Skip to content

Commit

Permalink
Fixed a typo in $doOriginCheck.
Browse files Browse the repository at this point in the history
  • Loading branch information
Thibaut Despoulain authored and Thibaut Despoulain committed Feb 21, 2012
1 parent 348c8b1 commit c7255ca
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
6 changes: 3 additions & 3 deletions example/nocsrf.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public static function check( $key, $origin, $throwException=false, $timespan=nu
$_SESSION[ 'csrf_' . $key ] = null;

// Origin checks
if( self::doOriginCheck && sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) != substr( base64_decode( $hash ), 10, 40 ) ) )
if( self::$doOriginCheck && sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) != substr( base64_decode( $hash ), 10, 40 ) ) )
{
if($throwException)
throw new Exception( 'Form origin does not match token origin.' );
Expand Down Expand Up @@ -77,7 +77,7 @@ public static function check( $key, $origin, $throwException=false, $timespan=nu
*/
public static function enableOriginCheck()
{
self::doOriginCheck = true;
self::$doOriginCheck = true;
}

/**
Expand All @@ -88,7 +88,7 @@ public static function enableOriginCheck()
*/
public static function generate( $key )
{
$extra = self::doOriginCheck ? sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) : '';
$extra = self::$doOriginCheck ? sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) : '';
// token generation (basically base64_encode any random complex string, time() is used for token expiration)
$token = base64_encode( time() . $extra . self::randomString( 32 ) );
// store the one-time token in session
Expand Down
6 changes: 3 additions & 3 deletions nocsrf.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public static function check( $key, $origin, $throwException=false, $timespan=nu
$_SESSION[ 'csrf_' . $key ] = null;

// Origin checks
if( self::doOriginCheck && sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) != substr( base64_decode( $hash ), 10, 40 ) ) )
if( self::$doOriginCheck && sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) != substr( base64_decode( $hash ), 10, 40 ) ) )
{
if($throwException)
throw new Exception( 'Form origin does not match token origin.' );
Expand Down Expand Up @@ -77,7 +77,7 @@ public static function check( $key, $origin, $throwException=false, $timespan=nu
*/
public static function enableOriginCheck()
{
self::doOriginCheck = true;
self::$doOriginCheck = true;
}

/**
Expand All @@ -88,7 +88,7 @@ public static function enableOriginCheck()
*/
public static function generate( $key )
{
$extra = self::doOriginCheck ? sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) : '';
$extra = self::$doOriginCheck ? sha1( $_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] ) : '';
// token generation (basically base64_encode any random complex string, time() is used for token expiration)
$token = base64_encode( time() . $extra . self::randomString( 32 ) );
// store the one-time token in session
Expand Down

0 comments on commit c7255ca

Please sign in to comment.