/**
* Prevent XSS attacks for logged in users by making sure the request contains a valid nonce
*
*/
function CheckPosts($session_id)
{
if (count($_POST) == 0) {
return;
}
if (!isset($_POST['verified'])) {
gpsession::StripPost('XSS Verification Parameter Not Set');
return;
}
if (empty($_POST['verified'])) {
gpsession::StripPost('XSS Verification Parameter Empty');
return;
}
if (!common::verify_nonce('post', $_POST['verified'], true) && $_POST['verified'] !== $session_id) {
gpsession::StripPost('XSS Verification Parameter Mismatch');
return;
}
}