5 use wcf\system\exception\InvalidSecurityTokenException
;
9 * Extends AbstractAction by a function to validate a given security token.
10 * A missing or invalid token will be result in a throw of a IllegalLinkException.
13 * @copyright 2001-2019 WoltLab GmbH
14 * @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php>
15 * @package WoltLabSuite\Core\Action
17 abstract class AbstractSecureAction
extends AbstractAction
22 public function readParameters()
24 parent
::readParameters();
26 // check security token (unless it is a guest)
27 if (WCF
::getSession()->userID
) {
28 $this->checkSecurityToken();
33 * Validates the security token.
35 protected function checkSecurityToken()
37 if (!isset($_REQUEST['t']) ||
!WCF
::getSession()->checkSecurityToken($_REQUEST['t'])) {
38 throw new InvalidSecurityTokenException();