From 9840812d62630c9af322694e15bc9dd48f4d0990 Mon Sep 17 00:00:00 2001
From: Peter Rotich <peter@osticket.com>
Date: Mon, 21 Jan 2013 23:33:05 -0500
Subject: [PATCH] Centralize link token management. CSRF protection for
 important links.

---
 include/class.osticket.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/include/class.osticket.php b/include/class.osticket.php
index fd300184a..89fd3603c 100644
--- a/include/class.osticket.php
+++ b/include/class.osticket.php
@@ -119,7 +119,15 @@ class osTicket {
 
         return false;
     }
-    
+
+    function getLinkToken() {
+        return md5($this->getCSRFToken().SECRET_SALT.session_id());
+    }
+
+    function validateLinkToken($token) {
+            return ($token && !strcasecmp($token, $this->getLinkToken()));
+    }
+
     function isFileTypeAllowed($file, $mimeType='') {
        
         if(!$file || !($allowedFileTypes=$this->getConfig()->getAllowedFileTypes()))
-- 
GitLab