Add csrf_header() and csrf_meta() helper functions

2025-02-20 11:44:28 +08:00 · 2019-09-28 08:05:27 +02:00 · 2019-09-28 08:05:27 +02:00 · 5025c33834
commit 5025c33834
parent 198c2648c0
3 changed files with 62 additions and 0 deletions
--- a/system/Common.php
+++ b/system/Common.php
@ -723,6 +723,25 @@ if (! function_exists('csrf_token'))
 //--------------------------------------------------------------------
 if (! function_exists('csrf_header'))
 {
 	/**
 	 * Returns the CSRF header name.
 	 * Can be used in Views by adding it to the meta tag
 	 * or used in javascript to define a header name when using APIs.
 	 *
 	 * @return string
 	 */
 	function csrf_header(): string
 	{
 		$config = config(App::class);
 		return $config->CSRFHeaderName;
 	}
 }
 //--------------------------------------------------------------------
 if (! function_exists('csrf_hash'))
 {
 	/**
@ -759,6 +778,23 @@ if (! function_exists('csrf_field'))
 //--------------------------------------------------------------------
 if (! function_exists('csrf_meta'))
 {
 	/**
 	 * Generates a meta tag for use within javascript calls.
 	 *
 	 * @param string|null $id
 	 *
 	 * @return string
 	 */
 	function csrf_meta(string $id = null): string
 	{
 		return '<meta' . (! empty($id) ? ' id="' . esc($id, 'attr') . '"' : '') . ' name="' . csrf_header() . '" content="' . csrf_hash() . '" />';
 	}
 }
 //--------------------------------------------------------------------
 if (! function_exists('force_https'))
 {
 	/**
--- a/tests/system/CommonFunctionsTest.php
+++ b/tests/system/CommonFunctionsTest.php
@ -251,6 +251,11 @@ class CommonFunctionsTest extends \CIUnitTestCase
 		$this->assertEquals('csrf_test_name', csrf_token());
 	}
 	public function testCSRFHeader()
 	{
 		$this->assertEquals('X-CSRF-TOKEN', csrf_header());
 	}
 	public function testHash()
 	{
 		$this->assertEquals(32, strlen(csrf_hash()));
@ -261,6 +266,11 @@ class CommonFunctionsTest extends \CIUnitTestCase
 		$this->assertContains('<input type="hidden" ', csrf_field());
 	}
 	public function testCSRFMeta()
 	{
 		$this->assertContains('<meta name="X-CSRF-TOKEN" ', csrf_meta());
 	}
 	// ------------------------------------------------------------------------
 	/**
--- a/user_guide_src/source/general/common_functions.rst
+++ b/user_guide_src/source/general/common_functions.rst
@ -176,6 +176,13 @@ Miscellaneous Functions
 	Returns the name of the current CSRF token.
 .. php:function:: csrf_header ()
 	:returns: The name of the header for current CSRF token.
 	:rtype: string
 	The name of the header for current CSRF token.
 .. php:function:: csrf_hash ()
 	:returns: The current value of the CSRF hash.
@ -192,6 +199,15 @@ Miscellaneous Functions
 		<input type="hidden" name="{csrf_token}" value="{csrf_hash}">
 .. php:function:: csrf_meta ()
 	:returns: A string with the HTML for meta tag with all required CSRF information.
 	:rtype: string
 	Returns a meta tag with the CSRF information already inserted:
 		<meta name="{csrf_header}" content="{csrf_hash}">
 .. php:function:: force_https ( $duration = 31536000 [, $request = null [, $response = null]] )
 	:param  int  $duration: The number of seconds browsers should convert links to this resource to HTTPS.