Exemple #1
0
 /**
  * 
  * Generates a hidden anti-CSRF element.
  * 
  * @param array $info An array of element information.
  * 
  * @return string The element XHTML.
  * 
  */
 public function formCsrf()
 {
     return $this->_view->formHidden(array('name' => $this->_csrf->getKey(), 'value' => $this->_csrf->getToken()));
 }
Exemple #2
0
 /**
  * 
  * If no CSRF element is present, add one.
  * 
  * @return void
  * 
  */
 protected function _addCsrfElement()
 {
     // if no token, nothing to add
     if (!$this->_csrf->hasToken()) {
         return;
     }
     // is a csrf element already present?
     $name = $this->_csrf->getKey();
     foreach ($this->_hidden as $info) {
         if ($info['name'] == $name) {
             // found it, no need to add it
             return;
         }
     }
     // add the token to the hidden elements
     $this->addElement(array('name' => $name, 'type' => 'hidden', 'value' => $this->_csrf->getToken()));
 }
Exemple #3
0
 /**
  * 
  * Resets the form object to its originally-configured state, and adds
  * an anti-CSRF element with the current value of the session token.
  * 
  * This clears out all elements, filters, validations, and feedback,
  * as well as all submitted values.  Use this method to "start over
  * again" using the same form object.
  * 
  * @return void
  * 
  */
 public function reset()
 {
     // attribs should be the default set, plus config overrides
     $this->attribs = array_merge($this->_default_attribs, $this->_config['attribs']);
     $this->elements = array();
     $this->feedback = array();
     $this->_submitted = null;
     // add the csrf token value if present
     if ($this->_csrf->hasToken()) {
         $name = $this->_csrf->getKey();
         $this->setElement($name, array('type' => 'hidden', 'value' => $this->_csrf->getToken()));
     }
 }
Exemple #4
0
 /**
  * 
  * If a CSRF element is needed but not present, add it; if present and not
  * needed, remove it.
  * 
  * @return void
  * 
  */
 protected function _modCsrfElement()
 {
     // the name of the csrf element
     $name = $this->_csrf->getKey();
     // if using GET, don't add csrf if not already there ...
     $method = strtolower($this->_attribs_form['method']);
     if ($method == 'get') {
         // ... and remove it if present.
         foreach ($this->_hidden as $key => $info) {
             if ($info['name'] == $name) {
                 unset($this->_hidden[$key]);
             }
         }
         // done
         return;
     }
     // if no token, nothing to add
     if (!$this->_csrf->hasToken()) {
         return;
     }
     // is a csrf element already present?
     foreach ($this->_hidden as $info) {
         if ($info['name'] == $name) {
             // found it, no need to add it
             return;
         }
     }
     // add the token to the hidden elements
     $this->addElement(array('name' => $name, 'type' => 'hidden', 'value' => $this->_csrf->getToken()));
 }