diff options
author | Andrew Dolgov <[email protected]> | 2011-12-26 12:02:52 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2011-12-26 12:02:52 +0400 |
commit | 8484ce22584b8714622833adcc7ebfe3ef9cf90e (patch) | |
tree | 057d7a64c3af60e2389d519ba19e476b5fbe6212 /classes/pref_users.php | |
parent | 036cd3a4106cf2eee0be72f0695458dfb517976b (diff) |
experimental CSRF protection
Diffstat (limited to 'classes/pref_users.php')
-rw-r--r-- | classes/pref_users.php | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/classes/pref_users.php b/classes/pref_users.php index b9d162fd2..fe32ce14c 100644 --- a/classes/pref_users.php +++ b/classes/pref_users.php @@ -1,6 +1,5 @@ <?php class Pref_Users extends Protected_Handler { - function before() { if (parent::before()) { if ($_SESSION["access_level"] < 10) { @@ -12,6 +11,12 @@ class Pref_Users extends Protected_Handler { return false; } + function csrf_ignore($method) { + $csrf_ignored = array("index"); + + return array_search($method, $csrf_ignored) !== false; + } + function userdetails() { header("Content-Type: text/xml"); |