/** * Check Csrf token. * * @param string $token The token, if not set, will pull from $_POST['csrftoken']. * * @throws AccessDeniedException If check fails. * * @return void */ public function checkCsrfToken($token = null) { if (is_null($token)) { $token = $this->request->request->get('csrftoken', false); } $tokenValidator = $this->container->get('token.validator'); if (System::getVar('sessioncsrftokenonetime') && $tokenValidator->validate($token, false, false)) { return; } if ($tokenValidator->validate($token)) { return; } $this->throwForbidden(__f('Oops, something went wrong: security token validation failed. You might want to go to the <a href="%s">startpage</a>.', $this->request->getBaseUrl())); }