/**
* Check Csrf token.
*
* @param string $token The token, if not set, will pull from $_POST['csrftoken'].
*
* @throws AccessDeniedException If check fails.
*
* @return void
*/
public function checkCsrfToken($token = null)
{
if (is_null($token)) {
$token = $this->request->request->get('csrftoken', false);
}
$tokenValidator = $this->container->get('token.validator');
if (System::getVar('sessioncsrftokenonetime') && $tokenValidator->validate($token, false, false)) {
return;
}
if ($tokenValidator->validate($token)) {
return;
}
$this->throwForbidden(__f('Oops, something went wrong: security token validation failed. You might want to go to the <a href="%s">startpage</a>.', $this->request->getBaseUrl()));
}
