| | |
|---|
| | | } |
|---|
| | | if($_csrf_valid !== true) { |
|---|
| | | $app->log('CSRF attempt blocked. Referer: ' . (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : 'unknown'), LOGLEVEL_WARN); |
|---|
| | | $errmsg = 'err_csrf_attempt_blocked'; |
|---|
| | | $this->errorMessage .= ($api == true ? $errmsg : $this->wordbook[$errmsg]."<br />") . "\r\n"; |
|---|
| | | unset($_POST); |
|---|
| | | unset($record); |
|---|
| | | } |
|---|
| | | $_SESSION['_csrf'][$_csrf_id] = ' '; |
|---|
| | | $_SESSION['_csrf_timeout'][$_csrf_id] = ' '; |
|---|
| | | $_SESSION['_csrf'][$_csrf_id] = null; |
|---|
| | | $_SESSION['_csrf_timeout'][$_csrf_id] = null; |
|---|
| | | unset($_SESSION['_csrf'][$_csrf_id]); |
|---|
| | | unset($_SESSION['_csrf_timeout'][$_csrf_id]); |
|---|
| | | |
|---|
| | |
|---|
| | | if($timeout < time()) $to_unset[] = $_csrf_id; |
|---|
| | | } |
|---|
| | | foreach($to_unset as $_csrf_id) { |
|---|
| | | $_SESSION['_csrf'][$_csrf_id] = null; |
|---|
| | | $_SESSION['_csrf_timeout'][$_csrf_id] = null; |
|---|
| | | unset($_SESSION['_csrf'][$_csrf_id]); |
|---|
| | | unset($_SESSION['_csrf_timeout'][$_csrf_id]); |
|---|
| | | } |
|---|
