diff options
author | Evan Prodromou <evan@status.net> | 2009-11-07 18:51:57 -0500 |
---|---|---|
committer | Evan Prodromou <evan@status.net> | 2009-11-07 18:51:57 -0500 |
commit | 31bbdacbf330c28c5ebc900864ccd148ea1b23e0 (patch) | |
tree | b1a940a5f01da8e69a715979780793e2e5b45a87 /lib/action.php | |
parent | 5cd385fe4f09939d726847a60ddd950e31e3065d (diff) |
add a method to Action to check session token
Diffstat (limited to 'lib/action.php')
-rw-r--r-- | lib/action.php | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/lib/action.php b/lib/action.php index 1b2f73752..78ca9137a 100644 --- a/lib/action.php +++ b/lib/action.php @@ -1101,4 +1101,22 @@ class Action extends HTMLOutputter // lawsuit { return Design::siteDesign(); } + + /** + * Check the session token. + * + * Checks that the current form has the correct session token, + * and throw an exception if it does not. + * + * @return void + */ + + function checkSessionToken() + { + // CSRF protection + $token = $this->trimmed('token'); + if (empty($token) || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token.')); + } + } } |