- Symphony 2.7.6
-
› assets
14 -
› boot
15 -
› core
24 -
› cryptography
4 -
› data-sources
6 -
› email-gateways
3 -
› events
3 -
› global
61 -
› interface
9 -
› toolkit
60 - Delegates101
- Deprecated28
Versions
- 2.7.9
- 2.7.8
- 2.7.7
- 2.7.6
- 2.7.5
- 2.7.3
- 2.7.2
- 2.7.10
- 2.7.1
- 2.7.0
- 2.6.9
- 2.6.8
- 2.6.7
- 2.6.6
- 2.6.5
- 2.6.4
- 2.6.3
- 2.6.2
- 2.6.11
- 2.6.10
- 2.6.1
- 2.6.0
- 2.5.3
- 2.5.2
- 2.5.1
- 2.5.0
- 2.4
- 2.3.6
- 2.3.5
- 2.3.4
- 2.3.3
- 2.3.2
- 2.3.1
- 2.3
- 2.2.5
- 2.2.4
- 2.2.3
- 2.2.2
- 2.2.1
- 2.2
Options
public class XSRF
class.xsrf.php #17The XSRF
class provides protection for mitigating XRSF/CSRF attacks.
Methods
static XMLElement formToken()
Creates the form input to use to house the token
static string generateNonce(
$length)
Generates nonce to a desired $length
using openssl
where available,
falling back to using /dev/urandom
and a microtime implementation
otherwise
Parameters
Returns
base64 encoded, url safe
static string|null getSession()
Return's the location of the XSRF tokens in the Session
Deprecated
This function will be removed in Symphony 3.0. Use getSessionToken()
instead.
static string|null getSessionToken()
Return's the location of the XSRF tokens in the Session
static string getToken()
This is the nonce used to stop CSRF/XSRF attacks. It's stored in the user session.
static void removeSessionToken(
$token)
Removes the token from the Session
static void setSessionToken(
$token)
Adds a token to the Session
static void throwXSRFException()
The error function that's thrown if the token is invalid.
static false|void validateRequest(
$silent)
This will validate a request has a good token.
Parameters
static boolean validateToken(
$xsrf)
This will determine if a token is valid.