/**
* Call this to add a CSRF protection code to all the
* forms and links on the generated page. Note that
* you don't need to pass any content, and nothing is
* returned - this function uses PHP to change it's
* output so as to insert the data.
*
* Note: output_add_rewrite_var() used in here does a really bad job
* on your URIs within the HTML. It adds parameters without considering
* whether it should use '&' or '&'. This results in invalid HTML!
*/
public static function add_code()
{
if (!self::__is_logged_in()) {
return;
}
if (self::$already_added_code) {
return;
}
// do not add CSRF code in case current request is an AJAX request. They're secure
// by definition and also, they're much more delicate in
// what can be returned - and they usually exceed the
// request amount limit pretty quickly (see active_decrease etc)
if (self::__is_ajax()) {
return;
}
self::$already_added_code = true;
$code = self::__get_code();
output_add_rewrite_var(self::$formkey, $code);
}
