/** * Verify a Cross Script Request Forgery token * * @return boolean verified ? */ function csrf_verify() { Session::start(); $s = @$_SESSION['csrf_token']; Session::write_close(); if (!isset($_POST['csrf_token'])) { return false; } return $s === @$_POST['csrf_token']; }
/* |-------------------------------------------------------------------------- | Special AJAX functions |-------------------------------------------------------------------------- | */ if (isset($_POST['action'])) { switch ($_POST['action']) { case 'upgradegitpull': if (upgrade_is_git()) { $can_pull = upgrade_can_git_pull(); if (!is_array($can_pull)) { exec('git pull', $lines); Session::start(); $_SESSION['upgradegitpullok'] = $lines; Session::write_close(); echo json_encode(array('logs' => $lines)); die; } else { echo json_encode(array('error' => __('GIT is no more availble, please refresh the page'))); die; } } else { echo json_encode(array('error' => __('GIT is no more availble, please refresh the page'))); die; } default: die; break; } }
/** * Write the session array * * @param array $value the array to store * * @return void */ private static function sessionWrite($value) { // Web if (isset($_SERVER['SERVER_PROTOCOL'])) { Session::start(); $_SESSION['auth'] = $value; Session::write_close(); } else { file_put_contents('_cli_fake_session', json_encode($value)); } }