Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Improvements to cookie value validation (#508)
- Loading branch information
Luke Towers
committed
Jul 29, 2020
1 parent
af1d519
commit 28310d4
Showing
2 changed files
with
120 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| <?php namespace October\Rain\Cookie; | ||
|
|
||
| /** | ||
| * Helper class to prefix, unprefix, and verify cookie values | ||
| */ | ||
| class CookieValuePrefix | ||
| { | ||
| /** | ||
| * Create a new cookie value prefix for the given cookie name. | ||
| * | ||
| * @param string $name The name of the cookie | ||
| * @param string $key The encryption key | ||
| * @return string | ||
| */ | ||
| public static function create($name, $key) | ||
| { | ||
| return hash_hmac('sha1', $name . 'v2', $key) . '|'; | ||
| } | ||
|
|
||
| /** | ||
| * Remove the cookie value prefix. | ||
| * | ||
| * @param string $cookieValue | ||
| * @return string | ||
| */ | ||
| public static function remove($cookieValue) | ||
| { | ||
| return substr($cookieValue, 41); | ||
| } | ||
|
|
||
| /** | ||
| * Verify the provided cookie's value | ||
| * | ||
| * @param string $name The name of the cookie | ||
| * @param string $value The decrypted value of the cookie to be verified | ||
| * @param string $key The encryption key used to encrypt the cookie originally | ||
| * @return string|null $verifiedValue The unprefixed value if it passed verification, otherwise null | ||
| */ | ||
| public static function getVerifiedValue($name, $value, $key) | ||
| { | ||
| $verifiedValue = null; | ||
| if (starts_with($value, static::create($name, $key))) { | ||
| $verifiedValue = static::remove($value); | ||
| } | ||
| return $verifiedValue; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters