Recommend this page to a friend! |
Download |
Info | Documentation | Files | Install with Composer | Download | Reputation | Support forum | Blog | Links |
Ratings | Unique User Downloads | Download Rankings | ||||
Not yet rated by the users | Total: 215 | All time: 8,320 This week: 47 |
Version | License | PHP version | Categories | |||
anti-csrf 1.0.0 | MIT/X Consortium ... | 5 | HTML, PHP 5, Security |
There aren't any good session-powered CSRF prevention libraries. By good we mean:
Warning - Do not use in any project where all $_SESSION
data is stored
client-side in a cookie. This will quickly run up the 4KB storage max for
an HTTP cookie.
See autoload.php
for an SPL autoloader.
First, add a filter like this one:
use \ParagonIE\AntiCSRF\AntiCSRF;
$twigEnv->addFunction(
new \Twig_SimpleFunction(
'form_token',
function($lock_to = null) {
static $csrf;
if ($csrf === null) {
$csrf = new AntiCSRF;
}
return $csrf->insertToken($lock_to, false);
},
['is_safe' => ['html']]
)
);
Next, call the newly created form_token function from your templates.
<form action="/addUser.php" method="post">
{{ form_token("/addUser.php") }}
{# ... the rest of your form here ... #}
</form>
$csrf = new \ParagonIE\AntiCSRF\AntiCSRF;
if (!empty($_POST)) {
if ($csrf->validateRequest()) {
// Valid
} else {
// Log a CSRF attack attempt
}
}
Files (12) |
File | Role | Description | ||
---|---|---|---|---|
src (2 files) | ||||
tests (1 file) | ||||
.travis.yml | Data | Auxiliary data | ||
autoload.php | Aux. | Auxiliary script | ||
composer.json | Data | Auxiliary data | ||
LICENSE | Lic. | License text | ||
phpunit.xml.dist | Data | Auxiliary data | ||
psalm.xml | Data | Auxiliary data | ||
README.md | Doc. | Documentation | ||
run-tests.bat | Data | Auxiliary data | ||
run-tests.sh | Data | Auxiliary data |
Files (12) | / | src |
File | Role | Description |
---|---|---|
AntiCSRF.php | Class | Class source |
Reusable.php | Class | Class source |
The PHP Classes site has supported package installation using the Composer tool since 2013, as you may verify by reading this instructions page. |
Install with Composer |
Version Control | Unique User Downloads | Download Rankings | |||||||||||||||
100% |
|
|
Applications that use this package |
If you know an application of this package, send a message to the author to add a link here.