/**
* Check that the posted CSRF token matches the value stored in the session.
*
* @throws CSRFMismatchException Thrown if CSRF tokens do not match.
*
* @return bool
*/
public static function check()
{
$request = Application::instance()->request;
$key = $request->input->{self::POST_KEY};
$stored = Session::get(self::SESSION_KEY);
if ($request->isPost() && $key !== $stored) {
throw new CSRFMismatchException('CSRF token is invalid');
}
return true;
}
/**
* Create a new request for the application.
*/
public function __construct()
{
$this->router = new Router();
$this->method = strtoupper($this->router->requestMethod());
// Store the raw input data
$input = array_merge($_GET, $_POST);
$this->rawInput = new Input($input);
// Escape the input data, and store it again
$input = $this->escapeInput($input);
$this->input = new Input($input);
// Store the current URI
if (isset($_SERVER['REQUEST_URI'])) {
$this->uri = $_SERVER['REQUEST_URI'];
}
// Retrieve the previous URI from the session, and store it
// against the request object
if (($previous = Session::get('previous_uri')) !== null) {
$this->previousUri = $previous;
}
// Update the previous URI session key now that we have retrieved
// it's value
Session::set('previous_uri', $this->uri);
}
