Security
in package
implements
SecurityInterface
Class Security
Provides methods that help protect your site against Cross-Site Request Forgery attacks.
Interfaces, Classes and Traits
- SecurityInterface
- Expected behavior of a Security.
Table of Contents
- $cookie : Cookie
- The CSRF Cookie instance.
- $cookieName : string
- CSRF Cookie Name
- $expires : int
- CSRF Expires
- $hash : string|null
- CSRF Hash
- $headerName : string
- CSRF Header Name
- $redirect : bool
- CSRF Redirect
- $regenerate : bool
- CSRF Regenerate
- $samesite : string
- CSRF SameSite
- $tokenName : string
- CSRF Token Name
- __construct() : mixed
- Constructor.
- CSRFVerify() : $this|false
- CSRF Verify
- getCookieName() : string
- Returns the CSRF Cookie Name.
- getCSRFHash() : string|null
- Returns the CSRF Hash.
- getCSRFTokenName() : string
- Returns the CSRF Token Name.
- getHash() : string|null
- Returns the CSRF Hash.
- getHeaderName() : string
- Returns the CSRF Header Name.
- getTokenName() : string
- Returns the CSRF Token Name.
- isExpired() : bool
- Check if CSRF cookie is expired.
- sanitizeFilename() : string
- Sanitize Filename
- shouldRedirect() : bool
- Check if request should be redirect on failure.
- verify() : $this|false
- CSRF Verify
- doSendCookie() : void
- Actual dispatching of cookies.
- generateHash() : string
- Generates the CSRF Hash.
- sendCookie() : Security|false
- CSRF Send Cookie
Properties
$cookie
The CSRF Cookie instance.
protected
Cookie
$cookie
$cookieName
CSRF Cookie Name
protected
string
$cookieName
= 'csrf_cookie_name'
Cookie name for Cross Site Request Forgery protection cookie.
$expires
CSRF Expires
protected
int
$expires
= 7200
Expiration time for Cross Site Request Forgery protection cookie.
Defaults to two hours (in seconds).
Tags
$hash
CSRF Hash
protected
string|null
$hash
= null
Random hash for Cross Site Request Forgery protection cookie
$headerName
CSRF Header Name
protected
string
$headerName
= 'X-CSRF-TOKEN'
Token name for Cross Site Request Forgery protection cookie.
$redirect
CSRF Redirect
protected
bool
$redirect
= true
Redirect to previous page with error on failure.
$regenerate
CSRF Regenerate
protected
bool
$regenerate
= true
Regenerate CSRF Token on every request.
$samesite
CSRF SameSite
protected
string
$samesite
= CodeIgniterCookieCookie::SAMESITE_LAX
Setting for CSRF SameSite cookie token.
Allowed values are: None - Lax - Strict - ''.
Defaults to Lax as recommended in this link:
Tags
$tokenName
CSRF Token Name
protected
string
$tokenName
= 'csrf_token_name'
Token name for Cross Site Request Forgery protection cookie.
Methods
__construct()
Constructor.
public
__construct(App $config) : mixed
Stores our configuration and fires off the init() method to setup initial state.
Parameters
- $config : App
Return values
mixed —CSRFVerify()
CSRF Verify
public
CSRFVerify(RequestInterface $request) : $this|false
Parameters
- $request : RequestInterface
Tags
Return values
$this|false —getCookieName()
Returns the CSRF Cookie Name.
public
getCookieName() : string
Return values
string —getCSRFHash()
Returns the CSRF Hash.
public
getCSRFHash() : string|null
Tags
Return values
string|null —getCSRFTokenName()
Returns the CSRF Token Name.
public
getCSRFTokenName() : string
Tags
Return values
string —getHash()
Returns the CSRF Hash.
public
getHash() : string|null
Return values
string|null —getHeaderName()
Returns the CSRF Header Name.
public
getHeaderName() : string
Return values
string —getTokenName()
Returns the CSRF Token Name.
public
getTokenName() : string
Return values
string —isExpired()
Check if CSRF cookie is expired.
public
isExpired() : bool
Tags
Return values
bool —sanitizeFilename()
Sanitize Filename
public
sanitizeFilename(string $str[, bool $relativePath = false ]) : string
Tries to sanitize filenames in order to prevent directory traversal attempts and other security threats, which is particularly useful for files that were supplied via user input.
If it is acceptable for the user input to include relative paths, e.g. file/in/some/approved/folder.txt, you can set the second optional parameter, $relative_path to TRUE.
Parameters
- $str : string
-
Input file name
- $relativePath : bool = false
-
Whether to preserve paths
Return values
string —shouldRedirect()
Check if request should be redirect on failure.
public
shouldRedirect() : bool
Return values
bool —verify()
CSRF Verify
public
verify(RequestInterface $request) : $this|false
Parameters
- $request : RequestInterface
Tags
Return values
$this|false —doSendCookie()
Actual dispatching of cookies.
protected
doSendCookie() : void
Extracted for this to be unit tested.
Tags
Return values
void —generateHash()
Generates the CSRF Hash.
protected
generateHash() : string
Return values
string —sendCookie()
CSRF Send Cookie
protected
sendCookie(RequestInterface $request) : Security|false
Parameters
- $request : RequestInterface