From 5e776cf7ac6e6e0d14d1b8905eec6a76fe19ad8c Mon Sep 17 00:00:00 2001 From: Minhaz Date: Sat, 23 May 2020 18:07:07 +0800 Subject: [PATCH] Some more lint fixes. --- libs/csrf/csrfprotector.php | 47 ++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 19 deletions(-) diff --git a/libs/csrf/csrfprotector.php b/libs/csrf/csrfprotector.php index 23ccb19..ad424f9 100755 --- a/libs/csrf/csrfprotector.php +++ b/libs/csrf/csrfprotector.php @@ -10,7 +10,7 @@ if (!defined('__CSRF_PROTECTOR__')) { define('__CSRF_PROTECTOR__', true); // to avoid multiple declaration errors - // name of HTTP POST variable for authentication + // Name of HTTP POST variable for authentication define("CSRFP_TOKEN","CSRFP-Token"); // We insert token name and list of url patterns for which @@ -19,12 +19,13 @@ define("CSRFP_FIELD_TOKEN_NAME", "csrfp_hidden_data_token"); define("CSRFP_FIELD_URLS", "csrfp_hidden_data_urls"); - /** - * child exception classes - */ + /** Indicates configuration file was not found. */ class configFileNotFoundException extends \exception {}; - class jsFileNotFoundException extends \exception {}; + + /** Indicates that configuration file is incomplete. */ class incompleteConfigurationException extends \exception {}; + + /** Indicates that CSRF Protector is already initialized. */ class alreadyInitializedException extends \exception {}; class csrfProtector @@ -75,12 +76,17 @@ class csrfProtector * Variable: $config * config file for CSRFProtector * @var int Array, length = 6 - * Property: #1: failedAuthAction (int) => action to be taken in case autherisation fails - * Property: #3: customErrorMessage (string) => custom error message to be sent in case - * of failed authentication - * Property: #4: jsFile (string) => location of the CSRFProtector js file - * Property: #5: tokenLength (int) => default length of hash - * Property: #6: disabledJavascriptMessage (string) => error message if client's js is disabled + * Property: #1: failedAuthAction (int) => action to be taken in case + * autherisation fails. + * Property: #3: customErrorMessage (string) => custom error message to + * be sent in case of failed authentication. + * Property: #4: jsFile (string) => location of the CSRFProtector js + * file. + * Property: #5: tokenLength (int) => default length of hash. + * Property: #6: disabledJavascriptMessage (string) => error message if + * client's js is disabled. + * + * TODO(mebjas): this field should be private */ public static $config = array(); @@ -88,16 +94,20 @@ class csrfProtector * Variable: $requiredConfigurations * Contains list of those parameters that are required to be there * in config file for csrfp to work + * + * TODO(mebjas): this field should be private */ - public static $requiredConfigurations = array('failedAuthAction', 'jsUrl', 'tokenLength'); + public static $requiredConfigurations = array( + 'failedAuthAction', 'jsUrl', 'tokenLength'); /* * Function: function to initialise the csrfProtector work flow * * Parameters: - * $length - length of CSRF_AUTH_TOKEN to be generated - * $action - int array, for different actions to be taken in case of failed validation - * $logger - custom logger class object + * $length - (int) length of CSRF_AUTH_TOKEN to be generated. + * $action - (int array), for different actions to be taken in case of + * failed validation. + * $logger - (LoggerInterface) custom logger class object. * * Returns: * void @@ -210,11 +220,10 @@ public static function init($length = null, $action = null, $logger = null) * * Returns: * void - * - * Throws: - * logDirectoryNotFoundException - if log directory is not found + * + * TODO(mebjas): this method should be private. */ - private static function authorizePost() + public static function authorizePost() { // TODO(mebjas): this method is valid for same origin request only, // enable it for cross origin also sometime for cross origin the