Storage
class Storage (View source)
Confirmation Storage implemented on top of SilverStripe Session and Cookie
The storage keeps the information about the items requiring confirmation and their status (confirmed or not) in Session
User data, such as the original request parameters, may be kept in Cookie so that session storage cannot be exhausted easily by a malicious user
Constants
| HASH_ALGO |
|
Methods
Remove all the data from the storage Cleans up Session and Cookie related to this storage
Gets user input data (usually POST array), checks all the items in the storage has been confirmed and marks them as such.
Returns the dictionary with the item hashes
Returns the unique cookie key generated from the session salt
Returns a unique token to use as a CSRF token
Returns the salt generated for the current session
This request should be performed on success Usually the original request which triggered the confirmation
Returns HTTP method of the success request
Returns the list of success request post parameters
The URL the form should redirect to on success
Returns the URL registered by {see self::setSuccessUrl} as a success redirect target
The URL the form should redirect to on failure
Returns the URL registered by {see self::setFailureUrl} as a success redirect target
Check all items to be confirmed in the storage
Details
__construct(Session $session, string $id, bool $new = true)
cleanup()
Remove all the data from the storage Cleans up Session and Cookie related to this storage
bool
confirm(array $data)
Gets user input data (usually POST array), checks all the items in the storage has been confirmed and marks them as such.
array
getHashedItems()
Returns the dictionary with the item hashes
The {see \SilverStripe\Security\Confirmation\SilverStripe\Security\Confirmation\Storage::confirm} function expects exactly same dictionary as its argument for successful confirmation
Keys of the dictionary are salted item token hashes All values are the string "1" constantly
string
getTokenHash(Item $item)
Returns salted and hashed version of the item token
string
getCookieKey()
Returns the unique cookie key generated from the session salt
string
getCsrfToken()
Returns a unique token to use as a CSRF token
string
getSessionSalt()
Returns the salt generated for the current session
$this
putItem(Item $item)
Adds a new object to the list of confirmation items Replaces the item if there is already one with the same token
Item[]
getItems()
Returns the list of registered confirmation items
null|Item
getItem(string $key)
Look up an item by its token key
$this
setSuccessRequest(HTTPRequest $request)
This request should be performed on success Usually the original request which triggered the confirmation
string
getHttpMethod()
Returns HTTP method of the success request
array|null
getSuccessPostVars()
Returns the list of success request post parameters
Returns null if no parameters was persisted initially or if the checksum is incorrect.
WARNING! If HTTP Method is POST and this function returns null, you MUST assume the Cookie parameter either has been forged or expired.
setSuccessUrl(string $url)
The URL the form should redirect to on success
string
getSuccessUrl()
Returns the URL registered by {see self::setSuccessUrl} as a success redirect target
setFailureUrl(string $url)
The URL the form should redirect to on failure
string
getFailureUrl()
Returns the URL registered by {see self::setFailureUrl} as a success redirect target
bool
check(array $items)
Check all items to be confirmed in the storage