Overview
Comment:Utilisation de Form au lieu de Security pour faire du CSRF
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | dev
Files: files | file ages | folders
SHA1: a80706f2b7c9d0215947737c06abb5f37f0c20a0
User & Date: bohwaz on 2017-05-16 06:10:18
Other Links: branch diff | manifest | tags
Context
2017-05-16
06:11
Modernisation page mes_infos_securite check-in: c2c740f554 user: bohwaz tags: dev
06:10
Utilisation de Form au lieu de Security pour faire du CSRF check-in: a80706f2b7 user: bohwaz tags: dev
06:09
DB: Fix legacy compatibility functions check-in: f9c05b3c39 user: bohwaz tags: dev
Changes

Modified src/include/lib/Garradin/Utils.php from [fbd4916050] to [eae3812611].

1
2
3
4
5

6
7
8
9
10
11
12
<?php

namespace Garradin;

use KD2\Security;


class Utils
{
    static protected $country_list = null;

    static protected $skriv = null;






>







1
2
3
4
5
6
7
8
9
10
11
12
13
<?php

namespace Garradin;

use KD2\Security;
use KD2\Form;

class Utils
{
    static protected $country_list = null;

    static protected $skriv = null;

181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205

        if ($exit)
          exit();
    }

    static public function CSRF_create($key)
    {
        return Security::tokenGenerate($key);
    }

    static public function CSRF_check($key, $hash=null)
    {
        return Security::tokenCheck($key, $hash);
    }

    static public function CSRF_field_name($key)
    {
        return Security::tokenFieldName($key);
    }

    static public function post($key)
    {
        return isset($_POST[$key]) ? $_POST[$key] : '';
    }








|




|




|







182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206

        if ($exit)
          exit();
    }

    static public function CSRF_create($key)
    {
        return Form::tokenGenerate($key);
    }

    static public function CSRF_check($key, $hash=null)
    {
        return Form::tokenCheck($key, $hash);
    }

    static public function CSRF_field_name($key)
    {
        return Form::tokenFieldName($key);
    }

    static public function post($key)
    {
        return isset($_POST[$key]) ? $_POST[$key] : '';
    }

487
488
489
490
491
492
493
494
495
496
497
498
499
500
501

        $dir->close();
        return true;
    }

    static public function suggestPassword()
    {
        return \KD2\Security::getRandomPassphrase(ROOT . '/include/data/dictionary.fr');
    }

    static public function checkIBAN($iban)
    {
        $iban = substr($iban, 4) . substr($iban, 0, 4);
        $iban = str_replace(range('A', 'Z'), range(10, 35), $iban);
        return (bcmod($iban, 97) == 1);







|







488
489
490
491
492
493
494
495
496
497
498
499
500
501
502

        $dir->close();
        return true;
    }

    static public function suggestPassword()
    {
        return Security::getRandomPassphrase(ROOT . '/include/data/dictionary.fr');
    }

    static public function checkIBAN($iban)
    {
        $iban = substr($iban, 4) . substr($iban, 0, 4);
        $iban = str_replace(range('A', 'Z'), range(10, 35), $iban);
        return (bcmod($iban, 97) == 1);