dr897777 2016-01-23 09:55
浏览 37
已采纳

Zend框架1.12 - 哈希表格验证返回错误

I am using Zend_Form_Element_Hash to protect csrf on my website. Below is the code in my Form.php

$token = new Zend_Form_Element_Hash('token', 'csrf');
$token->setSalt(md5(uniqid(rand(), TRUE)));
$token->initCsrfToken();
$token->initCsrfValidator();
$this->addElement($token);

When I check for $form->isValid in my controller I always get the below error

The two given tokens do not match

Would appreciate any help here!

  • 写回答

1条回答 默认 最新

  • duanqian8867 2016-01-24 21:34
    关注
    1. Csrf is stored in session, session name for csrf depends on salt. If salt is random, session name will be random too. So you couldn't get csrf from session to compare it with csrf from post. Make salt constant for this form.

    2. Don't call initCsrfToken, this method resets csrf and is called automatically on render.

    3. Better transmit salt on element creation

      $token = new Zend_Form_Element_Hash('token', 'csrf', array('salt' => 'secure'));
      $this->addElement($token);
      
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥60 pb数据库修改或者求完整pb库存系统,需为pb自带数据库
  • ¥15 spss统计中二分类变量和有序变量的相关性分析可以用kendall相关分析吗?
  • ¥15 拟通过pc下指令到安卓系统,如果追求响应速度,尽可能无延迟,是不是用安卓模拟器会优于实体的安卓手机?如果是,可以快多少毫秒?
  • ¥20 神经网络Sequential name=sequential, built=False
  • ¥16 Qphython 用xlrd读取excel报错
  • ¥15 单片机学习顺序问题!!
  • ¥15 ikuai客户端多拨vpn,重启总是有个别重拨不上
  • ¥20 关于#anlogic#sdram#的问题,如何解决?(关键词-performance)
  • ¥15 相敏解调 matlab
  • ¥15 求lingo代码和思路