/**
*
* Is the current request a cross-site forgery?
*
* @return bool
*
*/
public function isCsrf()
{
if (!$this->_csrf) {
$this->_csrf = Solar::factory('Solar_Csrf');
}
return $this->_csrf->isForgery();
}
/**
*
* Applies the filter chain to the form element values; in particular,
* checks validation and updates the 'invalid' keys for each element that
* fails, and checks for CSRF attempts automatically.
*
* This method cycles through each element in the form, where it ...
*
* 1. Applies the filters to populated user input for the element,
*
* 2. Validates the filtered value against the validation rules for the element,
*
* 3. Adds invalidation messages to the element if it does not pass validation.
*
* If all populated values pass validation, the method returns boolean
* true, indicating the form as a whole it valid; if even one validation on
* one element fails, the method returns boolean false.
*
* In general, you should only validate the values after user input has
* been populated with [[Solar_Form::populate()]].
*
* Note that filters and validation rules are added with the
* [[Solar_Form::setElement()]] and [[Solar_Form::setElements()]] methods;
* please see those pages for more information on how to add filters and
* validation to an element.
*
* @return bool True if all elements are valid, false if not.
*
*/
public function validate()
{
// reset the filter chain so we can rebuild it
$this->_filter->resetChain();
// build the filter chain and data values. note that the foreach()
// loop uses an info **reference**, not a copy.
$data = array();
foreach ($this->elements as $name => &$info) {
// keep a **reference** to the data (not a copy)
$data[$name] =& $info['value'];
// set the filters and require-flag, reference not needed
$this->_filter->addChainFilters($name, $info['filters']);
$this->_filter->setChainRequire($name, $info['require']);
}
// apply the filter chain to the data, which will modify the
// element data in place because of the references
$status = $this->_filter->applyChain($data);
$this->setStatus($status);
// retain any invalidation messages
$invalid = $this->_filter->getChainInvalid();
foreach ((array) $invalid as $key => $val) {
$this->addInvalid($key, $val);
}
// check for csrf attempts
if ($this->_csrf->isForgery()) {
// looks like a forgery: validation failure
$this->feedback[] = 'ERR_CSRF_ATTEMPT';
$this->setStatus(false);
}
// done!
return $this->_status;
}
