/**
  * Registers view functions
  *
  * @param Request $request The current request
  * @param ITranspiler $transpiler The transpiler to register to
  * @param UrlGenerator $urlGenerator What generates URLs from routes
  * @param ISession $session The current session
  */
 public function run(Request $request, ITranspiler $transpiler, UrlGenerator $urlGenerator, ISession $session)
 {
     // Add the ability to display a hidden input with the current CSRF token
     $transpiler->registerViewFunction("csrfInput", function () use($session) {
         return sprintf('<input type="hidden" name="%s" value="%s">', CsrfTokenChecker::TOKEN_INPUT_NAME, $session->get(CsrfTokenChecker::TOKEN_INPUT_NAME));
     });
     // Add the ability to display the CSRF token
     $transpiler->registerViewFunction("csrfToken", function () use($session) {
         return $session->get(CsrfTokenChecker::TOKEN_INPUT_NAME);
     });
     // Add the ability to tell if the current route is a particular route
     $transpiler->registerViewFunction("currentRouteIs", function ($routeName) use($request, $urlGenerator) {
         $regex = call_user_func([$urlGenerator, "createRegexFromName"], $routeName);
         // Strip the delimiters
         $regex = substr($regex, 1, -1);
         // Check if the returned regex is a path or full URL regex
         if (preg_match("#^\\^http(s)?\\\\://#", $regex) === 1) {
             return $request->isUrl($regex, true);
         } else {
             return $request->isPath($regex, true);
         }
     });
     // Add the ability to generate URLs to named routes from views
     $transpiler->registerViewFunction("route", function ($routeName) use($urlGenerator) {
         return call_user_func_array([$urlGenerator, "createFromName"], func_get_args());
     });
 }
Ejemplo n.º 2
0
 /**
  * Checks if the token is valid
  *
  * @param Request $request The current request
  * @param ISession $session The current session
  * @return bool True if the token is valid, otherwise false
  */
 public function tokenIsValid(Request $request, ISession $session)
 {
     if (!$session->has(self::TOKEN_INPUT_NAME)) {
         $session->set(self::TOKEN_INPUT_NAME, $this->strings->generateRandomString(32));
     }
     if ($this->tokenShouldNotBeChecked($request)) {
         return true;
     }
     // Try an input
     $token = $request->getInput(self::TOKEN_INPUT_NAME);
     // Try the X-CSRF header
     if ($token === null) {
         $token = $request->getHeaders()->get("X-CSRF-TOKEN");
     }
     // Try the X-XSRF header
     if ($token === null) {
         $token = $request->getHeaders()->get("X-XSRF-TOKEN");
     }
     return $this->strings->isEqual($session->get(self::TOKEN_INPUT_NAME), $token);
 }