function cat_csrf_callback($tokens)
{
// check headers content type
$headers = headers_list();
foreach ($headers as $entry) {
list($key, $value) = explode(': ', $entry);
if (!strcasecmp('Content-type', $key)) {
if (substr_count($value, 'json')) {
print json_encode(array('message' => 'CSRF check failed. Your form session may have expired, or you may not have cookies enabled.', 'success' => false));
exit;
}
}
}
$data = '';
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
if (function_exists('csrf_flattenpost')) {
foreach (csrf_flattenpost($_POST) as $key => $value) {
if ($key == $GLOBALS['csrf']['input-name']) {
continue;
}
$data .= '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($value) . '" />';
}
$data = '<form method="post" action="">' . $data . '<input type="submit" value="Try again" /></form>';
}
echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=windows-1250">
<title>Black Cat CMS Error Message</title>
</head>
<body>
<p>CSRF check failed. Your form session may have expired, or you may not have
cookies enabled.</p>
' . $data;
if (CAT_Registry::exists('DEBUG_CSRF') && DEBUG_CSRF === true) {
echo "<p>Debug: {$tokens}</p>";
}
echo '</body></html>';
}
/**
* @param $tokens is safe for HTML consumption
*/
function csrf_callback($tokens)
{
// (yes, $tokens is safe to echo without escaping)
header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden');
$data = '';
foreach (csrf_flattenpost($_POST) as $key => $value) {
if ($key == $GLOBALS['csrf']['input-name']) {
continue;
}
$data .= '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($value) . '" />';
}
echo "<html><head><title>CSRF check failed</title></head>\n <body>\n <p>CSRF check failed. Your form session may have expired, or you may not have\n cookies enabled.</p>\n <form method='post' action=''>{$data}<input type='submit' value='Try again' /></form>\n <p>Debug: {$tokens}</p></body></html>\n";
}
