sintonia/legacy/application/common/SecurityHelper.php

<?php

class SecurityHelper {

    public static function htmlescape_recursive(&$arr) {
        foreach ($arr as $key => $val) {
            if (is_array($val)) {
                self::htmlescape_recursive($arr[$key]);
            } else if (is_string($val)) {
                $arr[$key] = htmlspecialchars($val, ENT_QUOTES);
            }
        }
        return $arr;
    }

    public static function verifyCSRFToken($observedToken) {
        $current_namespace = new Zend_Session_Namespace('csrf_namespace');
        $observed_csrf_token = $observedToken;
        $expected_csrf_token = $current_namespace->authtoken;

        return ($observed_csrf_token == $expected_csrf_token);
    }
}
XSS prevention for Radio Page 2015-06-12 19:11:28 +02:00			`<?php`

			`class SecurityHelper {`

CC-6055: Improved escaping 2015-06-12 19:48:54 +02:00			`public static function htmlescape_recursive(&$arr) {`
			`foreach ($arr as $key => $val) {`
			`if (is_array($val)) {`
			`self::htmlescape_recursive($arr[$key]);`
			`} else if (is_string($val)) {`
			`$arr[$key] = htmlspecialchars($val, ENT_QUOTES);`
			`}`
			`}`
			`return $arr;`
			`}`
Improvements to the preferences screen 2015-09-24 00:21:30 +02:00
SAAS-1085: Optimization - Don't start sessions unless we actually need them. 2015-09-25 16:41:51 +02:00			`public static function verifyCSRFToken($observedToken) {`
Improvements to the preferences screen 2015-09-24 00:21:30 +02:00			`$current_namespace = new Zend_Session_Namespace('csrf_namespace');`
			`$observed_csrf_token = $observedToken;`
			`$expected_csrf_token = $current_namespace->authtoken;`

SAAS-1085: Optimization - Don't start sessions unless we actually need them. 2015-09-25 16:41:51 +02:00			`return ($observed_csrf_token == $expected_csrf_token);`
Improvements to the preferences screen 2015-09-24 00:21:30 +02:00			`}`
XSS prevention for Radio Page 2015-06-12 19:11:28 +02:00			`}`