Value object representing a CSRF token. More...
Inherits Stringable.
Inherited by MediaWiki\User\LoggedOutEditToken.
Public Member Functions | |
| __construct ( $secret, $salt, $new=false) | |
| __toString () | |
| match ( $userToken, $maxAge=null) | |
| Test if the token-string matches this token. | |
| toString () | |
| Get the string representation of the token. | |
| wasNew () | |
| Indicate whether this token was created during the current request (true) or loaded from existing session data (false) | |
Static Public Member Functions | |
| static | getTimestamp ( $token) |
| Decode the timestamp from a token string. | |
Public Attributes | |
| const | SUFFIX = '+\\' |
| CSRF token suffix. | |
Protected Member Functions | |
| toStringAtTimestamp ( $timestamp) | |
| Get the string representation of the token at a timestamp. | |
Detailed Description
Constructor & Destructor Documentation
◆ __construct()
| MediaWiki\Session\Token::__construct | ( | $secret, | |
| $salt, | |||
| $new = false ) |
Member Function Documentation
◆ __toString()
| MediaWiki\Session\Token::__toString | ( | ) |
Definition at line 86 of file Token.php.
References MediaWiki\Session\Token\toString().
◆ getTimestamp()
|
static |
Decode the timestamp from a token string.
Does not validate the token beyond the syntactic checks necessary to be able to extract the timestamp.
- Parameters
-
string $token
- Returns
- int|null
Definition at line 54 of file Token.php.
Referenced by MediaWiki\Api\ApiCheckToken\execute(), and MediaWiki\Session\Token\match().
◆ match()
| MediaWiki\Session\Token::match | ( | $userToken, | |
| $maxAge = null ) |
Test if the token-string matches this token.
- Parameters
-
string | null $userToken int | null $maxAge Return false if $userToken is older than this many seconds
- Returns
- bool
Reimplemented in MediaWiki\User\LoggedOutEditToken.
Definition at line 96 of file Token.php.
References MediaWiki\Session\Token\getTimestamp(), and MediaWiki\Session\Token\toStringAtTimestamp().
◆ toString()
| MediaWiki\Session\Token::toString | ( | ) |
Get the string representation of the token.
- Returns
- string
Definition at line 82 of file Token.php.
References MediaWiki\Session\Token\toStringAtTimestamp().
Referenced by MediaWiki\Session\Token\__toString().
◆ toStringAtTimestamp()
|
protected |
Get the string representation of the token at a timestamp.
- Parameters
-
int $timestamp
- Returns
- string
Reimplemented in MediaWiki\User\LoggedOutEditToken.
Definition at line 72 of file Token.php.
References MediaWiki\Session\Token\SUFFIX.
Referenced by MediaWiki\Session\Token\match(), and MediaWiki\Session\Token\toString().
◆ wasNew()
| MediaWiki\Session\Token::wasNew | ( | ) |
Member Data Documentation
◆ SUFFIX
| const MediaWiki\Session\Token::SUFFIX = '+\\' |
CSRF token suffix.
Plus and terminal backslash are included to stop editing from certain broken proxies.
Definition at line 23 of file Token.php.
Referenced by MediaWiki\Api\ApiCheckToken\execute(), MediaWiki\User\LoggedOutEditToken\match(), MediaWiki\Session\Token\toStringAtTimestamp(), and MediaWiki\User\LoggedOutEditToken\toStringAtTimestamp().
The documentation for this class was generated from the following file:
- includes/Session/Token.php
