Elgg\ActionsService::validateActionToken PHP Méthode

ActionsService Class Documentation Usage Examples Of Elgg\ActionsService::validateActionToken Afficher le fichier Open project: elgg/elgg

validateActionToken() public méthode

See also: validate_action_token
public validateActionToken ( $visible_errors = true, $token = null, $ts = null ) 
    public function validateActionToken($visible_errors = true, $token = null, $ts = null)
    {
        if (!$token) {
            $token = get_input('__elgg_token');
        }
        if (!$ts) {
            $ts = get_input('__elgg_ts');
        }
        $session_id = $this->session->getId();
        if ($token && $ts && $session_id) {
            if ($this->validateTokenOwnership($token, $ts)) {
                if ($this->validateTokenTimestamp($ts)) {
                    // We have already got this far, so unless anything
                    // else says something to the contrary we assume we're ok
                    $returnval = _elgg_services()->hooks->trigger('action_gatekeeper:permissions:check', 'all', array('token' => $token, 'time' => $ts), true);
                    if ($returnval) {
                        return true;
                    } else {
                        if ($visible_errors) {
                            register_error(_elgg_services()->translator->translate('actiongatekeeper:pluginprevents'));
                        }
                    }
                } else {
                    if ($visible_errors) {
                        // this is necessary because of #5133
                        if (elgg_is_xhr()) {
                            register_error(_elgg_services()->translator->translate('js:security:token_refresh_failed', array($this->config->getSiteUrl())));
                        } else {
                            register_error(_elgg_services()->translator->translate('actiongatekeeper:timeerror'));
                        }
                    }
                }
            } else {
                if ($visible_errors) {
                    // this is necessary because of #5133
                    if (elgg_is_xhr()) {
                        register_error(_elgg_services()->translator->translate('js:security:token_refresh_failed', array($this->config->getSiteUrl())));
                    } else {
                        register_error(_elgg_services()->translator->translate('actiongatekeeper:tokeninvalid'));
                    }
                }
            }
        } else {
            $req = _elgg_services()->request;
            $length = $req->server->get('CONTENT_LENGTH');
            $post_count = count($req->request);
            if ($length && $post_count < 1) {
                // The size of $_POST or uploaded file has exceed the size limit
                $error_msg = _elgg_services()->hooks->trigger('action_gatekeeper:upload_exceeded_msg', 'all', array('post_size' => $length, 'visible_errors' => $visible_errors), _elgg_services()->translator->translate('actiongatekeeper:uploadexceeded'));
            } else {
                $error_msg = _elgg_services()->translator->translate('actiongatekeeper:missingfields');
            }
            if ($visible_errors) {
                register_error($error_msg);
            }
        }
        return false;
    }

Usage Example

Exemple #1
0
 public function testCanNotValidateTokenAfterSessionExpiry()
 {
     $dt = new \DateTime();
     $this->actions->setCurrentTime($dt);
     $timeout = $this->actions->getActionTokenTimeout();
     $timestamp = $dt->getTimestamp();
     $token = $this->actions->generateActionToken($timestamp);
     _elgg_services()->session->invalidate();
     _elgg_services()->session->start();
     $this->assertFalse($this->actions->validateActionToken(false, $token, $timestamp));
 }
ActionsService
__construct
ajaxActionHook
ajaxForwardHook
execute
exists
gatekeeper
generateActionToken
getActionTokenTimeout
getAllActions
handleTokenRefreshRequest
register
unregister
validateActionToken
validateTokenOwnership
validateTokenTimestamp