Source of file DefaultCsrfProvider.php
Size: 1,934 Bytes - Last Modified: 2013-07-17T08:22:21+02:00
/home/theseer/Downloads/Symfony/vendor/symfony/symfony/src/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879 | <?php /* * This file is part of the Symfony package. * * (c) Fabien Potencier <fabien@symfony.com> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Form\Extension\Csrf\CsrfProvider; /** * Default implementation of CsrfProviderInterface. * * This provider uses the session ID returned by session_id() as well as a * user-defined secret value to secure the CSRF token. * * @author Bernhard Schussek <bschussek@gmail.com> */ class DefaultCsrfProvider implements CsrfProviderInterface { /** * A secret value used for generating the CSRF token * @var string */ protected $secret; /** * Initializes the provider with a secret value * * A recommended value for the secret is a generated value with at least * 32 characters and mixed letters, digits and special characters. * * @param string $secret A secret value included in the CSRF token */ public function __construct($secret) { $this->secret = $secret; } /** * {@inheritDoc} */ public function generateCsrfToken($intention) { return sha1($this->secret.$intention.$this->getSessionId()); } /** * {@inheritDoc} */ public function isCsrfTokenValid($intention, $token) { return $token === $this->generateCsrfToken($intention); } /** * Returns the ID of the user session. * * Automatically starts the session if necessary. * * @return string The session ID */ protected function getSessionId() { if (version_compare(PHP_VERSION, '5.4', '>=')) { if (PHP_SESSION_NONE === session_status()) { session_start(); } } elseif (!session_id()) { session_start(); } return session_id(); } } |