PageRenderTime 57ms CodeModel.GetById 21ms RepoModel.GetById 1ms app.codeStats 0ms

/library/Zend/Form/Element/Hash.php

https://bitbucket.org/nosen/jelly2
PHP | 259 lines | 96 code | 22 blank | 141 comment | 4 complexity | 4c602954f8df4a85af4db17bbb07b96b MD5 | raw file
  1. <?php
  2. /**
  3. * Zend Framework
  4. *
  5. * LICENSE
  6. *
  7. * This source file is subject to the new BSD license that is bundled
  8. * with this package in the file LICENSE.txt.
  9. * It is also available through the world-wide-web at this URL:
  10. * http://framework.zend.com/license/new-bsd
  11. * If you did not receive a copy of the license and are unable to
  12. * obtain it through the world-wide-web, please send an email
  13. * to license@zend.com so we can send you a copy immediately.
  14. *
  15. * @category Zend
  16. * @package Zend_Form
  17. * @subpackage Element
  18. * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
  19. * @license http://framework.zend.com/license/new-bsd New BSD License
  20. */
  21. /** Zend_Form_Element_Xhtml */
  22. require_once 'Zend/Form/Element/Xhtml.php';
  23. /**
  24. * CSRF form protection
  25. *
  26. * @category Zend
  27. * @package Zend_Form
  28. * @subpackage Element
  29. * @copyright Copyright (c) 2005-2011 Zend Technologies USA Inc. (http://www.zend.com)
  30. * @license http://framework.zend.com/license/new-bsd New BSD License
  31. * @version $Id: Hash.php 23775 2011-03-01 17:25:24Z ralph $
  32. */
  33. class Zend_Form_Element_Hash extends Zend_Form_Element_Xhtml
  34. {
  35. /**
  36. * Use formHidden view helper by default
  37. * @var string
  38. */
  39. public $helper = 'formHidden';
  40. /**
  41. * Actual hash used.
  42. *
  43. * @var mixed
  44. */
  45. protected $_hash;
  46. /**
  47. * Salt for CSRF token
  48. * @var string
  49. */
  50. protected $_salt = 'salt';
  51. /**
  52. * @var Zend_Session_Namespace
  53. */
  54. protected $_session;
  55. /**
  56. * TTL for CSRF token
  57. * @var int
  58. */
  59. protected $_timeout = 300;
  60. /**
  61. * Constructor
  62. *
  63. * Creates session namespace for CSRF token, and adds validator for CSRF
  64. * token.
  65. *
  66. * @param string|array|Zend_Config $spec
  67. * @param array|Zend_Config $options
  68. * @return void
  69. */
  70. public function __construct($spec, $options = null)
  71. {
  72. parent::__construct($spec, $options);
  73. $this->setAllowEmpty(false)
  74. ->setRequired(true)
  75. ->initCsrfValidator();
  76. }
  77. /**
  78. * Set session object
  79. *
  80. * @param Zend_Session_Namespace $session
  81. * @return Zend_Form_Element_Hash
  82. */
  83. public function setSession($session)
  84. {
  85. $this->_session = $session;
  86. return $this;
  87. }
  88. /**
  89. * Get session object
  90. *
  91. * Instantiate session object if none currently exists
  92. *
  93. * @return Zend_Session_Namespace
  94. */
  95. public function getSession()
  96. {
  97. if (null === $this->_session) {
  98. require_once 'Zend/Session/Namespace.php';
  99. $this->_session = new Zend_Session_Namespace($this->getSessionName());
  100. }
  101. return $this->_session;
  102. }
  103. /**
  104. * Initialize CSRF validator
  105. *
  106. * Creates Session namespace, and initializes CSRF token in session.
  107. * Additionally, adds validator for validating CSRF token.
  108. *
  109. * @return Zend_Form_Element_Hash
  110. */
  111. public function initCsrfValidator()
  112. {
  113. $session = $this->getSession();
  114. if (isset($session->hash)) {
  115. $rightHash = $session->hash;
  116. } else {
  117. $rightHash = null;
  118. }
  119. $this->addValidator('Identical', true, array($rightHash));
  120. return $this;
  121. }
  122. /**
  123. * Salt for CSRF token
  124. *
  125. * @param string $salt
  126. * @return Zend_Form_Element_Hash
  127. */
  128. public function setSalt($salt)
  129. {
  130. $this->_salt = (string) $salt;
  131. return $this;
  132. }
  133. /**
  134. * Retrieve salt for CSRF token
  135. *
  136. * @return string
  137. */
  138. public function getSalt()
  139. {
  140. return $this->_salt;
  141. }
  142. /**
  143. * Retrieve CSRF token
  144. *
  145. * If no CSRF token currently exists, generates one.
  146. *
  147. * @return string
  148. */
  149. public function getHash()
  150. {
  151. if (null === $this->_hash) {
  152. $this->_generateHash();
  153. }
  154. return $this->_hash;
  155. }
  156. /**
  157. * Get session namespace for CSRF token
  158. *
  159. * Generates a session namespace based on salt, element name, and class.
  160. *
  161. * @return string
  162. */
  163. public function getSessionName()
  164. {
  165. return __CLASS__ . '_' . $this->getSalt() . '_' . $this->getName();
  166. }
  167. /**
  168. * Set timeout for CSRF session token
  169. *
  170. * @param int $ttl
  171. * @return Zend_Form_Element_Hash
  172. */
  173. public function setTimeout($ttl)
  174. {
  175. $this->_timeout = (int) $ttl;
  176. return $this;
  177. }
  178. /**
  179. * Get CSRF session token timeout
  180. *
  181. * @return int
  182. */
  183. public function getTimeout()
  184. {
  185. return $this->_timeout;
  186. }
  187. /**
  188. * Override getLabel() to always be empty
  189. *
  190. * @return null
  191. */
  192. public function getLabel()
  193. {
  194. return null;
  195. }
  196. /**
  197. * Initialize CSRF token in session
  198. *
  199. * @return void
  200. */
  201. public function initCsrfToken()
  202. {
  203. $session = $this->getSession();
  204. $session->setExpirationHops(1, null, true);
  205. $session->setExpirationSeconds($this->getTimeout());
  206. $session->hash = $this->getHash();
  207. }
  208. /**
  209. * Render CSRF token in form
  210. *
  211. * @param Zend_View_Interface $view
  212. * @return string
  213. */
  214. public function render(Zend_View_Interface $view = null)
  215. {
  216. $this->initCsrfToken();
  217. return parent::render($view);
  218. }
  219. /**
  220. * Generate CSRF token
  221. *
  222. * Generates CSRF token and stores both in {@link $_hash} and element
  223. * value.
  224. *
  225. * @return void
  226. */
  227. protected function _generateHash()
  228. {
  229. $this->_hash = md5(
  230. mt_rand(1,1000000)
  231. . $this->getSalt()
  232. . $this->getName()
  233. . mt_rand(1,1000000)
  234. );
  235. $this->setValue($this->_hash);
  236. }
  237. }