Zend Framework csrf 会话问题
我的代码工作正常,突然当我尝试以这种方式向表单添加 cssrf 元素时:
$this->addElement('hash', 'csrf', 'Category' . time( ));
出现以下错误
Fatal error: Cannot return string offsets by reference in /usr/share/Zend/library/Zend/Session/Abstract.php on line 160 堆栈跟踪: 1. {main}() /Users/myname/Sites/Zend_Projects/myproject/public/index.php:0 2. Zend_Application->run() /Users/myname/Sites/Zend_Projects/myproject/public/index.php:26 3. Zend_Application_Bootstrap_Bootstrap->run() /usr/share/Zend/library/Zend/Application.php:366 4. Zend_Controller_Front->dispatch() /usr/share/Zend/library/Zend/Application/Bootstrap/Bootstrap.php:97 5. Zend_Controller_Dispatcher_Standard->dispatch() /usr/share/Zend/library/Zend/Controller/Front.php:954 6. Zend_Controller_Action->dispatch() /usr/share/Zend/library/Zend/Controller/Dispatcher/Standard.php:295 7. Effigy_MaestroController->editAction() /usr/share/Zend/library/Zend/Controller/Action.php:513 8. Zend_Form->__construct() /Users/myname/Sites/Zend_Projects/myproject/application/modules/effigy/controllers/MaestroController.php:109 9. Application_Form_Extendible_Category->init() /usr/share/Zend/library/Zend/Form.php:240 10. Zend_Form->addElement() /Users/myname/Sites/Zend_Projects/myproject/application/forms/Extendible/Category.php:100 11. Zend_Form->createElement() /usr/share/Zend/library/Zend/Form.php:1040 12. Zend_Form_Element_Hash->__construct() /usr/share/Zend/library/Zend/Form.php:1112 13. Zend_Form_Element_Hash->initCsrfValidator() /usr/share/Zend/library/Zend/Form/Element/Hash.php:83 14. Zend_Session_Namespace->__get() /usr/share/Zend/library/Zend/Session/Namespace.php:0 15. Zend_Session_Abstract::_namespaceGet() /usr/share/Zend/library/Zend/Session/Namespace.php:287
为什么会发生这种情况以及可以采取什么措施?
My code was working fine and all of a sudden when I'm trying to add a cssrf element to the form this way:
$this->addElement('hash', 'csrf', 'Category' . time());
The following error occurs
Fatal error: Cannot return string offsets by reference in /usr/share/Zend/library/Zend/Session/Abstract.php on line 160
Stack trace:
1. {main}() /Users/myname/Sites/Zend_Projects/myproject/public/index.php:0
2. Zend_Application->run() /Users/myname/Sites/Zend_Projects/myproject/public/index.php:26
3. Zend_Application_Bootstrap_Bootstrap->run() /usr/share/Zend/library/Zend/Application.php:366
4. Zend_Controller_Front->dispatch() /usr/share/Zend/library/Zend/Application/Bootstrap/Bootstrap.php:97
5. Zend_Controller_Dispatcher_Standard->dispatch() /usr/share/Zend/library/Zend/Controller/Front.php:954
6. Zend_Controller_Action->dispatch() /usr/share/Zend/library/Zend/Controller/Dispatcher/Standard.php:295
7. Effigy_MaestroController->editAction() /usr/share/Zend/library/Zend/Controller/Action.php:513
8. Zend_Form->__construct() /Users/myname/Sites/Zend_Projects/myproject/application/modules/effigy/controllers/MaestroController.php:109
9. Application_Form_Extendible_Category->init() /usr/share/Zend/library/Zend/Form.php:240
10. Zend_Form->addElement() /Users/myname/Sites/Zend_Projects/myproject/application/forms/Extendible/Category.php:100
11. Zend_Form->createElement() /usr/share/Zend/library/Zend/Form.php:1040
12. Zend_Form_Element_Hash->__construct() /usr/share/Zend/library/Zend/Form.php:1112
13. Zend_Form_Element_Hash->initCsrfValidator() /usr/share/Zend/library/Zend/Form/Element/Hash.php:83
14. Zend_Session_Namespace->__get() /usr/share/Zend/library/Zend/Session/Namespace.php:0
15. Zend_Session_Abstract::_namespaceGet() /usr/share/Zend/library/Zend/Session/Namespace.php:287
Why does this happen and what can be done about it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
来自对快速入门的评论我觉得你也使用模块并遇到同样的问题。引用它以供快速参考。
但是,如果您将相同的代码放入模块中,它会尝试在目录 APPLICATION_PATH“/../data/session”中创建会话文件,该文件默认情况下不存在,因此会引发异常。我觉得你可以使用这个插件 http://codeutopia.net/blog/2008/10/16/how-to-csrf-protect-all-your-forms/
ZF 控制器插件可自动保护您的所有表单 - 整洁,不是吗?
From a comment on the quick start I feel you too using a module and getting into the same issue . Quoting it for quick reference.
But if you put the same same code in a module, it tries to create the session file iin the directory APPLICATION_PATH "/../data/session" which doesn't exist by default so an exception is raised.And I feel you can use this plugin http://codeutopia.net/blog/2008/10/16/how-to-csrf-protect-all-your-forms/
ZF controller plugin which automatically secures all your forms – neat, huh?