15763260878

Committed 19 Jun 2025 05:19PM UTC coverage: 93.011%. Remained the same

Build Type

push

github

Committed by

Commit Message

netteForms: restructured package, includes UMD and ESM (BC break)

Run Details

2076 of 2232 relevant lines covered (93.01%)

0.93 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

96.55

/src/Forms/Controls/CsrfProtection.php

<?php

/**
 * This file is part of the Nette Framework (https://nette.org)
 * Copyright (c) 2004 David Grudl (https://davidgrudl.com)
 */

declare(strict_types=1);

namespace Nette\Forms\Controls;

use Nette;
use Nette\Application\UI\Presenter;
use Stringable;
use function base64_encode, sha1, substr;


/**
 * CSRF protection field.
 */
class CsrfProtection extends HiddenField
{
        public const Protection = 'Nette\Forms\Controls\CsrfProtection::validateCsrf';

        #[\Deprecated('use CsrfProtection::Protection')]
        public const PROTECTION = self::Protection;

        public ?Nette\Http\Session $session = null;


        public function __construct(string|Stringable|null $errorMessage = null)
        {
                parent::__construct();
                $this->setOmitted()
                        ->setRequired()
                        ->addRule(self::Protection, $errorMessage);

                $this->monitor(Presenter::class, function (Presenter $presenter): void {
                        if (!$this->session) {
                                $this->session = $presenter->getSession();
                                $this->session->start();
                        }
                });

                $this->monitor(Nette\Forms\Form::class, function (Nette\Forms\Form $form): void {
                        if (!$this->session && !$form instanceof Nette\Application\UI\Form) {
                                $this->session = new Nette\Http\Session($form->httpRequest, new Nette\Http\Response);
                                $this->session->start();
                        }
                });
        }


        /**
         * @internal
         */
        public function setValue($value): static
        {
                return $this;
        }


        public function loadHttpData(): void
        {
                $this->value = $this->getHttpData(Nette\Forms\Form::DataText);
        }


        public function getToken(): string
        {
                if (!$this->session) {
                        throw new Nette\InvalidStateException('Session initialization error');
                }

                $session = $this->session->getSection(self::class);
                if (!$session->get('token')) {
                        $session->set('token', Nette\Utils\Random::generate());
                }

                return $session->get('token') ^ $this->session->getId();
        }


        private function generateToken(?string $random = null): string
        {
                $random ??= Nette\Utils\Random::generate(10);
                return $random . base64_encode(sha1($this->getToken() . $random, binary: true));
        }


        public function getControl(): Nette\Utils\Html
        {
                return parent::getControl()->value($this->generateToken());
        }


        /** @internal */
        public static function validateCsrf(self $control): bool
        {
                $value = (string) $control->getValue();
                return $control->generateToken(substr($value, 0, 10)) === $value;
        }
}

1	<?php
2
3	/**
4	* This file is part of the Nette Framework (https://nette.org)
5	* Copyright (c) 2004 David Grudl (https://davidgrudl.com)
6	*/
7
8	declare(strict_types=1);
9
10	namespace Nette\Forms\Controls;
11
12	use Nette;
13	use Nette\Application\UI\Presenter;
14	use Stringable;
15	use function base64_encode, sha1, substr;
16
17
18	/**
19	* CSRF protection field.
20	*/
21	class CsrfProtection extends HiddenField
22	{
23	public const Protection = 'Nette\Forms\Controls\CsrfProtection::validateCsrf';
24
25	#[\Deprecated('use CsrfProtection::Protection')]
26	public const PROTECTION = self::Protection;
27
28	public ?Nette\Http\Session $session = null;
29
30
31	public function __construct(string\|Stringable\|null $errorMessage = null)	1✔
32	{
33	parent::__construct();	1✔
34	$this->setOmitted()	1✔
35	->setRequired()	1✔
36	->addRule(self::Protection, $errorMessage);	1✔
37
38	$this->monitor(Presenter::class, function (Presenter $presenter): void {	1✔
39	if (!$this->session) {
40	$this->session = $presenter->getSession();
41	$this->session->start();
42	}
43	});	1✔
44
45	$this->monitor(Nette\Forms\Form::class, function (Nette\Forms\Form $form): void {	1✔
46	if (!$this->session && !$form instanceof Nette\Application\UI\Form) {	1✔
47	$this->session = new Nette\Http\Session($form->httpRequest, new Nette\Http\Response);	1✔
48	$this->session->start();	1✔
49	}
50	});	1✔
51	}	1✔
52
53
54	/**
55	* @internal
56	*/
57	public function setValue($value): static
58	{
59	return $this;	1✔
60	}
61
62
63	public function loadHttpData(): void
64	{
65	$this->value = $this->getHttpData(Nette\Forms\Form::DataText);	1✔
66	}	1✔
67
68
69	public function getToken(): string
70	{
71	if (!$this->session) {	1✔
72	throw new Nette\InvalidStateException('Session initialization error');	×
73	}
74
75	$session = $this->session->getSection(self::class);	1✔
76	if (!$session->get('token')) {	1✔
77	$session->set('token', Nette\Utils\Random::generate());	1✔
78	}
79
80	return $session->get('token') ^ $this->session->getId();	1✔
81	}
82
83
84	private function generateToken(?string $random = null): string	1✔
85	{
86	$random ??= Nette\Utils\Random::generate(10);	1✔
87	return $random . base64_encode(sha1($this->getToken() . $random, binary: true));	1✔
88	}
89
90
91	public function getControl(): Nette\Utils\Html
92	{
93	return parent::getControl()->value($this->generateToken());	1✔
94	}
95
96
97	/** @internal */
98	public static function validateCsrf(self $control): bool	1✔
99	{
100	$value = (string) $control->getValue();	1✔
101	return $control->generateToken(substr($value, 0, 10)) === $value;	1✔
102	}
103	}

nette / forms / 15763260878

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous