コード例 #1
0
ファイル: security.php プロジェクト: huzairy/feedmalaya
 /**
  * Fetches CSRF settings and current token
  */
 public static function _init()
 {
     static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token');
     if (\Config::get('security.csrf_autoload', false)) {
         static::fetch_token();
     }
 }
コード例 #2
0
ファイル: form.php プロジェクト: ratiw/petro
 public static function _init()
 {
     \Config::load('petro', true);
     \Lang::load('petro');
     static::$template = \Config::get('petro.template');
     static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token');
 }
コード例 #3
0
ファイル: security.php プロジェクト: 469306621/Languages
 /**
  * Class init
  *
  * Fetches CSRF settings and current token
  */
 public static function _init()
 {
     static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token');
     static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false);
     if (\Config::get('security.csrf_autoload', true)) {
         static::check_token();
     }
 }
コード例 #4
0
ファイル: security.php プロジェクト: gilyaev/framework-bench
 /**
  * Class init
  *
  * Fetches CSRF settings and current token
  */
 public static function _init()
 {
     static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token');
     static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false);
     if (\Config::get('security.csrf_autoload', true)) {
         static::check_token();
     }
     // throw an exception if no the output filter setting is missing from the app config
     if (\Config::get('security.output_filter', null) === null) {
         throw new \FuelException('There is no security.output_filter defined in your application config file');
     }
 }
コード例 #5
0
 /**
  * Class init
  *
  * Fetches CSRF settings and current token
  */
 public static function _init()
 {
     static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token');
     static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false);
     if (\Config::get('security.csrf_autoload', true)) {
         static::check_token();
     }
     // set a default output filter if none is defined in the config
     // this code is deprecated and will be removed in v1.2
     if (\Config::get('security.output_filter', null) === null) {
         \Config::set('security.output_filter', '\\Security::htmlentities');
         logger(\Fuel::L_WARNING, 'There is no security.output_filter defined in your application config file.', __METHOD__);
     }
 }
コード例 #6
0
ファイル: security.php プロジェクト: wushian/MDD
 /**
  * Class init
  *
  * Fetches CSRF settings and current token
  */
 public static function _init()
 {
     static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token');
     static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false);
     // if csrf automatic checking is enabled, and it fails validation, bail out!
     if (\Config::get('security.csrf_autoload', true)) {
         static::check_token();
     }
     // throw an exception if the output filter setting is missing from the app config
     if (\Config::get('security.output_filter', null) === null) {
         throw new \FuelException('There is no security.output_filter defined in your application config file');
     }
     // deal with duplicate filters, no need to slow the framework down
     foreach (array('output_filter', 'uri_filter', 'input_filter') as $setting) {
         $config = \Config::get('security.' . $setting, array());
         is_array($config) and \Config::set('security.' . $setting, array_keys(array_flip($config)));
     }
 }
コード例 #7
0
 /**
  * Class init
  *
  * Fetches CSRF settings and current token
  *
  * @throws SecurityException it the CSRF token validation failed
  * @throws FuelException if no security output filter is defined
  */
 public static function _init()
 {
     static::$csrf_token_key = \Config::get('security.csrf_token_key', 'fuel_csrf_token');
     static::$csrf_old_token = \Input::cookie(static::$csrf_token_key, false);
     // if csrf automatic checking is enabled, and it fails validation, bail out!
     if (\Config::get('security.csrf_autoload', true)) {
         $check_token_methods = \Config::get('security.csrf_autoload_methods', array('post', 'put', 'delete'));
         if (in_array(strtolower(\Input::method()), $check_token_methods) and !static::check_token()) {
             throw new \SecurityException('CSRF validation failed, Possible hacking attempt detected!');
         }
     }
     // throw an exception if the output filter setting is missing from the app config
     if (\Config::get('security.output_filter', null) === null) {
         throw new \FuelException('There is no security.output_filter defined in your application config file');
     }
     // deal with duplicate filters, no need to slow the framework down
     foreach (array('output_filter', 'uri_filter', 'input_filter') as $setting) {
         $config = \Config::get('security.' . $setting, array());
         is_array($config) and \Config::set('security.' . $setting, \Arr::unique($config));
     }
 }