Skip to content

Instantly share code, notes, and snippets.

@Aurielle
Created November 8, 2011 14:06
Show Gist options
  • Save Aurielle/1347804 to your computer and use it in GitHub Desktop.
Save Aurielle/1347804 to your computer and use it in GitHub Desktop.
Link protection
<?php
public function link($destination, $args = array())
{
if(!is_array($args)) {
$args = func_get_args();
array_shift($args);
}
$a = strpos($destination, '#');
if ($a === FALSE) {
$fragment = '';
} else {
$fragment = substr($destination, $a);
$destination = substr($destination, 0, $a);
}
if (substr($destination, -1) === '!' && strpos($destination, '-') === FALSE) {
$ref = $this->getReflection()->getMethod($this->formatSignalMethod(rtrim($destination, '!')));
if(!$ref->getAnnotation('notoken')) {
static $session;
if ($session === NULL) {
$session = $this->getContext()->session->getSection($this->reflection->getName());
}
$field = 'signal' . rtrim($destination, '!');
if (!isset($session->$field))
$session->$field = $token = base_convert(md5(uniqid($field, TRUE)), 16, 36);
else
$token = $session->$field;
$args['token'] = $token;
}
}
return parent::link($destination . $fragment, $args);
}
public function signalReceived($signal)
{
static $session;
if ($session === NULL) {
$session = $this->getContext()->session->getSection($this->reflection->getName());
}
$field = 'signal' . $signal;
if ((!isset($this->params['token']) || !isset($session->$field) || $session->$field != $this->params['token']) && !$this->getReflection()->getMethod($this->formatSignalMethod($signal))->getAnnotation('notoken')) {
throw new Avalon\UnauthorizedRequestException('Invalid security token. Please retry your request.');
}
unset($session->$field, $this->params['token']);
parent::signalReceived($signal);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment