From 2a2b429e75c88a1884c480e03e50141ab7f44167 Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Wed, 14 May 2025 00:54:38 -0700
Subject: [PATCH] Handle missing tokens gracefully, support multiple
 state-changing HTTP methods

---
 includes/CSRF.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/includes/CSRF.php b/includes/CSRF.php
index 6329dfee..0145e7bb 100644
--- a/includes/CSRF.php
+++ b/includes/CSRF.php
@@ -26,9 +26,11 @@ class CSRF
 
     public static function verify(): bool
     {
-        $token = $_POST['csrf_token'];
+        if (!isset($_POST['csrf_token'])) {
+            return false;
+        }
         return self::instance()->csrfValidateRequest() &&
-               self::instance()->CSRFValidate($_POST['csrf_token'] ?? '');
+           self::instance()->CSRFValidate($_POST['csrf_token']);
     }
 
     public static function metaTag(): string
@@ -53,7 +55,9 @@ class CSRF
      */
     public static function validateRequest(): bool
     {
-        return self::instance()->csrfValidateRequest();
+        $methods = ['POST', 'PUT', 'DELETE', 'PATCH'];
+        return in_array($_SERVER['REQUEST_METHOD'], $methods) &&
+           self::instance()->csrfValidateRequest();
     }
 }