模块

Security

安全辅助类。

package
BootPHP
category
安全
author
Tinsh
copyright
© 2005-2016 Kilofox Studio

该类在 SYSPATH/classes/security.php 第 13 行声明。

属性

public static string $token_name

key name used for token storage

string(14) "security_token"

方法

public static check( string $token ) (在 Security 中定义)

Check that the given token matches the currently stored security token.

if ( Security::check($token) )
{
     // Pass
}

参数

  • string $token required - Token to check

Tags

返回值

  • boolean

源代码

public static function check($token)
{
	return Security::token() === $token;
}

public static encode_php_tags( string $str ) (在 Security 中定义)

Encodes PHP tags in a string.

$str = Security::encode_php_tags($str);

参数

  • string $str required - String to sanitize

返回值

  • string

源代码

public static function encode_php_tags($str)
{
	return str_replace(array('<?', '?>'), array('&lt;?', '?&gt;'), $str);
}

public static strip_image_tags( string $str ) (在 Security 中定义)

Remove image tags from a string.

$str = Security::strip_image_tags($str);

参数

  • string $str required - String to sanitize

返回值

  • string

源代码

public static function strip_image_tags($str)
{
	return preg_replace('#<img\s.*?(?:src\s*=\s*["\']?([^"\'<>\s]*)["\']?[^>]*)?>#is', '$1', $str);
}

public static token( [ boolean $new = bool false ] ) (在 Security 中定义)

Generate && store a unique token which can be used to help prevent CSRF attacks.

$token = Security::token();

You can insert this token into your forms as a hidden field:

echo Form::hidden('csrf', Security::token());

And then check it when using Validation:

$array->rules('csrf', array(
     'not_empty'       => NULL,
     'Security::check' => NULL,
));

This provides a basic, but effective, method of preventing CSRF attacks.

参数

  • boolean $new = bool false - Force a new token to be generated?

Tags

返回值

  • string

源代码

public static function token($new = false)
{
	$session = Session::instance();
	// Get the current token
	$token = $session->get(Security::$token_name);
	if ($new === true || !$token)
	{
		// Generate a new unique token
		$token = sha1(uniqid(NULL, true));
		// Store the new token
		$session->set(Security::$token_name, $token);
	}
	return $token;
}