Ric*_*nop 1 php zend-framework
所以这是我用来创建表单对象的方法:
protected function _getForm($form, $action = null)
{
require_once(APPLICATION_PATH.'/modules/'.$this->_request->getModuleName().'/forms/'.$form.'.php');
$form = new $form();
if (null !== $action) {
$form->setAction($action);
}
$csrfNamespace = new Zend_Session_Namespace('Tokens');
if (false === isset($csrfNamespace->csrfToken)) {
$csrfNamespace->csrfToken = $this->_helper->randomString();
}
$csrfToken = new Zend_Form_Element_Hidden('csrf_token');
$csrfToken->setValue($csrfNamespace->csrfToken)
->addValidator(new My_Validator_CSRF())
->removeDecorator('HtmlTag')
->removeDecorator('Label');
$form->addElement($csrfToken);
return $form;
}
如您所见,我正在创建一个随机字符串标记并向表单添加My_Validator_CSRF()验证器.这是验证器:
<?php
class My_Validator_CSRF extends Zend_Validate_Abstract
{
const TOKEN_NOT_SET = 'notSet';
const TOKEN_INVALID = 'invalid';
protected $_messageTemplates = array(
self::TOKEN_NOT_SET => "'%value%' cannot be compared to anything, token has not been generated",
self::TOKEN_INVALID => "'%value%' is not valid token"
);
public function isValid($value)
{
$this->_setValue($value);
$isValid = true;
$csrfNamespace = new Zend_Session_Namespace('Tokens');
if (false === isset($csrfNamespace->csrfToken)) {
$this->_error(self::TOKEN_NOT_SET);
$isValid = false;
}
if ($csrfNamespace->csrfToken !== $value) {
$this->_error(self::TOKEN_INVALID);
$isValid = false;
}
return $isValid;
}
}
这在Firefox和IE中很有用但在Chrome中我一直收到错误消息:
"b6be61a6aece979d15eb1f605e109f32" is not valid token
并且每次刷新页面后令牌都会更改.它在Firefox和IE中没有.难道我做错了什么?以下是我开始会议的方式:
ini_set('session.cookie_secure', 1);
ini_set('session.cookie_httponly', 1);
ini_set('session.use_only_cookies', 1);
// start the session
Zend_Session::start();
| 归档时间: |
|
| 查看次数: |
4822 次 |
| 最近记录: |