New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: Update url shortener sample #1212
WIP: Update url shortener sample #1212
Conversation
|
||
function generateCsrfToken() | ||
{ | ||
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32)); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
$_SESSION['csrf_token'] = bin2hex(openssl_random_pseudo_bytes(32)); | ||
} | ||
|
||
function validateCsrfToken() |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
$_SESSION['access_token'] = $client->getAccessToken(); | ||
} else { | ||
$invalidCsrf = true; | ||
generateCsrfToken(); |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
<a href="<?= $_SERVER['PHP_SELF'] ?>">Create another</a> | ||
<a href="<?= htmlspecialchars($_SERVER['PHP_SELF']); ?>">Create another</a> | ||
<?php endif ?> | ||
<?php if (isset($invalidCsrf) && $invalidCsrf): ?> |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
<input name="url" class="url" type="text"> | ||
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token']; ?>" /> |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
@@ -60,7 +60,13 @@ | |||
* local access token in this case | |||
************************************************/ | |||
if (isset($_REQUEST['logout'])) { | |||
unset($_SESSION['access_token']); | |||
if (validateCsrfToken()) { |
This comment was marked as spam.
This comment was marked as spam.
Sorry, something went wrong.
closing in favor of #1240 |
cc @sirdarckcat
Addressing issues raised in #1197 (b/37360079)