• Registered: 2009-10-21
  • Posts: 8

Topic: Csrf_token and Confirm_cancel ($_POST)

Hi !

I have one question about some code from include/common.php.

if (!empty($_POST) && (isset($_POST['confirm_cancel']) || (!isset($_POST['csrf_token']) || $_POST['csrf_token'] !== generate_form_token(get_current_url()))) && !defined('FORUM_SKIP_CSRF_CONFIRM'))
    csrf_confirm_form();

Where i found a $_POST['confirm_cancel'] ? and this constants "FORUM_SKIP_CSRF_CONFIRM" ?

/Sorry for my English tongue

  • Slavok
  • PunBB Developer
  • Offline
  • From: Russia
  • Registered: 2008-06-11
  • Posts: 1,238

Re: Csrf_token and Confirm_cancel ($_POST)

$_POST['confirm_cancel'] - button in the CSRF-confirmation form. The constant "FORUM_SKIP_CSRF_CONFIRM" defined only in "<FORUM_ROOT>/post.php", because at this page there is another CSRF-checking.

Slavok's Website

  • Registered: 2009-10-21
  • Posts: 8

Re: Csrf_token and Confirm_cancel ($_POST)

Ok, can you tell me what is this csrf token ?
This is to update the list online & Status Online user?

  • From: Russia
  • Registered: 2008-07-22
  • Posts: 713

Re: Csrf_token and Confirm_cancel ($_POST)

http://en.wikipedia.org/wiki/Cross-site_request_forgery

PunBB team intentions, personal tasks.

Parpalak's Website

  • Registered: 2009-10-21
  • Posts: 8

Re: Csrf_token and Confirm_cancel ($_POST)

Ok, i have last question (i think so..:P)

In the prefix_online (structure) we can see "idle" please tell me, what is this?

  • Slavok
  • PunBB Developer
  • Offline
  • From: Russia
  • Registered: 2008-06-11
  • Posts: 1,238

Re: Csrf_token and Confirm_cancel ($_POST)

Here the description of structure of online table.

Slavok's Website

  • Registered: 2009-10-21
  • Posts: 8

Re: Csrf_token and Confirm_cancel ($_POST)

OK, thanks for help big_smile

/Close topic ;-)