Commit 1142b8c7 authored by Tim Steiner's avatar Tim Steiner
Browse files

Add logging to the XSRF token verification.

parent a5299c85
......@@ -74,14 +74,24 @@ class Unl_XsrfToken
*/
public function verify($tokenId, $onceOnly = TRUE)
{
if (Zend_Registry::get('log') instanceof Zend_Log) {
$log = Zend_Registry::get('log');
} else {
$log = new Zend_Log();
$log->addWriter(new Zend_Log_Writer_Null());
}
$token = $this->_session->tokens[$tokenId];
if (!$token) {
$log->log('XSRF: No token found.', Zend_Log::ERR);
return FALSE;
}
if ($token['remoteAddress'] != $_SERVER['REMOTE_ADDR']) {
$log->log('XSRF: Remote address changed.', Zend_Log::ERR);
return FALSE;
}
if ($token['formUrl'] != $_SERVER['HTTP_REFERER']) {
$log->log('XSRF: Referer doesn\'t match form url.', Zend_Log::ERR);
return FALSE;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment