4 files changed, 38 insertions, 18 deletions

diff --git a/core/controllers/admin.php b/core/controllers/admin.php
index 2a6bae7e..6e44c54e 100644
--- a/core/controllers/admin.php
+++ b/core/controllers/admin.php
@@ -33,6 +33,10 @@ class Admin_Controller extends Controller {
   }
 
   public function __call($controller_name, $args) {
+    if (request::method() == "post") {
+      access::verify_csrf();
+    }
+
     if ($controller_name == "index") {
       $controller_name = "dashboard";
     }
diff --git a/core/controllers/admin_dashboard.php b/core/controllers/admin_dashboard.php
index a29c2167..13ec5d82 100644
--- a/core/controllers/admin_dashboard.php
+++ b/core/controllers/admin_dashboard.php
@@ -19,7 +19,7 @@
  */
 class Admin_Dashboard_Controller extends Admin_Controller {
   public function index() {
-    return $this->theme()->dashboard_blocks();
+    return $this->theme()->admin_dashboard_blocks();
   }
 }
 
diff --git a/core/helpers/access.php b/core/helpers/access.php
index 0d44a074..ab113375 100644
--- a/core/helpers/access.php
+++ b/core/helpers/access.php
@@ -289,6 +289,37 @@ class access_Core {
   }
 
   /**
+   * Verify our Cross Site Request Forgery token is valid, else throw an exception.
+   */
+  public static function verify_csrf() {
+    if (Input::instance()->post("csrf") !== Session::instance()->get("csrf")) {
+      access::forbidden();
+    }
+  }
+
+  /**
+   * Get the Cross Site Request Forgery token for this session.
+   * @return string
+   */
+  public static function csrf_token() {
+    $session = Session::instance();
+    $csrf = $session->get("csrf");
+    if (empty($csrf)) {
+      $csrf = md5(rand());
+      $session->set("csrf", $csrf);
+    }
+    return $csrf;
+  }
+
+  /**
+   * Generate an <input> element containing the Cross Site Request Forgery token for this session.
+   * @return string
+   */
+  public static function csrf_form_field() {
+    return "<input type=\"hidden\" name=\"csrf\" value=\"" . self::csrf_token() . "\"/>";
+  }
+
+  /**
    * Internal method to get all available groups.
    *
    * @return ORM_Iterator
diff --git a/core/libraries/MY_Forge.php b/core/libraries/MY_Forge.php
index c3d0ca71..877fe62c 100644
--- a/core/libraries/MY_Forge.php
+++ b/core/libraries/MY_Forge.php
@@ -31,14 +31,7 @@ class Forge extends Forge_Core {
    * Use our own template
    */
   public function render($template="form.html", $custom=false) {
-    $session = Session::instance();
-    $csrf = $session->get("csrf");
-    if (empty($csrf)) {
-      $csrf = md5(rand());
-      $session->set("csrf", $csrf);
-    }
-
-    $this->inputs["csrf"]->value($csrf);
+    $this->inputs["csrf"]->value(access::csrf_token());
     return parent::render($template, $custom);
   }
 
@@ -61,15 +54,7 @@ class Forge extends Forge_Core {
    */
   public function validate() {
     $status = parent::validate();
-
-    $type = $this->type;
-    if (empty($type)) {
-      $csrf_value = $this->csrf->value;
-      if (empty($csrf_value) || $csrf_value !== Session::instance()->get("csrf")) {
-        throw new Exception("@todo SECURITY_INVALID_CSRF_TOKEN");
-      }
-    }
-
+    access::verify_csrf();
     return $status;
   }
 }
\ No newline at end of file