function checkRights(&$db, &$user)
{
csrfguard_start();
return $user->hasRight($db, 'mgt_modify_product');
}
$token = generate_token($name);
$form_data_html = str_replace($m[0], "<form{$m[1]}>\n<input type='hidden' name='CSRFName' value='{$name}' />\n<input type='hidden' name='CSRFToken' value='{$token}' />{$m[2]}</form>", $form_data_html);
}
}
return $form_data_html;
}
function inject()
{
$data = ob_get_clean();
$data = replace_forms($data);
echo $data;
}
function csrfguard_start()
{
if (count($_POST)) {
if (!isset($_POST['CSRFName']) or !isset($_POST['CSRFToken'])) {
die("No CSRFName found, probable invalid request.");
}
$name = $_POST['CSRFName'];
$token = $_POST['CSRFToken'];
if (!validate_token($name, $token)) {
die("Invalid CSRF token.");
}
}
ob_start();
/* adding double quotes for "inject" to prevent:
Notice: Use of undefined constant inject - assumed 'inject' */
register_shutdown_function("inject");
}
csrfguard_start();
