Improve CSRF handling

mevdschee · mevdschee · commit bdf13ab0c810 · 2017-02-17T02:30:58.000+01:00
diff --git a/examples/client_auth.php b/examples/client_auth.php
@@ -24,8 +24,8 @@ function call($method, $url, $data = false) {
 }
 
 // in case you are using php-api-auth:
-$csrf = call('POST','http://localhost/blog.php/', 'username=admin&password=admin');
-$response = call('GET','http://localhost/blog.php/posts?include=categories,tags,comments&filter=id,eq,1&csrf='. trim($csrf));
+$csrf = json_decode(call('POST','http://localhost/api.php/', 'username=admin&password=admin'));
+$response = call('GET','http://localhost/api.php/posts?include=categories,tags,comments&filter=id,eq,1&csrf='. $csrf);
 
 unlink($cookiejar);
 

Original file line number	Diff line number	Diff line change
`@@ -24,8 +24,8 @@ function call($method, $url, $data = false) {`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`// in case you are using php-api-auth:`
`27`		`-$csrf = call('POST','http://localhost/blog.php/', 'username=admin&password=admin');`
`28`		`-$response = call('GET','http://localhost/blog.php/posts?include=categories,tags,comments&filter=id,eq,1&csrf='. trim($csrf));`
	`27`	`+$csrf = json_decode(call('POST','http://localhost/api.php/', 'username=admin&password=admin'));`
	`28`	`+$response = call('GET','http://localhost/api.php/posts?include=categories,tags,comments&filter=id,eq,1&csrf='. $csrf);`
`29`	`29`
`30`	`30`	`unlink($cookiejar);`
`31`	`31`