Overview
Comment: | Utilisation de KD2\Security pour les tokens CSRF |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | dev |
Files: | files | file ages | folders |
SHA1: |
6fa02716f8d331c971c14f6271cb03b4 |
User & Date: | bohwaz on 2017-05-11 06:11:30 |
Other Links: | branch diff | manifest | tags |
Context
2017-05-11
| ||
06:12 | Corrections et utilisation concrète de la session permanente check-in: e744ecebef user: bohwaz tags: dev | |
06:11 | Utilisation de KD2\Security pour les tokens CSRF check-in: 6fa02716f8 user: bohwaz tags: dev | |
05:14 | Garradin a désormais besoin d'un secret unique pour chaque installation check-in: f2346dbb66 user: bohwaz tags: dev | |
Changes
Modified src/include/lib/Garradin/Template.php from [bdc7529178] to [58ab6469f8].
1 2 3 4 5 6 7 8 9 10 | <?php namespace Garradin; class Template extends \KD2\Smartyer { static protected $_instance = null; static public function getInstance() { | > > | 1 2 3 4 5 6 7 8 9 10 11 12 | <?php namespace Garradin; use KD2\Security; class Template extends \KD2\Smartyer { static protected $_instance = null; static public function getInstance() { |
︙ | ︙ | |||
30 31 32 33 34 35 36 | } } $tpl = Template::getInstance(); function tpl_csrf_field($params) { | < | < < | 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 | } } $tpl = Template::getInstance(); function tpl_csrf_field($params) { return Security::tokenHTML($params['key']); } function tpl_form_field($params) { if (!isset($params['name'])) throw new \BadFunctionCallException('name argument is mandatory'); |
︙ | ︙ |
Modified src/include/lib/Garradin/Utils.php from [51958d7a51] to [fbd4916050].
1 2 3 4 5 6 7 8 9 10 11 | <?php namespace Garradin; class Utils { static protected $country_list = null; static protected $skriv = null; static private $french_date_names = [ | > > | 1 2 3 4 5 6 7 8 9 10 11 12 13 | <?php namespace Garradin; use KD2\Security; class Utils { static protected $country_list = null; static protected $skriv = null; static private $french_date_names = [ |
︙ | ︙ | |||
177 178 179 180 181 182 183 | header("Location: " . $destination); if ($exit) exit(); } | < < < < < < < < < < < | < < < | < < < < < < < < < < < < < < < < < < < < < < < < | | | 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 | header("Location: " . $destination); if ($exit) exit(); } static public function CSRF_create($key) { return Security::tokenGenerate($key); } static public function CSRF_check($key, $hash=null) { return Security::tokenCheck($key, $hash); } static public function CSRF_field_name($key) { return Security::tokenFieldName($key); } static public function post($key) { return isset($_POST[$key]) ? $_POST[$key] : ''; } |
︙ | ︙ | |||
713 714 715 716 717 718 719 | arsort($delims); reset($delims); rewind($fp); return key($delims); } | | < | 677 678 679 680 681 682 683 684 | arsort($delims); reset($delims); rewind($fp); return key($delims); } } |