public static function csrf($csrf_role)
{
if (visitor::has_role($csrf_role)) {
$csrf_key = config::get_module('url.csrf_key', router::default_csrf_key);
$role_secret = null;
if (visitor::p_has($csrf_key)) {
$role_secret = visitor::p_str($csrf_key);
} else {
if (visitor::g_has($csrf_key)) {
$role_secret = visitor::g_str($csrf_key);
}
}
if ($role_secret !== visitor::get_role_secret($csrf_role)) {
throw new visitor_except('csrf attack', 403);
}
}
}
