HumHub Documentation (unofficial)

Csrf extends AbstractValidator
in package

Table of Contents

Constants

NOT_SAME  = 'notSame'
Error codes

Properties

$messageTemplates  : array<string, string>
$messageVariables  : array<string, mixed>
$options  : array<string, mixed>
$abstractOptions  : AbstractOptions|array<string, mixed>
$defaultTranslator  : TranslatorInterface
Default translation object for all validate objects
$defaultTranslatorTextDomain  : string
Default text domain to be used with translator
$hash  : mixed
Actual hash used.
$hashCache  : array<string|int, mixed>
Static cache of the session names to generated hashes
$messageLength  : int
Limits the maximum returned length of an error message
$messageTemplates  : array<string|int, mixed>
Error messages
$name  : string
Name of CSRF element (used to create non-colliding hashes)
$salt  : string
Salt for CSRF token
$session  : Container
$timeout  : int|null
TTL for CSRF token
$value  : mixed
The value to be validated

Methods

__construct()  : mixed
Constructor
__get()  : mixed
Magic function returns the value of the requested property, if and only if it is the value or a message variable.
__invoke()  : bool
Invoke as command
getDefaultTranslator()  : TranslatorInterface|null
Get default translation object for all validate objects
getDefaultTranslatorTextDomain()  : string
Get default translation text domain for all validate objects
getHash()  : string
Retrieve CSRF token
getMessageLength()  : int
Returns the maximum allowed message length
getMessages()  : array<string, string>
Returns array of validation failure messages
getMessageTemplates()  : array<string, string>
Returns the message templates from the validator
getMessageVariables()  : array<int, string>
Returns an array of the names of variables that are used in constructing validation failure messages
getName()  : string
Get CSRF name
getOption()  : mixed
Returns an option
getOptions()  : array<string, mixed>
Returns all available options
getSalt()  : string
Retrieve salt for CSRF token
getSession()  : Container
Get session container
getSessionName()  : string
Get session namespace for CSRF token
getTimeout()  : int|null
Get CSRF session token timeout
getTranslator()  : TranslatorInterface|null
Return translation object
getTranslatorTextDomain()  : string
Return the translation text domain
hasDefaultTranslator()  : bool
Is there a default translation object set?
hasTranslator()  : bool
Does this validator have its own specific translator?
isTranslatorEnabled()  : bool
Is translation enabled?
isValid()  : bool
Does the provided token match the one generated?
isValueObscured()  : bool
Retrieve flag indicating whether or not value should be obfuscated in messages
setDefaultTranslator()  : void
Set default translation object for all validate objects
setDefaultTranslatorTextDomain()  : void
Set default translation text domain for all validate objects
setMessage()  : $this
Sets the validation failure message template for a particular key
setMessageLength()  : void
Sets the maximum allowed message length
setMessages()  : $this
Sets validation failure message templates given as an array, where the array keys are the message keys, and the array values are the message template strings.
setName()  : $this
Set CSRF name
setOptions()  : $this
Sets one or multiple options
setSalt()  : $this
Salt for CSRF token
setSession()  : $this
Set session container
setTimeout()  : $this
Set timeout for CSRF session token
setTranslator()  : $this
Set translation object
setTranslatorEnabled()  : $this
Indicate whether or not translation should be enabled
setTranslatorTextDomain()  : $this
Set translation text domain
setValueObscured()  : $this
Set flag indicating whether or not value should be obfuscated in messages
createMessage()  : null|string
Constructs and returns a validation failure message with the given message key and value.
error()  : void
formatHash()  : string
generateHash()  : void
Generate CSRF token
generateTokenId()  : string
getTokenFromHash()  : string|null
getTokenIdFromHash()  : string|null
getValidationToken()  : null|string
Get validation token
getValue()  : mixed
Returns the validation value
initCsrfToken()  : void
Initialize CSRF token in session
setValue()  : void
Sets the value to be validated and clears the messages and errors arrays
translateMessage()  : string
Translate a validation message

Constants

NOT_SAME

Error codes

public mixed NOT_SAME = 'notSame'
Tags
const

string

Properties

$abstractOptions

protected AbstractOptions|array<string, mixed> $abstractOptions = [ 'messages' => [], // Array of validation failure messages 'messageTemplates' => [], // Array of validation failure message templates 'messageVariables' => [], // Array of additional variables available for validation failure messages 'translator' => null, // Translation object to used -> Translator\TranslatorInterface 'translatorTextDomain' => null, // Translation text domain 'translatorEnabled' => true, // Is translation enabled? 'valueObscured' => false, ]

$defaultTranslatorTextDomain

Default text domain to be used with translator

protected static string $defaultTranslatorTextDomain = 'default'

$hash

Actual hash used.

protected mixed $hash

$hashCache

Static cache of the session names to generated hashes

protected static array<string|int, mixed> $hashCache
Tags
todo

unused, left here to avoid BC breaks

$messageLength

Limits the maximum returned length of an error message

protected static int $messageLength = -1

$messageTemplates

Error messages

protected array<string|int, mixed> $messageTemplates = [self::NOT_SAME => 'The form submitted did not originate from the expected site']

$name

Name of CSRF element (used to create non-colliding hashes)

protected string $name = 'csrf'

$salt

Salt for CSRF token

protected string $salt = 'salt'

$session

protected Container $session

$timeout

TTL for CSRF token

protected int|null $timeout = 300

Methods

__construct()

Constructor

public __construct([array<string|int, mixed>|Traversable $options = [] ]) : mixed
Parameters
$options : array<string|int, mixed>|Traversable = []

__get()

Magic function returns the value of the requested property, if and only if it is the value or a message variable.

public __get(string $property) : mixed
Parameters
$property : string
Tags
throws
InvalidArgumentException

__invoke()

Invoke as command

public __invoke(mixed $value) : bool
Parameters
$value : mixed
Return values
bool

getDefaultTranslatorTextDomain()

Get default translation text domain for all validate objects

public static getDefaultTranslatorTextDomain() : string
Return values
string

getHash()

Retrieve CSRF token

public getHash([bool $regenerate = false ]) : string

If no CSRF token currently exists, or should be regenerated, generates one.

Parameters
$regenerate : bool = false

default false

Return values
string

getMessageLength()

Returns the maximum allowed message length

public static getMessageLength() : int
Return values
int

getMessages()

Returns array of validation failure messages

public getMessages() : array<string, string>
Return values
array<string, string>

getMessageTemplates()

Returns the message templates from the validator

public getMessageTemplates() : array<string, string>
Return values
array<string, string>

getMessageVariables()

Returns an array of the names of variables that are used in constructing validation failure messages

public getMessageVariables() : array<int, string>
Return values
array<int, string>

getName()

Get CSRF name

public getName() : string
Return values
string

getOption()

Returns an option

public getOption(string $option) : mixed
Parameters
$option : string

Option to be returned

Tags
throws
InvalidArgumentException
Return values
mixed

Returned option

getOptions()

Returns all available options

public getOptions() : array<string, mixed>
Return values
array<string, mixed>

Array with all available options

getSalt()

Retrieve salt for CSRF token

public getSalt() : string
Return values
string

getSession()

Get session container

public getSession() : Container

Instantiate session container if none currently exists

Return values
Container

getSessionName()

Get session namespace for CSRF token

public getSessionName() : string

Generates a session namespace based on salt, element name, and class.

Return values
string

getTimeout()

Get CSRF session token timeout

public getTimeout() : int|null
Return values
int|null

getTranslatorTextDomain()

Return the translation text domain

public getTranslatorTextDomain() : string
Return values
string

hasDefaultTranslator()

Is there a default translation object set?

public static hasDefaultTranslator() : bool
Return values
bool

hasTranslator()

Does this validator have its own specific translator?

public hasTranslator() : bool
Return values
bool

isTranslatorEnabled()

Is translation enabled?

public isTranslatorEnabled() : bool
Return values
bool

isValid()

Does the provided token match the one generated?

public isValid(string $value[, mixed $context = null ]) : bool
Parameters
$value : string
$context : mixed = null
Return values
bool

isValueObscured()

Retrieve flag indicating whether or not value should be obfuscated in messages

public isValueObscured() : bool
Return values
bool

setDefaultTranslatorTextDomain()

Set default translation text domain for all validate objects

public static setDefaultTranslatorTextDomain([string $textDomain = 'default' ]) : void
Parameters
$textDomain : string = 'default'

setMessage()

Sets the validation failure message template for a particular key

public setMessage(string $messageString[, string|null $messageKey = null ]) : $this
Parameters
$messageString : string
$messageKey : string|null = null

OPTIONAL

Tags
throws
InvalidArgumentException
Return values
$this

Provides a fluent interface

setMessageLength()

Sets the maximum allowed message length

public static setMessageLength([int $length = -1 ]) : void
Parameters
$length : int = -1

setMessages()

Sets validation failure message templates given as an array, where the array keys are the message keys, and the array values are the message template strings.

public setMessages(array<string, string> $messages) : $this
Parameters
$messages : array<string, string>
Return values
$this

setName()

Set CSRF name

public setName(string $name) : $this
Parameters
$name : string
Return values
$this

setOptions()

Sets one or multiple options

public setOptions([array<string, mixed>|Traversable<string, mixed> $options = [] ]) : $this
Parameters
$options : array<string, mixed>|Traversable<string, mixed> = []

Options to set

Tags
throws
InvalidArgumentException

If $options is not an array or Traversable.

Return values
$this

Provides fluid interface

setSalt()

Salt for CSRF token

public setSalt(string $salt) : $this
Parameters
$salt : string
Return values
$this

setSession()

Set session container

public setSession(Container $session) : $this
Parameters
$session : Container
Return values
$this

setTimeout()

Set timeout for CSRF session token

public setTimeout(int|null $ttl) : $this
Parameters
$ttl : int|null
Return values
$this

setTranslatorEnabled()

Indicate whether or not translation should be enabled

public setTranslatorEnabled([bool $enabled = true ]) : $this
Parameters
$enabled : bool = true
Return values
$this

setTranslatorTextDomain()

Set translation text domain

public setTranslatorTextDomain([string $textDomain = 'default' ]) : $this
Parameters
$textDomain : string = 'default'
Return values
$this

setValueObscured()

Set flag indicating whether or not value should be obfuscated in messages

public setValueObscured(bool $flag) : $this
Parameters
$flag : bool
Return values
$this

createMessage()

Constructs and returns a validation failure message with the given message key and value.

protected createMessage(string $messageKey, string|array<string|int, mixed>|object $value) : null|string

Returns null if and only if $messageKey does not correspond to an existing template.

If a translator is available and a translation exists for $messageKey, the translation will be used.

Parameters
$messageKey : string
$value : string|array<string|int, mixed>|object
Return values
null|string

error()

protected error(string|null $messageKey[, null|string|array<string|int, mixed>|object $value = null ]) : void
Parameters
$messageKey : string|null
$value : null|string|array<string|int, mixed>|object = null

OPTIONAL

formatHash()

protected formatHash(string $token, string $tokenId) : string
Parameters
$token : string
$tokenId : string
Return values
string

generateHash()

Generate CSRF token

protected generateHash() : void

Generates CSRF token and stores both in and element value.

generateTokenId()

protected generateTokenId() : string
Return values
string

getTokenFromHash()

protected getTokenFromHash(string|null $hash) : string|null
Parameters
$hash : string|null
Return values
string|null

getTokenIdFromHash()

protected getTokenIdFromHash(string $hash) : string|null
Parameters
$hash : string
Return values
string|null

getValidationToken()

Get validation token

protected getValidationToken([string $tokenId = null ]) : null|string

Retrieve token from session, if it exists.

Parameters
$tokenId : string = null
Return values
null|string

getValue()

Returns the validation value

protected getValue() : mixed
Return values
mixed

Value to be validated

initCsrfToken()

Initialize CSRF token in session

protected initCsrfToken() : void

setValue()

Sets the value to be validated and clears the messages and errors arrays

protected setValue(mixed $value) : void
Parameters
$value : mixed

translateMessage()

Translate a validation message

protected translateMessage(string $messageKey, string $message) : string
Parameters
$messageKey : string
$message : string
Return values
string 

        

        
    




    

    

                                

                

                                
    

        On this page

        
    


                

                            

            

    

        

            
Search results