Reply To: Should I Worry About XSS attacks?

[__]

sure, no problem.

It occurs to me that it would be better (easier to use) to make checking the token a function as well.

<?php

function check_xssToken(){
    return (
        isset( $_SESSION['xssToken'] )
        && isset( $_POST['xssToken'] )
        && $_SESSION['xssToken'][0] === $_POST['xssToken']
        && time() < $_SESSION['xssToken'][1]
    );
}

Then, you could simply use it like so:

<?php

if( ! check_xssToken() ){
    /* bad or missing token. */
    exit(1);
}
/* good token; continue as normal! */