public function signalReceived($signal)
{
$method = $this->formatSignalMethod($signal);
$secured = FALSE;
if (method_exists($this, $method)) {
$reflection = new Nette\Reflection\Method($this, $method);
$secured = $reflection->hasAnnotation('secured');
if ($secured) {
$params = array($this->getUniqueId());
if ($this->params) {
foreach ($reflection->getParameters() as $param) {
if ($param->isOptional()) {
continue;
}
if (isset($this->params[$param->name])) {
$params[$param->name] = $this->params[$param->name];
list($type, $isClass) = Nette\Application\UI\ComponentReflection::getParameterType($param);
Nette\Application\UI\ComponentReflection::convertType($params[$param->name], $type, $isClass);
}
}
}
if (!isset($this->params['_sec']) || $this->params['_sec'] !== $this->getPresenter()->getCsrfToken(get_class($this), $method, $params)) {
throw new Nette\Application\UI\BadSignalException("Invalid security token for signal '{$signal}' in class {$this->getReflection()->name}.");
}
}
}
parent::signalReceived($signal);
if ($secured && !$this->getPresenter()->isAjax()) {
throw new \LogicException("Secured signal '{$signal}' did not redirect. Possible csrf-token reveal by http referer header.");
}
}
