csrf : add the checkThenDelete method

form : use the checkThenDelete CSRF method to remove the used token git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5460 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
2019-09-10 08:11:14 +00:00
parent 3f7584fab7
commit 5585ae23e8
2 changed files with 15 additions and 1 deletions
--- a/csrf.php
+++ b/csrf.php
@@ -164,4 +164,16 @@ class csrf
    return true;
  }
  // }}}
+
+  /** Check an existing token, then delete it
+    * @param string $tokenFromUser The existing token
+    */
+  public function checkThenDeleteToken ($tokenFromUser)
+  // {{{
+  {
+    $this->checkToken ($tokenFromUser);
+    unset ($_SESSION["domframework"]["csrf"][$tokenFromUser]);
+    return true;
+  }
+  // }}}
 }
--- a/form.php
+++ b/form.php
@@ -416,7 +416,9 @@ class form
  {
    $csrf = new csrf ();
    $csrf->field = $this->csrfField;
-    $csrf->checkToken ($tokenFromUser);
+    // The checkThenDeleteToken method check the token and except if there is a
+    // problem. If there is no problem, it delete the token
+    $csrf->checkThenDeleteToken ($tokenFromUser);
  }
  // }}}