From f6597c7cb90e9bfa96f01f5f78f98cd72696da55 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas.loeuillet@gmail.com>
Date: Tue, 17 Sep 2013 14:48:16 +0200
Subject: fix bug #127: update session class

---
 inc/poche/Poche.class.php |  1 +
 inc/poche/config.inc.php  | 10 +++++++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

(limited to 'inc/poche')

diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 9db4a034..2f0f7038 100644
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -93,6 +93,7 @@ class Poche
     private function init() 
     {
         Tools::initPhp();
+        Session::$sessionName = 'poche'; 
         Session::init();
 
         if (isset($_SESSION['poche_user']) && $_SESSION['poche_user'] != array()) {
diff --git a/inc/poche/config.inc.php b/inc/poche/config.inc.php
index aaa26af8..9247c292 100755
--- a/inc/poche/config.inc.php
+++ b/inc/poche/config.inc.php
@@ -48,4 +48,12 @@ if (!ini_get('date.timezone') || !@date_default_timezone_set(ini_get('date.timez
     date_default_timezone_set('UTC');
 }
 
-$poche = new Poche();
\ No newline at end of file
+$poche = new Poche();
+
+#XSRF protection with token
+if (!empty($_POST)) {
+    if (!Session::isToken($_POST['token'])) {
+        die(_('Wrong token'));
+    }
+    unset($_SESSION['tokens']);
+}
\ No newline at end of file
-- 
cgit v1.2.3