MediaWiki
1.30.0
|
Value object representing a CSRF token. More...
Public Member Functions | |
__construct ( $secret, $salt, $new=false) | |
__toString () | |
match ( $userToken, $maxAge=null) | |
Test if the token-string matches this token. More... | |
toString () | |
Get the string representation of the token. More... | |
wasNew () | |
Indicate whether this token was just created. More... | |
Static Public Member Functions | |
static | getTimestamp ( $token) |
Decode the timestamp from a token string. More... | |
Public Attributes | |
const | SUFFIX = '+\\' |
CSRF token suffix. More... | |
Protected Member Functions | |
toStringAtTimestamp ( $timestamp) | |
Get the string representation of the token at a timestamp. More... | |
Private Attributes | |
$new = false | |
$salt = '' | |
$secret = '' | |
MediaWiki\Session\Token::__construct | ( | $secret, | |
$salt, | |||
$new = false |
|||
) |
string | $secret | Token secret |
string | $salt | Token salt |
bool | $new | Whether the secret was newly-created |
Definition at line 46 of file Token.php.
References MediaWiki\Session\Token\$new, MediaWiki\Session\Token\$salt, and MediaWiki\Session\Token\$secret.
MediaWiki\Session\Token::__toString | ( | ) |
Definition at line 93 of file Token.php.
References MediaWiki\Session\Token\toString().
|
static |
Decode the timestamp from a token string.
Does not validate the token beyond the syntactic checks necessary to be able to extract the timestamp.
string | $token |
Definition at line 61 of file Token.php.
Referenced by User\getEditTokenTimestamp(), MediaWiki\Session\Token\match(), and MediaWiki\Session\TokenTest\testGetTimestamp().
MediaWiki\Session\Token::match | ( | $userToken, | |
$maxAge = null |
|||
) |
Test if the token-string matches this token.
string | $userToken | |
int | null | $maxAge | Return false if $userToken is older than this many seconds |
Reimplemented in LoggedOutEditToken.
Definition at line 103 of file Token.php.
References MediaWiki\Session\Token\getTimestamp(), MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().
MediaWiki\Session\Token::toString | ( | ) |
Get the string representation of the token.
Definition at line 89 of file Token.php.
References MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().
Referenced by MediaWiki\Session\Token\__toString().
|
protected |
Get the string representation of the token at a timestamp.
int | $timestamp |
Reimplemented in LoggedOutEditToken.
Definition at line 79 of file Token.php.
References MediaWiki\Session\Token\SUFFIX.
Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\Token\toString().
MediaWiki\Session\Token::wasNew | ( | ) |
Indicate whether this token was just created.
Definition at line 121 of file Token.php.
References MediaWiki\Session\Token\$new.
|
private |
Definition at line 39 of file Token.php.
Referenced by MediaWiki\Session\Token\__construct(), and MediaWiki\Session\Token\wasNew().
|
private |
Definition at line 38 of file Token.php.
Referenced by MediaWiki\Session\Token\__construct().
|
private |
Definition at line 37 of file Token.php.
Referenced by MediaWiki\Session\Token\__construct().
const MediaWiki\Session\Token::SUFFIX = '+\\' |
CSRF token suffix.
Plus and terminal backslash are included to stop editing from certain broken proxies.
Definition at line 35 of file Token.php.
Referenced by ApiTestCase\doApiRequestWithToken(), LoggedOutEditToken\match(), LoggedOutEditToken\toStringAtTimestamp(), and MediaWiki\Session\Token\toStringAtTimestamp().