/**
* validate CSRF token
* CSRF token can be passed with submitted forms and links associated with sensitive server-side operations.
*
* In case of GET request, you need to set 'validateCsrfToken' in $config to true.
*
* @param array $config configuration data
* @return boolean
*/
public function CsrfToken($config = [])
{
$userToken = null;
if ($this->request->isPost()) {
$userToken = $this->request->data('csrf_token');
} else {
$userToken = $this->request->query('csrf_token');
}
if (empty($userToken) || $userToken !== Session::getCsrfToken()) {
Logger::log("CSRF Attack", "User: "******" provided invalid CSRF Token " . $userToken, __FILE__, __LINE__);
return false;
}
return $userToken === Session::getCsrfToken();
}
