/** * validate CSRF token * CSRF token can be passed with submitted forms and links associated with sensitive server-side operations. * * In case of GET request, you need to set 'validateCsrfToken' in $config to true. * * @param array $config configuration data * @return boolean */ public function CsrfToken($config = []) { $userToken = null; if ($this->request->isPost()) { $userToken = $this->request->data('csrf_token'); } else { $userToken = $this->request->query('csrf_token'); } if (empty($userToken) || $userToken !== Session::getCsrfToken()) { Logger::log("CSRF Attack", "User: "******" provided invalid CSRF Token " . $userToken, __FILE__, __LINE__); return false; } return $userToken === Session::getCsrfToken(); }