diff -r 000000000000 -r 4eba9c11703f web/Zend/Form/Element/Hash.php --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/web/Zend/Form/Element/Hash.php Mon Dec 13 18:29:26 2010 +0100 @@ -0,0 +1,259 @@ +setAllowEmpty(false) + ->setRequired(true) + ->initCsrfValidator(); + } + + /** + * Set session object + * + * @param Zend_Session_Namespace $session + * @return Zend_Form_Element_Hash + */ + public function setSession($session) + { + $this->_session = $session; + return $this; + } + + /** + * Get session object + * + * Instantiate session object if none currently exists + * + * @return Zend_Session_Namespace + */ + public function getSession() + { + if (null === $this->_session) { + require_once 'Zend/Session/Namespace.php'; + $this->_session = new Zend_Session_Namespace($this->getSessionName()); + } + return $this->_session; + } + + /** + * Initialize CSRF validator + * + * Creates Session namespace, and initializes CSRF token in session. + * Additionally, adds validator for validating CSRF token. + * + * @return Zend_Form_Element_Hash + */ + public function initCsrfValidator() + { + $session = $this->getSession(); + if (isset($session->hash)) { + $rightHash = $session->hash; + } else { + $rightHash = null; + } + + $this->addValidator('Identical', true, array($rightHash)); + return $this; + } + + /** + * Salt for CSRF token + * + * @param string $salt + * @return Zend_Form_Element_Hash + */ + public function setSalt($salt) + { + $this->_salt = (string) $salt; + return $this; + } + + /** + * Retrieve salt for CSRF token + * + * @return string + */ + public function getSalt() + { + return $this->_salt; + } + + /** + * Retrieve CSRF token + * + * If no CSRF token currently exists, generates one. + * + * @return string + */ + public function getHash() + { + if (null === $this->_hash) { + $this->_generateHash(); + } + return $this->_hash; + } + + /** + * Get session namespace for CSRF token + * + * Generates a session namespace based on salt, element name, and class. + * + * @return string + */ + public function getSessionName() + { + return __CLASS__ . '_' . $this->getSalt() . '_' . $this->getName(); + } + + /** + * Set timeout for CSRF session token + * + * @param int $ttl + * @return Zend_Form_Element_Hash + */ + public function setTimeout($ttl) + { + $this->_timeout = (int) $ttl; + return $this; + } + + /** + * Get CSRF session token timeout + * + * @return int + */ + public function getTimeout() + { + return $this->_timeout; + } + + /** + * Override getLabel() to always be empty + * + * @return null + */ + public function getLabel() + { + return null; + } + + /** + * Initialize CSRF token in session + * + * @return void + */ + public function initCsrfToken() + { + $session = $this->getSession(); + $session->setExpirationHops(1, null, true); + $session->setExpirationSeconds($this->getTimeout()); + $session->hash = $this->getHash(); + } + + /** + * Render CSRF token in form + * + * @param Zend_View_Interface $view + * @return string + */ + public function render(Zend_View_Interface $view = null) + { + $this->initCsrfToken(); + return parent::render($view); + } + + /** + * Generate CSRF token + * + * Generates CSRF token and stores both in {@link $_hash} and element + * value. + * + * @return void + */ + protected function _generateHash() + { + $this->_hash = md5( + mt_rand(1,1000000) + . $this->getSalt() + . $this->getName() + . mt_rand(1,1000000) + ); + $this->setValue($this->_hash); + } +}