dr897777 2016-01-23 09:55
浏览 37
已采纳

Zend框架1.12 - 哈希表格验证返回错误

I am using Zend_Form_Element_Hash to protect csrf on my website. Below is the code in my Form.php

$token = new Zend_Form_Element_Hash('token', 'csrf');
$token->setSalt(md5(uniqid(rand(), TRUE)));
$token->initCsrfToken();
$token->initCsrfValidator();
$this->addElement($token);

When I check for $form->isValid in my controller I always get the below error

The two given tokens do not match

Would appreciate any help here!

  • 写回答

1条回答 默认 最新

  • duanqian8867 2016-01-24 21:34
    关注
    1. Csrf is stored in session, session name for csrf depends on salt. If salt is random, session name will be random too. So you couldn't get csrf from session to compare it with csrf from post. Make salt constant for this form.

    2. Don't call initCsrfToken, this method resets csrf and is called automatically on render.

    3. Better transmit salt on element creation

      $token = new Zend_Form_Element_Hash('token', 'csrf', array('salt' => 'secure'));
      $this->addElement($token);
      
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 模拟电路 logisim
  • ¥15 PVE8.2.7无法成功使用a5000的vGPU,什么原因
  • ¥15 is not in the mmseg::model registry。报错,模型注册表找不到自定义模块。
  • ¥15 安装quartus II18.1时弹出此error,怎么解决?
  • ¥15 keil官网下载psn序列号在哪
  • ¥15 想用adb命令做一个通话软件,播放录音
  • ¥30 Pytorch深度学习服务器跑不通问题解决?
  • ¥15 部分客户订单定位有误的问题
  • ¥15 如何在maya程序中利用python编写领子和褶裥的模型的方法
  • ¥15 Bug traq 数据包 大概什么价