2015-06-12 19:11:28 +02:00
|
|
|
<?php
|
|
|
|
|
2021-10-11 16:10:47 +02:00
|
|
|
class SecurityHelper
|
|
|
|
{
|
|
|
|
public static function htmlescape_recursive(&$arr)
|
|
|
|
{
|
2015-06-12 19:48:54 +02:00
|
|
|
foreach ($arr as $key => $val) {
|
|
|
|
if (is_array($val)) {
|
|
|
|
self::htmlescape_recursive($arr[$key]);
|
2021-10-11 16:10:47 +02:00
|
|
|
} elseif (is_string($val)) {
|
2015-06-12 19:48:54 +02:00
|
|
|
$arr[$key] = htmlspecialchars($val, ENT_QUOTES);
|
|
|
|
}
|
|
|
|
}
|
2021-10-11 16:10:47 +02:00
|
|
|
|
2015-06-12 19:48:54 +02:00
|
|
|
return $arr;
|
|
|
|
}
|
2015-09-24 00:21:30 +02:00
|
|
|
|
2021-10-11 16:10:47 +02:00
|
|
|
public static function verifyCSRFToken($observedToken)
|
|
|
|
{
|
2015-09-24 00:21:30 +02:00
|
|
|
$current_namespace = new Zend_Session_Namespace('csrf_namespace');
|
|
|
|
$observed_csrf_token = $observedToken;
|
|
|
|
$expected_csrf_token = $current_namespace->authtoken;
|
|
|
|
|
2021-10-11 16:10:47 +02:00
|
|
|
return $observed_csrf_token == $expected_csrf_token;
|
2015-09-24 00:21:30 +02:00
|
|
|
}
|
2021-10-11 16:10:47 +02:00
|
|
|
}
|