AbstractFormProtection uses BlockSerializationTrait

AbstractYes

This class provides protection against cross-site request forgery (XSRF/CSRF) for forms.

For documentation on how to use this class, please see the documentation of the corresponding subclasses

Table of Contents

Properties

$sessionToken  : string|null
The session token which is used to be hashed during token generation.
$validationFailedCallback  : Closure|null

Methods

__wakeup()  : mixed
Deny object deserialization.
clean()  : mixed
Deletes the session token and persists the (empty) token.
generateToken()  : string
Generates a token for a form by hashing the given parameters with the secret session token.
persistSessionToken()  : mixed
Saves the session token so that it can be used by a later incarnation of this class.
validateToken()  : bool
Checks whether the token $tokenId is valid in the form $formName with $formInstanceName.
createValidationErrorMessage()  : mixed
Creates or displays an error message telling the user that the submitted form token is invalid.
generateSessionToken()  : string
Generates the random token which is used in the hash for the form tokens.
getSessionToken()  : string
retrieveSessionToken()  : string
Retrieves the session token.

Properties

$sessionToken

The session token which is used to be hashed during token generation.

protected string|null $sessionToken

$validationFailedCallback

protected Closure|null $validationFailedCallback

Methods

__wakeup()

Deny object deserialization.

public __wakeup() : mixed

clean()

Deletes the session token and persists the (empty) token.

public clean() : mixed

This function is intended to be called when a user logs on or off.

generateToken()

Generates a token for a form by hashing the given parameters with the secret session token.

public generateToken(string $formName[, string $action = '' ][, string $formInstanceName = '' ]) : string

Calling this function two times with the same parameters will create the same valid token during one user session.

Parameters
$formName : string
$action : string = ''
$formInstanceName : string = ''
Tags
throws
InvalidArgumentException
Return values
string

the 32-character hex ID of the generated token

persistSessionToken()

Saves the session token so that it can be used by a later incarnation of this class.

public abstract persistSessionToken() : mixed
Internal

validateToken()

Checks whether the token $tokenId is valid in the form $formName with $formInstanceName.

public validateToken(string $tokenId, string $formName[, string $action = '' ][, string $formInstanceName = '' ]) : bool
Parameters
$tokenId : string
$formName : string
$action : string = ''
$formInstanceName : string = ''
Return values
bool

createValidationErrorMessage()

Creates or displays an error message telling the user that the submitted form token is invalid.

protected createValidationErrorMessage() : mixed

generateSessionToken()

Generates the random token which is used in the hash for the form tokens.

protected generateSessionToken() : string
Return values
string

getSessionToken()

protected getSessionToken() : string
Return values
string

retrieveSessionToken()

Retrieves the session token.

protected abstract retrieveSessionToken() : string
Return values
string

        
On this page

Search results