TomaHost/Chamilo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgrade 1-11.38

Browse Source
This commit is contained in:
xesmyd
2026-03-30 14:10:30 +02:00
parent f2a7e6d1fc
commit ac648ef29d
24665 changed files with 69682 additions and 2205004 deletions
Download Patch File Download Diff File Expand all files Collapse all files
vendor/symfony/security/Csrf/CsrfToken.php
Vendored
-9
View File
@@ -18,19 +18,10 @@ namespace Symfony\Component\Security\Csrf;
*/
class CsrfToken
{
/**
* @var string
*/
private $id;
/**
* @var string
*/
private $value;
/**
* Constructor.
*
* @param string $id The token ID
* @param string $value The actual token value
*/
vendor/symfony/security/Csrf/CsrfTokenManager.php
Vendored
+5 -18
View File
@@ -13,8 +13,8 @@ namespace Symfony\Component\Security\Csrf;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator;
use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
use Symfony\Component\Security\Csrf\TokenGenerator\UriSafeTokenGenerator;
use Symfony\Component\Security\Csrf\TokenStorage\NativeSessionTokenStorage;
use Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface;
@@ -26,29 +26,16 @@ use Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface;
*/
class CsrfTokenManager implements CsrfTokenManagerInterface
{
/**
* @var TokenGeneratorInterface
*/
private $generator;
/**
* @var TokenStorageInterface
*/
private $storage;
private $namespace;
/**
* Creates a new CSRF provider using PHP's native session storage.
*
* @param null|string|RequestStack|callable $namespace
* @param string|RequestStack|callable|null $namespace
* * null: generates a namespace using $_SERVER['HTTPS']
* * string: uses the given string
* * RequestStack: generates a namespace using the current master request
* * callable: uses the result of this callable (must return a string)
*
* @param TokenGeneratorInterface|null $generator The token generator
* @param TokenStorageInterface|null $storage The storage for storing
* generated CSRF tokens
*/
public function __construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, $namespace = null)
{
@@ -69,10 +56,10 @@ class CsrfTokenManager implements CsrfTokenManagerInterface
return $superGlobalNamespaceGenerator();
};
} elseif (is_callable($namespace) || is_string($namespace)) {
} elseif (\is_callable($namespace) || \is_string($namespace)) {
$this->namespace = $namespace;
} else {
throw new InvalidArgumentException(sprintf('$namespace must be a string, a callable returning a string, null or an instance of "RequestStack". "%s" given.', gettype($namespace)));
throw new InvalidArgumentException(sprintf('$namespace must be a string, a callable returning a string, null or an instance of "RequestStack". "%s" given.', \gettype($namespace)));
}
}
@@ -129,6 +116,6 @@ class CsrfTokenManager implements CsrfTokenManagerInterface
private function getNamespace()
{
return is_callable($ns = $this->namespace) ? $ns() : $ns;
return \is_callable($ns = $this->namespace) ? $ns() : $ns;
}
}
vendor/symfony/security/Csrf/CsrfTokenManagerInterface.php
Vendored
-2
View File
@@ -59,8 +59,6 @@ interface CsrfTokenManagerInterface
/**
* Returns whether the given CSRF token is valid.
*
* @param CsrfToken $token A CSRF token
*
* @return bool Returns true if the token is valid, false otherwise
*/
public function isTokenValid(CsrfToken $token);
vendor/symfony/security/Csrf/LICENSE
Vendored
+1 -1
View File
@@ -1,4 +1,4 @@
Copyright (c) 2004-2017 Fabien Potencier
Copyright (c) 2004-2020 Fabien Potencier
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
vendor/symfony/security/Csrf/README.md
Vendored
+1 -1
View File
@@ -7,7 +7,7 @@ The Security CSRF (cross-site request forgery) component provides a class
Resources
---------
* [Documentation](https://symfony.com/doc/current/components/security/index.html)
* [Documentation](https://symfony.com/doc/current/components/security.html)
* [Contributing](https://symfony.com/doc/current/contributing/index.html)
* [Report issues](https://github.com/symfony/symfony/issues) and
[send Pull Requests](https://github.com/symfony/symfony/pulls)
vendor/symfony/security/Csrf/Tests/CsrfTokenManagerTest.php
Vendored
+26 -26
View File
@@ -30,11 +30,11 @@ class CsrfTokenManagerTest extends TestCase
$storage->expects($this->once())
->method('hasToken')
->with($namespace.'token_id')
->will($this->returnValue(false));
->willReturn(false);
$generator->expects($this->once())
->method('generateToken')
->will($this->returnValue('TOKEN'));
->willReturn('TOKEN');
$storage->expects($this->once())
->method('setToken')
@@ -55,12 +55,12 @@ class CsrfTokenManagerTest extends TestCase
$storage->expects($this->once())
->method('hasToken')
->with($namespace.'token_id')
->will($this->returnValue(true));
->willReturn(true);
$storage->expects($this->once())
->method('getToken')
->with($namespace.'token_id')
->will($this->returnValue('TOKEN'));
->willReturn('TOKEN');
$token = $manager->getToken('token_id');
@@ -79,7 +79,7 @@ class CsrfTokenManagerTest extends TestCase
$generator->expects($this->once())
->method('generateToken')
->will($this->returnValue('TOKEN'));
->willReturn('TOKEN');
$storage->expects($this->once())
->method('setToken')
@@ -100,12 +100,12 @@ class CsrfTokenManagerTest extends TestCase
$storage->expects($this->once())
->method('hasToken')
->with($namespace.'token_id')
->will($this->returnValue(true));
->willReturn(true);
$storage->expects($this->once())
->method('getToken')
->with($namespace.'token_id')
->will($this->returnValue('TOKEN'));
->willReturn('TOKEN');
$this->assertTrue($manager->isTokenValid(new CsrfToken('token_id', 'TOKEN')));
}
@@ -118,12 +118,12 @@ class CsrfTokenManagerTest extends TestCase
$storage->expects($this->once())
->method('hasToken')
->with($namespace.'token_id')
->will($this->returnValue(true));
->willReturn(true);
$storage->expects($this->once())
->method('getToken')
->with($namespace.'token_id')
->will($this->returnValue('TOKEN'));
->willReturn('TOKEN');
$this->assertFalse($manager->isTokenValid(new CsrfToken('token_id', 'FOOBAR')));
}
@@ -136,7 +136,7 @@ class CsrfTokenManagerTest extends TestCase
$storage->expects($this->once())
->method('hasToken')
->with($namespace.'token_id')
->will($this->returnValue(false));
->willReturn(false);
$storage->expects($this->never())
->method('getToken');
@@ -152,7 +152,7 @@ class CsrfTokenManagerTest extends TestCase
$storage->expects($this->once())
->method('removeToken')
->with($namespace.'token_id')
->will($this->returnValue('REMOVED_TOKEN'));
->willReturn('REMOVED_TOKEN');
$this->assertSame('REMOVED_TOKEN', $manager->removeToken('token_id'));
}
@@ -163,9 +163,9 @@ class CsrfTokenManagerTest extends TestCase
$storage = $this->getMockBuilder('Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface')->getMock();
$requestStack = new RequestStack();
$requestStack->push(new Request(array(), array(), array(), array(), array(), array('HTTPS' => 'on')));
$requestStack->push(new Request([], [], [], [], [], ['HTTPS' => 'on']));
$manager = new CsrfTokenManager($generator, $storage, null, $requestStack);
$manager = new CsrfTokenManager($generator, $storage);
$token = $manager->getToken('foo');
$this->assertSame('foo', $token->getId());
@@ -173,49 +173,49 @@ class CsrfTokenManagerTest extends TestCase
public function getManagerGeneratorAndStorage()
{
$data = array();
$data = [];
list($generator, $storage) = $this->getGeneratorAndStorage();
$data[] = array('', new CsrfTokenManager($generator, $storage, ''), $storage, $generator);
$data[] = ['', new CsrfTokenManager($generator, $storage, ''), $storage, $generator];
list($generator, $storage) = $this->getGeneratorAndStorage();
$data[] = array('https-', new CsrfTokenManager($generator, $storage), $storage, $generator);
$data[] = ['https-', new CsrfTokenManager($generator, $storage), $storage, $generator];
list($generator, $storage) = $this->getGeneratorAndStorage();
$data[] = array('aNamespace-', new CsrfTokenManager($generator, $storage, 'aNamespace-'), $storage, $generator);
$data[] = ['aNamespace-', new CsrfTokenManager($generator, $storage, 'aNamespace-'), $storage, $generator];
$requestStack = new RequestStack();
$requestStack->push(new Request(array(), array(), array(), array(), array(), array('HTTPS' => 'on')));
$requestStack->push(new Request([], [], [], [], [], ['HTTPS' => 'on']));
list($generator, $storage) = $this->getGeneratorAndStorage();
$data[] = array('https-', new CsrfTokenManager($generator, $storage, $requestStack), $storage, $generator);
$data[] = ['https-', new CsrfTokenManager($generator, $storage, $requestStack), $storage, $generator];
list($generator, $storage) = $this->getGeneratorAndStorage();
$data[] = array('generated-', new CsrfTokenManager($generator, $storage, function () {
$data[] = ['generated-', new CsrfTokenManager($generator, $storage, function () {
return 'generated-';
}), $storage, $generator);
}), $storage, $generator];
$requestStack = new RequestStack();
$requestStack->push(new Request());
list($generator, $storage) = $this->getGeneratorAndStorage();
$data[] = array('', new CsrfTokenManager($generator, $storage, $requestStack), $storage, $generator);
$data[] = ['', new CsrfTokenManager($generator, $storage, $requestStack), $storage, $generator];
return $data;
}
private function getGeneratorAndStorage()
{
return array(
return [
$this->getMockBuilder('Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface')->getMock(),
$this->getMockBuilder('Symfony\Component\Security\Csrf\TokenStorage\TokenStorageInterface')->getMock(),
);
];
}
public function setUp()
protected function setUp()
{
$_SERVER['HTTPS'] = 'on';
}
public function tearDown()
protected function tearDown()
{
parent::tearDown();
vendor/symfony/security/Csrf/Tests/TokenStorage/NativeSessionTokenStorageTest.php
Vendored
+35 -17
View File
@@ -29,17 +29,9 @@ class NativeSessionTokenStorageTest extends TestCase
*/
private $storage;
public static function setUpBeforeClass()
{
ini_set('session.save_handler', 'files');
ini_set('session.save_path', sys_get_temp_dir());
parent::setUpBeforeClass();
}
protected function setUp()
{
$_SESSION = array();
$_SESSION = [];
$this->storage = new NativeSessionTokenStorage(self::SESSION_NAMESPACE);
}
@@ -48,19 +40,19 @@ class NativeSessionTokenStorageTest extends TestCase
{
$this->storage->setToken('token_id', 'TOKEN');
$this->assertSame(array(self::SESSION_NAMESPACE => array('token_id' => 'TOKEN')), $_SESSION);
$this->assertSame([self::SESSION_NAMESPACE => ['token_id' => 'TOKEN']], $_SESSION);
}
public function testStoreTokenInClosedSessionWithExistingSessionId()
{
session_id('foobar');
$this->assertSame(PHP_SESSION_NONE, session_status());
$this->assertSame(\PHP_SESSION_NONE, session_status());
$this->storage->setToken('token_id', 'TOKEN');
$this->assertSame(PHP_SESSION_ACTIVE, session_status());
$this->assertSame(array(self::SESSION_NAMESPACE => array('token_id' => 'TOKEN')), $_SESSION);
$this->assertSame(\PHP_SESSION_ACTIVE, session_status());
$this->assertSame([self::SESSION_NAMESPACE => ['token_id' => 'TOKEN']], $_SESSION);
}
public function testStoreTokenInActiveSession()
@@ -69,7 +61,7 @@ class NativeSessionTokenStorageTest extends TestCase
$this->storage->setToken('token_id', 'TOKEN');
$this->assertSame(array(self::SESSION_NAMESPACE => array('token_id' => 'TOKEN')), $_SESSION);
$this->assertSame([self::SESSION_NAMESPACE => ['token_id' => 'TOKEN']], $_SESSION);
}
/**
@@ -94,11 +86,9 @@ class NativeSessionTokenStorageTest extends TestCase
$this->assertSame('TOKEN', $this->storage->getToken('token_id'));
}
/**
* @expectedException \Symfony\Component\Security\Csrf\Exception\TokenNotFoundException
*/
public function testGetNonExistingToken()
{
$this->expectException('Symfony\Component\Security\Csrf\Exception\TokenNotFoundException');
$this->storage->getToken('token_id');
}
@@ -121,4 +111,32 @@ class NativeSessionTokenStorageTest extends TestCase
$this->assertSame('TOKEN', $this->storage->removeToken('token_id'));
$this->assertFalse($this->storage->hasToken('token_id'));
}
public function testClearRemovesAllTokensFromTheConfiguredNamespace()
{
$this->storage->setToken('foo', 'bar');
$this->storage->clear();
$this->assertFalse($this->storage->hasToken('foo'));
$this->assertArrayNotHasKey(self::SESSION_NAMESPACE, $_SESSION);
}
public function testClearDoesNotRemoveSessionValuesFromOtherNamespaces()
{
$_SESSION['foo']['bar'] = 'baz';
$this->storage->clear();
$this->assertArrayHasKey('foo', $_SESSION);
$this->assertArrayHasKey('bar', $_SESSION['foo']);
$this->assertSame('baz', $_SESSION['foo']['bar']);
}
public function testClearDoesNotRemoveNonNamespacedSessionValues()
{
$_SESSION['foo'] = 'baz';
$this->storage->clear();
$this->assertArrayHasKey('foo', $_SESSION);
$this->assertSame('baz', $_SESSION['foo']);
}
}
vendor/symfony/security/Csrf/Tests/TokenStorage/SessionTokenStorageTest.php
Vendored
+54 -158
View File
@@ -12,6 +12,8 @@
namespace Symfony\Component\Security\Csrf\Tests\TokenStorage;
use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpFoundation\Session\Session;
use Symfony\Component\HttpFoundation\Session\Storage\MockArraySessionStorage;
use Symfony\Component\Security\Csrf\TokenStorage\SessionTokenStorage;
/**
@@ -22,7 +24,7 @@ class SessionTokenStorageTest extends TestCase
const SESSION_NAMESPACE = 'foobar';
/**
* @var \PHPUnit_Framework_MockObject_MockObject
* @var Session
*/
private $session;
@@ -33,227 +35,121 @@ class SessionTokenStorageTest extends TestCase
protected function setUp()
{
$this->session = $this->getMockBuilder('Symfony\Component\HttpFoundation\Session\SessionInterface')
->disableOriginalConstructor()
->getMock();
$this->session = new Session(new MockArraySessionStorage());
$this->storage = new SessionTokenStorage($this->session, self::SESSION_NAMESPACE);
}
public function testStoreTokenInClosedSession()
public function testStoreTokenInNotStartedSessionStartsTheSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(false));
$this->session->expects($this->once())
->method('start');
$this->session->expects($this->once())
->method('set')
->with(self::SESSION_NAMESPACE.'/token_id', 'TOKEN');
$this->storage->setToken('token_id', 'TOKEN');
$this->assertTrue($this->session->isStarted());
}
public function testStoreTokenInActiveSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(true));
$this->session->expects($this->never())
->method('start');
$this->session->expects($this->once())
->method('set')
->with(self::SESSION_NAMESPACE.'/token_id', 'TOKEN');
$this->session->start();
$this->storage->setToken('token_id', 'TOKEN');
$this->assertSame('TOKEN', $this->session->get(self::SESSION_NAMESPACE.'/token_id'));
}
public function testCheckTokenInClosedSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(false));
$this->session->set(self::SESSION_NAMESPACE.'/token_id', 'RESULT');
$this->session->expects($this->once())
->method('start');
$this->session->expects($this->once())
->method('has')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue('RESULT'));
$this->assertSame('RESULT', $this->storage->hasToken('token_id'));
$this->assertTrue($this->storage->hasToken('token_id'));
$this->assertTrue($this->session->isStarted());
}
public function testCheckTokenInActiveSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(true));
$this->session->start();
$this->session->set(self::SESSION_NAMESPACE.'/token_id', 'RESULT');
$this->session->expects($this->never())
->method('start');
$this->session->expects($this->once())
->method('has')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue('RESULT'));
$this->assertSame('RESULT', $this->storage->hasToken('token_id'));
$this->assertTrue($this->storage->hasToken('token_id'));
}
public function testGetExistingTokenFromClosedSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(false));
$this->session->expects($this->once())
->method('start');
$this->session->expects($this->once())
->method('has')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue(true));
$this->session->expects($this->once())
->method('get')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue('RESULT'));
$this->session->set(self::SESSION_NAMESPACE.'/token_id', 'RESULT');
$this->assertSame('RESULT', $this->storage->getToken('token_id'));
$this->assertTrue($this->session->isStarted());
}
public function testGetExistingTokenFromActiveSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(true));
$this->session->expects($this->never())
->method('start');
$this->session->expects($this->once())
->method('has')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue(true));
$this->session->expects($this->once())
->method('get')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue('RESULT'));
$this->session->start();
$this->session->set(self::SESSION_NAMESPACE.'/token_id', 'RESULT');
$this->assertSame('RESULT', $this->storage->getToken('token_id'));
}
/**
* @expectedException \Symfony\Component\Security\Csrf\Exception\TokenNotFoundException
*/
public function testGetNonExistingTokenFromClosedSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(false));
$this->session->expects($this->once())
->method('start');
$this->session->expects($this->once())
->method('has')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue(false));
$this->expectException('Symfony\Component\Security\Csrf\Exception\TokenNotFoundException');
$this->storage->getToken('token_id');
}
/**
* @expectedException \Symfony\Component\Security\Csrf\Exception\TokenNotFoundException
*/
public function testGetNonExistingTokenFromActiveSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(true));
$this->session->expects($this->never())
->method('start');
$this->session->expects($this->once())
->method('has')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue(false));
$this->expectException('Symfony\Component\Security\Csrf\Exception\TokenNotFoundException');
$this->session->start();
$this->storage->getToken('token_id');
}
public function testRemoveNonExistingTokenFromClosedSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(false));
$this->session->expects($this->once())
->method('start');
$this->session->expects($this->once())
->method('remove')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue(null));
$this->assertNull($this->storage->removeToken('token_id'));
}
public function testRemoveNonExistingTokenFromActiveSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(true));
$this->session->expects($this->never())
->method('start');
$this->session->expects($this->once())
->method('remove')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue(null));
$this->session->start();
$this->assertNull($this->storage->removeToken('token_id'));
}
public function testRemoveExistingTokenFromClosedSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(false));
$this->session->expects($this->once())
->method('start');
$this->session->expects($this->once())
->method('remove')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue('TOKEN'));
$this->session->set(self::SESSION_NAMESPACE.'/token_id', 'TOKEN');
$this->assertSame('TOKEN', $this->storage->removeToken('token_id'));
}
public function testRemoveExistingTokenFromActiveSession()
{
$this->session->expects($this->any())
->method('isStarted')
->will($this->returnValue(true));
$this->session->expects($this->never())
->method('start');
$this->session->expects($this->once())
->method('remove')
->with(self::SESSION_NAMESPACE.'/token_id')
->will($this->returnValue('TOKEN'));
$this->session->start();
$this->session->set(self::SESSION_NAMESPACE.'/token_id', 'TOKEN');
$this->assertSame('TOKEN', $this->storage->removeToken('token_id'));
}
public function testClearRemovesAllTokensFromTheConfiguredNamespace()
{
$this->storage->setToken('foo', 'bar');
$this->storage->clear();
$this->assertFalse($this->storage->hasToken('foo'));
$this->assertFalse($this->session->has(self::SESSION_NAMESPACE.'/foo'));
}
public function testClearDoesNotRemoveSessionValuesFromOtherNamespaces()
{
$this->session->set('foo/bar', 'baz');
$this->storage->clear();
$this->assertTrue($this->session->has('foo/bar'));
$this->assertSame('baz', $this->session->get('foo/bar'));
}
public function testClearDoesNotRemoveNonNamespacedSessionValues()
{
$this->session->set('foo', 'baz');
$this->storage->clear();
$this->assertTrue($this->session->has('foo'));
$this->assertSame('baz', $this->session->get('foo'));
}
}
vendor/symfony/security/Csrf/TokenGenerator/UriSafeTokenGenerator.php
Vendored
-5
View File
@@ -18,11 +18,6 @@ namespace Symfony\Component\Security\Csrf\TokenGenerator;
*/
class UriSafeTokenGenerator implements TokenGeneratorInterface
{
/**
* The amount of entropy collected for each token (in bits).
*
* @var int
*/
private $entropy;
/**
vendor/symfony/security/Csrf/TokenStorage/NativeSessionTokenStorage.php
Vendored
+20 -16
View File
@@ -18,30 +18,20 @@ use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException;
*
* @author Bernhard Schussek <bschussek@gmail.com>
*/
class NativeSessionTokenStorage implements TokenStorageInterface
class NativeSessionTokenStorage implements ClearableTokenStorageInterface
{
/**
* The namespace used to store values in the session.
*
* @var string
*/
const SESSION_NAMESPACE = '_csrf';
/**
* @var bool
*/
private $sessionStarted = false;
/**
* @var string
*/
private $namespace;
/**
* Initializes the storage with a session namespace.
*
* @param string $namespace The namespace under which the token is stored
* in the session
* @param string $namespace The namespace under which the token is stored in the session
*/
public function __construct($namespace = self::SESSION_NAMESPACE)
{
@@ -97,18 +87,32 @@ class NativeSessionTokenStorage implements TokenStorageInterface
$this->startSession();
}
$token = isset($_SESSION[$this->namespace][$tokenId])
? (string) $_SESSION[$this->namespace][$tokenId]
: null;
if (!isset($_SESSION[$this->namespace][$tokenId])) {
return null;
}
$token = (string) $_SESSION[$this->namespace][$tokenId];
unset($_SESSION[$this->namespace][$tokenId]);
if (!$_SESSION[$this->namespace]) {
unset($_SESSION[$this->namespace]);
}
return $token;
}
/**
* {@inheritdoc}
*/
public function clear()
{
unset($_SESSION[$this->namespace]);
}
private function startSession()
{
if (PHP_SESSION_NONE === session_status()) {
if (\PHP_SESSION_NONE === session_status()) {
session_start();
}
vendor/symfony/security/Csrf/TokenStorage/SessionTokenStorage.php
Vendored
+15 -15
View File
@@ -19,33 +19,21 @@ use Symfony\Component\Security\Csrf\Exception\TokenNotFoundException;
*
* @author Bernhard Schussek <bschussek@gmail.com>
*/
class SessionTokenStorage implements TokenStorageInterface
class SessionTokenStorage implements ClearableTokenStorageInterface
{
/**
* The namespace used to store values in the session.
*
* @var string
*/
const SESSION_NAMESPACE = '_csrf';
/**
* The user session from which the session ID is returned.
*
* @var SessionInterface
*/
private $session;
/**
* @var string
*/
private $namespace;
/**
* Initializes the storage with a Session object and a session namespace.
*
* @param SessionInterface $session The user session
* @param string $namespace The namespace under which the token
* is stored in the session
* @param SessionInterface $session The user session from which the session ID is returned
* @param string $namespace The namespace under which the token is stored in the session
*/
public function __construct(SessionInterface $session, $namespace = self::SESSION_NAMESPACE)
{
@@ -104,4 +92,16 @@ class SessionTokenStorage implements TokenStorageInterface
return $this->session->remove($this->namespace.'/'.$tokenId);
}
/**
* {@inheritdoc}
*/
public function clear()
{
foreach (array_keys($this->session->all()) as $key) {
if (0 === strpos($key, $this->namespace.'/')) {
$this->session->remove($key);
}
}
}
}
vendor/symfony/security/Csrf/composer.json
Vendored
+5 -10
View File
@@ -16,16 +16,16 @@
}
],
"require": {
"php": ">=5.5.9",
"php": "^5.5.9|>=7.0.8",
"symfony/polyfill-php56": "~1.0",
"symfony/polyfill-php70": "~1.0",
"symfony/security-core": "~2.8|~3.0"
"symfony/security-core": "~2.8|~3.0|~4.0"
},
"require-dev": {
"symfony/http-foundation": "~2.8.31|~3.2.14"
"symfony/http-foundation": "^2.8.31|~3.3.13|~3.4|~4.0"
},
"conflict": {
"symfony/http-foundation": "<2.8.31|~3.2,<3.2.14"
"symfony/http-foundation": "<2.8.31|~3.3,<3.3.13"
},
"suggest": {
"symfony/http-foundation": "For using the class SessionTokenStorage."
@@ -36,10 +36,5 @@
"/Tests/"
]
},
"minimum-stability": "dev",
"extra": {
"branch-alias": {
"dev-master": "3.2-dev"
}
}
"minimum-stability": "dev"
}
vendor/symfony/security/Csrf/phpunit.xml.dist
Vendored
+1 -1
View File
@@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/4.1/phpunit.xsd"
xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/5.2/phpunit.xsd"
backupGlobals="false"
colors="true"
bootstrap="vendor/autoload.php"