MediaWiki master
MediaWiki\Session\CsrfTokenSet Class Reference

Public Member Functions

 __construct (WebRequest $request)
 
 getToken ( $salt='')
 Initialize (if necessary) and return a current user CSRF token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission.
 
 matchToken (?string $value, $salt='')
 Check if a value matches with the token value stored in the session.
 
 matchTokenField (string $fieldName=self::DEFAULT_FIELD_NAME, $salt='')
 Check if a request contains a value named $valueName with the token value stored in the session.
 

Detailed Description

Definition at line 31 of file CsrfTokenSet.php.

Constructor & Destructor Documentation

◆ __construct()

MediaWiki\Session\CsrfTokenSet::__construct ( WebRequest  $request)
Parameters
WebRequest$request

Definition at line 43 of file CsrfTokenSet.php.

Member Function Documentation

◆ getToken()

MediaWiki\Session\CsrfTokenSet::getToken (   $salt = '')

Initialize (if necessary) and return a current user CSRF token value which can be used in edit forms to show that the user's login credentials aren't being hijacked with a foreign form submission.

The $salt for 'edit' and 'csrf' tokens is the default (empty string).

Parameters
string | string[]$saltOptional function-specific data for hashing
Returns
Token
Since
1.37

Definition at line 59 of file CsrfTokenSet.php.

◆ matchToken()

MediaWiki\Session\CsrfTokenSet::matchToken ( ?string  $value,
  $salt = '' 
)

Check if a value matches with the token value stored in the session.

A match should confirm that the form was submitted from the user's own login session, not a form submission from a third-party site.

Parameters
string | null$value
string | string[]$salt
Returns
bool
Since
1.37

Definition at line 94 of file CsrfTokenSet.php.

◆ matchTokenField()

MediaWiki\Session\CsrfTokenSet::matchTokenField ( string  $fieldName = self::DEFAULT_FIELD_NAME,
  $salt = '' 
)

Check if a request contains a value named $valueName with the token value stored in the session.

Parameters
string$fieldName
string | string[]$salt
Returns
bool
Since
1.37
See also
self::matchCSRFToken

Definition at line 77 of file CsrfTokenSet.php.


The documentation for this class was generated from the following file: