protected function csrfProtection()
{
static $isCli = null, $isAdmin = null;
$platform = $this->container->platform;
if (is_null($isCli)) {
$isCli = $platform->isCli();
$isAdmin = $platform->isBackend();
}
switch ($this->csrfProtection) {
// Never
case 0:
return true;
break;
// Always
// Always
case 1:
break;
// Only back-end and HTML format
// Only back-end and HTML format
case 2:
if ($isCli) {
return true;
} elseif (!$isAdmin && $this->input->get('format', 'html', 'cmd') != 'html') {
return true;
}
break;
// Only back-end
// Only back-end
case 3:
if (!$isAdmin) {
return true;
}
break;
}
$hasToken = false;
$session = $this->container->session;
// Joomla! 2.5+ (Platform 12.1+) method
if (method_exists($session, 'getToken')) {
$token = $session->getToken();
$hasToken = $this->input->get($token, false, 'none') == 1;
if (!$hasToken) {
$hasToken = $this->input->get('_token', null, 'none') == $token;
}
}
// Joomla! 2.5+ formToken method
if (!$hasToken) {
if (method_exists($session, 'getFormToken')) {
$token = $session->getFormToken();
$hasToken = $this->input->get($token, false, 'none') == 1;
if (!$hasToken) {
$hasToken = $this->input->get('_token', null, 'none') == $token;
}
}
}
if (!$hasToken) {
$platform->raiseError(403, \JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'));
return false;
}
return true;
}