wcfsetup/install/files/lib/action/AbstractSecureAction.class.php

   1 <?php
   2
   3 namespace wcf\action;
   4
   5 use wcf\system\exception\InvalidSecurityTokenException;
   6 use wcf\system\WCF;
   7
   8 /**
   9  * Extends AbstractAction by a function to validate a given security token.
  10  * A missing or invalid token will be result in a throw of a IllegalLinkException.
  11  *
  12  * @author  Marcel Werk
  13  * @copyright   2001-2019 WoltLab GmbH
  14  * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
  15  * @package WoltLabSuite\Core\Action
  16  */
  17 abstract class AbstractSecureAction extends AbstractAction
  18 {
  19     /**
  20      * @inheritDoc
  21      */
  22     public function readParameters()
  23     {
  24         parent::readParameters();
  25
  26         // check security token (unless it is a guest)
  27         if (WCF::getSession()->userID) {
  28             $this->checkSecurityToken();
  29         }
  30     }
  31
  32     /**
  33      * Validates the security token.
  34      */
  35     protected function checkSecurityToken()
  36     {
  37         if (!isset($_REQUEST['t']) || !WCF::getSession()->checkSecurityToken($_REQUEST['t'])) {
  38             throw new InvalidSecurityTokenException();
  39         }
  40     }
  41 }