function test_verify_csrf() { $form = new Form(); $form->initialize_csrf(); $this->assertFalse($form->verify_csrf()); $_POST['_token_'] = $form->csrf_token; $this->assertTrue($form->verify_csrf()); $_POST['_token_'] = '...'; $this->assertFalse($form->verify_csrf()); }
function test_verify_csrf() { $form = new Form(); $form->initialize_csrf(); $this->assertFalse($form->verify_csrf()); $_POST['_token_'] = $form->csrf_token; $this->assertTrue($form->verify_csrf()); $_SESSION['csrf_expires'] = time() - 10; $this->assertFalse($form->verify_csrf()); }