PATH:
home
/
centosnipponia
/
public_html
/
ticketing.nipponia.com
/
include
<?php /********************************************************************* class.csrf.php Provides mechanisms to protect against cross-site request forgery attacks. This is accomplished by using a token that is not stored in a session, but required to make changes to the system. This can be accomplished by emitting a hidden field in a form, or sending a separate header (X-CSRFToken) when forms are submitted (e.g Ajax). This technique is based on the protection mechanism in the Django project, detailed at and thanks to https://docs.djangoproject.com/en/dev/ref/contrib/csrf/. * TIMEOUT Token can be expired after X seconds of inactivity (timeout) independent of the session. Jared Hancock Copyright (c) 2006-2013 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ Class CSRF { var $name; var $timeout; var $csrf; function __construct($name='__CSRFToken__', $timeout=0) { $this->name = $name; $this->timeout = $timeout; $this->csrf = &$_SESSION['csrf']; } function reset() { $this->csrf = array(); } function isExpired() { return ($this->timeout && (time()-$this->csrf['time'])>$this->timeout); } function getTokenName() { return $this->name; } function rotate() { $this->csrf['token'] = sha1(session_id().Crypto::random(16).SECRET_SALT); $this->csrf['time'] = time(); } function getToken() { if ((!is_array($this->csrf) || !$this->csrf['token']) || $this->isExpired()) { $this->rotate(); } else { //Reset the timer $this->csrf['time'] = time(); } return $this->csrf['token']; } function validateToken($token) { return ($token && trim($token)==$this->getToken() && !$this->isExpired()); } function getFormInput($name='') { if(!$name) $name = $this->name; return sprintf('<input type="hidden" name="%s" value="%s" />', $name, $this->getToken()); } } /* global function to add hidden token input with to forms */ function csrf_token() { global $ost; if($ost && $ost->getCSRF()) echo $ost->getCSRFFormInput(); } ?>
[+]
..
[-] class.model.php
[edit]
[-] ajax.i18n.php
[edit]
[-] class.json.php
[edit]
[-] class.mime.php
[edit]
[-] class.orm.php
[edit]
[-] class.dept.php
[edit]
[-] ajax.filter.php
[edit]
[-] api.tickets.php
[edit]
[-] ajax.note.php
[edit]
[-] class.2fa.php
[edit]
[-] class.setup.php
[edit]
[-] ajax.orgs.php
[edit]
[-] class.format.php
[edit]
[-] class.message.php
[edit]
[-] class.xml.php
[edit]
[-] class.priority.php
[edit]
[-] class.app.php
[edit]
[-] index.php
[edit]
[-] ajax.forms.php
[edit]
[-] ajax.config.php
[edit]
[-] ajax.tickets.php
[edit]
[-] ajax.content.php
[edit]
[-] class.file.php
[edit]
[-] ajax.email.php
[edit]
[-] class.cli.php
[edit]
[-] class.company.php
[edit]
[-] class.mailer.php
[edit]
[-] class.list.php
[edit]
[-] class.canned.php
[edit]
[-] class.client.php
[edit]
[+]
upgrader
[-] class.csrf.php
[edit]
[-] ost-sampleconfig.php
[edit]
[-] class.http.php
[edit]
[-] ajax.staff.php
[edit]
[-] class.search.php
[edit]
[-] JSON.php
[edit]
[-] class.avatar.php.bak
[edit]
[-] class.error.php
[edit]
[-] class.mail.php
[edit]
[-] class.sla.php
[edit]
[-] class.draft.php
[edit]
[-] class.dispatcher.php
[edit]
[-] class.note.php
[edit]
[-] class.mailparse.php
[edit]
[-] class.filter_action.php
[edit]
[-] class.queue.php
[edit]
[-] class.i18n.php
[edit]
[-] class.osticket.php
[edit]
[-] ajax.users.php
[edit]
[-] class.staff.php
[edit]
[+]
fpdf
[-] class.crypto.php
[edit]
[+]
laminas-mail
[-] class.misc.php
[edit]
[-] class.auth.php
[edit]
[-] html2text.php
[edit]
[-] class.translation.php
[edit]
[-] class.util.php
[edit]
[-] class.schedule.php
[edit]
[-] class.banlist.php
[edit]
[-] class.config.php
[edit]
[-] ajax.upgrader.php
[edit]
[+]
mpdf
[-] class.email.php
[edit]
[-] ajax.admin.php
[edit]
[+]
config
[-] ajax.thread.php
[edit]
[-] class.user.php
[edit]
[-] class.passwd.php
[edit]
[-] class.import.php
[edit]
[+]
client
[-] ajax.tips.php
[edit]
[-] tnef_decoder.php
[edit]
[-] class.oauth2.php
[edit]
[-] class.plugin.php
[edit]
[-] class.timezone.php
[edit]
[-] class.ticket.php
[edit]
[-] class.nav.php
[edit]
[-] class.category.php
[edit]
[-] class.charset.php
[edit]
[+]
cli
[-] class.cron.php
[edit]
[-] class.captcha.php
[edit]
[-] class.dynamic_forms.php
[edit]
[-] class.faq.php
[edit]
[+]
plugins
[-] class.pdf.php
[edit]
[-] ajax.schedule.php
[edit]
[-] class.usersession.php
[edit]
[-] class.topic.php
[edit]
[-] class.base32.php
[edit]
[-] htmLawed.php
[edit]
[-] ajax.sequence.php
[edit]
[+]
i18n
[-] class.signal.php
[edit]
[-] class.mailfetch.php
[edit]
[-] UniversalClassLoader.php
[edit]
[-] class.sequence.php
[edit]
[-] class.businesshours.php
[edit]
[-] class.role.php
[edit]
[+]
pear
[-] class.yaml.php
[edit]
[-] Spyc.php
[edit]
[-] mysqli.php
[edit]
[-] class.thread_actions.php
[edit]
[-] class.export.php
[edit]
[-] ajax.plugins.php
[edit]
[-] class.collaborator.php
[edit]
[-] class.ostsession.php
[edit]
[+]
staff
[-] class.attachment.php
[edit]
[-] class.template.php
[edit]
[-] class.filter.php
[edit]
[-] class.controller.php
[edit]
[-] class.team.php
[edit]
[-] class.session.php
[edit]
[-] class.avatar.php
[edit]
[-] ajax.kbase.php
[edit]
[-] class.variable.php
[edit]
[-] class.validator.php
[edit]
[-] ajax.tasks.php
[edit]
[-] class.upgrader.php
[edit]
[-] class.page.php
[edit]
[-] ajax.export.php
[edit]
[-] ajax.search.php
[edit]
[-] PasswordHash.php
[edit]
[-] class.report.php
[edit]
[-] class.forms.php
[edit]
[-] class.task.php
[edit]
[-] class.migrater.php
[edit]
[-] class.lock.php
[edit]
[-] class.organization.php
[edit]
[-] class.pagenate.php
[edit]
[-] api.cron.php
[edit]
[-] class.api.php
[edit]
[-] class.thread.php
[edit]
[-] class.knowledgebase.php
[edit]
[-] .MANIFEST
[edit]
[-] class.log.php
[edit]
[-] ajax.draft.php
[edit]
[-] class.ajax.php
[edit]
[-] ost-config.php
[edit]
[-] txets.php
[edit]
[-] .htaccess.disabled
[edit]