PHP CSRF::is_valid示例

示例#1

文件： ssh_execute.php 项目： ralexandru/commando

#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/
require_once dirname(__DIR__) . "/classes/Requires.php";
Functions::check_required_parameters(array($_POST['groups'], $_POST['recipe']));
if (!CSRF::is_valid()) {
    Error::halt(400, 'bad request', 'Missing required security token.');
}
$result = MySQLQueries::get_recipe($_POST['recipe']);
$recipe = MySQLConnection::fetch_object($result);
if (empty($recipe)) {
    //Output error details
    Error::halt(400, 'bad request', 'The recipe \'' . $_POST['recipe'] . '\' does not exist.');
}
//Default group handling
if (count($_POST['groups']) === 1 && empty($_POST['groups'][0])) {
    $_POST['groups'] = array();
}
$servers = array();
$results = MySQLQueries::get_servers_by_groups($_POST['groups']);
while ($row = MySQLConnection::fetch_object($results)) {

示例#2

文件： edit_recipe_head.php 项目： tsing/commando

<?php

/*
# Copyright 2012 NodeSocket, LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/
require_once dirname(__DIR__) . "/classes/Requires.php";
Functions::check_required_parameters(array($_GET['id'], $_GET['version']));
if (!CSRF::is_valid(1, METHOD_GET)) {
    Error::halt(400, 'bad request', 'Missing required security token.');
}
MySQLQueries::edit_recipe_head($_GET['id'], $_GET['version']);
Functions::redirect(Links::render("view-recipe", array($_GET['id'])));

示例#3

文件： edit_file_notes.php 项目： tsing/commando

<?php

/*
# Copyright 2012 NodeSocket, LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
*/
require_once dirname(__DIR__) . "/classes/Requires.php";
Functions::check_required_parameters(array($_POST['id'], $_POST['notes']));
if (!CSRF::is_valid(2)) {
    Error::halt(400, 'bad request', 'Missing required security token.');
}
MongoConnection::connect();
MongoConnection::grid_fs();
MongoConnection::grid_fs_update(array("_id" => new MongoId($_POST['id'])), array('$set' => array("notes" => $_POST['notes'])));
MongoConnection::close();
echo '{"updated":true}';