Friendica/friendica-github
1
0
Fork 0
mirror of https://github.com/friendica/friendica synced 2025-04-19 09:10:12 +00:00
Code Issues Projects Releases Packages Wiki Activity

Added more type-hints and documented a few methods

Browse source
This commit is contained in:
Roland Häder 2022-06-16 16:35:39 +02:00
parent 97e27cb523
commit aa5f0d5ec1
5 changed files with 26 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/BaseModule.php
View file

@ -331,7 +331,7 @@ abstract class BaseModule implements ICanHandleRequests
* Actually, important actions should not be triggered by Links / GET-Requests at all, but sometimes they still are,
* so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
*/
public static function getFormSecurityToken($typename = '')
public static function getFormSecurityToken(string $typename = '')
{
$user = User::getById(DI::app()->getLoggedInUserId(), ['guid', 'prvkey']);
$timestamp = time();
@ -340,7 +340,14 @@ abstract class BaseModule implements ICanHandleRequests
return $timestamp . '.' . $sec_hash;
}
public static function checkFormSecurityToken($typename = '', $formname = 'form_security_token')
/**
* Checks if form's security (CSRF) token is valid.
*
* @param string $typename ???
* @param string $formname Name of form/field (???)
* @return bool Whether it is valid
*/
public static function checkFormSecurityToken(string $typename = '', string $formname = 'form_security_token'): bool
{
$hash = null;
@ -372,12 +379,12 @@ abstract class BaseModule implements ICanHandleRequests
return ($sec_hash == $x[1]);
}
public static function getFormSecurityStandardErrorMessage()
public static function getFormSecurityStandardErrorMessage(): string
{
return DI::l10n()->t("The form security token was not correct. This probably happened because the form has been opened for too long \x28>3 hours\x29 before submitting it.") . EOL;
}
public static function checkFormSecurityTokenRedirectOnError($err_redirect, $typename = '', $formname = 'form_security_token')
public static function checkFormSecurityTokenRedirectOnError(string $err_redirect, string $typename = '', string $formname = 'form_security_token')
{
if (!self::checkFormSecurityToken($typename, $formname)) {
Logger::notice('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename);
@ -387,7 +394,7 @@ abstract class BaseModule implements ICanHandleRequests
}
}
public static function checkFormSecurityTokenForbiddenOnError($typename = '', $formname = 'form_security_token')
public static function checkFormSecurityTokenForbiddenOnError(string $typename = '', string $formname = 'form_security_token')
{
if (!self::checkFormSecurityToken($typename, $formname)) {
Logger::notice('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename);