Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
/**
* Authenticates a call using Drupal's built in sessions
*
* @return void
*/
function _services_sessions_authenticate_call() {
global $user;
$original_user = services_get_server_info('original_user');
if ($original_user->uid != 0) {
$non_safe_method_called = !in_array($_SERVER['REQUEST_METHOD'], array('GET', 'HEAD', 'OPTIONS', 'TRACE'));
$csrf_token_invalid = !isset($_SERVER['HTTP_X_CSRF_TOKEN']) || !drupal_valid_token($_SERVER['HTTP_X_CSRF_TOKEN'], 'services');
if ($non_safe_method_called && $csrf_token_invalid) {
return t('CSRF validation failed');
}
}
@return void, but the function clearly seems to return a validation error message.
Comments
Comment #1
ygerasimov CreditAttribution: ygerasimov commentedThanks for spotting this. Fixed.