Overview
Comment:Utilisation de Form au lieu de Security pour faire du CSRF
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | dev
Files: files | file ages | folders
SHA1: a80706f2b7c9d0215947737c06abb5f37f0c20a0
User & Date: bohwaz on 2017-05-16 06:10:18
Other Links: branch diff | manifest | tags
Context
2017-05-16
06:11
Modernisation page mes_infos_securite check-in: c2c740f554 user: bohwaz tags: dev
06:10
Utilisation de Form au lieu de Security pour faire du CSRF check-in: a80706f2b7 user: bohwaz tags: dev
06:09
DB: Fix legacy compatibility functions check-in: f9c05b3c39 user: bohwaz tags: dev
Changes

Modified src/include/lib/Garradin/Utils.php from [fbd4916050] to [eae3812611].

1
2
3
4
5

6
7
8
9
10
11
12
1
2
3
4
5
6
7
8
9
10
11
12
13





+







<?php

namespace Garradin;

use KD2\Security;
use KD2\Form;

class Utils
{
    static protected $country_list = null;

    static protected $skriv = null;

181
182
183
184
185
186
187
188

189
190
191
192
193

194
195
196
197
198

199
200
201
202
203
204
205
182
183
184
185
186
187
188

189
190
191
192
193

194
195
196
197
198

199
200
201
202
203
204
205
206







-
+




-
+




-
+








        if ($exit)
          exit();
    }

    static public function CSRF_create($key)
    {
        return Security::tokenGenerate($key);
        return Form::tokenGenerate($key);
    }

    static public function CSRF_check($key, $hash=null)
    {
        return Security::tokenCheck($key, $hash);
        return Form::tokenCheck($key, $hash);
    }

    static public function CSRF_field_name($key)
    {
        return Security::tokenFieldName($key);
        return Form::tokenFieldName($key);
    }

    static public function post($key)
    {
        return isset($_POST[$key]) ? $_POST[$key] : '';
    }

487
488
489
490
491
492
493
494

495
496
497
498
499
500
501
488
489
490
491
492
493
494

495
496
497
498
499
500
501
502







-
+








        $dir->close();
        return true;
    }

    static public function suggestPassword()
    {
        return \KD2\Security::getRandomPassphrase(ROOT . '/include/data/dictionary.fr');
        return Security::getRandomPassphrase(ROOT . '/include/data/dictionary.fr');
    }

    static public function checkIBAN($iban)
    {
        $iban = substr($iban, 4) . substr($iban, 0, 4);
        $iban = str_replace(range('A', 'Z'), range(10, 35), $iban);
        return (bcmod($iban, 97) == 1);