form : correct formfield (groups)
git-svn-id: https://svn.fournier38.fr/svn/ProgSVN/trunk@2066 bf3deb0d-5f1a-0410-827f-c0cc1f45334c
This commit is contained in:
31
form.php
31
form.php
@@ -180,6 +180,11 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
|
|||||||
$group = "";
|
$group = "";
|
||||||
foreach ($this->fields as $field)
|
foreach ($this->fields as $field)
|
||||||
{
|
{
|
||||||
|
if (isset ($field->group) && $field->group !== $group && $group !== "")
|
||||||
|
{
|
||||||
|
$res .="</fieldset>\n";
|
||||||
|
$group = "";
|
||||||
|
}
|
||||||
if (isset ($field->group) && $field->group !== $group)
|
if (isset ($field->group) && $field->group !== $group)
|
||||||
{
|
{
|
||||||
$res .= "<fieldset>\n";
|
$res .= "<fieldset>\n";
|
||||||
@@ -514,13 +519,12 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
|
|||||||
$res .= " </div>\n"; // End form-group
|
$res .= " </div>\n"; // End form-group
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (isset ($field->group) && $field->group !== $group ||
|
if ($group !== "")
|
||||||
!isset ($field->group) && $group !== "")
|
{
|
||||||
{
|
$res .="</fieldset>\n";
|
||||||
$res .="</fieldset>\n";
|
$group = "";
|
||||||
$group = "";
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->csrf === TRUE)
|
if ($this->csrf === TRUE)
|
||||||
@@ -605,10 +609,6 @@ class csrf
|
|||||||
$this->csrfToken = $s;
|
$this->csrfToken = $s;
|
||||||
$_SESSION["domframework"]["form"]["csrf"] = $this->csrfToken;
|
$_SESSION["domframework"]["form"]["csrf"] = $this->csrfToken;
|
||||||
$_SESSION["domframework"]["form"]["csrfStart"] = microtime (TRUE);
|
$_SESSION["domframework"]["form"]["csrfStart"] = microtime (TRUE);
|
||||||
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."createToken : $this->csrfToken\n", FILE_APPEND);
|
|
||||||
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
|
|
||||||
$e = new Exception();
|
|
||||||
file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
|
|
||||||
return $this->csrfToken;
|
return $this->csrfToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -617,28 +617,21 @@ file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e
|
|||||||
@param string $tokenFromUser The value form the user's token */
|
@param string $tokenFromUser The value form the user's token */
|
||||||
public function checkToken ($tokenFromUser)
|
public function checkToken ($tokenFromUser)
|
||||||
{
|
{
|
||||||
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser)\n", FILE_APPEND);
|
|
||||||
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
|
|
||||||
$e = new Exception();
|
|
||||||
file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
|
|
||||||
if ($this->csrf === FALSE )
|
if ($this->csrf === FALSE )
|
||||||
return TRUE;
|
return TRUE;
|
||||||
if (! isset ($_SESSION["domframework"]["form"]["csrf"]))
|
if (! isset ($_SESSION["domframework"]["form"]["csrf"]))
|
||||||
{
|
{
|
||||||
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : No previous CSRF token\n", FILE_APPEND);
|
|
||||||
throw new Exception (dgettext("domframework",
|
throw new Exception (dgettext("domframework",
|
||||||
"No previous CSRF token : abort"));
|
"No previous CSRF token : abort"));
|
||||||
}
|
}
|
||||||
if ($_SESSION["domframework"]["form"]["csrf"] !== $tokenFromUser)
|
if ($_SESSION["domframework"]["form"]["csrf"] !== $tokenFromUser)
|
||||||
{
|
{
|
||||||
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : Invalid CSRF token provided\n", FILE_APPEND);
|
|
||||||
throw new Exception (dgettext("domframework",
|
throw new Exception (dgettext("domframework",
|
||||||
"Invalid CSRF token provided"));
|
"Invalid CSRF token provided"));
|
||||||
}
|
}
|
||||||
if (($_SESSION["domframework"]["form"]["csrfStart"] + $this->csrfTimeout) <
|
if (($_SESSION["domframework"]["form"]["csrfStart"] + $this->csrfTimeout) <
|
||||||
microtime (TRUE))
|
microtime (TRUE))
|
||||||
{
|
{
|
||||||
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : Obsolete CSRF token provided\n", FILE_APPEND);
|
|
||||||
throw new Exception (dgettext("domframework",
|
throw new Exception (dgettext("domframework",
|
||||||
"Obsolete CSRF token provided"));
|
"Obsolete CSRF token provided"));
|
||||||
}
|
}
|
||||||
@@ -648,10 +641,6 @@ file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFro
|
|||||||
/** Return the CSRF token in a hidden field */
|
/** Return the CSRF token in a hidden field */
|
||||||
public function displayFormCSRF ()
|
public function displayFormCSRF ()
|
||||||
{
|
{
|
||||||
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."displayFormCSRF\n", FILE_APPEND);
|
|
||||||
file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
|
|
||||||
$e = new Exception();
|
|
||||||
file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
|
|
||||||
if ($this->csrfToken == "")
|
if ($this->csrfToken == "")
|
||||||
$this->createToken ();
|
$this->createToken ();
|
||||||
$res = "<input type='hidden' name='$this->field' ";
|
$res = "<input type='hidden' name='$this->field' ";
|
||||||
|
|||||||
Reference in New Issue
Block a user