public function testValidate() { // good validation $post_data = array(CSRFTokenGenerator::TOKEN_NAME => CSRFTokenGenerator::getToken()); $this->assertTrue(CSRFTokenGenerator::validate($post_data)); $post_data = array(self::ALT_TOKEN_NAME => CSRFTokenGenerator::getToken(self::ALT_TOKEN_NAME)); $this->assertTrue(CSRFTokenGenerator::validate($post_data, self::ALT_TOKEN_NAME)); // bad validation $this->_killSession(); $post_data = array(CSRFTokenGenerator::TOKEN_NAME => "bad_token_data"); $this->assertFalse(CSRFTokenGenerator::validate($post_data)); $post_data = array(self::ALT_TOKEN_NAME => "bad_token_data"); $this->assertFalse(CSRFTokenGenerator::validate($post_data, self::ALT_TOKEN_NAME)); $post_data = array("bad_token_name" => CSRFTokenGenerator::getToken()); $this->assertFalse(CSRFTokenGenerator::validate($post_data)); }
/** * Check if the form is submitted by validating the value of the hidden * vf__dispatch field. * * @param boolean $blnForce * Fake isSubmitted to true to force field values. * @return boolean [description] */ public function isSubmitted($blnForce = false) { if (ValidForm::get("vf__dispatch") == $this->__name || $blnForce) { if ($this->__usecsrfprotection && !$blnForce) { return CSRF::validate($_POST); } else { return true; } } else { return false; } }