MediaWiki master
|
Value object representing a CSRF token. More...
Inherits Stringable.
Inherited by MediaWiki\User\LoggedOutEditToken.
Public Member Functions | |
__construct ( $secret, $salt, $new=false) | |
__toString () | |
match ( $userToken, $maxAge=null) | |
Test if the token-string matches this token. | |
toString () | |
Get the string representation of the token. | |
wasNew () | |
Indicate whether this token was just created. | |
Static Public Member Functions | |
static | getTimestamp ( $token) |
Decode the timestamp from a token string. | |
Public Attributes | |
const | SUFFIX = '+\\' |
CSRF token suffix. | |
Protected Member Functions | |
toStringAtTimestamp ( $timestamp) | |
Get the string representation of the token at a timestamp. | |
MediaWiki\Session\Token::__construct | ( | $secret, | |
$salt, | |||
$new = false ) |
MediaWiki\Session\Token::__toString | ( | ) |
Definition at line 101 of file Token.php.
References MediaWiki\Session\Token\toString().
|
static |
Decode the timestamp from a token string.
Does not validate the token beyond the syntactic checks necessary to be able to extract the timestamp.
string | $token |
Definition at line 69 of file Token.php.
Referenced by MediaWiki\Api\ApiCheckToken\execute().
MediaWiki\Session\Token::match | ( | $userToken, | |
$maxAge = null ) |
Test if the token-string matches this token.
string | null | $userToken | |
int | null | $maxAge | Return false if $userToken is older than this many seconds |
Reimplemented in MediaWiki\User\LoggedOutEditToken.
Definition at line 111 of file Token.php.
References getTimestamp(), MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().
MediaWiki\Session\Token::toString | ( | ) |
Get the string representation of the token.
Definition at line 97 of file Token.php.
References MediaWiki\Session\Token\toStringAtTimestamp(), and wfTimestamp().
Referenced by MediaWiki\Session\Token\__toString().
|
protected |
Get the string representation of the token at a timestamp.
int | $timestamp |
Reimplemented in MediaWiki\User\LoggedOutEditToken.
Definition at line 87 of file Token.php.
References MediaWiki\Session\Token\SUFFIX.
Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\Token\toString().
MediaWiki\Session\Token::wasNew | ( | ) |
const MediaWiki\Session\Token::SUFFIX = '+\\' |
CSRF token suffix.
Plus and terminal backslash are included to stop editing from certain broken proxies.
Definition at line 38 of file Token.php.
Referenced by MediaWiki\Api\ApiCheckToken\execute(), MediaWiki\User\LoggedOutEditToken\match(), MediaWiki\Session\Token\toStringAtTimestamp(), and MediaWiki\User\LoggedOutEditToken\toStringAtTimestamp().