move xsrf test

diff --git a/inc/poche/config.inc.php b/inc/poche/config.inc.php
index d91a44beac4769d65cda34c229f27599c56e9bef..ee0f6616455fb756554500dbffcd38772d217086 100644 (file)
--- a/inc/poche/config.inc.php
+++ b/inc/poche/config.inc.php
@@ -29,7 +29,6 @@ $storage_type = 'sqlite'; # sqlite, mysql, (file, not yet)
 # /!\ Be careful if you change the lines below /!\
 require_once './inc/poche/Tools.class.php';
 require_once './inc/poche/Url.class.php';
-require_once './inc/3rdparty/Session.class.php';
 require_once './inc/3rdparty/class.messages.php';
 require_once './inc/poche/Poche.class.php';
 require_once './inc/3rdparty/Readability.php';
@@ -39,9 +38,18 @@ require_once './inc/store/' . $storage_type . '.class.php';
 require_once './vendor/autoload.php';
 require_once './inc/3rdparty/simple_html_dom.php';
 require_once './inc/3rdparty/paginator.php';
+require_once './inc/3rdparty/Session.class.php';
 
 if (DOWNLOAD_PICTURES) {
     require_once './inc/poche/pochePictures.php';
 }
 
-$poche = new Poche($storage_type);
\ No newline at end of file
+$poche = new Poche($storage_type);
+
+#XSRF protection with token
+// if (!empty($_POST)) {
+//     if (!Session::isToken($_POST['token'])) {
+//         die(_('Wrong token'));
+//     }
+//     unset($_SESSION['tokens']);
+// }
\ No newline at end of file

diff --git a/index.php b/index.php
index 98ada1bdc28c62f45f314fc3d5bade0906f9264f..d0dd4ab5070da8150299509dedbe949423602965 100644 (file)
--- a/index.php
+++ b/index.php
@@ -10,14 +10,6 @@
 
 include dirname(__FILE__).'/inc/poche/config.inc.php';
 
-#XSRF protection with token
-// if (!empty($_POST)) {
-//     if (!Session::isToken($_POST['token'])) {
-//         die(_('Wrong token'));
-//     }
-//     unset($_SESSION['tokens']);
-// }
-
 $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
 $view = Tools::checkVar('view', 'home');
 $action = Tools::checkVar('action');