From 445ef6d1481745cd4e7af7e671f534a25d4495dc Mon Sep 17 00:00:00 2001
From: Frédéric Guillot <fred@kanboard.net>
Date: Wed, 28 May 2014 15:14:52 -0400
Subject: Add CSRF protections

---
 app/helpers.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'app/helpers.php')

diff --git a/app/helpers.php b/app/helpers.php
index d22a4869..2df4d839 100644
--- a/app/helpers.php
+++ b/app/helpers.php
@@ -2,6 +2,11 @@
 
 namespace Helper;
 
+function param_csrf()
+{
+    return '&amp;csrf_token='.\Core\Security::getCSRFToken();
+}
+
 function js($filename)
 {
     return '<script type="text/javascript" src="'.$filename.'?'.filemtime($filename).'"></script>';
@@ -163,6 +168,11 @@ function form_value($values, $name)
     return isset($values[$name]) ? 'value="'.escape($values[$name]).'"' : '';
 }
 
+function form_csrf()
+{
+    return '<input type="hidden" name="csrf_token" value="'.\Core\Security::getCSRFToken().'"/>';
+}
+
 function form_hidden($name, $values = array())
 {
     return '<input type="hidden" name="'.$name.'" id="form-'.$name.'" '.form_value($values, $name).'/>';
-- 
cgit v1.2.3