Form/Element/Hash.php
Show:
inherited
inherited
Classes
Zend Framework
LICENSE
This source file is subject to the new BSD license that is bundled
with this package in the file LICENSE.txt.
It is also available through the world-wide-web at this URL:
http://framework.zend.com/license/new-bsd
If you did not receive a copy of the license and are unable to
obtain it through the world-wide-web, please send an email
to license@zend.com so we can send you a copy immediately.
- Category
- Zend
- Copyright
- Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- License
- New BSD License
- Package
- Zend_Form
- Subpackage
- Element
\Zend_Form_Element_Hash
Package: Zend_Form\Element
CSRF form protection
- Parent(s)
- \Zend_Form_Element_Xhtml < \Zend_Form_Element
- Category
- Zend
- Copyright
- Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- License
- New BSD License
- Version
- $Id$
Properties
mixed $_hashActual hash used.
Details
- Type
- mixed
string $_salt = 'salt'Salt for CSRF token
Default value
'salt'Details- Type
- string
int $_timeout = 300TTL for CSRF token
Default value
300Details- Type
- int
string $helper = 'formHidden'Use formHidden view helper by default
Default value
'formHidden'Details- Type
- string
Methods
__construct(string | array | \Zend_Config $spec, array | \Zend_Config $options = null) : voidConstructor
Creates session namespace for CSRF token, and adds validator for CSRF
token.
Parameters| Name | Type | Description |
|---|---|---|
| $spec | string | array | \Zend_Config | |
| $options | array | \Zend_Config |
_generateHash() : voidGenerate CSRF token
Generates CSRF token and stores both in {@link $_hash} and element
value.
getHash() : stringRetrieve CSRF token
If no CSRF token currently exists, generates one.
Returns| Type | Description |
|---|---|
| string |
getLabel() : nullOverride getLabel() to always be empty
Returns
| Type | Description |
|---|---|
| null |
getSalt() : stringRetrieve salt for CSRF token
Returns
| Type | Description |
|---|---|
| string |
getSession() : \Zend_Session_NamespaceGet session object
Instantiate session object if none currently exists
Returns| Type | Description |
|---|---|
| \Zend_Session_Namespace |
getSessionName() : stringGet session namespace for CSRF token
Generates a session namespace based on salt, element name, and class.
Returns| Type | Description |
|---|---|
| string |
getTimeout() : intGet CSRF session token timeout
Returns
| Type | Description |
|---|---|
| int |
initCsrfToken() : voidInitialize CSRF token in session
initCsrfValidator() : \Zend_Form_Element_HashInitialize CSRF validator
Creates Session namespace, and initializes CSRF token in session.
Additionally, adds validator for validating CSRF token.
Returns| Type | Description |
|---|---|
| \Zend_Form_Element_Hash |
render(\Zend_View_Interface $view = null) : stringRender CSRF token in form
Parameters
Returns
| Name | Type | Description |
|---|---|---|
| $view | \Zend_View_Interface |
| Type | Description |
|---|---|
| string |
setSalt(string $salt) : \Zend_Form_Element_HashSalt for CSRF token
Parameters
Returns
| Name | Type | Description |
|---|---|---|
| $salt | string |
| Type | Description |
|---|---|
| \Zend_Form_Element_Hash |
setSession(\Zend_Session_Namespace $session) : \Zend_Form_Element_HashSet session object
Parameters
Returns
| Name | Type | Description |
|---|---|---|
| $session | \Zend_Session_Namespace |
| Type | Description |
|---|---|
| \Zend_Form_Element_Hash |
setTimeout(int $ttl) : \Zend_Form_Element_HashSet timeout for CSRF session token
Parameters
Returns
| Name | Type | Description |
|---|---|---|
| $ttl | int |
| Type | Description |
|---|---|
| \Zend_Form_Element_Hash |