From 4f5b44bd3bd490309eb2ba7b44df4769816ba729 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= <nicolas.loeuillet@gmail.com>
Date: Sat, 3 Aug 2013 19:26:54 +0200
Subject: twig implementation

---
 .../Csrf/CsrfProvider/DefaultCsrfProvider.php      | 78 ++++++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php

(limited to 'vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php')

diff --git a/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php b/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php
new file mode 100644
index 00000000..5354886c
--- /dev/null
+++ b/vendor/symfony/form/Symfony/Component/Form/Extension/Csrf/CsrfProvider/DefaultCsrfProvider.php
@@ -0,0 +1,78 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Form\Extension\Csrf\CsrfProvider;
+
+/**
+ * Default implementation of CsrfProviderInterface.
+ *
+ * This provider uses the session ID returned by session_id() as well as a
+ * user-defined secret value to secure the CSRF token.
+ *
+ * @author Bernhard Schussek <bschussek@gmail.com>
+ */
+class DefaultCsrfProvider implements CsrfProviderInterface
+{
+    /**
+     * A secret value used for generating the CSRF token
+     * @var string
+     */
+    protected $secret;
+
+    /**
+     * Initializes the provider with a secret value
+     *
+     * A recommended value for the secret is a generated value with at least
+     * 32 characters and mixed letters, digits and special characters.
+     *
+     * @param string $secret A secret value included in the CSRF token
+     */
+    public function __construct($secret)
+    {
+        $this->secret = $secret;
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function generateCsrfToken($intention)
+    {
+        return sha1($this->secret.$intention.$this->getSessionId());
+    }
+
+    /**
+     * {@inheritDoc}
+     */
+    public function isCsrfTokenValid($intention, $token)
+    {
+        return $token === $this->generateCsrfToken($intention);
+    }
+
+    /**
+     * Returns the ID of the user session.
+     *
+     * Automatically starts the session if necessary.
+     *
+     * @return string The session ID
+     */
+    protected function getSessionId()
+    {
+        if (version_compare(PHP_VERSION, '5.4', '>=')) {
+            if (PHP_SESSION_NONE === session_status()) {
+                session_start();
+            }
+        } elseif (!session_id()) {
+            session_start();
+        }
+
+        return session_id();
+    }
+}
-- 
cgit v1.2.3