move xsrf test

This commit is contained in:
Nicolas Lœuillet 2013-08-05 22:50:00 +02:00
parent d28a7ca30f
commit 6fb3a2a185
2 changed files with 10 additions and 10 deletions

View file

@ -29,7 +29,6 @@ $storage_type = 'sqlite'; # sqlite, mysql, (file, not yet)
# /!\ Be careful if you change the lines below /!\
require_once './inc/poche/Tools.class.php';
require_once './inc/poche/Url.class.php';
require_once './inc/3rdparty/Session.class.php';
require_once './inc/3rdparty/class.messages.php';
require_once './inc/poche/Poche.class.php';
require_once './inc/3rdparty/Readability.php';
@ -39,9 +38,18 @@ require_once './inc/store/' . $storage_type . '.class.php';
require_once './vendor/autoload.php';
require_once './inc/3rdparty/simple_html_dom.php';
require_once './inc/3rdparty/paginator.php';
require_once './inc/3rdparty/Session.class.php';
if (DOWNLOAD_PICTURES) {
require_once './inc/poche/pochePictures.php';
}
$poche = new Poche($storage_type);
$poche = new Poche($storage_type);
#XSRF protection with token
// if (!empty($_POST)) {
// if (!Session::isToken($_POST['token'])) {
// die(_('Wrong token'));
// }
// unset($_SESSION['tokens']);
// }

View file

@ -10,14 +10,6 @@
include dirname(__FILE__).'/inc/poche/config.inc.php';
#XSRF protection with token
// if (!empty($_POST)) {
// if (!Session::isToken($_POST['token'])) {
// die(_('Wrong token'));
// }
// unset($_SESSION['tokens']);
// }
$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
$view = Tools::checkVar('view', 'home');
$action = Tools::checkVar('action');