4 removals
7 additions
1.<?php 1.<?php
2. 2.
3.protected function getCode() { 3.protected function getCode() {
4. if (isset($_REQUEST['code'])) { 4. $server_info = array_merge($_GET, $_POST, $_COOKIE);
5.
6. if (isset($server_info['code'])) {
5. if ($this->state !== null && 7. if ($this->state !== null &&
6. isset($_REQUEST['state']) && 8. isset($server_info['state']) &&
7. $this->state === $_REQUEST['state']) { 9. $this->state === $server_info['state']) {
8. 10.
9. // CSRF state has done its job, so clear it 11. // CSRF state has done its job, so clear it
10. $this->state = null; 12. $this->state = null;
11. $this->clearPersistentData('state'); 13. $this->clearPersistentData('state');
12. return $_REQUEST['code']; 14. return $server_info['code'];
13. } else { 15. } else {
14. self::errorLog('CSRF state token does not match one provided.'); 16. self::errorLog('CSRF state token does not match one provided.');
15. return false; 17. return false;
16. } 18. }
17. } 19. }
18. 20.
19. return false; 21. return false;
20.} 22.}
21. 23.
22.?>24.?>
original text
changed text