CSRF check failed

From fdb0ebcdbfd62fa4b32468b1b3e6afc089cce1f3 Mon Sep 17 00:00:00 2001 From: "Edward Z. Yang" Date: Tue, 16 Jul 2013 23:45:58 -0700 Subject: [PATCH] Add 'Try again' support for default splash page. Signed-off-by: Edward Z. Yang --- csrf-magic.php | 30 +++++++++++++++++++++++++++++- test.php | 4 +++- 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/csrf-magic.php b/csrf-magic.php index 16550c3..45f833e 100644 --- a/csrf-magic.php +++ b/csrf-magic.php @@ -242,12 +242,40 @@ function csrf_get_tokens() { return 'invalid'; } +function csrf_flattenpost($data) { + $ret = array(); + foreach($data as $n => $v) { + $ret = array_merge($ret, csrf_flattenpost2(1, $n, $v)); + } + return $ret; +} +function csrf_flattenpost2($level, $key, $data) { + if(!is_array($data)) return array($key => $data); + $ret = array(); + foreach($data as $n => $v) { + $nk = $level >= 1 ? $key."[$n]" : "[$n]"; + $ret = array_merge($ret, csrf_flattenpost2($level+1, $nk, $v)); + } + return $ret; +} + /** * @param $tokens is safe for HTML consumption */ function csrf_callback($tokens) { + // (yes, $tokens is safe to echo without escaping) header($_SERVER['SERVER_PROTOCOL'] . ' 403 Forbidden'); - echo "CSRF check failedCSRF check failed. Please enable cookies.
Debug: ".$tokens." + $data = ''; + foreach (csrf_flattenpost($_POST) as $key => $value) { + if ($key == $GLOBALS['csrf']['input-name']) continue; + $data .= ''; + } + echo "CSRF check failed + +

CSRF check failed. Your form session may have expired, or you may not have + cookies enabled.

+ +

Debug: $tokens

"; } diff --git a/test.php b/test.php index 35f1a4f..3e5f461 100644 --- a/test.php +++ b/test.php @@ -41,7 +41,9 @@ if (isset($_POST['ajax'])) {