[svn r11156] Added possibility of given token in check_token()

19 years ago · 7004b39655
parent b22d273c37
commit 7004b39655
1 changed files with 8 additions and 2 deletions
--- a/main/inc/lib/security.lib.php
+++ b/main/inc/lib/security.lib.php
@ -102,16 +102,22 @@ class Security{
 	{
 		switch($array){
 			case 'get':
-				if(isset($_SESSION['sec_token']) && isset($_GET['sec_token']) && $_SESSION['sec_token'] === $_GET['sec_token']){
+				if(isset($_SESSION['sec_token']) && isset($_GET['sec_token']) && $_SESSION['sec_token'] === $_GET['sec_token'])
+				{
 					return true;
 				}
 				return false;
 			case 'post':
-				if(isset($_SESSION['sec_token']) && isset($_POST['sec_token']) && $_SESSION['sec_token'] === $_POST['sec_token']){
+				if(isset($_SESSION['sec_token']) && isset($_POST['sec_token']) && $_SESSION['sec_token'] === $_POST['sec_token'])
+				{
 					return true;
 				}				
 				return false;
 			default:
+				if(isset($_SESSION['sec_token']) && isset($array) && $_SESSION['sec_token'] === $array)
+				{
+					return true;
+				}
 				return false;
 		}
 		return false; //just in case, don't let anything slip