/** * Shortcut for CSRF functions * * @param string $type - either "set" or "check" CSRF key * @param string $script - optional name of page using the key * @param int $life - minutes before the token expires * @return string $key (if using $type "fetch") */ public function csrf($type = 'check', $script = '', $life = 60) { // check whether we are specifically being told not to create a newToken first // this is required for many js scripts ajaxing back Hotaru and accidentaly setting a new token in session state, preventing form from posting correctly on csrf check // if(isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest') { // return true; // } // above ajax test didnt work so use this hard set test $newToken = $this->cage->post->testAlnum('newToken'); if ($newToken == 'false') { return true; } $csrf = \csrf::instance(); return $csrf->csrfInit($this, $type, $script, $life); }