summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorEvan Prodromou <evan@status.net>2009-11-07 18:51:57 -0500
committerEvan Prodromou <evan@status.net>2009-11-07 18:51:57 -0500
commit31bbdacbf330c28c5ebc900864ccd148ea1b23e0 (patch)
treeb1a940a5f01da8e69a715979780793e2e5b45a87
parent5cd385fe4f09939d726847a60ddd950e31e3065d (diff)
add a method to Action to check session token
-rw-r--r--lib/action.php18
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/action.php b/lib/action.php
index 1b2f73752..78ca9137a 100644
--- a/lib/action.php
+++ b/lib/action.php
@@ -1101,4 +1101,22 @@ class Action extends HTMLOutputter // lawsuit
{
return Design::siteDesign();
}
+
+ /**
+ * Check the session token.
+ *
+ * Checks that the current form has the correct session token,
+ * and throw an exception if it does not.
+ *
+ * @return void
+ */
+
+ function checkSessionToken()
+ {
+ // CSRF protection
+ $token = $this->trimmed('token');
+ if (empty($token) || $token != common_session_token()) {
+ $this->clientError(_('There was a problem with your session token.'));
+ }
+ }
}