/** * * Is the current request a cross-site forgery? * * @return bool * */ public function isCsrf() { if (!$this->_csrf) { $this->_csrf = Solar::factory('Solar_Csrf'); } return $this->_csrf->isForgery(); }
/** * * Applies the filter chain to the form element values; in particular, * checks validation and updates the 'invalid' keys for each element that * fails, and checks for CSRF attempts automatically. * * This method cycles through each element in the form, where it ... * * 1. Applies the filters to populated user input for the element, * * 2. Validates the filtered value against the validation rules for the element, * * 3. Adds invalidation messages to the element if it does not pass validation. * * If all populated values pass validation, the method returns boolean * true, indicating the form as a whole it valid; if even one validation on * one element fails, the method returns boolean false. * * In general, you should only validate the values after user input has * been populated with [[Solar_Form::populate()]]. * * Note that filters and validation rules are added with the * [[Solar_Form::setElement()]] and [[Solar_Form::setElements()]] methods; * please see those pages for more information on how to add filters and * validation to an element. * * @return bool True if all elements are valid, false if not. * */ public function validate() { // reset the filter chain so we can rebuild it $this->_filter->resetChain(); // build the filter chain and data values. note that the foreach() // loop uses an info **reference**, not a copy. $data = array(); foreach ($this->elements as $name => &$info) { // keep a **reference** to the data (not a copy) $data[$name] =& $info['value']; // set the filters and require-flag, reference not needed $this->_filter->addChainFilters($name, $info['filters']); $this->_filter->setChainRequire($name, $info['require']); } // apply the filter chain to the data, which will modify the // element data in place because of the references $status = $this->_filter->applyChain($data); $this->setStatus($status); // retain any invalidation messages $invalid = $this->_filter->getChainInvalid(); foreach ((array) $invalid as $key => $val) { $this->addInvalid($key, $val); } // check for csrf attempts if ($this->_csrf->isForgery()) { // looks like a forgery: validation failure $this->feedback[] = 'ERR_CSRF_ATTEMPT'; $this->setStatus(false); } // done! return $this->_status; }