PHP 클래스 lithium\security\validation\FormSignature

Using the Security helper, FormSignature calculates a hash of all fields in a form, so that when the form is submitted, the fields may be validated to ensure that none were added or removed, and that fields designated as _locked_ have not had their values altered. To enable form signing in a view, simply call $this->security->sign() before generating your form. In the controller, you may then validate the request by passing $this->request to the check() method.

또한 보기: lithium\template\helper\Security::sign()

파일 보기 프로젝트 열기: unionofrad/lithium 1 사용 예제들

보호된 프로퍼티들

프로퍼티	타입	설명
$_classes	array	Class dependencies.
$_secret	string	wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY

공개 메소드들

메소드	설명
check ( array \| object $data ) : boolean	Validates form data using an embedded form signature string. The form signature string must be embedded in security.signature alongside the other data to check against.
config ( array $config = [] ) : array \| void	Configures the class or retrieves current class configuration.
key ( array $data ) : string	Generates form signature string from form data.

보호된 메소드들

메소드	설명
_compile ( array $fields, array $locked, array $excluded ) : string	Compiles form signature string. Will normalize input data and urlencode() it.
_parse ( string $string ) : array	Parses form signature string.
_signature ( string $data ) : string	Calculates signature over given data.

메소드 상세

_compile() 보호된 정적인 메소드

The signature is calculated over locked and exclude fields as well as a hash of $fields. The $fields data will not become part of the final form signature string. The $fields hash is not signed itself as the hash will become part of the form signature string which is already signed.

protected static _compile ( array $fields, array $locked, array $excluded ) : string
$fields	array
$locked	array
$excluded	array
리턴	string	The compiled form signature string that should be submitted with the form data in the form of: `::::`.

_parse() 보호된 정적인 메소드

Note: The parsed signature is not returned as it's not needed. The signature is verified by re-compiling the form signature string with the retrieved signature.

protected static _parse ( string $string ) : array
$string	string
리턴	array

_signature() 보호된 정적인 메소드

Will first derive a signing key from the secret key and current date, then calculate the HMAC over given data. This process is modelled after Amazon's _Message Signature Version 4_ but uses less key derivations as we don't have more information at our hands. During key derivation the strings li3,1 and li3,1_form are inserted. 1 denotes the version of our signature algorithm and should be raised when the algorithm is changed. Derivation is needed to not reveal the secret key. Note: As the current date (year, month, day) is used to increase key security by limiting its lifetime, a possible sideeffect is that a signature doen't verify if it is generated on day N and verified on day N+1.

링크 보기: http://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.html

protected static _signature ( string $data ) : string
$data	string	The data to calculate the signature for.
리턴	string	The signature.

check() 공개 정적인 메소드

Note: Will ignore any other data inside security.*.

public static check ( array \| object $data ) : boolean
$data	array \| object	The form data as an array or an object with the data inside the `data` property.
리턴	boolean	`true` if the form data is valid, `false` if not.

config() 공개 정적인 메소드

Configures the class or retrieves current class configuration.

public static config ( array $config = [] ) : array \| void
$config	array	Available configuration options are: - `'classes'` _array_: May be used to inject dependencies. - `'secret'` _string_: Must be provided.
리턴	array \| void	If `$config` is empty, returns an array with the current configurations.

key() 공개 정적인 메소드

Generates form signature string from form data.

public static key ( array $data ) : string
$data	array	An array of fields, locked fields and excluded fields.
리턴	string	The form signature string.

프로퍼티 상세

$_classes 보호되어 있는 정적으로 프로퍼티

Class dependencies.

protected static array $_classes
리턴	array

$_secret 보호되어 있는 정적으로 프로퍼티

wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY

protected static string $_secret
리턴	string