|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
|
|
4
|
|
|
namespace carono\checksum; |
|
5
|
|
|
|
|
6
|
|
|
|
|
7
|
|
|
use yii\base\Behavior; |
|
8
|
|
|
use yii\base\Widget; |
|
9
|
|
|
use yii\helpers\Html; |
|
10
|
|
|
use yii\widgets\ActiveForm; |
|
|
|
|
|
|
11
|
|
|
|
|
12
|
|
|
/** |
|
13
|
|
|
* Class ActiveFormBehavior |
|
14
|
|
|
* |
|
15
|
|
|
* @package carono\checksum |
|
16
|
|
|
* @property ActiveForm $owner |
|
17
|
|
|
*/ |
|
18
|
|
|
class ChecksumBehavior extends Behavior |
|
19
|
|
|
{ |
|
20
|
|
|
public $_checksumInit = true; |
|
21
|
|
|
|
|
22
|
|
|
public function events() |
|
23
|
|
|
{ |
|
24
|
|
|
return [ |
|
25
|
|
|
Widget::EVENT_AFTER_RUN => 'registerChecksumField' |
|
26
|
|
|
]; |
|
27
|
|
|
} |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* @param \yii\base\WidgetEvent $event |
|
31
|
|
|
*/ |
|
32
|
|
|
public function registerChecksumField($event) |
|
33
|
|
|
{ |
|
34
|
|
|
/** |
|
35
|
|
|
* @var Request $request |
|
36
|
|
|
*/ |
|
37
|
|
|
if (strtolower($this->owner->method) !== 'post' || (\Yii::$app->request instanceof Request && !\Yii::$app->request->checksumIsEnabled())) { |
|
38
|
|
|
return; |
|
39
|
|
|
} |
|
40
|
|
|
$request = \Yii::$app->request; |
|
41
|
|
|
$doc = new \DOMDocument(); |
|
42
|
|
|
@$doc->loadHTML($event->result); |
|
|
|
|
|
|
43
|
|
|
$xpath = new \DOMXpath($doc); |
|
44
|
|
|
$inputs = $xpath->query('//input | //select | //textarea'); |
|
45
|
|
|
$result = []; |
|
46
|
|
|
for ($j = 0; $j < $inputs->length; $j++) { |
|
47
|
|
|
$input = $inputs->item($j); |
|
48
|
|
|
$result[] = $input->getAttribute('name'); |
|
49
|
|
|
} |
|
50
|
|
|
$result = array_unique($result); |
|
51
|
|
|
|
|
52
|
|
|
parse_str(implode('&', $result), $stack); |
|
53
|
|
|
unset($doc, $xpath); |
|
54
|
|
|
$checksum = $request->setStack($stack); |
|
55
|
|
|
$input = Html::hiddenInput(\Yii::$app->request->checksumParam, $checksum); |
|
56
|
|
|
$event->result = str_replace('</form>', $input . '</form>', $event->result); |
|
57
|
|
|
// $stack = \Yii::$app->request->getStack($this->owner->id); |
|
|
|
|
|
|
58
|
|
|
// $key = Checksum::calculate($stack, \Yii::$app->request->checksumKey); |
|
59
|
|
|
// \Yii::$app->request->stackField($this->owner->id, \Yii::$app->request->checksumParam, $key); |
|
60
|
|
|
// echo Html::hiddenInput(\Yii::$app->request->checksumParam, $key); |
|
61
|
|
|
} |
|
62
|
|
|
} |
carono /
yii2-request-checksum
Loading history...
Let’s assume that you have a directory layout like this:
. |-- OtherDir | |-- Bar.php | `-- Foo.php `-- SomeDir `-- Foo.phpand let’s assume the following content of
Bar.php:If both files
OtherDir/Foo.phpandSomeDir/Foo.phpare loaded in the same runtime, you will see a PHP error such as the following:PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.phpHowever, as
OtherDir/Foo.phpdoes not necessarily have to be loaded and the error is only triggered if it is loaded beforeOtherDir/Bar.php, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: