} elseif (!empty($_GET['security_token']) and getToken() != $_GET['security_token']) { $csrf_error = true; } } if ($csrf_error) { $params = array(); $params['environment'] = $environment; $params['with_modifying_actions'] = true; $errorbox = $class_factory->getClass(ERRORBOX_VIEW, $params); unset($params); $errorbox->setText($translator->getMessage('ERROR_CROSS_SITE_REQUEST_FORGERY')); } unset($csrf_error); } /*********** javascript check *************/ if (!$outofservice and $environment->isOutputModeNot('XML') and $environment->isOutputModeNot('JSON') and $environment->isOutputModeNot('BLANK') and !($environment->getCurrentModule() == 'ajax') and !$session->issetValue('javascript') and !isset($_GET['jscheck']) and !($environment->getCurrentModule() == 'file' and $environment->getCurrentFunction() == 'upload') and !($environment->getCurrentModule() == 'material' and $environment->getCurrentFunction() == 'getfile') and !($environment->getCurrentModule() == 'room' and $environment->getCurrentFunction() == 'change') and !($environment->getCurrentModule() == 'context' and $environment->getCurrentFunction() == 'login')) { include_once 'pages/context_reload.php'; exit; } if (isset($_GET['jscheck']) and $environment->isOutputModeNot('XML') and $environment->isOutputModeNot('JSON') and $environment->isOutputModeNot('BLANK') and (empty($_POST) or count($_POST) == 1 and !empty($_POST['HTTP_ACCEPT_LANGUAGE']))) { $session = $environment->getSessionItem(); if (isset($session) and !$session->issetValue('javascript')) { if (isset($_GET['isJS'])) { $session->setValue('javascript', 1); } else { } } if (isset($session) and !$session->issetValue('https')) { if (isset($_GET['https'])) { if (!empty($_GET['https']) and $_GET['https'] == 1) { $session->setValue('https', 1);