如何使用 Zend_Form_Element_Hash?
然后我尝试使用 Zend_Form_Element_Hash 它会在每个请求时重新生成一个哈希值。
在我的代码中:
// form
$this->addElement('hash', 'hihacker', array('salt' => 'thesal'));
然后我转储 $_SESSION 我看到每个页面重新加载都有一个新值。
然后我发送一个表单,它报告错误“令牌'28a5e0e2a50a3d4afaa654468fd29420'与给定令牌'a64407cc11376dac1916d2101de90d29'不匹配”,每次 - 新的令牌对
Then I'm trying to use Zend_Form_Element_Hash it regenerates a hash every request.
In my code:
// form
$this->addElement('hash', 'hihacker', array('salt' => 'thesal'));
Then I dumping $_SESSION I see a new value each page reload.
Then I send a form it reports an error "The token '28a5e0e2a50a3d4afaa654468fd29420' does not match the given token 'a64407cc11376dac1916d2101de90d29'", each time - new pair of tokens
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
它对我来说效果很好,但请仔细检查您的会话设置
“
在内部,该元素使用 Zend_Session_Namespace 存储唯一标识符,并在提交时检查它(检查 TTL 是否尚未过期)。然后使用“相同”验证器来确保提交的哈希值与存储的哈希值匹配。
“formHidden”视图助手用于呈现表单中的元素。
”
表单 ZF 文档
its working very well for me but double check your session setting
"
Internally, the element stores a unique identifier using Zend_Session_Namespace, and checks for it at submission (checking that the TTL has not expired). The 'Identical' validator is then used to ensure the submitted hash matches the stored hash.
The 'formHidden' view helper is used to render the element in the form.
"
form ZF docs
Zend_Form_Element_Hash 应该重新生成每个请求。您所描述的是您的令牌不同步。这通常发生在多种表单或重定向/转发时。
如果您在页面上的某个地方使用 ajax,您可以将其放入控制器操作中(接近末尾)
然后,当您执行 ajax 调用时,只需提取令牌并使用选择器和 .replaceWith() 替换表单上的令牌即可。这也是处理多种表单的方式,
否则您可能会重定向某些内容或加载某些内容两次,并且您应该更改 Zend 库中的跃点。跃点是令牌在过期之前可以被请求的次数
Zend_Form_Element_Hash is supposed to regenerate every request. What you're describing is your tokens going out of synch. This generally happens with multiple forms or with redirects/forwards.
If you're using ajax somewhere on the page you can put this in the controller action (near the end)
Then when you do the ajax call, just pull the token and replace the token on the form using a selector and .replaceWith(). This is how you deal with multiple forms as well
Otherwise you're probably either redirecting something or loading something twice and you should change the hop in the Zend library. The hop is how many times a token can be requested before it expires
检查脚本中是否存在隐藏的重定向或转发...哈希的跳数为 1,因此任何重定向都会使其过期。
FWIW 我认为 ZF 的几个版本之前的哈希中存在一个微妙的错误。我陷入了完全相同的问题,并修改了代码以使跳数 = 2。当我升级 ZF 后,这个问题就消失了。
Check that there is not a hidden redirect or forward somewhere in your script... the hash has a hop count of 1 so any redirect will make it expire.
FWIW i think there was a subtle bug in the hash a few versions of ZF ago. I got stuck on exactly the same problem, and hacked the code to make the hop count = 2. When I upgraded ZF this problem went away.