PHP access::verify_csrf方法代码示例

 public function toggle_l10n_mode()
 {
     access::verify_csrf();
     $session = Session::instance();
     $session->set("l10n_mode", !$session->get("l10n_mode", false));
     url::redirect("albums/1");
 }

 public function __call($controller_name, $args)
 {
     if (Input::instance()->get("reauth_check")) {
         return self::_reauth_check();
     }
     if (auth::must_reauth_for_admin_area()) {
         return self::_prompt_for_reauth($controller_name, $args);
     }
     if (request::method() == "post") {
         access::verify_csrf();
     }
     if ($controller_name == "index") {
         $controller_name = "dashboard";
     }
     $controller_name = "Admin_{$controller_name}_Controller";
     if ($args) {
         $method = array_shift($args);
     } else {
         $method = "index";
     }
     if (!method_exists($controller_name, $method)) {
         throw new Kohana_404_Exception();
     }
     call_user_func_array(array(new $controller_name(), $method), $args);
 }

 public function index()
 {
     $form = $this->_get_form();
     if (request::method() == "post") {
         access::verify_csrf();
         if ($form->validate()) {
             module::set_var("strip_exif", "exiv_path", $_POST['exiv_path']);
             if ($_POST['exif_tags'] != "") {
                 module::set_var("strip_exif", "exif_remove", isset($_POST['exif_remove']) ? $_POST['exif_remove'] : false);
                 module::set_var("strip_exif", "exif_tags", $_POST['exif_tags']);
             } else {
                 module::set_var("strip_exif", "exif_remove", false);
                 module::set_var("strip_exif", "exif_tags", self::$defExifTags);
             }
             if ($_POST['iptc_tags'] != "") {
                 module::set_var("strip_exif", "iptc_remove", isset($_POST['iptc_remove']) ? $_POST['iptc_remove'] : false);
                 module::set_var("strip_exif", "iptc_tags", $_POST['iptc_tags']);
             } else {
                 module::set_var("strip_exif", "iptc_remove", false);
                 module::set_var("strip_exif", "iptc_tags", self::$defIptcTags);
             }
             if (isset($_POST['verbose'])) {
                 module::set_var("strip_exif", "verbose", $_POST['verbose']);
             }
             message::success(t("Settings have been saved"));
             url::redirect("admin/strip_exif");
         } else {
             message::error(t("There was a problem with the submitted form. Please check your values and try again."));
         }
     }
     print $this->_get_view();
 }

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     $form = $this->_get_admin_form();
     if ($form->validate()) {
         Kohana_Log::add("error", print_r($form, 1));
         module::set_var("tag_albums", "tag_page_title", $form->Tag_Albums_Tag_Sort->tag_page_title->value);
         module::set_var("tag_albums", "tag_index", $form->Tag_Albums_Tag_Sort->tag_index->value);
         module::set_var("tag_albums", "tag_index_scope", count($form->Tag_Albums_Tag_Sort->tag_index_scope->value));
         module::set_var("tag_albums", "tag_index_filter_top", count($form->Tag_Albums_Tag_Sort->tag_index_filter_top->value));
         module::set_var("tag_albums", "tag_index_filter_bottom", count($form->Tag_Albums_Tag_Sort->tag_index_filter_bottom->value));
         module::set_var("tag_albums", "tag_sort_by", $form->Tag_Albums_Tag_Sort->tag_sort_by->value);
         module::set_var("tag_albums", "tag_sort_direction", $form->Tag_Albums_Tag_Sort->tag_sort_direction->value);
         module::set_var("tag_albums", "subalbum_sort_by", $form->Tag_Albums_Tag_Item_Sort->subalbum_sort_by->value);
         module::set_var("tag_albums", "subalbum_sort_direction", $form->Tag_Albums_Tag_Item_Sort->subalbum_sort_direction->value);
         message::success(t("Your settings have been saved."));
         url::redirect("admin/tag_albums");
     }
     // Else show the page with errors
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_tag_albums.html");
     $view->content->tag_albums_form = $form;
     print $view;
 }

 public function save()
 {
     access::verify_csrf();
     $changes->activate = array();
     $changes->deactivate = array();
     $activated_names = array();
     $deactivated_names = array();
     foreach (module::available() as $module_name => $info) {
         if ($info->locked) {
             continue;
         }
         $desired = $this->input->post($module_name) == 1;
         if ($info->active && !$desired && module::is_active($module_name)) {
             $changes->deactivate[] = $module_name;
             $deactivated_names[] = $info->name;
             module::deactivate($module_name);
         } else {
             if (!$info->active && $desired && !module::is_active($module_name)) {
                 $changes->activate[] = $module_name;
                 $activated_names[] = $info->name;
                 module::install($module_name);
                 module::activate($module_name);
             }
         }
     }
     module::event("module_change", $changes);
     // @todo this type of collation is questionable from a i18n perspective
     if ($activated_names) {
         message::success(t("Activated: %names", array("names" => join(", ", $activated_names))));
     }
     if ($deactivated_names) {
         message::success(t("Deactivated: %names", array("names" => join(", ", $deactivated_names))));
     }
     url::redirect("admin/modules");
 }

 public function save()
 {
     access::verify_csrf();
     $form = theme::get_edit_form_admin();
     if ($form->validate()) {
         module::set_var("gallery", "page_size", $form->edit_theme->page_size->value);
         $thumb_size = $form->edit_theme->thumb_size->value;
         $thumb_dirty = false;
         if (module::get_var("gallery", "thumb_size") != $thumb_size) {
             graphics::remove_rule("gallery", "thumb", "gallery_graphics::resize");
             graphics::add_rule("gallery", "thumb", "gallery_graphics::resize", array("width" => $thumb_size, "height" => $thumb_size, "master" => Image::AUTO), 100);
             module::set_var("gallery", "thumb_size", $thumb_size);
         }
         $resize_size = $form->edit_theme->resize_size->value;
         $resize_dirty = false;
         if (module::get_var("gallery", "resize_size") != $resize_size) {
             graphics::remove_rule("gallery", "resize", "gallery_graphics::resize");
             graphics::add_rule("gallery", "resize", "gallery_graphics::resize", array("width" => $resize_size, "height" => $resize_size, "master" => Image::AUTO), 100);
             module::set_var("gallery", "resize_size", $resize_size);
         }
         module::set_var("gallery", "header_text", $form->edit_theme->header_text->value);
         module::set_var("gallery", "footer_text", $form->edit_theme->footer_text->value);
         module::set_var("gallery", "show_credits", $form->edit_theme->show_credits->value);
         message::success(t("Updated theme details"));
         url::redirect("admin/theme_options");
     } else {
         $view = new Admin_View("admin.html");
         $view->content = $form;
         print $view;
     }
 }

 public function activate()
 {
     access::verify_csrf();
     $post = new Validation($_POST);
     $post->add_rules("activate_users", "required");
     $post->add_rules("activate", "alpha_numeric");
     if ($post->validate()) {
         $names = array();
         if (!empty($post->activate)) {
             foreach ($post->activate as $id) {
                 $user = register::create_new_user($id);
                 $names[] = $user->name;
             }
             message::success(t("Activated %users.", array("users" => implode(", ", $names))));
         }
         $count = ORM::factory("pending_user")->where("state", "!=", 2)->count_all();
         if ($count == 0) {
             site_status::clear("pending_user_registrations");
         }
         url::redirect("admin/register");
     }
     list($form, $errors) = $this->_get_form();
     $form = array_merge($form, $post->as_array());
     $errors = array_merge($errors, $post->errors());
     print $this->_get_admin_view($form, $errors);
 }

 public function delete($id)
 {
     access::verify_csrf();
     $item = model_cache::get("item", $id);
     access::required("view", $item);
     access::required("edit", $item);
     if ($item->is_album()) {
         $msg = t("Deleted album <b>%title</b>", array("title" => html::purify($item->title)));
     } else {
         $msg = t("Deleted photo <b>%title</b>", array("title" => html::purify($item->title)));
     }
     $parent = $item->parent();
     if ($item->is_album()) {
         // Album delete will trigger deletes for all children.  Do this in a batch so that we can be
         // smart about notifications, album cover updates, etc.
         batch::start();
         $item->delete();
         batch::stop();
     } else {
         $item->delete();
     }
     message::success($msg);
     $from_id = Input::instance()->get("from_id");
     if (Input::instance()->get("page_type") == "collection" && $from_id != $id) {
         json::reply(array("result" => "success", "reload" => 1));
     } else {
         json::reply(array("result" => "success", "location" => $parent->url()));
     }
 }

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Figure out the values of the text boxes
     $str_phpmailer_path = Input::instance()->post("phpmailer_path");
     $str_phpmailer_from_addr = Input::instance()->post("phpmailer_from_address");
     $str_phpmailer_from_name = Input::instance()->post("phpmailer_from_name");
     $str_smtp_server = Input::instance()->post("phpmailer_smtp_server");
     $str_use_ssl = Input::instance()->post("phpmailer_use_ssl");
     $str_smtp_login = Input::instance()->post("phpmailer_smtp_login");
     $str_smtp_pass = Input::instance()->post("phpmailer_smtp_password");
     $str_smtp_port = Input::instance()->post("phpmailer_smtp_port");
     if (count($str_use_ssl) > 0) {
         $str_use_ssl = true;
     } else {
         $str_use_ssl = false;
     }
     // Save Settings.
     module::set_var("phpmailer", "phpmailer_path", $str_phpmailer_path);
     module::set_var("phpmailer", "phpmailer_from_address", $str_phpmailer_from_addr);
     module::set_var("phpmailer", "phpmailer_from_name", $str_phpmailer_from_name);
     module::set_var("phpmailer", "smtp_server", $str_smtp_server);
     module::set_var("phpmailer", "use_ssl", $str_use_ssl);
     module::set_var("phpmailer", "smtp_login", $str_smtp_login);
     module::set_var("phpmailer", "smtp_password", $str_smtp_pass);
     module::set_var("phpmailer", "smtp_port", $str_smtp_port);
     message::success(t("Your Settings Have Been Saved."));
     // Load Admin page.
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_phpmailer.html");
     $view->content->phpmailer_form = $this->_get_admin_form();
     print $view;
 }

 public function handler()
 {
     access::verify_csrf();
     $form = $this->_get_form();
     if ($form->validate()) {
         module::set_var("sitemap_xtra", "path", $form->sitemap->sitemap_path->value);
         module::set_var("sitemap_xtra", "base_url", $form->sitemap->sitemap_base_url->value);
         module::set_var("sitemap_xtra", "zip", $form->sitemap->sitemap_zip->value);
         module::set_var("sitemap_xtra", "ping_yandex", $form->sitemap->sitemap_ping_yandex->value);
         module::set_var("sitemap_xtra", "ping_google", $form->sitemap->sitemap_ping_google->value);
         module::set_var("sitemap_xtra", "ping_bing", $form->sitemap->sitemap_ping_bing->value);
         module::set_var("sitemap_xtra", "ping_ask", $form->sitemap->sitemap_ping_ask->value);
         module::set_var("sitemap_xtra", "robots_txt", $form->sitemap->sitemap_robots_txt->value);
         module::set_var("sitemap_xtra", "albums", $form->albums->sitemap_albums->value);
         module::set_var("sitemap_xtra", "albums_freq", $form->albums->sitemap_albums_freq->value);
         module::set_var("sitemap_xtra", "albums_prio", $form->albums->sitemap_albums_prio->value);
         module::set_var("sitemap_xtra", "photos", $form->photos->sitemap_photos->value);
         module::set_var("sitemap_xtra", "photos_freq", $form->photos->sitemap_photos_freq->value);
         module::set_var("sitemap_xtra", "photos_prio", $form->photos->sitemap_photos_prio->value);
         module::set_var("sitemap_xtra", "movies", $form->movies->sitemap_movies->value);
         module::set_var("sitemap_xtra", "movies_freq", $form->movies->sitemap_movies_freq->value);
         module::set_var("sitemap_xtra", "movies_prio", $form->movies->sitemap_movies_prio->value);
         module::set_var("sitemap_xtra", "pages", $form->pages->sitemap_pages->value);
         module::set_var("sitemap_xtra", "pages_freq", $form->pages->sitemap_pages_freq->value);
         module::set_var("sitemap_xtra", "pages_prio", $form->pages->sitemap_pages_prio->value);
         if ($form->build_sitemap->sitemap_build->value) {
             if ($status = $this->_build_sitemap()) {
                 message::info($status);
             }
         }
         message::success(t("Settings have been saved"));
         url::redirect("admin/sitemap_xtra");
     }
     print $this->_get_view($form);
 }

 public function tagitems()
 {
     // Tag all non-album items in the current album with the specified tags.
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Generate an array of all non-album items in the current album.
     $children = ORM::factory("item")->where("parent_id", $this->input->post("item_id"))->where("type !=", "album")->find_all();
     // Loop through each item in the album and make sure the user has
     //   access to view and edit it.
     foreach ($children as $child) {
         if (access::can("view", $child) && access::can("edit", $child)) {
             // Assuming the user can view/edit the current item, loop
             //   through each tag that was submitted and apply it to
             //   the current item.
             foreach (split(",", $this->input->post("name")) as $tag_name) {
                 $tag_name = trim($tag_name);
                 if ($tag_name) {
                     tag::add($child, $tag_name);
                 }
             }
         }
     }
     // Redirect back to the album.
     $item = ORM::factory("item", $this->input->post("item_id"));
     url::redirect(url::abs_site("{$item->type}s/{$item->id}"));
 }

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Figure out which boxes where checked
     $linkOptions_array = Input::instance()->post("ContactOwnerLinkTypes");
     $ownerLink = false;
     $userLink = false;
     for ($i = 0; $i < count($linkOptions_array); $i++) {
         if ($linkOptions_array[$i] == "ContactOwner") {
             $ownerLink = true;
         }
         if ($linkOptions_array[$i] == "ContactUser") {
             $userLink = true;
         }
     }
     // Figure out the values of the text boxes
     $str_contactbutton = Input::instance()->post("owner_button_text");
     $str_contactemail = Input::instance()->post("owner_email");
     $str_contactname = Input::instance()->post("owner_name");
     $str_messageheader = Input::instance()->post("message_header");
     // Save Settings.
     module::set_var("contactowner", "contact_owner_link", $ownerLink);
     module::set_var("contactowner", "contact_user_link", $userLink);
     module::set_var("contactowner", "contact_button_text", $str_contactbutton);
     module::set_var("contactowner", "contact_owner_email", $str_contactemail);
     module::set_var("contactowner", "contact_owner_name", $str_contactname);
     module::set_var("contactowner", "contact_owner_header", $str_messageheader);
     message::success(t("Your Settings Have Been Saved."));
     // Load Admin page.
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_contactowner.html");
     $view->content->contactowner_form = $this->_get_admin_form();
     print $view;
 }

 public function saveprefs()
 {
     // Prevent Cross Site Request Forgery
     access::verify_csrf();
     // Save Settings.
     module::set_var("ratings", "showunderphoto", Input::instance()->post("showunderphoto"));
     module::set_var("ratings", "showinsidebar", Input::instance()->post("showinsidebar"));
     module::set_var("ratings", "imageword", Input::instance()->post("imageword"));
     module::set_var("ratings", "votestring", Input::instance()->post("votestring"));
     module::set_var("ratings", "castyourvotestring", Input::instance()->post("castyourvotestring"));
     #    module::set_var("ratings", "bgcolor", Input::instance()->post("bgcolor"));
     module::set_var("ratings", "fillcolor", Input::instance()->post("fillcolor"));
     module::set_var("ratings", "votedcolor", Input::instance()->post("votedcolor"));
     module::set_var("ratings", "hovercolor", Input::instance()->post("hovercolor"));
     module::set_var("ratings", "textcolor", Input::instance()->post("textcolor"));
     module::set_var("ratings", "regonly", Input::instance()->post("regonly"));
     $iconset = Input::instance()->post("iconset");
     $iconset = preg_replace("/\\/index\\.php/", "", $iconset);
     module::set_var("ratings", "iconset", $iconset);
     message::success(t("Your Settings Have Been Saved."));
     site_status::clear("ratings_configuration");
     // Load Admin page.
     $view = new Admin_View("admin.html");
     $view->content = new View("admin_ratings.html");
     $view->content->ratings_form = $this->_get_admin_form();
     print $view;
 }

 public function auth()
 {
     if (!identity::active_user()->admin) {
         access::forbidden();
     }
     access::verify_csrf();
     $form = self::_form();
     $valid = $form->validate();
     $user = identity::active_user();
     if ($valid) {
         module::event("user_auth", $user);
         if (!request::is_ajax()) {
             message::success(t("Successfully re-authenticated!"));
         }
         url::redirect(Session::instance()->get_once("continue_url"));
     } else {
         $name = $user->name;
         log::warning("user", t("Failed re-authentication for %name", array("name" => $name)));
         module::event("user_auth_failed", $name);
         if (request::is_ajax()) {
             $v = new View("reauthenticate.html");
             $v->form = $form;
             $v->user_name = identity::active_user()->name;
             json::reply(array("html" => (string) $v));
         } else {
             self::_show_form($form);
         }
     }
 }

 function save($album_id)
 {
     access::verify_csrf();
     $album = ORM::factory("item", $album_id);
     access::required("edit", $album);
     if (Input::instance()->post("save")) {
         $titles = Input::instance()->post("title");
         $descriptions = Input::instance()->post("description");
         $filenames = Input::instance()->post("filename");
         $internetaddresses = Input::instance()->post("internetaddress");
         $tags = Input::instance()->post("tags");
         $enable_tags = module::is_active("tag");
         foreach (array_keys($titles) as $id) {
             $item = ORM::factory("item", $id);
             if ($item->loaded() && access::can("edit", $item)) {
                 $item->title = $titles[$id];
                 $item->description = $descriptions[$id];
                 $item->name = $filenames[$id];
                 $item->slug = $internetaddresses[$id];
                 $item->save();
                 if ($enable_tags) {
                     tag::clear_all($item);
                     foreach (explode(",", $tags[$id]) as $tag_name) {
                         if ($tag_name) {
                             tag::add($item, trim($tag_name));
                         }
                     }
                     tag::compact();
                 }
             }
         }
         message::success(t("Captions saved"));
     }
     url::redirect($album->abs_url());
 }