Skip to content

Commit

Permalink
Added minor improvements
Browse files Browse the repository at this point in the history
  • Loading branch information
@TomaszQr
TomaszQr committed Mar 21, 2018
1 parent e46f857 commit 8834d25
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions src/Csrf.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ class Csrf
public static $expires = 7200;
public static $dirSecret = __DIR__;
public static $fileNameSecret = 'csrf_secret.php';
public static $cspToken = '';

/**
* Callback function to execute when there's the CSRF check fails and
Expand Down Expand Up @@ -180,16 +181,16 @@ public static function obHandler($buffer)
$input = "<input type='hidden' name='" . static::$inputName . "' value=\"$tokens\"$endSlash>";
$buffer = preg_replace('#(<form[^>]*method\s*=\s*["\']post["\'][^>]*>)#i', '$1' . $input, $buffer);
if (static::$frameBreaker && !static::$isPartial) {
$buffer = preg_replace('/<\/head>/', '<script type="text/javascript" nonce="' . App\Session::get('CSP_TOKEN') . '">if (top != self && top.location.origin + top.location.pathname != self.location.origin + self.location.pathname) {top.location.href = self.location.href;}</script></head>', $buffer, $count);
$buffer = preg_replace('/<\/head>/', '<script type="text/javascript" nonce="' . static::$cspToken . '">if (top != self && top.location.origin + top.location.pathname != self.location.origin + self.location.pathname) {top.location.href = self.location.href;}</script></head>', $buffer, $count);
}
if (($js = static::$rewriteJs) && !static::$isPartial) {
$buffer = preg_replace(
'/<\/head>/', '<script type="text/javascript" nonce="' . App\Session::get('CSP_TOKEN') . '">' .
'/<\/head>/', '<script type="text/javascript" nonce="' . static::$cspToken . '">' .
'var csrfMagicToken = "' . $tokens . '";' .
'var csrfMagicName = "' . static::$inputName . '";</script>' .
'<script src="' . $js . '" type="text/javascript"></script></head>', $buffer, $count
);
$script = '<script type="text/javascript" nonce="' . App\Session::get('CSP_TOKEN') . '">CsrfMagic.end();</script>';
$script = '<script type="text/javascript" nonce="' . static::$cspToken . '">CsrfMagic.end();</script>';
$buffer = preg_replace('/<\/body>/', $script . '</body>', $buffer, $count);
if (!$count) {
$buffer .= $script;
Expand Down Expand Up @@ -484,8 +485,8 @@ public static function hash($value, $time = null)
public static function init()
{
// Load user configuration
if (class_exists('CSRFConfig')) {
CSRFConfig::startup();
if (class_exists('\CSRFConfig')) {
\CSRFConfig::startup();
}
// Initialize our handler
if (static::$rewrite) {
Expand Down

0 comments on commit 8834d25

Please sign in to comment.