Fix broken secret-detection algorithm, making anonymous users vulnerable.
[csrf-magic.git] / js-test / common.php
blob25518f17d164057487a0e9fe11e751f9c26f36ad
1 <?php
3 function print_javascript($name, $web) {
4 if (!file_exists($loc = "$name.js")) {
5 $loc = $web;
7 echo '<script src="'.$loc.'" type="text/javascript"></script>';
8 echo '<style>h1 {font-size:12pt;}</style>';
9 return $loc;
12 function csrf_startup() {
13 csrf_conf('rewrite-js', '../csrf-magic.js');
14 csrf_conf('frame-breaker', false);
16 require_once '../csrf-magic.php';
18 // Handle an AJAX request
19 if (isset($_POST['ajax'])) {
20 header('Content-type: text/xml;charset=utf-8');
21 echo '<?xml version="1.0" encoding="UTF-8" ?><response>Good!</response>'.PHP_EOL;
22 exit;