gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-05-16 14:41:39 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- allow to check forms with GET Request

Browse Source
This commit is contained in:
steinm 2012-08-31 07:43:43 +00:00
parent 2a11ab47bc
commit 07b7578190
1 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
inc/inc.Utils.php
View File

@ -313,15 +313,26 @@ function createHiddenFieldWithKey($formid='') { /* {{{ */
} /* }}} */ } /* }}} */
/** /**
* Check if the form key in the POST variable 'formtoken' has the value * Check if the form key in the POST or GET request variable 'formtoken'
* of key returned by createFormKey() * has the value of key returned by createFormKey(). Request to modify
* data in the DMS should always use POST because it is harder to run
* CSRF attacks using POST than GET.
* *
* @param string $formid individual form identifier * @param string $formid individual form identifier
* @param string $method defines if the form data is pass via GET or
* POST (default)
* @return boolean true if key matches otherwise false * @return boolean true if key matches otherwise false
*/ */
function checkFormKey($formid='') { /* {{{ */ function checkFormKey($formid='', $method='POST') { /* {{{ */
if(isset($_POST['formtoken']) && $_POST['formtoken'] == createFormKey($formid)) switch($method) {
return true; case 'GET':
if(isset($_GET['formtoken']) && $_GET['formtoken'] == createFormKey($formid))
return true;
break;
default:
if(isset($_POST['formtoken']) && $_POST['formtoken'] == createFormKey($formid))
return true;
}
return false; return false;
} /* }}} */ } /* }}} */