Piwik\Plugin\Controller::checkTokenInUrl PHP Method

Controller Class Documentation Mostrar archivo Open project: piwik/piwik

checkTokenInUrl() protected method

This is a protection against CSRF and should be used in all controller methods that modify Piwik or any user settings. If called from JavaScript by using the ajaxHelper you have to call ajaxHelper.withTokenInUrl(); before ajaxHandler.send(); to send the token along with the request. **The token_auth should never appear in the browser's address bar.**
protected checkTokenInUrl ( ) 
    protected function checkTokenInUrl()
    {
        $tokenRequest = Common::getRequestVar('token_auth', false);
        $tokenUser = Piwik::getCurrentUserTokenAuth();
        if (empty($tokenRequest) && empty($tokenUser)) {
            return;
            // UI tests
        }
        if ($tokenRequest !== $tokenUser) {
            throw new NoAccessException(Piwik::translate('General_ExceptionInvalidToken'));
        }
    }
Controller
__construct
addCustomLogoInfo
checkSitePermission
checkTokenInUrl
doRedirectToUrl
getCalendarPrettyDate
getDateParameterInTimezone
getDefaultAction
getEnabledPeriodsInUI
getEnabledPeriodsNames
getGraphParamsModified
getLastUnitGraph
getLastUnitGraphAcrossPlugins
getNumericValue
getPrettyDate
getUrlSparkline
getValidDate
init
redirectToIndex
renderReport
renderTemplate
renderView
setBasicVariablesView
setDate
setGeneralVariablesView
setHostValidationVariablesView
setMaxDateView
setMinDateView
setPeriodVariablesView