enable/disable CSRF

system/autoload/Csrf.php

@@ -22,6 +22,8 @@ class Csrf
 
     public static function check($token)
     {
+        global $config;
+        if($config['csrf_enabled'] == 'yes') {
             if (isset($_SESSION['csrf_token'], $_SESSION['csrf_token_time'], $token)) {
                 $storedToken = $_SESSION['csrf_token'];
                 $tokenTime = $_SESSION['csrf_token_time'];
@@ -35,6 +37,8 @@ class Csrf
             }
             return false;
         }
+        return true;
+    }
 
     public static function generateAndStoreToken()
     {