В Gleez, защита приложения от Cross Site Request атак (CSRF) реализована так (0.9.11)
Код:
public function valid_post($submit = NULL)
{
if ( ! $this->request->is_post())
{
return FALSE;
}
if (Request::post_max_size_exceeded())
{
Message::error(__('Max file size of :max Bytes exceeded!',
array(':max' => Request::get_post_max_size())
));
return FALSE;
}
if ( ! is_null($submit) )
{
if ( ! isset($_POST[$submit]))
{
Message::error(__('This form has altered. Please try submitting it again.'));
return FALSE;
}
}
$_token = $this->request->post('_token');
$_action = $this->request->post('_action');
$has_csrf = ! empty($_token) AND ! empty($_action);
$valid_csrf = $has_csrf AND CSRF::valid($_token, $_action);
if ($has_csrf AND ! $valid_csrf)
{
Message::error(__('This form has expired. Please try submitting it again.'));
return FALSE;
}
if (isset($_POST['_captcha']))
{
$captcha = $this->request->post('_captcha');
if (empty($captcha))
{
Message::error(__('The security code can\'t be empty.'));
return FALSE;
}
elseif ( ! Captcha::valid($captcha))
{
Message::error(__('The security answer was wrong.'));
return FALSE;
}
}
return $has_csrf AND $valid_csrf;
}