Add CSRF protections

author: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
committer: Frédéric Guillot <fred@kanboard.net> 2014-05-28 15:14:52 -0400
commit: 445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree: 7990903e398d77339587595ef5a07df8464f5a2e /app/helpers.php
parent: 75ab09e28b22e9a5676ee912482027926e271515 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/app/helpers.php b/app/helpers.php
index d22a4869..2df4d839 100644
--- a/app/helpers.php
+++ b/app/helpers.php
@@ -2,6 +2,11 @@
 
 namespace Helper;
 
+function param_csrf()
+{
+    return '&amp;csrf_token='.\Core\Security::getCSRFToken();
+}
+
 function js($filename)
 {
     return '<script type="text/javascript" src="'.$filename.'?'.filemtime($filename).'"></script>';
@@ -163,6 +168,11 @@ function form_value($values, $name)
     return isset($values[$name]) ? 'value="'.escape($values[$name]).'"' : '';
 }
 
+function form_csrf()
+{
+    return '<input type="hidden" name="csrf_token" value="'.\Core\Security::getCSRFToken().'"/>';
+}
+
 function form_hidden($name, $values = array())
 {
     return '<input type="hidden" name="'.$name.'" id="form-'.$name.'" '.form_value($values, $name).'/>';
author	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
committer	Frédéric Guillot <fred@kanboard.net>	2014-05-28 15:14:52 -0400
commit	445ef6d1481745cd4e7af7e671f534a25d4495dc (patch)
tree	7990903e398d77339587595ef5a07df8464f5a2e /app/helpers.php
parent	75ab09e28b22e9a5676ee912482027926e271515 (diff)