/** * CSRF Protection. Checks if it's enabled globally, and * enforces the presence of CSRF tokens. */ protected function CsrfProtection() { if ($this->config->CSRFProtection !== true || is_cli()) { return; } $security = Services::security($this->config); $security->CSRFVerify($this->request); }
/** * Returns the current hash value for the CSRF protection. * Can be used in Views when building hidden inputs manually, * or used in javascript vars for API usage. * * @return string */ function csrf_hash() { $security = Services::security(null, true); return $security->getCSRFHash(); }