/** * Do whatever processing this filter needs to do. * By default it should not return anything during * normal execution. However, when an abnormal state * is found, it should return an instance of * CodeIgniter\HTTP\Response. If it does, script * execution will end and that Response will be * sent back to the client, allowing for error pages, * redirects, etc. * * @param \CodeIgniter\HTTP\RequestInterface $request * * @return mixed */ public function before(RequestInterface $request) { if ($request->isCLI()) { return; } $security = Services::security(); $security->CSRFVerify($request); }
/** * CSRF Set Cookie * * @codeCoverageIgnore * @param RequestInterface $request * @return $this */ public function CSRFSetCookie(RequestInterface $request) { $expire = time() + $this->CSRFExpire; $secure_cookie = (bool) $this->cookieSecure; if ($secure_cookie && !$request->isSecure()) { return false; } setcookie($this->CSRFCookieName, $this->CSRFHash, $expire, $this->cookiePath, $this->cookieDomain, $secure_cookie, true); log_message('info', 'CSRF cookie sent'); return $this; }
/** * Determines the best language to use based on the $supported * types the application says it supports, and the types requested * by the client. * * If no match is found, the first, highest-ranking client requested * type is returned. * * @param array $supported * * @return string */ public function language(array $supported) : string { return $this->getBestMatch($supported, $this->request->getHeader('accept-language')); }