if ($_SERVER['REQUEST_METHOD'] == 'POST') { $request = new AphrontRequest($_GET, $_POST); try { $request->validateCSRF(); $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; // code to send email here } catch (AphrontCSRFException $ex) { // handle CSRF error here } }
class MyFormHandler extends AphrontController { public function handleRequest(AphrontRequest $request) { try { $request->validateCSRF(); // code to handle form submission here } catch (AphrontCSRFException $ex) { return new AphrontErrorView('Invalid CSRF token'); } } }In this example, the `validateCSRF` method is called within a custom form handler that extends the `AphrontController` class. If the CSRF token is invalid, an error message is returned to the user. Based on the use of the `AphrontRequest` and `AphrontCSRFException` classes, it appears that this code is part of the Phabricator application framework.