/** * Check the token to prevent CSRF exploits * * @param object The command context * @return boolean Returns FALSE if the check failed. Otherwise TRUE. */ protected function _checkToken(KCommandContext $context) { //Check the token if ($context->caller->isDispatched()) { $method = KRequest::method(); //Only check the token for PUT, DELETE and POST requests if ($method != KHttpRequest::GET && $method != KHttpRequest::OPTIONS) { if (KRequest::token() !== JUtility::getToken()) { return false; } } } return true; }
/** * Check the token to prevent CSRF exploits * * @param object The command context * @return boolean Returns FALSE if the check failed. Otherwise TRUE. */ protected function _checkToken(KCommandContext $context) { //Check the token if ($context->caller->isDispatched()) { $method = KRequest::method(); //Only check the token for PUT, DELETE and POST requests if ($method != KHttpRequest::GET && $method != KHttpRequest::OPTIONS) { $token = version_compare(JVERSION, '3.0', 'ge') ? JSession::getFormToken() : JUtility::getToken(); if (KRequest::token() !== $token) { return false; } } } return true; }
/** * Check the token * * @return boolean Returns FALSE if the token is not valid or the session timed-out. */ public function checkToken() { if (KRequest::method() != KHttpRequest::GET) { if (KRequest::token() !== JUtility::getToken()) { return false; } } return true; }