$postedToken =
$this->
getPostedToken($request);
try { $token =
($postedToken !== null &&
$this->config->tokenRandomize
) ?
$this->
derandomize($postedToken) :
$postedToken;
} catch (InvalidArgumentException
$e) { $token = null;
} // Do the tokens match?
if (!
isset($token,
$this->hash
) || !
hash_equals($this->hash,
$token)) { throw SecurityException::
forDisallowedAction();
} $this->
removeTokenInRequest($request);
if ($this->config->regenerate
) { $this->
generateHash();
} log_message('info', 'CSRF token verified.'
);
return $this;
}