fixd permission

diff --git a/class/Plugin/Csrf/Ethna_Plugin_Csrf_Session.php b/class/Plugin/Csrf/Ethna_Plugin_Csrf_Session.php
new file mode 100644 (file)
index 0000000..4d9523b
--- /dev/null
+++ b/class/Plugin/Csrf/Ethna_Plugin_Csrf_Session.php
@@ -0,0 +1,93 @@
+<?php
+// vim: foldmethod=marker
+/**
+ *  Ethna_Plugin_Csrf_Session.php
+ *
+ *  @author     Keita Arai <cocoiti@comio.info>
+ *  @license    http://www.opensource.org/licenses/bsd-license.php The BSD License
+ *  @package    Ethna
+ *  @version    $Id$
+ */
+
+// {{{ Ethna_Plugin_Csrf_Session
+/**
+ *  CSRFÂкö
+ *
+ *  CSRFÂкö¤ò¥È¡¼¥¯¥ó¤òÍѤ¤¤ÆÂкö¤¹¤ë¤¿¤á¤Î¥³¡¼¥É
+ *
+ *  @author     Keita Arai <cocoiti@comio.info>
+ *  @access     public
+ *  @package    Ethna
+ */
+class Ethna_Plugin_Csrf_Session extends Ethna_Plugin_Csrf
+{
+    /**#@+
+     *  @access private
+     */
+
+    /** @var    object  Ethna_Session    ¥»¥Ã¥·¥ç¥ó¥ª¥Ö¥¸¥§¥¯¥È */
+    var $session;
+    
+    /**#@-*/
+
+
+    /**
+     *  Ethna_Plugin_Csrf¤Î¥³¥ó¥¹¥È¥é¥¯¥¿
+     *
+     *  @access public
+     *  @param  object  Ethna_Controller    &$controller    ¥³¥ó¥È¥í¡¼¥é¥ª¥Ö¥¸¥§¥¯¥È
+     */
+    function Ethna_Plugin_Csrf_Session(&$controller)
+    {
+        parent::Ethna_Plugin_Csrf($controller);
+
+        // ¥ª¥Ö¥¸¥§¥¯¥È¤ÎÀßÄê
+        $this->session =& $this->controller->getSession();
+    }
+    
+    /**
+     *  ¥È¡¼¥¯¥ó¤òView¤È¥í¡¼¥«¥ë¥Õ¥¡¥¤¥ë¤Ë¥»¥Ã¥È¤¹¤ë
+     *
+     *  @access public
+     *  @return boolean  À®¸ù¤«¼ºÇÔ¤«
+     */
+    function set()
+    {
+        $this->session->start();
+
+        $token = $this->session->get($this->token_name);
+        if ($token === null) {
+            $token = array();
+        }
+
+        $key = $this->_generateKey();
+        $this->session->set($this->token_name, $key); 
+
+        return true;       
+    }
+
+    /**
+     *  ¥È¡¼¥¯¥óID¤ò¼èÆÀ¤¹¤ë
+     *
+     *  @access public
+     *  @return string ¥È¡¼¥¯¥óID¤òÊÖ¤¹¡£
+     */
+    function get()
+    {
+        $this->session->start();
+        return $this->session->get($this->token_name);
+    }
+
+    /**
+     *  ¥È¡¼¥¯¥óID¤òºï½ü¤¹¤ë
+     *
+     *  @access public
+     */
+    function remove()
+    {
+        $this->session->start();
+        $this->session->remove($this->token_name, $token);        
+    }
+}
+// }}}
+?>

diff --git a/class/Plugin/Ethna_Plugin_Csrf.php b/class/Plugin/Ethna_Plugin_Csrf.php
new file mode 100644 (file)
index 0000000..a63fbac
--- /dev/null
+++ b/class/Plugin/Ethna_Plugin_Csrf.php
@@ -0,0 +1,156 @@
+<?php
+// vim: foldmethod=marker
+/**
+ *  Ethna_Plugin_Csrf.php
+ *
+ *  @author     Keita Arai <cocoiti@comio.info>
+ *  @license    http://www.opensource.org/licenses/bsd-license.php The BSD License
+ *  @package    Ethna
+ *  @version    $Id$
+ */
+
+// {{{ Ethna_Plugin_Csrf
+/**
+ *  CSRFÂкö´ðÄ쥯¥é¥¹
+ *
+ *  CSRFÂкö¤ò¥È¡¼¥¯¥ó¤òÍѤ¤¤ÆÂкö¤¹¤ë¤¿¤á¤Î¥³¡¼¥É
+ *
+ *  @author     Keita Arai <cocoiti@comio.info>
+ *  @access     public
+ *  @package    Ethna
+ */
+class Ethna_Plugin_Csrf
+{
+    /**#@+
+     *  @access private
+     */
+
+    var $controller;
+
+    /** @var    object  Ethna_Controller    controller¥ª¥Ö¥¸¥§¥¯¥È($controller¤Î¾Êά·Á) */
+    var $ctl;
+
+    /** @var    object  Ethna_Config        ÀßÄꥪ¥Ö¥¸¥§¥¯¥È */
+    var $config;
+
+    /** @var    object  Ethna_Logger        ¥í¥°¥ª¥Ö¥¸¥§¥¯¥È */
+    var $logger;
+    
+    /** @var    string  ¶¦Í­¥È¡¼¥¯¥ó̾ */
+    var $token_name = 'ethna_csrf';
+    
+    /**#@-*/
+
+
+    /**
+     *  Ethna_Plugin_Csrf¤Î¥³¥ó¥¹¥È¥é¥¯¥¿
+     *
+     *  @access public
+     *  @param  object  Ethna_Controller    &$controller    ¥³¥ó¥È¥í¡¼¥é¥ª¥Ö¥¸¥§¥¯¥È
+     */
+    function Ethna_Plugin_Csrf(&$controller)
+    {
+        // ¥ª¥Ö¥¸¥§¥¯¥È¤ÎÀßÄê
+        $this->controller =& $controller;
+        $this->ctl =& $this->controller;
+
+        $this->config =& $controller->getConfig();
+        $this->logger =& $this->controller->getLogger();
+    }
+    
+    /**
+     *  ¥È¡¼¥¯¥ó¤òView¤È¥í¡¼¥«¥ë¥Õ¥¡¥¤¥ë¤Ë¥»¥Ã¥È¤¹¤ë
+     *
+     *  @access public
+     *  @return string  ¥È¡¼¥¯¥ó¤ÎKey
+     */
+    function set()
+    {
+
+    }
+
+    /**
+     *  ¥È¡¼¥¯¥óID¤ò¼èÆÀ¤¹¤ë
+     *
+     *  @access public
+     *  @return string ¥È¡¼¥¯¥óID¤òÊÖ¤¹¡£
+     */
+    function get()
+    {
+
+    }
+
+    /**
+     *  ¥È¡¼¥¯¥óID¤òºï½ü¤¹¤ë
+     *
+     *  @access public
+     *  @return string ¥È¡¼¥¯¥óID¤òÊÖ¤¹¡£
+     */
+    function remove()
+    {
+
+    }
+
+    /**
+     *  ¥È¡¼¥¯¥ó̾¤ò¼èÆÀ¤¹¤ë
+     *
+     *  @access public
+     *  @return string ¥È¡¼¥¯¥ó̾¤òÊÖ¤¹¡£
+     */
+    function getName()
+    {
+        return $this->token_name;
+    }
+
+    /**
+     *  ¥È¡¼¥¯¥óID¤ò¸¡¾Ú¤¹¤ë
+     *
+     *  @access public
+     *  @return mixed  Àµ¾ï¤Î¾ì¹ç¤Ïtrue, ÉÔÀµ¤Î¾ì¹ç¤Ïfalse
+     */
+    function isValid()
+    {
+        $token = $this->_get_token();
+
+        $local_token = $this->get();
+
+        if (is_null($local_token)) {
+            return false;
+        }
+
+        if ($token === $local_token) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     *  ¥­¡¼¤òÀ¸À®¤¹¤ë
+     *
+     *  @access public
+     *  @return string  keyname
+     */
+    function _generateKey()
+    {
+        return Ethna_Util::getRandom(32);
+    }
+
+    /**
+     *  ¥ê¥¯¥¨¥¹¥È¤«¤é¥È¡¼¥¯¥óID¤È¥ê¥¯¥¨¥¹¥ÈID¤òÈ´¤­½Ð¤¹
+     *
+     *  @access public
+     *  @return mixed  Àµ¾ï¤Î¾ì¹ç¤Ï¥È¡¼¥¯¥ó̾, ÉÔÀµ¤Î¾ì¹ç¤Ïfalse
+     */
+    function _get_token()
+    {
+        $token_name = $this->getName();
+        if (strcasecmp($_SERVER['REQUEST_METHOD'], 'post') === 0) {
+            return isset($_POST[$token_name]) ? $_POST[$token_name] : null;
+        } else {
+            return isset($_GET[$token_name]) ? $_GET[$token_name] : null;
+        }
+    }
+}
+// }}}
+?>