From f6597c7cb90e9bfa96f01f5f78f98cd72696da55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas.loeuillet@gmail.com>
Date: Tue, 17 Sep 2013 14:48:16 +0200
Subject: fix bug #127: update session class

---
 inc/poche/config.inc.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'inc/poche/config.inc.php')

diff --git a/inc/poche/config.inc.php b/inc/poche/config.inc.php
index aaa26af8..9247c292 100755
--- a/inc/poche/config.inc.php
+++ b/inc/poche/config.inc.php
@@ -48,4 +48,12 @@ if (!ini_get('date.timezone') || !@date_default_timezone_set(ini_get('date.timez
     date_default_timezone_set('UTC');
 }
 
-$poche = new Poche();
\ No newline at end of file
+$poche = new Poche();
+
+#XSRF protection with token
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die(_('Wrong token'));
+    }
+    unset($_SESSION['tokens']);
+}
\ No newline at end of file
-- 
cgit v1.2.3