The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Should I Worry About XSS attacks? Reply To: Should I Worry About XSS attacks?


sure, no problem.

It occurs to me that it would be better (easier to use) to make checking the token a function as well.


function check_xssToken(){
    return (
        isset( $_SESSION['xssToken'] )
        && isset( $_POST['xssToken'] )
        && $_SESSION['xssToken'][0] === $_POST['xssToken']
        && time() < $_SESSION['xssToken'][1]

Then, you could simply use it like so:


if( ! check_xssToken() ){
    /* bad or missing token. */
/* good token; continue as normal! */