P4Cms_Form_Decorator_Csrf Class Reference

Inserts the form's csrf token as a hidden input (provided the form has csrf protection enabled). More...

List of all members.

Public Member Functions
	render ($content)
	If the csrf protection has been enabled, add a hidden field to the form.

---

Detailed Description

Inserts the form's csrf token as a hidden input (provided the form has csrf protection enabled).

Copyright:

2011-2012 Perforce Software. All rights reserved

License:

Please see LICENSE.txt in top-level folder of this distribution.

Version:

2012.2/486814

---

Member Function Documentation

P4Cms_Form_Decorator_Csrf::render

(

$

content

)

If the csrf protection has been enabled, add a hidden field to the form.

Parameters:

string

$content

previously rendered content string, may be empty

Returns:

string

    {
        // only take effect for forms with csrf protection enabled.
        $form = $this->getElement();
        if (!$form instanceof P4Cms_Form || !$form->hasCsrfProtection()) {
            return $content;
        }

        // Cancel page caching as we are using a CSRF token.
        if (P4Cms_Cache::canCache('page')) {
            P4Cms_Cache::getCache('page')->cancel();
        }

        // generate hidden csrf token field.
        $html = '<input type="hidden" name="' . P4Cms_Form::CSRF_TOKEN_NAME
              . '" value="' .  P4Cms_Form::getCsrfToken() . '" />';

        return $this->getPlacement() == static::APPEND
            ? $content . $this->getSeparator() . $html
            : $html . $this->getSeparator() . $content;
    }

---

The documentation for this class was generated from the following file:

• Csrf.php