/** * CSRF対策のトークンをチェックする。 * 異常時はログに書き込む * @return boolean */ static function chkCSRFToken($file = null, $line = null) { if (ENABLE_CSRF == TRUE) { return true; } if ($_POST) { // CSRF トークンが正しいかチェック if (\Security::check_token()) { return true; } } $msg2 = 'Invalid CSRF Token'; // Log::error($msg2); $log = new Logging(); $log->writeLog_Warning($msg2, $file, $line); return false; }
public function action_adminArticleDelete($shortName = null, $threadId = null) { if ($shortName == null || $threadId == null) { $log = new Logging(); $log->writeLog_Warning('trying to detele board. but shortName or threadId is null', __FILE__, __LINE__); return Response::forge('パラメータ異常'); } $mode = Input::get('mode'); if ($mode == null || $mode != 'confirm' && $mode != 'delete') { $log = new Logging(); $log->writeLog_Warning('trying to detele article. but mode-parameter is invalid.', __FILE__, __LINE__); return Response::forge('パラメータ異常'); } //掲示板を取得 $board = $this->getBoardFromShortName($shortName); if ($board == null) { $log = new Logging(); $log->writeLog_Warning('trying to detele article. but board is missing.', __FILE__, __LINE__); return Response::forge('パラメータ異常'); } //スレッドのbbsIdを確認 if (!$this->isBoardContainsArticle($board, $threadId)) { $log = new Logging(); $log->writeLog_Warning('trying to detele article. but board is not contain the article.', __FILE__, __LINE__); return Response::forge('パラメータ異常'); } $this->setBoardTitle($board); Model_Article::clear_cache(); //スレッド元か?レスか? $ar = Model_Article::find($threadId); $commentOf = $ar->commentOf; $backURL = ''; if ($commentOf != 0) { $backURL = '/bbs/thread' . DS . $shortName . DS . $commentOf; } else { $backURL = '/bbs/index' . DS . $shortName; } if ($this->isBoardMine($board)) { $data['board'] = $board; $data['article'] = $ar; $data['attaches'] = $this->getAttach($board, $threadId); $data['backURL'] = $backURL; if ($mode == 'confirm') { $content = View::forge('bbs/articleDeleteConfirm', $data); $this->template->content = $content; return; } else { if ($mode == 'delete') { $this->deleteArticle($ar); Response::redirect($backURL); } } } $log = new Logging(); $log->writeLog_Warning('trying to detele article. but owner is invalid', __FILE__, __LINE__); return Response::forge('パラメータ異常'); }