/**
* Executes this filter.
*
* @param sfFilterChain A sfFilterChain instance
*/
public function execute($filterChain)
{
$secret = afAuthenticDatamaker::getSiteSecret();
$request = $this->getContext()->getRequest();
$moduleName = $this->context->getActionStack()->getLastEntry()->getModuleName();
$actionName = $this->context->getActionStack()->getLastEntry()->getActionName();
// check only if request method is POST
if (sfRequest::POST === $request->getMethod()) {
if (self::isPossibleCrossSiteSessionRiding($request)) {
$requestToken = $request->getParameter('_csrf_token');
// error if no token or if token is not valid
if (!$this->getContext()->getUser()->isTimedOut() && !in_array($moduleName, sfConfig::get('app_csrf_token_deactivatedModules', array())) && (!$requestToken || md5($secret . session_id()) !== $requestToken)) {
throw new sfException('CSRF attack detected.');
}
}
} else {
if (strpos($actionName, 'delete') === 0) {
throw new sfException('Only POST is allowed for write-making actions.');
}
}
// provide the token to anyone interested
$request->setAttribute('_csrf_token', md5($secret . session_id()));
// execute next filter
$filterChain->execute();
}
