diff options
Diffstat (limited to 'vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider')
3 files changed, 0 insertions, 184 deletions
diff --git a/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/CsrfProviderInterface.php b/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/CsrfProviderInterface.php deleted file mode 100644 index 7143b130..00000000 --- a/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/CsrfProviderInterface.php +++ /dev/null | |||
| @@ -1,49 +0,0 @@ | |||
| 1 | <?php | ||
| 2 | |||
| 3 | /* | ||
| 4 | * This file is part of the Symfony package. | ||
| 5 | * | ||
| 6 | * (c) Fabien Potencier <fabien@symfony.com> | ||
| 7 | * | ||
| 8 | * For the full copyright and license information, please view the LICENSE | ||
| 9 | * file that was distributed with this source code. | ||
| 10 | */ | ||
| 11 | |||
| 12 | namespace Symfony\Component\Form\Extension\Csrf\CsrfProvider; | ||
| 13 | |||
| 14 | /** | ||
| 15 | * Marks classes able to provide CSRF protection | ||
| 16 | * | ||
| 17 | * You can generate a CSRF token by using the method generateCsrfToken(). To | ||
| 18 | * this method you should pass a value that is unique to the page that should | ||
| 19 | * be secured against CSRF attacks. This value doesn't necessarily have to be | ||
| 20 | * secret. Implementations of this interface are responsible for adding more | ||
| 21 | * secret information. | ||
| 22 | * | ||
| 23 | * If you want to secure a form submission against CSRF attacks, you could | ||
| 24 | * supply an "intention" string. This way you make sure that the form can only | ||
| 25 | * be submitted to pages that are designed to handle the form, that is, that use | ||
| 26 | * the same intention string to validate the CSRF token with isCsrfTokenValid(). | ||
| 27 | * | ||
| 28 | * @author Bernhard Schussek <bschussek@gmail.com> | ||
| 29 | */ | ||
| 30 | interface CsrfProviderInterface | ||
| 31 | { | ||
| 32 | /** | ||
| 33 | * Generates a CSRF token for a page of your application. | ||
| 34 | * | ||
| 35 | * @param string $intention Some value that identifies the action intention | ||
| 36 | * (i.e. "authenticate"). Doesn't have to be a secret value. | ||
| 37 | */ | ||
| 38 | public function generateCsrfToken($intention); | ||
| 39 | |||
| 40 | /** | ||
| 41 | * Validates a CSRF token. | ||
| 42 | * | ||
| 43 | * @param string $intention The intention used when generating the CSRF token | ||
| 44 | * @param string $token The token supplied by the browser | ||
| 45 | * | ||
| 46 | * @return Boolean Whether the token supplied by the browser is correct | ||
| 47 | */ | ||
| 48 | public function isCsrfTokenValid($intention, $token); | ||
| 49 | } | ||
diff --git a/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php b/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php deleted file mode 100644 index 5354886c..00000000 --- a/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php +++ /dev/null | |||
| @@ -1,78 +0,0 @@ | |||
| 1 | <?php | ||
| 2 | |||
| 3 | /* | ||
| 4 | * This file is part of the Symfony package. | ||
| 5 | * | ||
| 6 | * (c) Fabien Potencier <fabien@symfony.com> | ||
| 7 | * | ||
| 8 | * For the full copyright and license information, please view the LICENSE | ||
| 9 | * file that was distributed with this source code. | ||
| 10 | */ | ||
| 11 | |||
| 12 | namespace Symfony\Component\Form\Extension\Csrf\CsrfProvider; | ||
| 13 | |||
| 14 | /** | ||
| 15 | * Default implementation of CsrfProviderInterface. | ||
| 16 | * | ||
| 17 | * This provider uses the session ID returned by session_id() as well as a | ||
| 18 | * user-defined secret value to secure the CSRF token. | ||
| 19 | * | ||
| 20 | * @author Bernhard Schussek <bschussek@gmail.com> | ||
| 21 | */ | ||
| 22 | class DefaultCsrfProvider implements CsrfProviderInterface | ||
| 23 | { | ||
| 24 | /** | ||
| 25 | * A secret value used for generating the CSRF token | ||
| 26 | * @var string | ||
| 27 | */ | ||
| 28 | protected $secret; | ||
| 29 | |||
| 30 | /** | ||
| 31 | * Initializes the provider with a secret value | ||
| 32 | * | ||
| 33 | * A recommended value for the secret is a generated value with at least | ||
| 34 | * 32 characters and mixed letters, digits and special characters. | ||
| 35 | * | ||
| 36 | * @param string $secret A secret value included in the CSRF token | ||
| 37 | */ | ||
| 38 | public function __construct($secret) | ||
| 39 | { | ||
| 40 | $this->secret = $secret; | ||
| 41 | } | ||
| 42 | |||
| 43 | /** | ||
| 44 | * {@inheritDoc} | ||
| 45 | */ | ||
| 46 | public function generateCsrfToken($intention) | ||
| 47 | { | ||
| 48 | return sha1($this->secret.$intention.$this->getSessionId()); | ||
| 49 | } | ||
| 50 | |||
| 51 | /** | ||
| 52 | * {@inheritDoc} | ||
| 53 | */ | ||
| 54 | public function isCsrfTokenValid($intention, $token) | ||
| 55 | { | ||
| 56 | return $token === $this->generateCsrfToken($intention); | ||
| 57 | } | ||
| 58 | |||
| 59 | /** | ||
| 60 | * Returns the ID of the user session. | ||
| 61 | * | ||
| 62 | * Automatically starts the session if necessary. | ||
| 63 | * | ||
| 64 | * @return string The session ID | ||
| 65 | */ | ||
| 66 | protected function getSessionId() | ||
| 67 | { | ||
| 68 | if (version_compare(PHP_VERSION, '5.4', '>=')) { | ||
| 69 | if (PHP_SESSION_NONE === session_status()) { | ||
| 70 | session_start(); | ||
| 71 | } | ||
| 72 | } elseif (!session_id()) { | ||
| 73 | session_start(); | ||
| 74 | } | ||
| 75 | |||
| 76 | return session_id(); | ||
| 77 | } | ||
| 78 | } | ||
diff --git a/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/SessionCsrfProvider.php b/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/SessionCsrfProvider.php deleted file mode 100644 index ea1fa585..00000000 --- a/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/SessionCsrfProvider.php +++ /dev/null | |||
| @@ -1,57 +0,0 @@ | |||
| 1 | <?php | ||
| 2 | |||
| 3 | /* | ||
| 4 | * This file is part of the Symfony package. | ||
| 5 | * | ||
| 6 | * (c) Fabien Potencier <fabien@symfony.com> | ||
| 7 | * | ||
| 8 | * For the full copyright and license information, please view the LICENSE | ||
| 9 | * file that was distributed with this source code. | ||
| 10 | */ | ||
| 11 | |||
| 12 | namespace Symfony\Component\Form\Extension\Csrf\CsrfProvider; | ||
| 13 | |||
| 14 | use Symfony\Component\HttpFoundation\Session\Session; | ||
| 15 | |||
| 16 | /** | ||
| 17 | * This provider uses a Symfony2 Session object to retrieve the user's | ||
| 18 | * session ID. | ||
| 19 | * | ||
| 20 | * @see DefaultCsrfProvider | ||
| 21 | * | ||
| 22 | * @author Bernhard Schussek <bschussek@gmail.com> | ||
| 23 | */ | ||
| 24 | class SessionCsrfProvider extends DefaultCsrfProvider | ||
| 25 | { | ||
| 26 | /** | ||
| 27 | * The user session from which the session ID is returned | ||
| 28 | * @var Session | ||
| 29 | */ | ||
| 30 | protected $session; | ||
| 31 | |||
| 32 | /** | ||
| 33 | * Initializes the provider with a Session object and a secret value. | ||
| 34 | * | ||
| 35 | * A recommended value for the secret is a generated value with at least | ||
| 36 | * 32 characters and mixed letters, digits and special characters. | ||
| 37 | * | ||
| 38 | * @param Session $session The user session | ||
| 39 | * @param string $secret A secret value included in the CSRF token | ||
| 40 | */ | ||
| 41 | public function __construct(Session $session, $secret) | ||
| 42 | { | ||
| 43 | parent::__construct($secret); | ||
| 44 | |||
| 45 | $this->session = $session; | ||
| 46 | } | ||
| 47 | |||
| 48 | /** | ||
| 49 | * {@inheritdoc} | ||
| 50 | */ | ||
| 51 | protected function getSessionId() | ||
| 52 | { | ||
| 53 | $this->session->start(); | ||
| 54 | |||
| 55 | return $this->session->getId(); | ||
| 56 | } | ||
| 57 | } | ||