/** * Check that the posted CSRF token matches the value stored in the session. * * @throws CSRFMismatchException Thrown if CSRF tokens do not match. * * @return bool */ public static function check() { $request = Application::instance()->request; $key = $request->input->{self::POST_KEY}; $stored = Session::get(self::SESSION_KEY); if ($request->isPost() && $key !== $stored) { throw new CSRFMismatchException('CSRF token is invalid'); } return true; }
/** * Create a new request for the application. */ public function __construct() { $this->router = new Router(); $this->method = strtoupper($this->router->requestMethod()); // Store the raw input data $input = array_merge($_GET, $_POST); $this->rawInput = new Input($input); // Escape the input data, and store it again $input = $this->escapeInput($input); $this->input = new Input($input); // Store the current URI if (isset($_SERVER['REQUEST_URI'])) { $this->uri = $_SERVER['REQUEST_URI']; } // Retrieve the previous URI from the session, and store it // against the request object if (($previous = Session::get('previous_uri')) !== null) { $this->previousUri = $previous; } // Update the previous URI session key now that we have retrieved // it's value Session::set('previous_uri', $this->uri); }