Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 31, 2020. It is now read-only.

Commit c1c0447

Browse files
marc-mabemarc-mabe
committed
Merge branch 'master' of git://github.com/zendframework/zf2 into cache_interfaces
4 parents 9fe86cc + ecae47b + 0e552a5 + 4f854c2 commit c1c0447

33 files changed

Lines changed: 814 additions & 85 deletions

.travis/run-tests.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
#!/bin/bash
2-
travisdir=$(dirname $(readlink /proc/$$/fd/255))
2+
travisdir=$(dirname "$0")
33
testdir="$travisdir/../tests"
44
testedcomponents=(`cat "$travisdir/tested-components"`)
55
result=0

.travis/skipped-components

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
11
Zend/Amf
22
Zend/Date
3+
Zend/Dojo
34
Zend/Queue
45
Zend/Service
56
Zend/Test

.travis/tested-components

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,17 +22,19 @@ Zend/Form
2222
Zend/GData
2323
Zend/Http
2424
Zend/InfoCard
25+
Zend/InputFilter
2526
Zend/Json
2627
Zend/Ldap
2728
Zend/Loader
2829
Zend/Locale
2930
Zend/Log
3031
Zend/Mail
3132
Zend/Markup
33+
Zend/Math
3234
Zend/Measure
3335
Zend/Memory
3436
Zend/Mime
35-
Zend/Module
37+
Zend/ModuleManager
3638
Zend/Mvc
3739
Zend/Navigation
3840
Zend/OAuth

src/Barcode.php

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -103,9 +103,6 @@ public function setAdapter($adapter, $options = null)
103103
if (is_string($adapter)) {
104104
$adapter = ucfirst(strtolower($adapter));
105105
$adapter = 'Zend\Validator\Barcode\\' . $adapter;
106-
if (\Zend\Loader::isReadable('Zend/Validator/Barcode/' . $adapter . '.php')) {
107-
$adapter = 'Zend\Validator\Barcode\\' . $adapter;
108-
}
109106

110107
if (!class_exists($adapter)) {
111108
throw new Exception\InvalidArgumentException('Barcode adapter matching "' . $adapter . '" not found');

src/Callback.php

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -125,9 +125,10 @@ public function setCallbackOptions($options)
125125
* for the provided $value
126126
*
127127
* @param mixed $value
128+
* @param mixed $context Additional context to provide to the callback
128129
* @return boolean
129130
*/
130-
public function isValid($value)
131+
public function isValid($value, $context = null)
131132
{
132133
$this->setValue($value);
133134

@@ -137,11 +138,20 @@ public function isValid($value)
137138
throw new Exception\InvalidArgumentException('No callback given');
138139
}
139140

140-
$args = func_get_args();
141-
$options = array_merge($args, $options);
141+
$args = array($value);
142+
if (empty($options) && !empty($context)) {
143+
$args[] = $context;
144+
}
145+
if (!empty($options) && empty($context)) {
146+
$args = array_merge($args, $options);
147+
}
148+
if (!empty($options) && !empty($context)) {
149+
$args[] = $context;
150+
$args = array_merge($args, $options);
151+
}
142152

143153
try {
144-
if (!call_user_func_array($callback, $options)) {
154+
if (!call_user_func_array($callback, $args)) {
145155
$this->error(self::INVALID_VALUE);
146156
return false;
147157
}

src/Csrf.php

Lines changed: 316 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,316 @@
1+
<?php
2+
/**
3+
* Zend Framework
4+
*
5+
* LICENSE
6+
*
7+
* This source file is subject to the new BSD license that is bundled
8+
* with this package in the file LICENSE.txt.
9+
* It is also available through the world-wide-web at this URL:
10+
* http://framework.zend.com/license/new-bsd
11+
* If you did not receive a copy of the license and are unable to
12+
* obtain it through the world-wide-web, please send an email
13+
* to [email protected] so we can send you a copy immediately.
14+
*
15+
* @category Zend
16+
* @package Zend_Validator
17+
* @subpackage UnitTest
18+
* @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
19+
* @license http://framework.zend.com/license/new-bsd New BSD License
20+
*/
21+
22+
namespace Zend\Validator;
23+
24+
use Zend\Session\Container as SessionContainer;
25+
26+
class Csrf extends AbstractValidator
27+
{
28+
/**
29+
* Error codes
30+
* @const string
31+
*/
32+
const NOT_SAME = 'notSame';
33+
34+
/**
35+
* Error messages
36+
* @var array
37+
*/
38+
protected $_messageTemplates = array(
39+
self::NOT_SAME => "The form submitted did not originate from the expected site",
40+
);
41+
42+
/**
43+
* Actual hash used.
44+
*
45+
* @var mixed
46+
*/
47+
protected $hash;
48+
49+
/**
50+
* Static cache of the session names to generated hashes
51+
*
52+
* @var array
53+
*/
54+
protected static $hashCache;
55+
56+
/**
57+
* Name of CSRF element (used to create non-colliding hashes)
58+
*
59+
* @var string
60+
*/
61+
protected $name = 'csrf';
62+
63+
/**
64+
* Salt for CSRF token
65+
* @var string
66+
*/
67+
protected $salt = 'salt';
68+
69+
/**
70+
* @var SessionContainer
71+
*/
72+
protected $session;
73+
74+
/**
75+
* TTL for CSRF token
76+
* @var int
77+
*/
78+
protected $timeout = 300;
79+
80+
/**
81+
* Constructor
82+
*
83+
* @param array $options
84+
* @return void
85+
*/
86+
public function __construct($options = array())
87+
{
88+
parent::__construct();
89+
90+
if ($options instanceof Traversable) {
91+
$options = ArrayUtils::iteratorToArray($options);
92+
}
93+
94+
if (!is_array($options)) {
95+
$options = (array) $options;
96+
}
97+
98+
foreach ($options as $key => $value) {
99+
switch (strtolower($key)) {
100+
case 'name':
101+
$this->setName($value);
102+
break;
103+
case 'salt':
104+
$this->setSalt($value);
105+
break;
106+
case 'session':
107+
$this->setSession($value);
108+
break;
109+
case 'timeout':
110+
$this->setTimeout($value);
111+
break;
112+
default:
113+
// ignore uknown options
114+
break;
115+
}
116+
}
117+
}
118+
119+
/**
120+
* Does the provided token match the one generated?
121+
*
122+
* @param string $value
123+
* @param mixed $context
124+
* @return bool
125+
*/
126+
public function isValid($value, $context = null)
127+
{
128+
$this->setValue((string) $value);
129+
130+
$hash = $this->getValidationToken();
131+
132+
if ($value !== $hash) {
133+
$this->error(self::NOT_SAME);
134+
return false;
135+
}
136+
137+
return true;
138+
}
139+
140+
/**
141+
* Set CSRF name
142+
*
143+
* @param string $name
144+
* @return Csrf
145+
*/
146+
public function setName($name)
147+
{
148+
$this->name = (string) $name;
149+
return $this;
150+
}
151+
152+
/**
153+
* Get CSRF name
154+
*
155+
* @return string
156+
*/
157+
public function getName()
158+
{
159+
return $this->name;
160+
}
161+
162+
/**
163+
* Set session container
164+
*
165+
* @param SessionContainer $session
166+
* @return Csrf
167+
*/
168+
public function setSession(SessionContainer $session)
169+
{
170+
$this->session = $session;
171+
if ($this->hash) {
172+
$this->initCsrfToken();
173+
}
174+
return $this;
175+
}
176+
177+
/**
178+
* Get session container
179+
*
180+
* Instantiate session container if none currently exists
181+
*
182+
* @return SessionContainer
183+
*/
184+
public function getSession()
185+
{
186+
if (null === $this->session) {
187+
$this->session = new SessionContainer($this->getSessionName());
188+
}
189+
return $this->session;
190+
}
191+
192+
/**
193+
* Salt for CSRF token
194+
*
195+
* @param string $salt
196+
* @return Csrf
197+
*/
198+
public function setSalt($salt)
199+
{
200+
$this->salt = (string) $salt;
201+
return $this;
202+
}
203+
204+
/**
205+
* Retrieve salt for CSRF token
206+
*
207+
* @return string
208+
*/
209+
public function getSalt()
210+
{
211+
return $this->salt;
212+
}
213+
214+
/**
215+
* Retrieve CSRF token
216+
*
217+
* If no CSRF token currently exists, generates one.
218+
*
219+
* @return string
220+
*/
221+
public function getHash()
222+
{
223+
if (null === $this->hash) {
224+
$this->generateHash();
225+
}
226+
return $this->hash;
227+
}
228+
229+
/**
230+
* Get session namespace for CSRF token
231+
*
232+
* Generates a session namespace based on salt, element name, and class.
233+
*
234+
* @return string
235+
*/
236+
public function getSessionName()
237+
{
238+
return str_replace('\\', '_', __CLASS__) . '_' . $this->getSalt() . '_' . $this->getName();
239+
}
240+
241+
/**
242+
* Set timeout for CSRF session token
243+
*
244+
* @param int $ttl
245+
* @return Csrf
246+
*/
247+
public function setTimeout($ttl)
248+
{
249+
$this->timeout = (int) $ttl;
250+
return $this;
251+
}
252+
253+
/**
254+
* Get CSRF session token timeout
255+
*
256+
* @return int
257+
*/
258+
public function getTimeout()
259+
{
260+
return $this->timeout;
261+
}
262+
263+
/**
264+
* Initialize CSRF token in session
265+
*
266+
* @return void
267+
*/
268+
public function initCsrfToken()
269+
{
270+
$session = $this->getSession();
271+
$session->setExpirationHops(1, null, true);
272+
$session->setExpirationSeconds($this->getTimeout());
273+
$session->hash = $this->getHash();
274+
}
275+
276+
/**
277+
* Generate CSRF token
278+
*
279+
* Generates CSRF token and stores both in {@link $hash} and element
280+
* value.
281+
*
282+
* @return void
283+
*/
284+
protected function generateHash()
285+
{
286+
if (isset(static::$hashCache[$this->getSessionName()])) {
287+
$this->hash = static::$hashCache[$this->getSessionName()];
288+
} else {
289+
$this->hash = md5(
290+
mt_rand(1,1000000)
291+
. $this->getSalt()
292+
. $this->getName()
293+
. mt_rand(1,1000000)
294+
);
295+
static::$hashCache[$this->getSessionName()] = $this->hash;
296+
}
297+
$this->setValue($this->hash);
298+
$this->initCsrfToken();
299+
}
300+
301+
/**
302+
* Get validation token
303+
*
304+
* Retrieve token from session, if it exists.
305+
*
306+
* @return null|string
307+
*/
308+
protected function getValidationToken()
309+
{
310+
$session = $this->getSession();
311+
if (isset($session->hash)) {
312+
return $session->hash;
313+
}
314+
return null;
315+
}
316+
}

0 commit comments

Comments
 (0)