Value object representing a CSRF token. More...
Public Member Functions | |
| __construct ( $secret, $salt, $new=false) | |
| __toString () | |
| match ( $userToken, $maxAge=null) | |
| Test if the token-string matches this token. More... | |
| toString () | |
| Get the string representation of the token. More... | |
| wasNew () | |
| Indicate whether this token was just created. More... | |
Static Public Member Functions | |
| static | getTimestamp ( $token) |
| Decode the timestamp from a token string. More... | |
Public Attributes | |
| const | SUFFIX = '+\\' |
| CSRF token suffix. More... | |
Protected Member Functions | |
| toStringAtTimestamp ( $timestamp) | |
| Get the string representation of the token at a timestamp. More... | |
Private Attributes | |
| bool | $new = false |
| string | $salt = '' |
| string | $secret = '' |
Detailed Description
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Session\Token::__construct | ( | $secret, | |
| $salt, | |||
$new = false |
|||
| ) |
- Parameters
-
string $secret Token secret string $salt Token salt bool $new Whether the secret was newly-created
Definition at line 52 of file Token.php.
References MediaWiki\Session\Token\$new, MediaWiki\Session\Token\$salt, and MediaWiki\Session\Token\$secret.
Member Function Documentation
◆ __toString()
| MediaWiki\Session\Token::__toString | ( | ) |
Definition at line 99 of file Token.php.
References MediaWiki\Session\Token\toString().
◆ getTimestamp()
|
static |
Decode the timestamp from a token string.
Does not validate the token beyond the syntactic checks necessary to be able to extract the timestamp.
- Parameters
-
string $token
- Returns
- int|null
Definition at line 67 of file Token.php.
Referenced by MediaWiki\Session\Token\match().
◆ match()
| MediaWiki\Session\Token::match | ( | $userToken, | |
$maxAge = null |
|||
| ) |
Test if the token-string matches this token.
- Parameters
-
string $userToken int | null $maxAge Return false if $userToken is older than this many seconds
- Returns
- bool
Reimplemented in LoggedOutEditToken.
Definition at line 109 of file Token.php.
References MediaWiki\Session\Token\getTimestamp(), MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().
◆ toString()
| MediaWiki\Session\Token::toString | ( | ) |
Get the string representation of the token.
- Returns
- string
Definition at line 95 of file Token.php.
References MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().
Referenced by MediaWiki\Session\Token\__toString().
◆ toStringAtTimestamp()
|
protected |
Get the string representation of the token at a timestamp.
- Parameters
-
int $timestamp
- Returns
- string
Reimplemented in LoggedOutEditToken.
Definition at line 85 of file Token.php.
References MediaWiki\Session\Token\SUFFIX.
Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\Token\toString().
◆ wasNew()
| MediaWiki\Session\Token::wasNew | ( | ) |
Indicate whether this token was just created.
- Returns
- bool
Definition at line 127 of file Token.php.
References MediaWiki\Session\Token\$new.
Member Data Documentation
◆ $new
|
private |
Definition at line 45 of file Token.php.
Referenced by MediaWiki\Session\Token\__construct(), and MediaWiki\Session\Token\wasNew().
◆ $salt
|
private |
Definition at line 42 of file Token.php.
Referenced by MediaWiki\Session\Token\__construct().
◆ $secret
|
private |
Definition at line 39 of file Token.php.
Referenced by MediaWiki\Session\Token\__construct().
◆ SUFFIX
| const MediaWiki\Session\Token::SUFFIX = '+\\' |
CSRF token suffix.
Plus and terminal backslash are included to stop editing from certain broken proxies.
Definition at line 36 of file Token.php.
Referenced by LoggedOutEditToken\match(), LoggedOutEditToken\toStringAtTimestamp(), and MediaWiki\Session\Token\toStringAtTimestamp().
The documentation for this class was generated from the following file:
- includes/session/Token.php
