function to initialise the csrfProtector work flow
Parameters:
$length - length of CSRF_AUTH_TOKEN to be generated
$action - int array, for different actions to be taken in case of failed validation
Returns:
void
Throws:
configFileNotFoundException - when configuration file is not found
incompleteConfigurationException - when all required fields in config
file are not available
public static init ( $length = null, $action = null ) |
/** * Test for exception thrown when env variable is set by mod_csrfprotector */ public function testModCSRFPEnabledException() { putenv('mod_csrfp_enabled=true'); $temp = $_COOKIE[csrfprotector::$config['CSRFP_TOKEN']] = 'abc'; $_SESSION[csrfprotector::$config['CSRFP_TOKEN']] = array('abc'); csrfProtector::init(); // Assuming no cookie change $this->assertTrue($temp == $_SESSION[csrfprotector::$config['CSRFP_TOKEN']][0]); $this->assertTrue($temp == $_COOKIE[csrfprotector::$config['CSRFP_TOKEN']]); }
*/ // Before we start processing, we should abort no install is present if (!file_exists('includes/config/settings.php')) { // This should never happen, but in case it does // this means if headers are sent, redirect will fallback to JS if (!headers_sent()) { echo '<script language="javascript" type="text/javascript">document.location.replace("install/install.php");</script>'; } else { header('Location: install/install.php'); } // Now either way, we should stop processing further exit; } // initialise CSRFGuard library require_once './includes/libraries/csrfp/libs/csrf/csrfprotector.php'; csrfProtector::init(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <?php $_SESSION['CPM'] = 1; session_id(); if (!isset($_SESSION['settings']['cpassman_dir']) || $_SESSION['settings']['cpassman_dir'] == "") { $_SESSION['settings']['cpassman_dir'] = "."; } // Include files require_once $_SESSION['settings']['cpassman_dir'] . '/includes/config/settings.php'; require_once $_SESSION['settings']['cpassman_dir'] . '/includes/config/include.php'; require_once $_SESSION['settings']['cpassman_dir'] . '/sources/SplClassLoader.php'; // connect to the server require_once './includes/libraries/Database/Meekrodb/db.class.php'; DB::$host = $server;
/** * Test for exception thrown when env variable is set by mod_csrfprotector */ public function testModCSRFPEnabledException() { putenv('mod_csrfp_enabled=true'); $temp = $_SESSION[CSRFP_TOKEN] = $_COOKIE[CSRFP_TOKEN] = 'abc'; csrfProtector::init(); // Assuming no cookie change $this->assertTrue($temp == $_SESSION[CSRFP_TOKEN]); $this->assertTrue($temp == $_COOKIE[CSRFP_TOKEN]); }