public static function csrf($csrf_role) { if (visitor::has_role($csrf_role)) { $csrf_key = config::get_module('url.csrf_key', router::default_csrf_key); $role_secret = null; if (visitor::p_has($csrf_key)) { $role_secret = visitor::p_str($csrf_key); } else { if (visitor::g_has($csrf_key)) { $role_secret = visitor::g_str($csrf_key); } } if ($role_secret !== visitor::get_role_secret($csrf_role)) { throw new visitor_except('csrf attack', 403); } } }