php - Accessing request obejct in zend (1.12) custom validator is legal? -
i using zend framework 1.12
. have service validating token. service having 2 functions
settoken
: responsible generating token , store in session.validatetoken
: responsible regenerating token , validate token stored in session.
current situation calling settoken()
function while loading form , validatetoken()
function called after form submission.
now want write zend custom validator
. process.
here custom validator:
class my_validator_csrf extends zend_validate_abstract { const invalid_token = 'invalid_token'; /** * message templates * @var array */ protected $_messagetemplates = array( self::invalid_token => "csrf_form_error", ); /** * generates , set token in session. */ public function __construct() { $request = zend_controller_front::getinstance()->getrequest(); if (!$request->ispost()) { $csrfvalidator = new website_service_csrfvalidator(); $csrfvalidator->settoken(); } } /** * validates csrf token. * * @return boolean */ public function isvalid($value) { $csrfvalidator = new website_service_csrfvalidator(); if (!$csrfvalidator->validatetoken()) { $this->_error(self::invalid_token); return false; } return false; } }
question: settoken()
function must called while loading form , not after form submission. therefore checking if method not post , using front controller having request object there in form validator.
$request = zend_controller_front::getinstance()->getrequest(); if (!$request->ispost()) { $csrfvalidator = new website_service_csrfvalidator(); $csrfvalidator->settoken(); }
i not sure if legal or not. if not please suggest me way can achieve above scenario.
thanks in advance
you try (note: change 'send' submit button's id attribute value):
if ($request->getparam('send', false)) { // user submitted form ... } else { // form not yet submitted ... }
an alternative option post form submission different url / action.
Comments
Post a Comment