private function addCSRFGuard()
{
if (self::$ignoreCrossSiteGuard) {
return;
}
if (self::$crossSiteGuard == null) {
self::$crossSiteGuard = CSRFGuard::key();
}
$this->set(CSRFGuard::KEY, self::$crossSiteGuard);
}
private static function ensureNoForgery()
{
if (!Cfg::get('jb_forgery_check', true)) {
return;
}
// Check if the current script is exempt from forgery check
$fileName = '';
if (isset($_SERVER['SCRIPT_FILENAME'])) {
$fileName = $_SERVER['SCRIPT_FILENAME'];
} else {
if (isset($_SERVER['argv'][0])) {
$fileName = $_SERVER['argv'][0];
}
}
if (in_array(basename($fileName), Cfg::get('exempt', []))) {
return;
}
// Add the known request variables to TamperGuard
foreach (Cfg::get('known', []) as $val) {
TamperGuard::known($val);
}
$message = null;
if (($tg = TimeGuard::check()) !== TimeGuard::NOGUARD) {
if ($tg !== true) {
$message = <<<HTML
Invalid AJAX Request ({$tg})<br/>
%s has detected changes in the URL.<br/>
Please do not manually edit URL or reuse URL (support %s).<br/>
You will be <a href="%s">redirected</a> in %s seconds
<meta HTTP-EQUIV="REFRESH" content="%s; url=%s">
HTML;
}
} else {
if (($reqChk = Request::check()) !== true) {
$reqChk = str_replace('%', '%%', $reqChk);
$message = <<<HTML
Invalid or expired request (URL Error - {$reqChk})<br/>
%s has detected changes in the URL.<br/>
Please do not manually edit URL (support %s).<br/>
You will be <a href="%s">redirected</a> in %s seconds
<meta HTTP-EQUIV="REFRESH" content="%s; url=%s">
HTML;
} else {
if (!CSRFGuard::check()) {
$message = <<<HTML
Invalid Request (CSRF error)<br/>
%s has detected re-submission or form tampering.<br/>
please contact support %s<br/>
You will be <a href="%s">redirected</a> in %s seconds
<meta HTTP-EQUIV="REFRESH" content="%s; url=%s">
HTML;
}
}
}
if ($message != null) {
$seconds = '5';
if (($location = Cfg::get('index')) == '') {
$location = Cfg::siteUrl() . '/index.php';
}
echo sprintf($message, Cfg::get('version'), Cfg::get('boss'), $location, $seconds, $seconds, $location);
exit;
}
}
