Omeka_Form_Element_SessionCsrfToken

Package: Form

class Omeka_Form_Element_SessionCsrfToken

extends Zend_Form_Element_Xhtml

CSRF form protection

This class is an adaptation of ZF’s Hash element that uses a per-session token.

property Omeka_Form_Element_SessionCsrfToken::$helper

string

Use formHidden view helper by default

property Omeka_Form_Element_SessionCsrfToken::$_disableLoadDefaultDecorators

protected bool

Should we disable loading the default decorators?

property Omeka_Form_Element_SessionCsrfToken::$_token

protected mixed

Actual token used.

property Omeka_Form_Element_SessionCsrfToken::$_session

protected Zend_Session_Namespace

Omeka_Form_Element_SessionCsrfToken::init()

Constructor

Creates session namespace for CSRF token, and adds validator for CSRF token.

Omeka_Form_Element_SessionCsrfToken::setSession($session)

Set session object

Parameters:
  • $session
Returns:

self

Omeka_Form_Element_SessionCsrfToken::getSession()

Get session object

Instantiate session object if none currently exists

Returns:Zend_Session_Namespace
Omeka_Form_Element_SessionCsrfToken::getToken()

Retrieve CSRF token

Returns:string
Omeka_Form_Element_SessionCsrfToken::render(Zend_View_Interface $view = null)

Render CSRF token in form

Parameters:
  • $view (Zend_View_Interface) –
Returns:

string

Omeka_Form_Element_SessionCsrfToken::getLabel()

Override getLabel() to always be empty

Omeka_Form_Element_SessionCsrfToken::_initToken()

Set the CSRF token

If a session token exists, it is used. Otherwise, a new token is generated and saved in the session.

Returns:self
Omeka_Form_Element_SessionCsrfToken::_initCsrfValidator()

Initialize CSRF validator

Returns:self
Omeka_Form_Element_SessionCsrfToken::_generateToken()

Generate CSRF token