SproutCMS

This is the code documentation for the SproutCMS project

More info
Project:
Home   Sprout SproutModules

Search documentation

Search term:

What to search:





Path or filename:

Info Page:

General

Used by

Extends

Source search

Page options:

Inherited members

class Csrf

Protection against Cross Site Request Forgery (CSRF) attacks

Functions

NameVisibilityDescription
checkpublic (static)Gets the CSRF token in the postdata.
checkOrDiepublic (static)Checks the CSRF token
getTokenValuepublic (static)Fetches the secret token value
initialiseSessionprotected (static)Initialises the PHP session and, if not present, generates a CSRF secret for the session
tokenpublic (static)Generates a CSRF hidden form field

public check

unknown Csrf::check ( );

Gets the CSRF token in the postdata.
Checks that it is valid.
Returns TRUE on success and FALSE on failure

public checkOrDie

void Csrf::checkOrDie ( );

Checks the CSRF token
If it fails, redirect the user to the home page, and report an error

public getTokenValue

string Csrf::getTokenValue ( );

Fetches the secret token value

This is intended for use on JavaScript requests that require CSRF protection.
Note that it is important that this value isn't placed in GET parameters, as this
may result in the value being leaked through logging or other methods.

protected initialiseSession

void Csrf::initialiseSession ( );

Initialises the PHP session and, if not present, generates a CSRF secret for the session

public token

string Csrf::token ( );

Generates a CSRF hidden form field
Powered by Pelzini, version 0.9.0 Documentation is made available under the GNU Free Documentation License 1.2.
Generated: Monday, 3rd April, 2023 at 02:59 pm