Elgg  Version master
Public Member Functions | Public Attributes | List of all members
Elgg\Security\UrlSigner Class Reference

Component for creating signed URLs. More...

Public Member Functions

 sign (string $url, string $expires=null)
 Normalizes and signs the URL with SHA256 HMAC key. More...
 
 isValid (string $url)
 Validates HMAC signature. More...
 
 assertValid ($url)
 Assert that an url is signed correctly. More...
 

Public Attributes

const KEY_MAC = '__elgg_mac'
 
const KEY_EXPIRES = '__elgg_exp'
 

Detailed Description

Component for creating signed URLs.

Definition at line 13 of file UrlSigner.php.

Member Function Documentation

Elgg\Security\UrlSigner::assertValid (   $url)

Assert that an url is signed correctly.

Parameters
string$urlthe url to check
Returns
void
Exceptions
HttpException

Definition at line 108 of file UrlSigner.php.

Elgg\Security\UrlSigner::isValid ( string  $url)

Validates HMAC signature.

Parameters
string$urlURL to validate
Returns
bool

Definition at line 68 of file UrlSigner.php.

Elgg\Security\UrlSigner::sign ( string  $url,
string  $expires = null 
)

Normalizes and signs the URL with SHA256 HMAC key.

Note
Signed URLs do not offer CSRF protection and should not be used instead of action tokens.
Parameters
string$urlURL to sign
string$expiresExpiration time Accepts a string suitable for strtotime() Null value indicate non-expiring URL
Returns
string
Exceptions
InvalidArgumentException

Definition at line 30 of file UrlSigner.php.

Member Data Documentation

const Elgg\Security\UrlSigner::KEY_EXPIRES = '__elgg_exp'

Definition at line 16 of file UrlSigner.php.

const Elgg\Security\UrlSigner::KEY_MAC = '__elgg_mac'

Definition at line 15 of file UrlSigner.php.


The documentation for this class was generated from the following file: