예제 #1
0
파일: Form.php 프로젝트: qix/phorms 
 function submitted()
 {
     if (parent::submitted() && isset($_POST['_csrf'])) {
         return Csrf::check($_POST['_csrf'], $this->intent);
     } else {
         return False;
     }
 }
예제 #2
0
파일: admin.php 프로젝트: Rictus/CMS_Prod 
/**
 * Admin actions
 */
Route::action('auth', function () {
    if (Auth::guest()) {
        return Response::redirect('admin/login');
    }
});
Route::action('guest', function () {
    if (Auth::user()) {
        return Response::redirect('admin/accueil');
    }
});
Route::action('csrf', function () {
    if (Request::method() == 'POST') {
        if (!Csrf::check(Input::get('token'))) {
            Notify::error(array('Invalid token'));
            return Response::redirect('admin/login');
        }
    }
});
/**
 * Admin routing
 */
Route::get('admin', function () {
    if (Auth::guest()) {
        return Response::redirect('admin/login');
    }
    return Response::redirect('admin/accueil');
});
/*
예제 #3
0
/*
|--------------------------------------------------------------------------
| CSRF Protection Filter
|--------------------------------------------------------------------------
|
| The CSRF filter is responsible for protecting your application against
| cross-site request forgery attacks. If this special token in a user
| session does not match the one given in this request, we'll bail.
|
*/
Route::filter('csrf', function () {
    if (Request::isMethod('get') || Request::isMethod('options')) {
        return;
    }
    // throws exception if token invalid
    Csrf::check();
});
/*
|--------------------------------------------------------------------------
| X-Frame-Options Header Filter
|--------------------------------------------------------------------------
|
| Prevents pages being loaded in an iframe.
|
*/
Route::filter('setXFrameOptionsHeader', function ($route, $request, $response) {
    if (method_exists($response, "header")) {
        $response->header("X-Frame-Options", "deny");
    }
});
/*