Contao\RequestToken::validate PHP Method

    public static function validate($strToken)
    {
        // The feature has been disabled
        if (\Config::get('disableRefererCheck') || defined('BYPASS_TOKEN_CHECK')) {
            return true;
        }
        // Check against the whitelist (thanks to Tristan Lins) (see #3164)
        if (\Config::get('requestTokenWhitelist')) {
            $strHostname = gethostbyaddr($_SERVER['REMOTE_ADDR']);
            foreach (\Config::get('requestTokenWhitelist') as $strDomain) {
                if ($strDomain == $strHostname || preg_match('/\\.' . preg_quote($strDomain, '/') . '$/', $strHostname)) {
                    return true;
                }
            }
        }
        $container = \System::getContainer();
        return $container->get('security.csrf.token_manager')->isTokenValid(new CsrfToken($container->getParameter('contao.csrf_token_name'), $strToken));
    }

 /**
  * Initialize the object
  *
  * @param string $strTable
  * @param array  $arrModule
  */
 public function __construct($strTable, $arrModule = array())
 {
     parent::__construct();
     /** @var SessionInterface $objSession */
     $objSession = \System::getContainer()->get('session');
     // Check the request token (see #4007)
     if (isset($_GET['act'])) {
         if (!isset($_GET['rt']) || !\RequestToken::validate(\Input::get('rt'))) {
             $objSession->set('INVALID_TOKEN_URL', \Environment::get('request'));
             $this->redirect('contao/confirm.php');
         }
     }
     $this->intId = \Input::get('id');
     // Clear the clipboard
     if (isset($_GET['clipboard'])) {
         $objSession->set('CLIPBOARD', array());
         $this->redirect($this->getReferer());
     }
     // Check whether the table is defined
     if ($strTable == '' || !isset($GLOBALS['TL_DCA'][$strTable])) {
         $this->log('Could not load the data container configuration for "' . $strTable . '"', __METHOD__, TL_ERROR);
         trigger_error('Could not load the data container configuration', E_USER_ERROR);
     }
     // Set IDs and redirect
     if (\Input::post('FORM_SUBMIT') == 'tl_select') {
         $ids = \Input::post('IDS');
         if (empty($ids) || !is_array($ids)) {
             $this->reload();
         }
         $session = $objSession->all();
         $session['CURRENT']['IDS'] = $ids;
         $objSession->replace($session);
         if (isset($_POST['edit'])) {
             $this->redirect(str_replace('act=select', 'act=editAll', \Environment::get('request')));
         } elseif (isset($_POST['delete'])) {
             $this->redirect(str_replace('act=select', 'act=deleteAll', \Environment::get('request')));
         } elseif (isset($_POST['override'])) {
             $this->redirect(str_replace('act=select', 'act=overrideAll', \Environment::get('request')));
         } elseif (isset($_POST['cut']) || isset($_POST['copy'])) {
             $arrClipboard = $objSession->get('CLIPBOARD');
             $arrClipboard[$strTable] = array('id' => $ids, 'mode' => isset($_POST['cut']) ? 'cutAll' : 'copyAll');
             $objSession->set('CLIPBOARD', $arrClipboard);
             // Support copyAll in the list view (see #7499)
             if (isset($_POST['copy']) && $GLOBALS['TL_DCA'][$strTable]['list']['sorting']['mode'] < 4) {
                 $this->redirect(str_replace('act=select', 'act=copyAll', \Environment::get('request')));
             }
             $this->redirect($this->getReferer());
         }
     }
     $this->strTable = $strTable;
     $this->ptable = $GLOBALS['TL_DCA'][$this->strTable]['config']['ptable'];
     $this->ctable = $GLOBALS['TL_DCA'][$this->strTable]['config']['ctable'];
     $this->treeView = in_array($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'], array(5, 6));
     $this->root = null;
     $this->arrModule = $arrModule;
     // Call onload_callback (e.g. to check permissions)
     if (is_array($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'])) {
         foreach ($GLOBALS['TL_DCA'][$this->strTable]['config']['onload_callback'] as $callback) {
             if (is_array($callback)) {
                 $this->import($callback[0]);
                 $this->{$callback[0]}->{$callback[1]}($this);
             } elseif (is_callable($callback)) {
                 $callback($this);
             }
         }
     }
     // Get the IDs of all root records (tree view)
     if ($this->treeView) {
         $table = $GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['mode'] == 6 ? $this->ptable : $this->strTable;
         // Unless there are any root records specified, use all records with parent ID 0
         if (!isset($GLOBALS['TL_DCA'][$table]['list']['sorting']['root']) || $GLOBALS['TL_DCA'][$table]['list']['sorting']['root'] === false) {
             $objIds = $this->Database->prepare("SELECT id FROM " . $table . " WHERE pid=?" . ($this->Database->fieldExists('sorting', $table) ? ' ORDER BY sorting' : ''))->execute(0);
             if ($objIds->numRows > 0) {
                 $this->root = $objIds->fetchEach('id');
             }
         } elseif (is_array($GLOBALS['TL_DCA'][$table]['list']['sorting']['root'])) {
             $this->root = $this->eliminateNestedPages($GLOBALS['TL_DCA'][$table]['list']['sorting']['root'], $table, $this->Database->fieldExists('sorting', $table));
         }
     } elseif (is_array($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['root'])) {
         $this->root = array_unique($GLOBALS['TL_DCA'][$this->strTable]['list']['sorting']['root']);
     }
     $request = \System::getContainer()->get('request_stack')->getCurrentRequest();
     $route = $request->attributes->get('_route');
     // Store the current referer
     if (!empty($this->ctable) && !\Input::get('act') && !\Input::get('key') && !\Input::get('token') && $route == 'contao_backend' && !\Environment::get('isAjaxRequest')) {
         $session = $objSession->get('referer');
         $session[TL_REFERER_ID][$this->strTable] = substr(\Environment::get('requestUri'), strlen(\Environment::get('path')) + 1);
         $objSession->set('referer', $session);
     }
 }