/** * * Generates a hidden anti-CSRF element. * * @param array $info An array of element information. * * @return string The element XHTML. * */ public function formCsrf() { return $this->_view->formHidden(array('name' => $this->_csrf->getKey(), 'value' => $this->_csrf->getToken())); }
/** * * If no CSRF element is present, add one. * * @return void * */ protected function _addCsrfElement() { // if no token, nothing to add if (!$this->_csrf->hasToken()) { return; } // is a csrf element already present? $name = $this->_csrf->getKey(); foreach ($this->_hidden as $info) { if ($info['name'] == $name) { // found it, no need to add it return; } } // add the token to the hidden elements $this->addElement(array('name' => $name, 'type' => 'hidden', 'value' => $this->_csrf->getToken())); }
/** * * Resets the form object to its originally-configured state, and adds * an anti-CSRF element with the current value of the session token. * * This clears out all elements, filters, validations, and feedback, * as well as all submitted values. Use this method to "start over * again" using the same form object. * * @return void * */ public function reset() { // attribs should be the default set, plus config overrides $this->attribs = array_merge($this->_default_attribs, $this->_config['attribs']); $this->elements = array(); $this->feedback = array(); $this->_submitted = null; // add the csrf token value if present if ($this->_csrf->hasToken()) { $name = $this->_csrf->getKey(); $this->setElement($name, array('type' => 'hidden', 'value' => $this->_csrf->getToken())); } }
/** * * If a CSRF element is needed but not present, add it; if present and not * needed, remove it. * * @return void * */ protected function _modCsrfElement() { // the name of the csrf element $name = $this->_csrf->getKey(); // if using GET, don't add csrf if not already there ... $method = strtolower($this->_attribs_form['method']); if ($method == 'get') { // ... and remove it if present. foreach ($this->_hidden as $key => $info) { if ($info['name'] == $name) { unset($this->_hidden[$key]); } } // done return; } // if no token, nothing to add if (!$this->_csrf->hasToken()) { return; } // is a csrf element already present? foreach ($this->_hidden as $info) { if ($info['name'] == $name) { // found it, no need to add it return; } } // add the token to the hidden elements $this->addElement(array('name' => $name, 'type' => 'hidden', 'value' => $this->_csrf->getToken())); }