Storage
class Storage
Confirmation Storage implemented on top of SilverStripe Session and Cookie
The storage keeps the information about the items requiring confirmation and their status (confirmed or not) in Session
User data, such as the original request parameters, may be kept in Cookie so that session storage cannot be exhausted easily by a malicious user
Constants
| HASH_ALGO |
|
Methods
Remove all the data from the storage Cleans up Session and Cookie related to this storage
Gets user input data (usually POST array), checks all the items in the storage has been confirmed and marks them as such.
Returns the dictionary with the item hashes
Returns the unique cookie key generated from the session salt
Returns a unique token to use as a CSRF token
Returns the salt generated for the current session
This request should be performed on success Usually the original request which triggered the confirmation
Returns HTTP method of the success request
Returns the list of success request post parameters
The URL the form should redirect to on success
Returns the URL registered by {see self::setSuccessUrl} as a success redirect target
The URL the form should redirect to on failure
Returns the URL registered by {see self::setFailureUrl} as a success redirect target
Check all items to be confirmed in the storage
Details
at line 42
__construct(Session $session, string $id, bool $new = true)
at line 61
cleanup()
Remove all the data from the storage Cleans up Session and Cookie related to this storage
at line 75
bool
confirm(array $data)
Gets user input data (usually POST array), checks all the items in the storage has been confirmed and marks them as such.
at line 103
array
getHashedItems()
Returns the dictionary with the item hashes
The {see SilverStripe\Security\Confirmation\Storage::confirm} function expects exactly same dictionary as its argument for successful confirmation
Keys of the dictionary are salted item token hashes All values are the string "1" constantly
at line 123
string
getTokenHash(Item $item)
Returns salted and hashed version of the item token
at line 138
string
getCookieKey()
Returns the unique cookie key generated from the session salt
at line 150
string
getCsrfToken()
Returns a unique token to use as a CSRF token
at line 162
string
getSessionSalt()
Returns the salt generated for the current session
at line 192
$this
putItem(Item $item)
Adds a new object to the list of confirmation items Replaces the item if there is already one with the same token
at line 210
Item[]
getItems()
Returns the list of registered confirmation items
at line 222
null|Item
getItem(string $key)
Look up an item by its token key
at line 239
$this
setSuccessRequest(HTTPRequest $request)
This request should be performed on success Usually the original request which triggered the confirmation
at line 293
string
getHttpMethod()
Returns HTTP method of the success request
at line 310
array|null
getSuccessPostVars()
Returns the list of success request post parameters
Returns null if no parameters was persisted initially or if the checksum is incorrect.
WARNING! If HTTP Method is POST and this function returns null, you MUST assume the Cookie parameter either has been forged or expired.
at line 364
$this;
setSuccessUrl(string $url)
The URL the form should redirect to on success
at line 375
string
getSuccessUrl()
Returns the URL registered by {see self::setSuccessUrl} as a success redirect target
at line 387
$this;
setFailureUrl(string $url)
The URL the form should redirect to on failure
at line 398
string
getFailureUrl()
Returns the URL registered by {see self::setFailureUrl} as a success redirect target
at line 410
bool
check(array $items)
Check all items to be confirmed in the storage