/** * Overrides init() in App_Form * * @access public * @return void */ public function init() { parent::init(); $config = App_DI_Container::get('ConfigObject'); // add an anti-CSRF token to all forms $csrfHash = new Zend_Form_Element_Hash('csrfhash'); $csrfHash->setOptions(array('required' => TRUE, 'filters' => array('StringTrim', 'StripTags'), 'validators' => array('NotEmpty'), 'salt' => $config->security->csrfsalt . get_class($this))); $this->addElement($csrfHash); }