/** * Returns true if the session data has the needed * token data * * @param string $token * @return boolean */ protected function hasValidSessionData(WebRequest $request, $token) { return $request->getSessionData('dt-class-' . $token) !== false && $request->getSessionData('dt-time-' . $token) !== false; }
/** * Processes all form data * * @access public * @param \Zepi\Turbo\Request\WebRequest $request */ public function processFormData(WebRequest $request) { /** * If there is no csrf-key or csrf-token we return immediately * because this could be a hacker. */ if (!$request->hasParam('csrf-key') || !$request->hasParam('csrf-token')) { return; } /** * Otherwise lookup the csrf-key and csrf-token in the session and * validate them */ $key = $request->getParam('csrf-key'); $token = $request->getParam('csrf-token'); $sessionToken = $request->getSessionData($key); /** * Remove the old token */ $request->deleteSessionData($key); /** * If the token from the form not is equal with the token in the session * we will return here */ if ($sessionToken !== $token) { return; } /** * Process the form data if the csrf tokens are valid */ foreach ($this->getChildrenByType('\\Zepi\\Web\\UserInterface\\Form\\Field\\FieldAbstract') as $field) { if ($request->hasParam($field->getHtmlName())) { $field->setValue($request->getParam($field->getHtmlName()), $request); } } }
/** * Validates the session. If the session is obsolete and the max lieftime is reached * the function will return false, otherwise true. * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request * @return boolean */ protected function validateSessionData(WebRequest $request) { if ($request->getSessionData('isObsolete') && $request->getSessionData('maxLifetime') < time()) { return false; } return true; }
/** * Generates a DataRequest object * * @access protected * @param \Zepi\Turbo\Request\WebRequest $request * @param \Zepi\Web\UserInterface\Table\TableAbstract $table * @param false|integer $numberOfEntries * @return \Zepi\Web\UserInterface\Table\DataRequest */ protected function generateDataRequest(WebRequest $request, TableAbstract $table, $numberOfEntries) { $sortBy = 'name'; $sortByDirection = 'ASC'; // If the session has a data request object for the table, load it and refresh the data. $savedDataRequestKey = get_class($table) . '.DataRequest.Saved'; $dataRequest = false; if ($table->shouldSaveDataRequest() && $request->getSessionData($savedDataRequestKey) !== false) { $dataRequest = unserialize($request->getSessionData($savedDataRequestKey)); } // Check if the data request is valid if ($dataRequest === false) { $dataRequest = new DataRequest(1, $numberOfEntries, $sortBy, $sortByDirection); } // Save the data request to the session if needed if ($table->shouldSaveDataRequest()) { $request->setSessionData($savedDataRequestKey, serialize($dataRequest)); } return $dataRequest; }