From 6fb3a2a18591a4c79e91a90282d88cd84554f83c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas.loeuillet@gmail.com>
Date: Mon, 5 Aug 2013 22:50:00 +0200
Subject: move xsrf test

---
 inc/poche/config.inc.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'inc/poche')

diff --git a/inc/poche/config.inc.php b/inc/poche/config.inc.php
index d91a44be..ee0f6616 100644
--- a/inc/poche/config.inc.php
+++ b/inc/poche/config.inc.php
@@ -29,7 +29,6 @@ $storage_type = 'sqlite'; # sqlite, mysql, (file, not yet)
 # /!\ Be careful if you change the lines below /!\
 require_once './inc/poche/Tools.class.php';
 require_once './inc/poche/Url.class.php';
-require_once './inc/3rdparty/Session.class.php';
 require_once './inc/3rdparty/class.messages.php';
 require_once './inc/poche/Poche.class.php';
 require_once './inc/3rdparty/Readability.php';
@@ -39,9 +38,18 @@ require_once './inc/store/' . $storage_type . '.class.php';
 require_once './vendor/autoload.php';
 require_once './inc/3rdparty/simple_html_dom.php';
 require_once './inc/3rdparty/paginator.php';
+require_once './inc/3rdparty/Session.class.php';
 
 if (DOWNLOAD_PICTURES) {
     require_once './inc/poche/pochePictures.php';
 }
 
-$poche = new Poche($storage_type);
\ No newline at end of file
+$poche = new Poche($storage_type);
+
+#XSRF protection with token
+// if (!empty($_POST)) {
+//     if (!Session::isToken($_POST['token'])) {
+//         die(_('Wrong token'));
+//     }
+//     unset($_SESSION['tokens']);
+// }
\ No newline at end of file
-- 
cgit v1.2.3