|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
|
|
4
|
|
|
namespace carono\checksum; |
|
5
|
|
|
|
|
6
|
|
|
use yii\base\InvalidConfigException; |
|
7
|
|
|
use yii\helpers\ArrayHelper; |
|
8
|
|
|
|
|
9
|
|
|
/** |
|
10
|
|
|
* Class Request |
|
11
|
|
|
* |
|
12
|
|
|
* @package carono\checksum |
|
13
|
|
|
*/ |
|
14
|
|
|
class Request extends \yii\web\Request |
|
15
|
|
|
{ |
|
16
|
|
|
public $checksumParam = '_checksum'; |
|
17
|
|
|
public $enableChecksumValidation = true; |
|
18
|
|
|
public $attachBehaviorViewBehaviour = true; |
|
19
|
|
|
public $checksumKey; |
|
20
|
|
|
|
|
21
|
|
|
/** |
|
22
|
|
|
* @throws InvalidConfigException |
|
23
|
|
|
*/ |
|
24
|
|
|
public function init() |
|
25
|
|
|
{ |
|
26
|
|
|
parent::init(); |
|
27
|
|
|
if ($this->attachBehaviorViewBehaviour) { |
|
28
|
|
|
\Yii::$app->view->attachBehavior('caronoChecksumBehavior', ChecksumBehavior::class); |
|
29
|
|
|
} |
|
30
|
|
|
if (!$this->checksumKey){ |
|
31
|
|
|
throw new InvalidConfigException('The "checksumKey" property must be set.'); |
|
32
|
|
|
} |
|
33
|
|
|
} |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* @return bool |
|
37
|
|
|
*/ |
|
38
|
|
|
public function checksumIsEnabled() |
|
39
|
|
|
{ |
|
40
|
|
|
return $this->enableChecksumValidation; |
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
|
|
/** |
|
44
|
|
|
* @param null $clientSuppliedToken |
|
45
|
|
|
* @return bool |
|
46
|
|
|
*/ |
|
47
|
|
|
public function validateCsrfToken($clientSuppliedToken = null) |
|
48
|
|
|
{ |
|
49
|
|
|
if ($this->isPost && $this->checksumIsEnabled()) { |
|
50
|
|
|
$post = $this->post(); |
|
51
|
|
|
$checksum = ArrayHelper::getValue($post, $this->checksumParam); |
|
52
|
|
|
$stack = $this->getStackByChecksum($checksum); |
|
53
|
|
|
if (!Checksum::compareStacks($post, $stack, $this->checksumKey)) { |
|
54
|
|
|
return false; |
|
55
|
|
|
} |
|
56
|
|
|
} |
|
57
|
|
|
return parent::validateCsrfToken($clientSuppliedToken); |
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
|
|
/** |
|
61
|
|
|
* @return string |
|
62
|
|
|
*/ |
|
63
|
|
|
protected function getStackKey() |
|
64
|
|
|
{ |
|
65
|
|
|
return self::className() . $this->checksumParam; |
|
|
|
|
|
|
66
|
|
|
} |
|
67
|
|
|
|
|
68
|
|
|
/** |
|
69
|
|
|
* @param $widgetId |
|
70
|
|
|
* @param $stack |
|
71
|
|
|
* @return string |
|
72
|
|
|
*/ |
|
73
|
|
|
public function setStack($stack) |
|
74
|
|
|
{ |
|
75
|
|
|
$checksum = Checksum::calculate($stack, $this->checksumKey); |
|
76
|
|
|
$key = $this->getStackKey(); |
|
77
|
|
|
$data = $this->getStack(); |
|
78
|
|
|
$data[$checksum] = $stack; |
|
79
|
|
|
\Yii::$app->session->set($key, $data); |
|
80
|
|
|
return $checksum; |
|
81
|
|
|
} |
|
82
|
|
|
|
|
83
|
|
|
/** |
|
84
|
|
|
* @return mixed |
|
85
|
|
|
*/ |
|
86
|
|
|
public function clearStack() |
|
87
|
|
|
{ |
|
88
|
|
|
return \Yii::$app->session->set($this->getStackKey(), []); |
|
89
|
|
|
} |
|
90
|
|
|
|
|
91
|
|
|
/** |
|
92
|
|
|
* @return mixed |
|
93
|
|
|
*/ |
|
94
|
|
|
public function getStack() |
|
95
|
|
|
{ |
|
96
|
|
|
return \Yii::$app->session->get($this->getStackKey(), []); |
|
97
|
|
|
} |
|
98
|
|
|
|
|
99
|
|
|
/** |
|
100
|
|
|
* @param $checksum |
|
101
|
|
|
* @return array |
|
102
|
|
|
*/ |
|
103
|
|
|
public function getStackByChecksum($checksum) |
|
104
|
|
|
{ |
|
105
|
|
|
return ArrayHelper::getValue($this->getStack(), $checksum, []); |
|
106
|
|
|
} |
|
107
|
|
|
} |
carono /
yii2-request-checksum
This method has been deprecated. The supplier of the class has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead.