Trang chủ Khám phá Trợ giúp
Đăng nhập
raylu
/
otakuhub
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu kéo về 0 Wiki
Branch: master
Branches Tags
otakuhub
/
CSRF

CSRF 1.4 KB
Permalink Lịch sử Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. // This code is brought to you by Sean Coates (seancoates.com):
    2. 

  2. 

  3. <?php
    4. 

  4. 

  5. namespace app\extensions\helper;
    6. 

  6. use \app\extensions\storage\Session;
    7. 

  7. use \lithium\util\String;
    8. 

  8. 

  9. class Form extends \lithium\template\helper\Form
    10. 

  10. {
    11. 

  11. 	protected function _render($method, $string, $params, array $options = array()) {
    12. 

  12. 		if ($docsrf = isset($params['options']['docsrf'])) {
    13. 

  13. 			unset($params['options']['docsrf']);
    14. 

  14. 		}
    15. 

  15.  
    16. 

  16. 		// get default
    17. 

  17. 		$ret = parent::_render($method, $string, $params, $options);
    18. 

  18.  
    19. 

  19. 		// if we're not already in a create chain, and if we're docsrf...
    20. 

  20. 		if (((get_parent_class($this) . '::create') == $method
    21. 

  21. 			|| (get_class($this) . '::create') == $method)
    22. 

  22. 			&& $docsrf) {
    23. 

  23. 			// append a hidden field with the token
    24. 

  24. 			$ret .= $this->hidden(
    25. 

  25. 				\app\extensions\action\Request::CSRF_TOKEN_FIELD_NAME,
    26. 

  26. 				array('value' => Session::get_csrf_token())
    27. 

  27. 			);
    28. 

  28. 		}
    29. 

  29.  
    30. 

  30. 		return $ret;
    31. 

  31. 	}
    32. 

  32. }
    33. 

  33. 

  34. ?>
    35. 

  35. 

  36. <?php
    37. 

  37. 

  38. namespace app\extensions\storage;
    39. 

  39. 

  40. class Session extends \lithium\storage\Session
    41. 

  41. {
    42. 

  42. 	public static function get_csrf_token($replace = false)
    43. 

  43. 	{
    44. 

  44. 		$token = null;
    45. 

  45. 		if (!$replace) {
    46. 

  46. 			$token = self::read('csrf_token');
    47. 

  47. 		}
    48. 

  48. 		if ($token) {
    49. 

  49. 			return $token;
    50. 

  50. 		}
    51. 

  51.  
    52. 

  52. 		// not found (or replacing); generate a new token
    53. 

  53. 		$token = md5(uniqid(microtime(true)));
    54. 

  54.  
    55. 

  55. 		self::write('csrf_token', $token);
    56. 

  56.  
    57. 

  57. 		return $token;
    58. 

  58. 	}
    59. 

  59.  
    60. 

  60. 	public static function check_csrf_token($token)
    61. 

  61. 	{
    62. 

  62. 		return $token === self::read('csrf_token');
    63. 

  63. 	}
    64. 

  64.  
    65. 

  65. }
    66. 

  66. 

  67. ?>
    68.