From 6fb3a2a18591a4c79e91a90282d88cd84554f83c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Mon, 5 Aug 2013 22:50:00 +0200 Subject: [PATCH] move xsrf test --- inc/poche/config.inc.php | 12 ++++++++++-- index.php | 8 -------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/inc/poche/config.inc.php b/inc/poche/config.inc.php index d91a44b..ee0f661 100644 --- a/inc/poche/config.inc.php +++ b/inc/poche/config.inc.php @@ -29,7 +29,6 @@ $storage_type = 'sqlite'; # sqlite, mysql, (file, not yet) # /!\ Be careful if you change the lines below /!\ require_once './inc/poche/Tools.class.php'; require_once './inc/poche/Url.class.php'; -require_once './inc/3rdparty/Session.class.php'; require_once './inc/3rdparty/class.messages.php'; require_once './inc/poche/Poche.class.php'; require_once './inc/3rdparty/Readability.php'; @@ -39,9 +38,18 @@ require_once './inc/store/' . $storage_type . '.class.php'; require_once './vendor/autoload.php'; require_once './inc/3rdparty/simple_html_dom.php'; require_once './inc/3rdparty/paginator.php'; +require_once './inc/3rdparty/Session.class.php'; if (DOWNLOAD_PICTURES) { require_once './inc/poche/pochePictures.php'; } -$poche = new Poche($storage_type); \ No newline at end of file +$poche = new Poche($storage_type); + +#XSRF protection with token +// if (!empty($_POST)) { +// if (!Session::isToken($_POST['token'])) { +// die(_('Wrong token')); +// } +// unset($_SESSION['tokens']); +// } \ No newline at end of file diff --git a/index.php b/index.php index 98ada1b..d0dd4ab 100644 --- a/index.php +++ b/index.php @@ -10,14 +10,6 @@ include dirname(__FILE__).'/inc/poche/config.inc.php'; -#XSRF protection with token -// if (!empty($_POST)) { -// if (!Session::isToken($_POST['token'])) { -// die(_('Wrong token')); -// } -// unset($_SESSION['tokens']); -// } - $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; $view = Tools::checkVar('view', 'home'); $action = Tools::checkVar('action');