/**
* Validate that the page has a CSRF token in the POST data
* and that the token is legit/not expired. If the token is valid
* it will be removed from the list of valid tokens.
*
* @since version 0.83.3
*
* @param $data array $_POST datas
*
* @return boolean Valid csrf token.
**/
public static function validateCSRF($data)
{
if (!isset($data['_glpi_csrf_token'])) {
Session::cleanCSRFTokens();
return false;
}
$requestToken = $data['_glpi_csrf_token'];
if (isset($_SESSION['glpicsrftokens'][$requestToken]) && $_SESSION['glpicsrftokens'][$requestToken] >= time()) {
if (!defined('GLPI_KEEP_CSRF_TOKEN')) {
/* When post open a new windows */
unset($_SESSION['glpicsrftokens'][$requestToken]);
}
Session::cleanCSRFTokens();
return true;
}
Session::cleanCSRFTokens();
return false;
}
/**
* Validate that the page has a CSRF token in the POST data
* and that the token is legit/not expired. If the token is valid
* it will be removed from the list of valid tokens.
*
* @since version 0.83.3
*
* @param $data array $_POST datas
*
* @return boolean Valid csrf token.
**/
public static function validateCSRF($data)
{
if (!isset($data['_glpi_csrf_token'])) {
Session::cleanCSRFTokens();
return false;
}
$requestToken = $data['_glpi_csrf_token'];
if (isset($_SESSION['glpicsrftokens'][$requestToken]) && $_SESSION['glpicsrftokens'][$requestToken] >= time()) {
unset($_SESSION['glpicsrftokens'][$requestToken]);
Session::cleanCSRFTokens();
return true;
}
Session::cleanCSRFTokens();
return false;
}
