CMSimple_XH
|
The CSRF protection class. More...
Public Member Functions | |
__construct ($keyName='xh_csrf_token', $perRequest=false) | |
Initializes a new object. More... | |
tokenInput () | |
Returns a hidden input field with the CSRF token for inclusion in an HTML form. More... | |
check () | |
Checks whether the submitted CSRF token matches the one stored in the session. More... | |
store () | |
Stores the CSRF token in the session, if a self::tokenInput() was called. More... | |
The CSRF protection class.
XH\CSRFProtection::__construct | ( | $keyName = 'xh_csrf_token' , |
|
$perRequest = false |
|||
) |
Initializes a new object.
string | $keyName | A key name. |
bool | $perRequest | Whether a new token shall be generated for each request (otherwise once per session). |
XH\CSRFProtection::check | ( | ) |
Checks whether the submitted CSRF token matches the one stored in the session.
Responds with "403 Forbidden" if not.
XH\CSRFProtection::store | ( | ) |
Stores the CSRF token in the session, if a self::tokenInput() was called.
XH\CSRFProtection::tokenInput | ( | ) |
Returns a hidden input field with the CSRF token for inclusion in an HTML form.