scratch

Subversion Repositories:

 /file.php
@@ -15,26 +15,8 @@
 switch ($_SERVER['REQUEST_METHOD']) {
     case 'POST':
         #### Script restrictions.
-        if(
-            (
-                !isset($_SERVER['HTTP_X_REQUESTED_WITH']) or
-                empty($_SERVER['HTTP_X_REQUESTED_WITH']) or
-                strtoupper($_SERVER['HTTP_X_REQUESTED_WITH']) != 'XMLHTTPREQUEST'
-            )
-                or
-            (
-                (
-                    !isset($_SERVER['HTTP_REFERER']) or
-                    empty($_SERVER['HTTP_REFERER'])
-                )
-                    and
-                (
-                    strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'FILE.HTML') or
-                    strtoupper($_SERVER['HTTP_REFERER']) != strtoupper($config['URL_PATH'].'TEXT.HTML')
-                )
-            )
-        )
-        {
+        session_start();
+        if (empty($_POST['token']) || !hash_equals($_SESSION['token'], $_POST['token'])) {
             http_response_code(403);
             die('Forbidden.');
         }

Compare Path:	Rev
With Path:	Rev