public function testValidate()
{
// good validation
$post_data = array(CSRFTokenGenerator::TOKEN_NAME => CSRFTokenGenerator::getToken());
$this->assertTrue(CSRFTokenGenerator::validate($post_data));
$post_data = array(self::ALT_TOKEN_NAME => CSRFTokenGenerator::getToken(self::ALT_TOKEN_NAME));
$this->assertTrue(CSRFTokenGenerator::validate($post_data, self::ALT_TOKEN_NAME));
// bad validation
$this->_killSession();
$post_data = array(CSRFTokenGenerator::TOKEN_NAME => "bad_token_data");
$this->assertFalse(CSRFTokenGenerator::validate($post_data));
$post_data = array(self::ALT_TOKEN_NAME => "bad_token_data");
$this->assertFalse(CSRFTokenGenerator::validate($post_data, self::ALT_TOKEN_NAME));
$post_data = array("bad_token_name" => CSRFTokenGenerator::getToken());
$this->assertFalse(CSRFTokenGenerator::validate($post_data));
}
/**
* Check if the form is submitted by validating the value of the hidden
* vf__dispatch field.
*
* @param boolean $blnForce
* Fake isSubmitted to true to force field values.
* @return boolean [description]
*/
public function isSubmitted($blnForce = false)
{
if (ValidForm::get("vf__dispatch") == $this->__name || $blnForce) {
if ($this->__usecsrfprotection && !$blnForce) {
return CSRF::validate($_POST);
} else {
return true;
}
} else {
return false;
}
}
