Omeka_Form_Element_SessionCsrfToken
Package: Form
- class Omeka_Form_Element_SessionCsrfToken
extends Zend_Form_Element_Xhtml
CSRF form protection
This class is an adaptation of ZF’s Hash element that uses a per-session token.
- property Omeka_Form_Element_SessionCsrfToken::$helper
string
Use formHidden view helper by default
- property Omeka_Form_Element_SessionCsrfToken::$_disableLoadDefaultDecorators
protected bool
Should we disable loading the default decorators?
- property Omeka_Form_Element_SessionCsrfToken::$_token
protected mixed
Actual token used.
- property Omeka_Form_Element_SessionCsrfToken::$_session
protected Zend_Session_Namespace
- Omeka_Form_Element_SessionCsrfToken::init()
Constructor
Creates session namespace for CSRF token, and adds validator for CSRF token.
- Omeka_Form_Element_SessionCsrfToken::setSession($session)
Set session object
- Parameters:
$session –
- Returns:
self
- Omeka_Form_Element_SessionCsrfToken::getSession()
Get session object
Instantiate session object if none currently exists
- Returns:
Zend_Session_Namespace
- Omeka_Form_Element_SessionCsrfToken::getToken()
Retrieve CSRF token
- Returns:
string
- Omeka_Form_Element_SessionCsrfToken::render(Zend_View_Interface $view = null)
Render CSRF token in form
- Parameters:
$view (
Zend_View_Interface
) –- Returns:
string
- Omeka_Form_Element_SessionCsrfToken::getLabel()
Override getLabel() to always be empty
- Omeka_Form_Element_SessionCsrfToken::_initToken()
Set the CSRF token
If a session token exists, it is used. Otherwise, a new token is generated and saved in the session.
- Returns:
self
- Omeka_Form_Element_SessionCsrfToken::_initCsrfValidator()
Initialize CSRF validator
- Returns:
self
- Omeka_Form_Element_SessionCsrfToken::_generateToken()
Generate CSRF token