Elgg  Version 4.x
Public Member Functions | Public Attributes | List of all members
Elgg\Security\UrlSigner Class Reference

Component for creating signed URLs. More...

Public Member Functions

 sign ($url, $expires=false)
 Normalizes and signs the URL with SHA256 HMAC key. More...
 
 isValid ($url)
 Validates HMAC signature. More...
 
 assertValid ($url)
 Assert that an url is signed correctly. More...
 

Public Attributes

const KEY_MAC = '__elgg_mac'
 
const KEY_EXPIRES = '__elgg_exp'
 

Detailed Description

Component for creating signed URLs.

Definition at line 13 of file UrlSigner.php.

Member Function Documentation

Elgg\Security\UrlSigner::assertValid (   $url)

Assert that an url is signed correctly.

Parameters
string$urlthe url to check
Returns
void
Exceptions
HttpException

Definition at line 108 of file UrlSigner.php.

Elgg\Security\UrlSigner::isValid (   $url)

Validates HMAC signature.

Parameters
string$urlURL to validate
Returns
bool

Definition at line 68 of file UrlSigner.php.

Elgg\Security\UrlSigner::sign (   $url,
  $expires = false 
)

Normalizes and signs the URL with SHA256 HMAC key.

Note
Signed URLs do not offer CSRF protection and should not be used instead of action tokens.
Parameters
string$urlURL to sign
string$expiresExpiration time Accepts a string suitable for strtotime() Falsey values indicate non-expiring URL
Returns
string
Exceptions
InvalidArgumentException

Definition at line 30 of file UrlSigner.php.

Member Data Documentation

const Elgg\Security\UrlSigner::KEY_EXPIRES = '__elgg_exp'

Definition at line 16 of file UrlSigner.php.

const Elgg\Security\UrlSigner::KEY_MAC = '__elgg_mac'

Definition at line 15 of file UrlSigner.php.

The documentation for this class was generated from the following file:
Generated on Mon May 16 2022 00:00:28 for Elgg by   doxygen 1.8.11