![]() |
TYPO3
7.6
|
Public Member Functions | |
__destruct () | |
clean () | |
generateToken ($formName, $action= '', $formInstanceName= '') | |
validateToken ($tokenId, $formName, $action= '', $formInstanceName= '') | |
persistSessionToken () | |
Protected Member Functions | |
getSessionToken () | |
generateSessionToken () | |
createValidationErrorMessage () | |
retrieveSessionToken () | |
Protected Attributes | |
$validationFailedCallback | |
$sessionToken | |
This class provides protection against cross-site request forgery (XSRF/CSRF) for forms.
For documentation on how to use this class, please see the documentation of the corresponding subclasses
Definition at line 26 of file AbstractFormProtection.php.
__destruct | ( | ) |
Frees as much memory as possible.
Definition at line 54 of file AbstractFormProtection.php.
clean | ( | ) |
Deletes the session token and persists the (empty) token.
This function is intended to be called when a user logs on or off.
Definition at line 66 of file AbstractFormProtection.php.
References AbstractFormProtection\persistSessionToken().
|
protected |
Creates or displays an error message telling the user that the submitted form token is invalid.
Definition at line 134 of file AbstractFormProtection.php.
Referenced by AbstractFormProtection\validateToken().
|
protected |
Generates the random token which is used in the hash for the form tokens.
Definition at line 123 of file AbstractFormProtection.php.
References GeneralUtility\generateRandomBytes().
Referenced by InstallToolFormProtection\retrieveSessionToken(), FrontendFormProtection\retrieveSessionToken(), and BackendFormProtection\retrieveSessionToken().
generateToken | ( | $formName, | |
$action = '' , |
|||
$formInstanceName = '' |
|||
) |
Generates a token for a form by hashing the given parameters with the secret session token.
Calling this function two times with the same parameters will create the same valid token during one user session.
string | $formName | |
string | $action | |
string | $formInstanceName |
\InvalidArgumentException |
Definition at line 85 of file AbstractFormProtection.php.
References AbstractFormProtection\getSessionToken(), and GeneralUtility\hmac().
|
protected |
Definition at line 43 of file AbstractFormProtection.php.
References AbstractFormProtection\$sessionToken, and AbstractFormProtection\retrieveSessionToken().
Referenced by AbstractFormProtection\generateToken(), and AbstractFormProtection\validateToken().
|
abstract |
Saves the session token so that it can be used by a later incarnation of this class.
private
Referenced by AbstractFormProtection\clean().
|
abstractprotected |
validateToken | ( | $tokenId, | |
$formName, | |||
$action = '' , |
|||
$formInstanceName = '' |
|||
) |
Checks whether the token $tokenId is valid in the form $formName with $formInstanceName.
string | $tokenId | |
string | $formName | |
string | $action | |
string | $formInstanceName |
Definition at line 104 of file AbstractFormProtection.php.
References AbstractFormProtection\createValidationErrorMessage(), AbstractFormProtection\getSessionToken(), and GeneralUtility\hmac().
|
protected |
Definition at line 38 of file AbstractFormProtection.php.
Referenced by AbstractFormProtection\getSessionToken(), InstallToolFormProtection\persistSessionToken(), FrontendFormProtection\retrieveSessionToken(), BackendFormProtection\retrieveSessionToken(), and BackendFormProtection\setSessionTokenFromRegistry().
|
protected |
Definition at line 31 of file AbstractFormProtection.php.
Referenced by FrontendFormProtection\__construct(), and BackendFormProtection\__construct().