Sign upLogin

speedworks/speedy

View on GitHub
Star
Core/Classes/BaseCSRF.php

Summary

Maintainability
A
0 mins
Test Coverage

verifyToken accesses the super-global variable $_SESSION.
Open

    public function verifyToken()
    {
        if(isset($_POST['csrf_token']) && !empty($_POST['csrf_token']) && isset($_SESSION['csrf_token']))
        {
            if(hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']))
Severity: Minor
Found in Core/Classes/BaseCSRF.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

verifyToken accesses the super-global variable $_SESSION.
Open

    public function verifyToken()
    {
        if(isset($_POST['csrf_token']) && !empty($_POST['csrf_token']) && isset($_SESSION['csrf_token']))
        {
            if(hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']))
Severity: Minor
Found in Core/Classes/BaseCSRF.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

verifyToken accesses the super-global variable $_POST.
Open

    public function verifyToken()
    {
        if(isset($_POST['csrf_token']) && !empty($_POST['csrf_token']) && isset($_SESSION['csrf_token']))
        {
            if(hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']))
Severity: Minor
Found in Core/Classes/BaseCSRF.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

generateToken accesses the super-global variable $_SESSION.
Open

    public function generateToken()
    {
        if(function_exists('mcrypt_create_iv'))
        {
            $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
Severity: Minor
Found in Core/Classes/BaseCSRF.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

generateToken accesses the super-global variable $_SESSION.
Open

    public function generateToken()
    {
        if(function_exists('mcrypt_create_iv'))
        {
            $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
Severity: Minor
Found in Core/Classes/BaseCSRF.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

verifyToken accesses the super-global variable $_POST.
Open

    public function verifyToken()
    {
        if(isset($_POST['csrf_token']) && !empty($_POST['csrf_token']) && isset($_SESSION['csrf_token']))
        {
            if(hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']))
Severity: Minor
Found in Core/Classes/BaseCSRF.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

verifyToken accesses the super-global variable $_POST.
Open

    public function verifyToken()
    {
        if(isset($_POST['csrf_token']) && !empty($_POST['csrf_token']) && isset($_SESSION['csrf_token']))
        {
            if(hash_equals($_SESSION['csrf_token'], $_POST['csrf_token']))
Severity: Minor
Found in Core/Classes/BaseCSRF.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

generateToken accesses the super-global variable $_SESSION.
Open

    public function generateToken()
    {
        if(function_exists('mcrypt_create_iv'))
        {
            $_SESSION['csrf_token'] = bin2hex(mcrypt_create_iv(32, MCRYPT_DEV_URANDOM));
Severity: Minor
Found in Core/Classes/BaseCSRF.php by phpmd

Superglobals

Since: 0.2

Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.

Example

class Foo {
    public function bar() {
        $name = $_POST['foo'];
    }
}

Source

There are no issues that match your filters.

Category
Status