public function testTagNameAndValue()
{
$tag = Csrf::getTag();
$tag = preg_replace('`\\s+`', '', strtr($tag, '\'', '"'));
$this->assertContains('name="' . Csrf::POST_KEY . '"', $tag, 'The CSRF tag name should be Csrf::POST_KEY');
$this->assertTrue(preg_match('`value="([^"]*)"`', $tag, $value) > 0, 'The CSRF tag value should be catchable');
$value = $value[1];
$this->assertTrue(preg_match('`^[' . preg_quote(Csrf::TOKEN_CHARS) . ']+$`', $value) > 0, 'The CSRF tag value should only use chars in Csrf::TOKEN_CHARS');
$this->assertSame(strlen($value), Csrf::TOKEN_LENGTH, 'The CSRF tag value length should be Csrf::TOKEN_LENGTH');
}
use CsrfProtect\CsrfProtect as Csrf; session_start(); $_SESSION = array(); $trues = array(); $falses = array(); session_destroy(); $trues[] = !session_id(); Csrf::getTokenIndex(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::getToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::getTag(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::checkToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::checkPostToken(); $trues[] = !session_id(); $_POST[Csrf::POST_KEY] = '-'; Csrf::checkPostToken(); $falses[] = !session_id(); session_destroy(); $trues[] = !session_id(); Csrf::isValidToken();
