class Storage (View source)

Confirmation Storage implemented on top of SilverStripe Session and Cookie

The storage keeps the information about the items requiring confirmation and their status (confirmed or not) in Session

User data, such as the original request parameters, may be kept in Cookie so that session storage cannot be exhausted easily by a malicious user

Constants

HASH_ALGO

Properties

protected Session $session
protected string $id

Identifier of the storage within the session

Methods

public
__construct(Session $session, string $id, bool $new = true)

No description

public
cleanup()

Remove all the data from the storage Cleans up Session and Cookie related to this storage

public
bool
confirm(array $data)

Gets user input data (usually POST array), checks all the items in the storage has been confirmed and marks them as such.

public
array
getHashedItems()

Returns the dictionary with the item hashes

public
string
getTokenHash(Item $item)

Returns salted and hashed version of the item token

public
string
getCookieKey()

Returns the unique cookie key generated from the session salt

public
string
getCsrfToken()

Returns a unique token to use as a CSRF token

public
string
getSessionSalt()

Returns the salt generated for the current session

protected
string
generateSalt()

Returns randomly generated salt

public
$this
putItem(Item $item)

Adds a new object to the list of confirmation items Replaces the item if there is already one with the same token

public
Item[]
getItems()

Returns the list of registered confirmation items

public
null|Item
getItem(string $key)

Look up an item by its token key

public
$this
setSuccessRequest(HTTPRequest $request)

This request should be performed on success Usually the original request which triggered the confirmation

protected
string
setSuccessPostVars(array $data)

Save the post data in the storage (browser Cookies by default) Returns the control checksum of the data preserved

public
string
getHttpMethod()

Returns HTTP method of the success request

public
array|null
getSuccessPostVars()

Returns the list of success request post parameters

public
$this
setSuccessUrl(string $url)

The URL the form should redirect to on success

public
string
getSuccessUrl()

Returns the URL registered by {self::setSuccessUrl} as a success redirect target

public
$this
setFailureUrl(string $url)

The URL the form should redirect to on failure

public
string
getFailureUrl()

Returns the URL registered by {self::setFailureUrl} as a success redirect target

public
bool
check(array $items)

Check all items to be confirmed in the storage

protected
string
getNamespace(string|null $key = null)

Returns the namespace of the storage in the session

Details

__construct(Session $session, string $id, bool $new = true)

No description

Parameters

Session $session

active session

string $id

Unique storage identifier within the session

bool $new

Cleanup the storage

cleanup()

Remove all the data from the storage Cleans up Session and Cookie related to this storage

bool confirm(array $data)

Gets user input data (usually POST array), checks all the items in the storage has been confirmed and marks them as such.

Parameters

array $data

User input to look at for items. Usually POST array

Return Value

bool

whether all items have been confirmed

array getHashedItems()

Returns the dictionary with the item hashes

The {\SilverStripe\Security\Confirmation\SilverStripe\Security\Confirmation\Storage::confirm} function expects exactly same dictionary as its argument for successful confirmation

Keys of the dictionary are salted item token hashes All values are the string "1" constantly

Return Value

array

string getTokenHash(Item $item)

Returns salted and hashed version of the item token

Parameters

Item $item

Return Value

string

string getCookieKey()

Returns the unique cookie key generated from the session salt

Return Value

string

string getCsrfToken()

Returns a unique token to use as a CSRF token

Return Value

string

string getSessionSalt()

Returns the salt generated for the current session

Return Value

string

protected string generateSalt()

Returns randomly generated salt

Return Value

string

$this putItem(Item $item)

Adds a new object to the list of confirmation items Replaces the item if there is already one with the same token

Parameters

Item $item

Item requiring confirmation

Return Value

$this

Item[] getItems()

Returns the list of registered confirmation items

Return Value

Item[]

null|Item getItem(string $key)

Look up an item by its token key

Parameters

string $key

Item token key

Return Value

null|Item

$this setSuccessRequest(HTTPRequest $request)

This request should be performed on success Usually the original request which triggered the confirmation

Parameters

HTTPRequest $request

Return Value

$this

protected string setSuccessPostVars(array $data)

Save the post data in the storage (browser Cookies by default) Returns the control checksum of the data preserved

Keeps data in Cookies to avoid potential DDoS targeting session storage exhaustion

Parameters

array $data

Return Value

string checksum

string getHttpMethod()

Returns HTTP method of the success request

Return Value

string

array|null getSuccessPostVars()

Returns the list of success request post parameters

Returns null if no parameters was persisted initially or if the checksum is incorrect.

WARNING! If HTTP Method is POST and this function returns null, you MUST assume the Cookie parameter either has been forged or expired.

Return Value

array|null

$this setSuccessUrl(string $url)

The URL the form should redirect to on success

Parameters

string $url

Success URL

Return Value

$this

string getSuccessUrl()

Returns the URL registered by {self::setSuccessUrl} as a success redirect target

Return Value

string

$this setFailureUrl(string $url)

The URL the form should redirect to on failure

Parameters

string $url

Failure URL

Return Value

$this

string getFailureUrl()

Returns the URL registered by {self::setFailureUrl} as a success redirect target

Return Value

string

bool check(array $items)

Check all items to be confirmed in the storage

Parameters

array $items

List of items to be checked

Return Value

bool

protected string getNamespace(string|null $key = null)

Returns the namespace of the storage in the session

Parameters

string|null $key

Optional key within the storage

Return Value

string