public function forms(Post $post, CSRF $csrf)
{
foreach ($post as $key => $value) {
$this->tpl->{$key} = $value;
}
$this->tpl->csrf = $csrf->generate()->input();
$this->tpl->verror = $post->verror;
}
public function testInvalidCodeWrongIP()
{
CSRF::setSecret(uniqid(true));
$_SERVER['REMOTE_ADDR'] = '8.8.8.8';
$code = CSRF::generate();
$_SERVER['REMOTE_ADDR'] = '8.8.4.4';
$this->assertFalse(CSRF::verify($code));
}
function smarty_function_csrf_protected($params, $smarty)
{
import('system/share/security/csrf');
$name = $params['name'] ? $params['name'] : 'CSRF_TOKEN';
$csrf_token = CSRF::generate($name);
return <<<EOF
<input type="hidden" name="{$name}" value="{$csrf_token}" />
EOF;
}
/**
* Create new token for AJAX calls.
*
* @param $mixed $data Data to return in JSON response.
*
* @return string
*/
public static function formatOutput($data)
{
$csrf = new CSRF();
return json_encode(array('token' => $csrf->generate('ajax'), 'result' => $data));
}
