public function validateTransientKey($ForeignKey, $ValidateUser = true)
{
static $ForceValid = false;
if ($ForeignKey === true) {
$ForceValid = true;
}
if (!$ForceValid && $ValidateUser && $this->UserID <= 0) {
$Return = false;
}
if (!isset($Return)) {
// Checking the postback here is a kludge, but is absolutely necessary until we can test the ValidatePostBack more.
$Return = $ForceValid && Gdn::request()->isPostBack() || $ForeignKey === $this->_TransientKey && $this->_TransientKey !== false;
}
if (!$Return && $ForceValid !== true) {
if (Gdn::session()->User) {
Logger::event('csrf_failure', Logger::ERROR, 'Invalid transient key for {username}.');
} else {
Logger::event('csrf_failure', Logger::ERROR, 'Invalid transient key.');
}
}
return $Return;
}