diff --git a/form.php b/form.php
index e3ca724..a2c1d68 100644
--- a/form.php
+++ b/form.php
@@ -386,13 +386,17 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
{
foreach ($field->defaults as $key=>$val)
{
- $res .= "name, ENT_QUOTES)."][".
- htmlspecialchars ($key, ENT_QUOTES)."]'";
+ $res .= " multiple) && $field->multiple !== FALSE)
+ $res .= " name='$this->formName"."[".
+ htmlspecialchars ($field->name, ENT_QUOTES)."][".
+ htmlspecialchars ($key, ENT_QUOTES)."]'";
+ else
+ $res .= " name='$this->formName"."[".
+ htmlspecialchars ($field->name, ENT_QUOTES)."]'";
$res .= " value='";
- $res .= htmlspecialchars ($val, ENT_QUOTES)."'";
- $res .= "/>";
+ $res .= htmlspecialchars ($key, ENT_QUOTES)."'";
+ $res .= "/>\n";
}
}
@@ -445,7 +449,9 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
case "submit":
// No $field->label, $field->multiple, $field->error
- $res .= "name, ENT_QUOTES)."]'";
$res .= " id='$this->formName"."_".
@@ -461,6 +467,8 @@ die ("FORM/VERIFY : UNUSED and dirty\n");
if (isset ($field->hidden) && $field->hidden !== FALSE)
$res .= " style='display:none'";
$res .= "/>\n";
+ $res .= " \n";
+ $res .= " \n";
break;
default:
@@ -597,6 +605,10 @@ class csrf
$this->csrfToken = $s;
$_SESSION["domframework"]["form"]["csrf"] = $this->csrfToken;
$_SESSION["domframework"]["form"]["csrfStart"] = microtime (TRUE);
+file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."createToken : $this->csrfToken\n", FILE_APPEND);
+file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
+$e = new Exception();
+file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
return $this->csrfToken;
}
@@ -605,24 +617,41 @@ class csrf
@param string $tokenFromUser The value form the user's token */
public function checkToken ($tokenFromUser)
{
+file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser)\n", FILE_APPEND);
+file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
+$e = new Exception();
+file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
if ($this->csrf === FALSE )
return TRUE;
if (! isset ($_SESSION["domframework"]["form"]["csrf"]))
+ {
+file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : No previous CSRF token\n", FILE_APPEND);
throw new Exception (dgettext("domframework",
"No previous CSRF token : abort"));
+ }
if ($_SESSION["domframework"]["form"]["csrf"] !== $tokenFromUser)
+ {
+file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : Invalid CSRF token provided\n", FILE_APPEND);
throw new Exception (dgettext("domframework",
"Invalid CSRF token provided"));
+ }
if (($_SESSION["domframework"]["form"]["csrfStart"] + $this->csrfTimeout) <
microtime (TRUE))
+ {
+file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."checkToken ($tokenFromUser) : Obsolete CSRF token provided\n", FILE_APPEND);
throw new Exception (dgettext("domframework",
"Obsolete CSRF token provided"));
+ }
return TRUE;
}
/** Return the CSRF token in a hidden field */
public function displayFormCSRF ()
{
+file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ")."displayFormCSRF\n", FILE_APPEND);
+file_put_contents ("/tmp/csrf.log", date ("Y-m-d H:i:s ").$_SERVER["REQUEST_METHOD"]."-".$_SERVER["REQUEST_URI"]."\n", FILE_APPEND);
+$e = new Exception();
+file_put_contents ("/tmp/csrf.log", print_r(str_replace('/path/to/code/', '', $e->getTraceAsString()."\n"), TRUE), FILE_APPEND);
if ($this->csrfToken == "")
$this->createToken ();
$res = "