public function testTagNameAndValue() { $tag = Csrf::getTag(); $tag = preg_replace('`\\s+`', '', strtr($tag, '\'', '"')); $this->assertContains('name="' . Csrf::POST_KEY . '"', $tag, 'The CSRF tag name should be Csrf::POST_KEY'); $this->assertTrue(preg_match('`value="([^"]*)"`', $tag, $value) > 0, 'The CSRF tag value should be catchable'); $value = $value[1]; $this->assertTrue(preg_match('`^[' . preg_quote(Csrf::TOKEN_CHARS) . ']+$`', $value) > 0, 'The CSRF tag value should only use chars in Csrf::TOKEN_CHARS'); $this->assertSame(strlen($value), Csrf::TOKEN_LENGTH, 'The CSRF tag value length should be Csrf::TOKEN_LENGTH'); }
use CsrfProtect\CsrfProtect as Csrf; session_start(); $_SESSION = array(); $trues = array(); $falses = array(); session_destroy(); $trues[] = !session_id(); Csrf::getTokenIndex(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::getToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::getTag(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::checkToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::checkPostToken(); $trues[] = !session_id(); $_POST[Csrf::POST_KEY] = '-'; Csrf::checkPostToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::isValidToken();