API Documentation

Zend/Form/Element/Hash.php

Show: inherited
Table of Contents

Zend Framework

LICENSE

This source file is subject to the new BSD license that is bundled with this package in the file LICENSE.txt. It is also available through the world-wide-web at this URL: http://framework.zend.com/license/new-bsd If you did not receive a copy of the license and are unable to obtain it through the world-wide-web, please send an email to license@zend.com so we can send you a copy immediately.

Category
Zend  
Copyright
Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)  
License
New BSD License  
Package
Zend_Form  
Subpackage
Element  

\Zend_Form_Element_Hash

Package: Zend\Form\Element

CSRF form protection

Parent(s)
\Zend_Form_Element_Xhtml < \Zend_Form_Element
Category
Zend  
Copyright
Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)  
License
New BSD License  
Version
$Id: Hash.php 24594 2012-01-05 21:27:01Z matthew $  

Properties

Propertyprotectedmixed  $_hash= ''

Actual hash used.

Details
Type
mixed
Propertyprotectedstring  $_salt= ''salt''

Salt for CSRF token

Default value'salt'Details
Type
string
Propertyprotected\Zend_Session_Namespace  $_session= ''

Propertyprotectedint  $_timeout= '300'

TTL for CSRF token

Default value300Details
Type
int
Propertypublicstring  $helper= ''formHidden''

Use formHidden view helper by default

Default value'formHidden'Details
Type
string

Methods

methodpublic__construct( string|array|\Zend_Config $spec, array|\Zend_Config $options = null ) : void

Constructor

Creates session namespace for CSRF token, and adds validator for CSRF token.

Parameters
Name Type Description
$spec string|array|\Zend_Config
$options array|\Zend_Config
methodprotected_generateHash( ) : void

Generate CSRF token

Generates CSRF token and stores both in {@link $_hash} and element value.

methodpublicgetHash( ) : string

Retrieve CSRF token

If no CSRF token currently exists, generates one.

Returns
Type Description
string
methodpublicgetLabel( ) : null

Override getLabel() to always be empty

Returns
Type Description
null
methodpublicgetSalt( ) : string

Retrieve salt for CSRF token

Returns
Type Description
string
methodpublicgetSession( ) : \Zend_Session_Namespace

Get session object

Instantiate session object if none currently exists

Returns
Type Description
\Zend_Session_Namespace
methodpublicgetSessionName( ) : string

Get session namespace for CSRF token

Generates a session namespace based on salt, element name, and class.

Returns
Type Description
string
methodpublicgetTimeout( ) : int

Get CSRF session token timeout

Returns
Type Description
int
methodpublicinitCsrfToken( ) : void

Initialize CSRF token in session

methodpublicinitCsrfValidator( ) : \Zend_Form_Element_Hash

Initialize CSRF validator

Creates Session namespace, and initializes CSRF token in session. Additionally, adds validator for validating CSRF token.

Returns
Type Description
\Zend_Form_Element_Hash
methodpublicrender( \Zend_View_Interface $view = null ) : string

Render CSRF token in form

Parameters
Name Type Description
$view \Zend_View_Interface
Returns
Type Description
string
methodpublicsetSalt( string $salt ) : \Zend_Form_Element_Hash

Salt for CSRF token

Parameters
Name Type Description
$salt string
Returns
Type Description
\Zend_Form_Element_Hash
methodpublicsetSession( \Zend_Session_Namespace $session ) : \Zend_Form_Element_Hash

Set session object

Parameters
Name Type Description
$session \Zend_Session_Namespace
Returns
Type Description
\Zend_Form_Element_Hash
methodpublicsetTimeout( int $ttl ) : \Zend_Form_Element_Hash

Set timeout for CSRF session token

Parameters
Name Type Description
$ttl int
Returns
Type Description
\Zend_Form_Element_Hash
Documentation was generated by DocBlox 0.15.1.