Overview
Comment:Utilisation de Form au lieu de Security pour faire du CSRF
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | dev
Files: files | file ages | folders
SHA1: a80706f2b7c9d0215947737c06abb5f37f0c20a0
User & Date: bohwaz on 2017-05-16 06:10:18
Other Links: branch diff | manifest | tags
Context
2017-05-16
06:11
Modernisation page mes_infos_securite check-in: c2c740f554 user: bohwaz tags: dev
06:10
Utilisation de Form au lieu de Security pour faire du CSRF check-in: a80706f2b7 user: bohwaz tags: dev
06:09
DB: Fix legacy compatibility functions check-in: f9c05b3c39 user: bohwaz tags: dev
Changes

Modified src/include/lib/Garradin/Utils.php from [fbd4916050] to [eae3812611].

1
2
3
4
5

6
7
8
9
10
11
12
...
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
...
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
<?php

namespace Garradin;

use KD2\Security;


class Utils
{
    static protected $country_list = null;

    static protected $skriv = null;

................................................................................

        if ($exit)
          exit();
    }

    static public function CSRF_create($key)
    {
        return Security::tokenGenerate($key);
    }

    static public function CSRF_check($key, $hash=null)
    {
        return Security::tokenCheck($key, $hash);
    }

    static public function CSRF_field_name($key)
    {
        return Security::tokenFieldName($key);
    }

    static public function post($key)
    {
        return isset($_POST[$key]) ? $_POST[$key] : '';
    }

................................................................................

        $dir->close();
        return true;
    }

    static public function suggestPassword()
    {
        return \KD2\Security::getRandomPassphrase(ROOT . '/include/data/dictionary.fr');
    }

    static public function checkIBAN($iban)
    {
        $iban = substr($iban, 4) . substr($iban, 0, 4);
        $iban = str_replace(range('A', 'Z'), range(10, 35), $iban);
        return (bcmod($iban, 97) == 1);





>







 







|




|




|







 







|







1
2
3
4
5
6
7
8
9
10
11
12
13
...
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
...
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
<?php

namespace Garradin;

use KD2\Security;
use KD2\Form;

class Utils
{
    static protected $country_list = null;

    static protected $skriv = null;

................................................................................

        if ($exit)
          exit();
    }

    static public function CSRF_create($key)
    {
        return Form::tokenGenerate($key);
    }

    static public function CSRF_check($key, $hash=null)
    {
        return Form::tokenCheck($key, $hash);
    }

    static public function CSRF_field_name($key)
    {
        return Form::tokenFieldName($key);
    }

    static public function post($key)
    {
        return isset($_POST[$key]) ? $_POST[$key] : '';
    }

................................................................................

        $dir->close();
        return true;
    }

    static public function suggestPassword()
    {
        return Security::getRandomPassphrase(ROOT . '/include/data/dictionary.fr');
    }

    static public function checkIBAN($iban)
    {
        $iban = substr($iban, 4) . substr($iban, 0, 4);
        $iban = str_replace(range('A', 'Z'), range(10, 35), $iban);
        return (bcmod($iban, 97) == 1);