Admin-based comment response, CSRF-protection for comment form in antispam plugin

This commit is contained in:
Garvin Hicking
2006-10-26 09:41:10 +00:00
parent edd9dff220
commit 3927c13f00
8 changed files with 140 additions and 39 deletions
+3 -3
View File
@@ -1786,7 +1786,7 @@ function serendipity_reportXSRF($type = 0, $reset = true, $use_config = false) {
* @see serendipity_setFormToken()
* @return boolean Returns true, if XSRF attempt was found and the token was missing
*/
function serendipity_checkFormToken() {
function serendipity_checkFormToken($output = true) {
global $serendipity;
$token = '';
@@ -1797,13 +1797,13 @@ function serendipity_checkFormToken() {
}
if (empty($token)) {
echo serendipity_reportXSRF('token', false);
if ($output) echo serendipity_reportXSRF('token', false);
return false;
}
if ($token != md5(session_id()) &&
$token != md5($serendipity['COOKIE']['old_session'])) {
echo serendipity_reportXSRF('token', false);
if ($output) echo serendipity_reportXSRF('token', false);
return false;
}