AbstractFormProtection uses BlockSerializationTrait
This class provides protection against cross-site request forgery (XSRF/CSRF) for forms.
For documentation on how to use this class, please see the documentation of the corresponding subclasses
Table of Contents
Properties
- $sessionToken : string|null
- The session token which is used to be hashed during token generation.
- $validationFailedCallback : Closure|null
Methods
- __wakeup() : mixed
- Deny object deserialization.
- clean() : mixed
- Deletes the session token and persists the (empty) token.
- generateToken() : string
- Generates a token for a form by hashing the given parameters with the secret session token.
- persistSessionToken() : mixed
- Saves the session token so that it can be used by a later incarnation of this class.
- validateToken() : bool
- Checks whether the token $tokenId is valid in the form $formName with $formInstanceName.
- createValidationErrorMessage() : mixed
- Creates or displays an error message telling the user that the submitted form token is invalid.
- generateSessionToken() : string
- Generates the random token which is used in the hash for the form tokens.
- getSessionToken() : string
- retrieveSessionToken() : string
- Retrieves the session token.
Properties
$sessionToken
The session token which is used to be hashed during token generation.
protected
string|null
$sessionToken
$validationFailedCallback
protected
Closure|null
$validationFailedCallback
Methods
__wakeup()
Deny object deserialization.
public
__wakeup() : mixed
clean()
Deletes the session token and persists the (empty) token.
public
clean() : mixed
This function is intended to be called when a user logs on or off.
generateToken()
Generates a token for a form by hashing the given parameters with the secret session token.
public
generateToken(string $formName[, string $action = '' ][, string $formInstanceName = '' ]) : string
Calling this function two times with the same parameters will create the same valid token during one user session.
Parameters
- $formName : string
- $action : string = ''
- $formInstanceName : string = ''
Tags
Return values
string —the 32-character hex ID of the generated token
persistSessionToken()
Saves the session token so that it can be used by a later incarnation of this class.
public
abstract persistSessionToken() : mixed
validateToken()
Checks whether the token $tokenId is valid in the form $formName with $formInstanceName.
public
validateToken(string $tokenId, string $formName[, string $action = '' ][, string $formInstanceName = '' ]) : bool
Parameters
- $tokenId : string
- $formName : string
- $action : string = ''
- $formInstanceName : string = ''
Return values
boolcreateValidationErrorMessage()
Creates or displays an error message telling the user that the submitted form token is invalid.
protected
createValidationErrorMessage() : mixed
generateSessionToken()
Generates the random token which is used in the hash for the form tokens.
protected
generateSessionToken() : string
Return values
stringgetSessionToken()
protected
getSessionToken() : string
Return values
stringretrieveSessionToken()
Retrieves the session token.
protected
abstract retrieveSessionToken() : string