MediaWiki  master
MediaWiki\Session\CsrfTokenSet Class Reference
Collaboration diagram for MediaWiki\Session\CsrfTokenSet:

Public Member Functions

 __construct (WebRequest $request)
 
 getToken ( $salt='')
 Initialize (if necessary) and return a current user CSRF token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission. More...
 
 matchToken (?string $value, $salt='')
 Check if a value matches with the token value stored in the session. More...
 
 matchTokenField (string $fieldName=self::DEFAULT_FIELD_NAME, $salt='')
 Check if a request contains a value named $valueName with the token value stored in the session. More...
 

Private Attributes

WebRequest $request
 

Detailed Description

Definition at line 31 of file CsrfTokenSet.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\CsrfTokenSet::__construct ( WebRequest  $request)
Parameters
WebRequest$request

Definition at line 46 of file CsrfTokenSet.php.

References MediaWiki\Session\CsrfTokenSet\$request.

Member Function Documentation

◆ getToken()

MediaWiki\Session\CsrfTokenSet::getToken (   $salt = '')

Initialize (if necessary) and return a current user CSRF token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission.

The $salt for 'edit' and 'csrf' tokens is the default (empty string).

Parameters
string | string[]$saltOptional function-specific data for hashing
Returns
Token
Since
1.37

Definition at line 62 of file CsrfTokenSet.php.

Referenced by MediaWiki\Session\CsrfTokenSet\matchToken().

◆ matchToken()

MediaWiki\Session\CsrfTokenSet::matchToken ( ?string  $value,
  $salt = '' 
)

Check if a value matches with the token value stored in the session.

A match should confirm that the form was submitted from the user's own login session, not a form submission from a third-party site.

Parameters
string | null$value
string | string[]$salt
Returns
bool
Since
1.37

Definition at line 97 of file CsrfTokenSet.php.

References MediaWiki\Session\CsrfTokenSet\getToken().

Referenced by MediaWiki\Session\CsrfTokenSet\matchTokenField().

◆ matchTokenField()

MediaWiki\Session\CsrfTokenSet::matchTokenField ( string  $fieldName = self::DEFAULT_FIELD_NAME,
  $salt = '' 
)

Check if a request contains a value named $valueName with the token value stored in the session.

Parameters
string$fieldName
string | string[]$salt
Returns
bool
Since
1.37
See also
self::matchCSRFToken

Definition at line 80 of file CsrfTokenSet.php.

References MediaWiki\Session\CsrfTokenSet\matchToken().

Member Data Documentation

◆ $request

WebRequest MediaWiki\Session\CsrfTokenSet::$request
private
Initial value:
=
public const DEFAULT_FIELD_NAME 'wpEditToken'

Definition at line 41 of file CsrfTokenSet.php.

Referenced by MediaWiki\Session\CsrfTokenSet\__construct().


The documentation for this class was generated from the following file: