to the
             // login form being on a different domain.
             register_error(elgg_echo('actiongatekeeper:crosssitelogin'));
             forward('login', 'csrf');
         }
         // let the validator send an appropriate msg
         validate_action_token();
     } else {
         if ($this->validateActionToken()) {
             return true;
         }
     }
     forward(REFERER, 'csrf');
 }