Storage
class Storage (View source)
Confirmation Storage implemented on top of SilverStripe Session and Cookie
The storage keeps the information about the items requiring confirmation and their status (confirmed or not) in Session
User data, such as the original request parameters, may be kept in Cookie so that session storage cannot be exhausted easily by a malicious user
Constants
HASH_ALGO |
|
Properties
protected | Session | $session | ||
protected | string | $id | Identifier of the storage within the session |
Methods
Remove all the data from the storage Cleans up Session and Cookie related to this storage
Gets user input data (usually POST array), checks all the items in the storage has been confirmed and marks them as such.
This request should be performed on success Usually the original request which triggered the confirmation
Save the post data in the storage (browser Cookies by default) Returns the control checksum of the data preserved
Returns the URL registered by {self::setSuccessUrl} as a success redirect target
Returns the URL registered by {self::setFailureUrl} as a success redirect target
Returns the namespace of the storage in the session
Details
__construct(Session $session, string $id, bool $new = true)
No description
cleanup()
Remove all the data from the storage Cleans up Session and Cookie related to this storage
bool
confirm(array $data)
Gets user input data (usually POST array), checks all the items in the storage has been confirmed and marks them as such.
array
getHashedItems()
Returns the dictionary with the item hashes
The {\SilverStripe\Security\Confirmation\SilverStripe\Security\Confirmation\Storage::confirm} function expects exactly same dictionary as its argument for successful confirmation
Keys of the dictionary are salted item token hashes All values are the string "1" constantly
string
getTokenHash(Item $item)
Returns salted and hashed version of the item token
string
getCookieKey()
Returns the unique cookie key generated from the session salt
string
getCsrfToken()
Returns a unique token to use as a CSRF token
string
getSessionSalt()
Returns the salt generated for the current session
protected string
generateSalt()
Returns randomly generated salt
$this
putItem(Item $item)
Adds a new object to the list of confirmation items Replaces the item if there is already one with the same token
Item[]
getItems()
Returns the list of registered confirmation items
null|Item
getItem(string $key)
Look up an item by its token key
$this
setSuccessRequest(HTTPRequest $request)
This request should be performed on success Usually the original request which triggered the confirmation
protected string
setSuccessPostVars(array $data)
Save the post data in the storage (browser Cookies by default) Returns the control checksum of the data preserved
Keeps data in Cookies to avoid potential DDoS targeting session storage exhaustion
string
getHttpMethod()
Returns HTTP method of the success request
array|null
getSuccessPostVars()
Returns the list of success request post parameters
Returns null if no parameters was persisted initially or if the checksum is incorrect.
WARNING! If HTTP Method is POST and this function returns null, you MUST assume the Cookie parameter either has been forged or expired.
$this
setSuccessUrl(string $url)
The URL the form should redirect to on success
string
getSuccessUrl()
Returns the URL registered by {self::setSuccessUrl} as a success redirect target
$this
setFailureUrl(string $url)
The URL the form should redirect to on failure
string
getFailureUrl()
Returns the URL registered by {self::setFailureUrl} as a success redirect target
bool
check(array $items)
Check all items to be confirmed in the storage
protected string
getNamespace(string|null $key = null)
Returns the namespace of the storage in the session