Share this diff
6 lines added. 4 lines deleted.
1<?php 1<?php
2 2
3protected function getCode() { 3protected function getCode() {
4 if (isset($_REQUEST['code'])) {4 $server_info = array_merge($_GET, $_POST, $_COOKIE);
 5
 6 if (isset($server_info['code'])) {
5 if ($this->state !== null && 7 if ($this->state !== null &&
6                isset($_REQUEST['state']) &&8                isset($server_info['state']) &&
7                $this->state === $_REQUEST['state']) {9                $this->state === $server_info['state']) {
8 10
9 // CSRF state has done its job, so clear it 11 // CSRF state has done its job, so clear it
10 $this->state = null; 12 $this->state = null;
11 $this->clearPersistentData('state'); 13 $this->clearPersistentData('state');
12 return $_REQUEST['code'];14 return $server_info['code'];
13 } else { 15 } else {
14 self::errorLog('CSRF state token does not match one provided.'); 16 self::errorLog('CSRF state token does not match one provided.');
15 return false; 17 return false;
16 } 18 }
17 } 19 }
18 20
19 return false; 21 return false;
20} 22}
21 23
22?>24?>
ORIGINAL TEXT
CHANGED TEXT