Beispiel #1
0
 private function validateCSRF()
 {
     // Check for CSRF token and that we have a valid request method
     if (Config::get("system.checkCSRF") == true && !CSRF::isValid($this->_requestMethod)) {
         if (!CSRF::inHistory($this->_requestMethod)) {
             @$this->service('log')->error("System: CSRF Detected from " . $this->requestIpAddress());
             header("HTTP/1.0 403 Forbidden");
             echo "Cross site request forgery detected. Your IP has been logged";
             die;
         } else {
             $this->msg("Duplicate form submission detected, make sure you only click buttons once");
         }
     }
 }