Core Improvements: Next Round #79 #80

2025-08-04 12:17:42 +02:00 · 2013-01-07 11:22:44 +02:00
parent 26a605bf50
commit aa5f4f2381
3 changed files with 97 additions and 7 deletions
--- a/libraries/Gelato/ErrorHandler.php
+++ b/libraries/Gelato/ErrorHandler.php
@@ -72,11 +72,11 @@ class ErrorHandler
    /**
     * Converts errors to ErrorExceptions.
     *
-     * @param   integer $code     The error code
-     * @param   string  $message  The error message
-     * @param   string  $file     The filename where the error occurred
-     * @param   integer $line     The line number where the error occurred
-     * @return  boolean
+     * @param  integer $code    The error code
+     * @param  string  $message The error message
+     * @param  string  $file    The filename where the error occurred
+     * @param  integer $line    The line number where the error occurred
+     * @return boolean
     */
    public static function errorHandler($code, $message, $file, $line)
    {
@@ -127,7 +127,7 @@ class ErrorHandler
        $trace = array();

        foreach ($backtrace as $entry) {
-    
+
            // Function

            $function = '';
--- a/libraries/Gelato/Token.php
+++ b/libraries/Gelato/Token.php
@@ -0,0 +1,90 @@
+<?php
+
+/**
+ * Gelato Library
+ *
+ * This source file is part of the Gelato Library. More information,
+ * documentation and tutorials can be found at http://gelato.monstra.org
+ *
+ * @package     Gelato
+ *
+ * @author      Romanenko Sergey / Awilum
+ * @copyright   (c) 2013 Romanenko Sergey / Awilum
+ * @since       1.0.0
+ */
+
+class Token
+{
+    /**
+     * Key name for token storage
+     *
+     * @var  string
+     */
+    public static $token_name = 'security_token';
+
+    /**
+     * Protected constructor since this is a static class.
+     *
+     * @access  protected
+     */
+    protected function __construct()
+    {
+        // Nothing here
+    }
+
+    /**
+     * Generate and store a unique token which can be used to help prevent
+     * [CSRF](http://wikipedia.org/wiki/Cross_Site_Request_Forgery) attacks.
+     *
+     *  <code>
+     *      $token = Token::generate();
+     *  </code>
+     *
+     * You can insert this token into your forms as a hidden field:
+     *
+     *  <code>
+     *      echo Form::hidden('csrf', Token::generate());
+     *  </code>
+     *
+     * This provides a basic, but effective, method of preventing CSRF attacks.
+     *
+     * @param  boolean $new force a new token to be generated?. Default is false
+     * @return string
+     */
+    public static function generate($new = false)
+    {
+        // Get the current token
+        $token = Session::get(Token::$token_name);
+
+        // Create a new unique token
+        if ($new === true or ! $token) {
+
+            // Generate a new unique token
+            $token = sha1(uniqid(mt_rand(), true));
+
+            // Store the new token
+            Session::set(Token::$token_name, $token);
+        }
+
+        // Return token
+        return $token;
+    }
+
+    /**
+     * Check that the given token matches the currently stored security token.
+     *
+     *  <code>
+     *     if (Token::check($token)) {
+     *         // Pass
+     *     }
+     *  </code>
+     *
+     * @param  string  $token token to check
+     * @return boolean
+     */
+    public static function check($token)
+    {
+        return Token::token() === $token;
+    }
+
+}
--- a/libraries/Gelato/Valid.php
+++ b/libraries/Gelato/Valid.php
@@ -197,7 +197,7 @@ class Valid
    public static function regexp($regexp)
    {
        // dummy string
-        $dummy = 'Monstra - fast and simple PHP library';
+        $dummy = 'Gelato is a PHP5 library for kickass Web Applications.';

        // validate
        return (@preg_match((string) $regexp, $dummy) !== false);