public class XSRF

class.xsrf.php #17

The XSRF class provides protection for mitigating XRSF/CSRF attacks.

Methods

public static
class.xsrf.php #124
static XMLElement formToken()

Creates the form input to use to house the token

public static
class.xsrf.php #72
static string generateNonce(integer $length)

Generates nonce to a desired $length using openssl where available, falling back to using /dev/urandom and a microtime implementation otherwise

Parameters
  • $length integeroptional. By default, 30.

Returns

base64 encoded, url safe

public static
class.xsrf.php #219
static string|null getSession()

Return's the location of the XSRF tokens in the Session

Deprecated

This function will be removed in Symphony 3.0. Use getSessionToken() instead.

public static
class.xsrf.php #24
static string|null getSessionToken()

Return's the location of the XSRF tokens in the Session

public static
class.xsrf.php #139
static string getToken()

This is the nonce used to stop CSRF/XSRF attacks. It's stored in the user session.

public static
class.xsrf.php #54
static void removeSessionToken(string $token)

Removes the token from the Session

public static
class.xsrf.php #44
static void setSessionToken(array $token)

Adds a token to the Session

public static
class.xsrf.php #203
static void throwXSRFException()

The error function that's thrown if the token is invalid.

public static
class.xsrf.php #183
static false|void validateRequest(boolean $silent)

This will validate a request has a good token.

Parameters
  • $silent booleanIf true, this function will return false if the request fails, otherwise it will throw an Exception. By default this function will thrown an exception if the request is invalid.

public static
class.xsrf.php #166
static boolean validateToken(string $xsrf)

This will determine if a token is valid.

Parameters
  • $xsrf stringThe token to validate

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details