/** * Fetches CSRF settings and current token */ public static function _init() { static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token'); if (\Config::get('security.csrf_autoload', false)) { static::fetch_token(); } }
public static function _init() { \Config::load('petro', true); \Lang::load('petro'); static::$template = \Config::get('petro.template'); static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token'); }
/** * Class init * * Fetches CSRF settings and current token */ public static function _init() { static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token'); static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false); if (\Config::get('security.csrf_autoload', true)) { static::check_token(); } }
/** * Class init * * Fetches CSRF settings and current token */ public static function _init() { static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token'); static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false); if (\Config::get('security.csrf_autoload', true)) { static::check_token(); } // throw an exception if no the output filter setting is missing from the app config if (\Config::get('security.output_filter', null) === null) { throw new \FuelException('There is no security.output_filter defined in your application config file'); } }
/** * Class init * * Fetches CSRF settings and current token */ public static function _init() { static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token'); static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false); if (\Config::get('security.csrf_autoload', true)) { static::check_token(); } // set a default output filter if none is defined in the config // this code is deprecated and will be removed in v1.2 if (\Config::get('security.output_filter', null) === null) { \Config::set('security.output_filter', '\\Security::htmlentities'); logger(\Fuel::L_WARNING, 'There is no security.output_filter defined in your application config file.', __METHOD__); } }
/** * Class init * * Fetches CSRF settings and current token */ public static function _init() { static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token'); static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false); // if csrf automatic checking is enabled, and it fails validation, bail out! if (\Config::get('security.csrf_autoload', true)) { static::check_token(); } // throw an exception if the output filter setting is missing from the app config if (\Config::get('security.output_filter', null) === null) { throw new \FuelException('There is no security.output_filter defined in your application config file'); } // deal with duplicate filters, no need to slow the framework down foreach (array('output_filter', 'uri_filter', 'input_filter') as $setting) { $config = \Config::get('security.' . $setting, array()); is_array($config) and \Config::set('security.' . $setting, array_keys(array_flip($config))); } }
/** * Class init * * Fetches CSRF settings and current token * * @throws SecurityException it the CSRF token validation failed * @throws FuelException if no security output filter is defined */ public static function _init() { static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token'); static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false); // if csrf automatic checking is enabled, and it fails validation, bail out! if (\Config::get('security.csrf_autoload', true)) { $check_token_methods = \Config::get('security.csrf_autoload_methods', array('post', 'put', 'delete')); if (in_array(strtolower(\Input::method()), $check_token_methods) and !static::check_token()) { throw new \SecurityException('CSRF validation failed, Possible hacking attempt detected!'); } } // throw an exception if the output filter setting is missing from the app config if (\Config::get('security.output_filter', null) === null) { throw new \FuelException('There is no security.output_filter defined in your application config file'); } // deal with duplicate filters, no need to slow the framework down foreach (array('output_filter', 'uri_filter', 'input_filter') as $setting) { $config = \Config::get('security.' . $setting, array()); is_array($config) and \Config::set('security.' . $setting, \Arr::unique($config)); } }