Security Class

package Fuel
category Core
author Dan Horrigan
link http://docs.fuelphp.com/classes/security.html

 Methods

Class init

_init() 

Fetches CSRF settings and current token

Exceptions

\Fuel\Core\SecurityException it the CSRF token validation failed
\Fuel\Core\FuelException if no security output filter is defined

Check CSRF Token

check_token(string $value) : bool

Parameters

$value

string

CSRF token to be checked, checks post when empty

Returns

bool

Generic variable clean method

clean(mixed $var, mixed $filters, string $type) : array | mixed

Parameters

$var

mixed

$filters

mixed

$type

string

Returns

arraymixed

Cleans the global $_GET, $_POST and $_COOKIE arrays

clean_input() 

Cleans the request URI

clean_uri(string $uri, bool $strict) : array | mixed

Parameters

$uri

string

uri to clean

$strict

bool

whether to remove relative directories

Returns

arraymixed

Fetch CSRF Token for the next request

fetch_token() : string

Returns

string

Generate new token.

generate_token() : string

Based on an example from OWASP

Returns

string

htmlentities()

htmlentities($value, $flags, $encoding, $double_encode) 

Parameters

$value

$flags

$encoding

$double_encode

JS fetch token

js_fetch_token() : string

Produces JavaScript fuel_csrf_token() function that will return the current CSRF token when called. Use to fill right field on form submit for AJAX operations.

Returns

string

JS set token

js_set_token() : string

Produces JavaScript fuel_set_csrf_token() function that will update the current CSRF token in the form when called, based on the value of the csrf cookie

Returns

string

Setup the next token to be used.

set_token(\Fuel\Core\$rotate $rotate) 

Parameters

$rotate

\Fuel\Core\$rotate

bool if true, generate a new token, even if the current token is still valid

strip_tags()

strip_tags($value) 

Parameters

$value

xss_clean()

xss_clean($value, array $options) 

Parameters

$value

$options

 Properties

 

<p>the token as submitted in the cookie from the previous request</p>

$csrf_old_token : string

 

<p>the token for the next request</p>

$csrf_token : string

 

<p>the array key for cookie /p>

$csrf_token_key : string