_init()
check_token()
clean()
clean_input()
clean_uri()
fetch_token()
generate_token()
htmlentities()
js_fetch_token()
js_set_token()
set_token()
strip_tags()
xss_clean()
$csrf_old_token
$csrf_token
$csrf_token_key
Security Class
| package | Fuel |
|---|---|
| category | Core |
| author | Dan Horrigan |
| link | http://docs.fuelphp.com/classes/security.html |
_init()
Fetches CSRF settings and current token
\Fuel\Core\SecurityException |
it the CSRF token validation failed |
|---|---|
\Fuel\Core\FuelException |
if no security output filter is defined |
check_token(string $value) : bool
stringCSRF token to be checked, checks post when empty
boolclean(mixed $var, mixed $filters, string $type) : array | mixed
mixed
mixed
string
arraymixed
clean_input()
clean_uri(string $uri, bool $strict) : array | mixed
stringuri to clean
boolwhether to remove relative directories
arraymixed
fetch_token() : string
stringgenerate_token() : string
Based on an example from OWASP
stringhtmlentities($value, $flags, $encoding, $double_encode)
js_fetch_token() : string
Produces JavaScript fuel_csrf_token() function that will return the current CSRF token when called. Use to fill right field on form submit for AJAX operations.
stringjs_set_token() : string
Produces JavaScript fuel_set_csrf_token() function that will update the current CSRF token in the form when called, based on the value of the csrf cookie
stringset_token(\Fuel\Core\$rotate $rotate)
\Fuel\Core\$rotatebool if true, generate a new token, even if the current token is still valid
xss_clean($value, array $options)
$csrf_old_token : string
$csrf_token : string
$csrf_token_key : string
