Copyright 1999-2016 Horde LLC (http://www.horde.org/)
See the enclosed file COPYING for license information (LGPL). If you
did not receive this file, see http://www.horde.org/licenses/lgpl21.
/** * Check if a token for a form is valid. * * @since Horde 3.2 */ function checkRequestToken($slug, $token) { require_once 'Horde/Token.php'; if (isset($GLOBALS['conf']['token'])) { /* If there is a configured token system, set it up. */ $tokenSource = Horde_Token::factory($GLOBALS['conf']['token']['driver'], Horde::getDriverConfig('token', $GLOBALS['conf']['token']['driver'])); } else { /* Default to the file system if no config. */ $tokenSource = Horde_Token::factory('file'); } if (!$tokenSource->verify($token)) { return PEAR::raiseError(_("This form has already been processed.")); } if (empty($_SESSION['horde_form_secrets'][$token])) { return PEAR::raiseError(_("Required secret is invalid - potentially malicious request.")); } return true; }
function preserve($vars) { if ($this->_useFormToken) { $token = Horde_Token::generateId($this->_name); $GLOBALS['session']->set('horde', 'form_secrets/' . $token, true); $this->_preserveVarByPost($this->_name . '_formToken', $token); } $variables = $this->getVariables(); foreach ($variables as $var) { $varname = $var->getVarName(); /* Save value of individual components. */ switch ($var->getTypeName()) { case 'passwordconfirm': case 'emailconfirm': $this->preserveVarByPost($vars, $varname . '[original]'); $this->preserveVarByPost($vars, $varname . '[confirm]'); break; case 'monthyear': $this->preserveVarByPost($vars, $varname . '[month]'); $this->preserveVarByPost($vars, $varname . '[year]'); break; case 'monthdayyear': $this->preserveVarByPost($vars, $varname . '[month]'); $this->preserveVarByPost($vars, $varname . '[day]'); $this->preserveVarByPost($vars, $varname . '[year]'); break; } $this->preserveVarByPost($vars, $varname); } foreach ($this->_hiddenVariables as $var) { $this->preserveVarByPost($vars, $var->getVarName()); } }
public function renderActive($form, $action, $method = 'get', $enctype = null, $focus = true) { $this->_name = $form->getName(); echo "<form class=\"horde-form\" action=\"{$action}\" method=\"{$method}\"" . (empty($this->_name) ? '' : ' id="' . $this->_name . '"') . (is_null($this->_enctype) ? '' : ' enctype="' . $this->_enctype . '"') . ">\n"; echo Horde_Util::formInput(); $this->listFormVars($form); if (!empty($this->_name)) { $this->_preserveVarByPost('formname', $this->_name); } if ($form->useToken()) { $this->_preserveVarByPost($this->_name . '_formToken', Horde_Token::generateId($this->_name)); } if (count($form->getSections())) { $this->_preserveVarByPost('__formOpenSection', $form->getOpenSection()); } $vars = $form->getVars(); $variables = $form->getVariables(); foreach ($variables as $var) { if ($var->getOption('trackchange')) { $varname = $var->getVarName(); $this->preserveVarByPost($vars, $varname, '__old_' . $varname); } } foreach ($form->getHiddenVariables() as $var) { $this->preserveVarByPost($vars, $var->getVarName()); } $this->_renderBeginActive($form->getTitle()); $this->_renderForm($form, true); $this->submit($this->_submit, $this->_reset); echo "\n</fieldset>\n</form>\n"; if ($focus && !empty($this->_firstField)) { echo '<script type="text/javascript"> try { document.getElementById("' . $this->_firstField . '").focus(); } catch (e) {} </script> '; } }