]> git.sesse.net Git - www-csrf/blobdiff - lib/WWW/CSRF.pm
projects / www-csrf / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add some unit tests for check_csrf_token.
[www-csrf] / lib / WWW / CSRF.pm
diff --git a/lib/WWW/CSRF.pm b/lib/WWW/CSRF.pm
index 95c5e8f041724443a9c12711ae12ecc4e947c0f8..9197a6e8c8676294127456688b85aa1efc475298 100644 (file)
--- a/lib/WWW/CSRF.pm
+++ b/lib/WWW/CSRF.pm
@@ -43,9 +43,11 @@ sub check_csrf_token {
                return 0;
        }
 
+       my $ref_time = $options->{'Time'} // time;
+
        my ($masked_token, $mask, $time) = ($1, $2, $3);
        my $max_age = $options->{'MaxAge'};
-       if (defined($max_age) && time - $time > $max_age) {
+       if (defined($max_age) && $ref_time - $time > $max_age) {
                # Timed out.
                return 0;
        }
WWW::CSRF, a Perl module to help protect against CSRF attacks.