MediaWiki master
|
Public Member Functions | |
__construct (WebRequest $request) | |
getToken ( $salt='') | |
Initialize (if necessary) and return a current user CSRF token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission. | |
matchToken (?string $value, $salt='') | |
Check if a value matches with the token value stored in the session. | |
matchTokenField (string $fieldName=self::DEFAULT_FIELD_NAME, $salt='') | |
Check if a request contains a value named $valueName with the token value stored in the session. | |
Definition at line 31 of file CsrfTokenSet.php.
MediaWiki\Session\CsrfTokenSet::__construct | ( | WebRequest | $request | ) |
WebRequest | $request |
Definition at line 43 of file CsrfTokenSet.php.
MediaWiki\Session\CsrfTokenSet::getToken | ( | $salt = '' | ) |
Initialize (if necessary) and return a current user CSRF token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission.
The $salt for 'edit' and 'csrf' tokens is the default (empty string).
string | string[] | $salt | Optional function-specific data for hashing |
Definition at line 59 of file CsrfTokenSet.php.
MediaWiki\Session\CsrfTokenSet::matchToken | ( | ?string | $value, |
$salt = '' ) |
Check if a value matches with the token value stored in the session.
A match should confirm that the form was submitted from the user's own login session, not a form submission from a third-party site.
string | null | $value | |
string | string[] | $salt |
Definition at line 94 of file CsrfTokenSet.php.
MediaWiki\Session\CsrfTokenSet::matchTokenField | ( | string | $fieldName = self::DEFAULT_FIELD_NAME, |
$salt = '' ) |
Check if a request contains a value named $valueName with the token value stored in the session.
string | $fieldName | |
string | string[] | $salt |
Definition at line 77 of file CsrfTokenSet.php.