csrf : add the checkThenDelete method
form : use the checkThenDelete CSRF method to remove the used token git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@5460 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
12
csrf.php
12
csrf.php
@@ -164,4 +164,16 @@ class csrf
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
// }}}
|
// }}}
|
||||||
|
|
||||||
|
/** Check an existing token, then delete it
|
||||||
|
* @param string $tokenFromUser The existing token
|
||||||
|
*/
|
||||||
|
public function checkThenDeleteToken ($tokenFromUser)
|
||||||
|
// {{{
|
||||||
|
{
|
||||||
|
$this->checkToken ($tokenFromUser);
|
||||||
|
unset ($_SESSION["domframework"]["csrf"][$tokenFromUser]);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// }}}
|
||||||
}
|
}
|
||||||
|
|||||||
4
form.php
4
form.php
@@ -416,7 +416,9 @@ class form
|
|||||||
{
|
{
|
||||||
$csrf = new csrf ();
|
$csrf = new csrf ();
|
||||||
$csrf->field = $this->csrfField;
|
$csrf->field = $this->csrfField;
|
||||||
$csrf->checkToken ($tokenFromUser);
|
// The checkThenDeleteToken method check the token and except if there is a
|
||||||
|
// problem. If there is no problem, it delete the token
|
||||||
|
$csrf->checkThenDeleteToken ($tokenFromUser);
|
||||||
}
|
}
|
||||||
// }}}
|
// }}}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user