--- /dev/null
+<?php
+// vim: foldmethod=marker
+/**
+ * Ethna_Plugin_Csrf_Session.php
+ *
+ * @author Keita Arai <cocoiti@comio.info>
+ * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
+ * @package Ethna
+ * @version $Id$
+ */
+
+// {{{ Ethna_Plugin_Csrf_Session
+/**
+ * CSRFÂкö
+ *
+ * CSRFÂкö¤ò¥È¡¼¥¯¥ó¤òÍѤ¤¤ÆÂкö¤¹¤ë¤¿¤á¤Î¥³¡¼¥É
+ *
+ * @author Keita Arai <cocoiti@comio.info>
+ * @access public
+ * @package Ethna
+ */
+class Ethna_Plugin_Csrf_Session extends Ethna_Plugin_Csrf
+{
+ /**#@+
+ * @access private
+ */
+
+ /** @var object Ethna_Session ¥»¥Ã¥·¥ç¥ó¥ª¥Ö¥¸¥§¥¯¥È */
+ var $session;
+
+ /**#@-*/
+
+
+ /**
+ * Ethna_Plugin_Csrf¤Î¥³¥ó¥¹¥È¥é¥¯¥¿
+ *
+ * @access public
+ * @param object Ethna_Controller &$controller ¥³¥ó¥È¥í¡¼¥é¥ª¥Ö¥¸¥§¥¯¥È
+ */
+ function Ethna_Plugin_Csrf_Session(&$controller)
+ {
+ parent::Ethna_Plugin_Csrf($controller);
+
+ // ¥ª¥Ö¥¸¥§¥¯¥È¤ÎÀßÄê
+ $this->session =& $this->controller->getSession();
+ }
+
+ /**
+ * ¥È¡¼¥¯¥ó¤òView¤È¥í¡¼¥«¥ë¥Õ¥¡¥¤¥ë¤Ë¥»¥Ã¥È¤¹¤ë
+ *
+ * @access public
+ * @return boolean À®¸ù¤«¼ºÇÔ¤«
+ */
+ function set()
+ {
+ $this->session->start();
+
+ $token = $this->session->get($this->token_name);
+ if ($token === null) {
+ $token = array();
+ }
+
+ $key = $this->_generateKey();
+ $this->session->set($this->token_name, $key);
+
+ return true;
+ }
+
+ /**
+ * ¥È¡¼¥¯¥óID¤ò¼èÆÀ¤¹¤ë
+ *
+ * @access public
+ * @return string ¥È¡¼¥¯¥óID¤òÊÖ¤¹¡£
+ */
+ function get()
+ {
+ $this->session->start();
+ return $this->session->get($this->token_name);
+ }
+
+ /**
+ * ¥È¡¼¥¯¥óID¤òºï½ü¤¹¤ë
+ *
+ * @access public
+ */
+ function remove()
+ {
+ $this->session->start();
+ $this->session->remove($this->token_name, $token);
+ }
+}
+// }}}
+?>
--- /dev/null
+<?php
+// vim: foldmethod=marker
+/**
+ * Ethna_Plugin_Csrf.php
+ *
+ * @author Keita Arai <cocoiti@comio.info>
+ * @license http://www.opensource.org/licenses/bsd-license.php The BSD License
+ * @package Ethna
+ * @version $Id$
+ */
+
+// {{{ Ethna_Plugin_Csrf
+/**
+ * CSRFÂкö´ðÄ쥯¥é¥¹
+ *
+ * CSRFÂкö¤ò¥È¡¼¥¯¥ó¤òÍѤ¤¤ÆÂкö¤¹¤ë¤¿¤á¤Î¥³¡¼¥É
+ *
+ * @author Keita Arai <cocoiti@comio.info>
+ * @access public
+ * @package Ethna
+ */
+class Ethna_Plugin_Csrf
+{
+ /**#@+
+ * @access private
+ */
+
+ var $controller;
+
+ /** @var object Ethna_Controller controller¥ª¥Ö¥¸¥§¥¯¥È($controller¤Î¾Êά·Á) */
+ var $ctl;
+
+ /** @var object Ethna_Config ÀßÄꥪ¥Ö¥¸¥§¥¯¥È */
+ var $config;
+
+ /** @var object Ethna_Logger ¥í¥°¥ª¥Ö¥¸¥§¥¯¥È */
+ var $logger;
+
+ /** @var string ¶¦Í¥È¡¼¥¯¥ó̾ */
+ var $token_name = 'ethna_csrf';
+
+ /**#@-*/
+
+
+ /**
+ * Ethna_Plugin_Csrf¤Î¥³¥ó¥¹¥È¥é¥¯¥¿
+ *
+ * @access public
+ * @param object Ethna_Controller &$controller ¥³¥ó¥È¥í¡¼¥é¥ª¥Ö¥¸¥§¥¯¥È
+ */
+ function Ethna_Plugin_Csrf(&$controller)
+ {
+ // ¥ª¥Ö¥¸¥§¥¯¥È¤ÎÀßÄê
+ $this->controller =& $controller;
+ $this->ctl =& $this->controller;
+
+ $this->config =& $controller->getConfig();
+ $this->logger =& $this->controller->getLogger();
+ }
+
+ /**
+ * ¥È¡¼¥¯¥ó¤òView¤È¥í¡¼¥«¥ë¥Õ¥¡¥¤¥ë¤Ë¥»¥Ã¥È¤¹¤ë
+ *
+ * @access public
+ * @return string ¥È¡¼¥¯¥ó¤ÎKey
+ */
+ function set()
+ {
+
+ }
+
+ /**
+ * ¥È¡¼¥¯¥óID¤ò¼èÆÀ¤¹¤ë
+ *
+ * @access public
+ * @return string ¥È¡¼¥¯¥óID¤òÊÖ¤¹¡£
+ */
+ function get()
+ {
+
+ }
+
+ /**
+ * ¥È¡¼¥¯¥óID¤òºï½ü¤¹¤ë
+ *
+ * @access public
+ * @return string ¥È¡¼¥¯¥óID¤òÊÖ¤¹¡£
+ */
+ function remove()
+ {
+
+ }
+
+ /**
+ * ¥È¡¼¥¯¥ó̾¤ò¼èÆÀ¤¹¤ë
+ *
+ * @access public
+ * @return string ¥È¡¼¥¯¥ó̾¤òÊÖ¤¹¡£
+ */
+ function getName()
+ {
+ return $this->token_name;
+ }
+
+ /**
+ * ¥È¡¼¥¯¥óID¤ò¸¡¾Ú¤¹¤ë
+ *
+ * @access public
+ * @return mixed Àµ¾ï¤Î¾ì¹ç¤Ïtrue, ÉÔÀµ¤Î¾ì¹ç¤Ïfalse
+ */
+ function isValid()
+ {
+ $token = $this->_get_token();
+
+ $local_token = $this->get();
+
+ if (is_null($local_token)) {
+ return false;
+ }
+
+ if ($token === $local_token) {
+ return true;
+ }
+
+ return false;
+ }
+
+ /**
+ * ¥¡¼¤òÀ¸À®¤¹¤ë
+ *
+ * @access public
+ * @return string keyname
+ */
+ function _generateKey()
+ {
+ return Ethna_Util::getRandom(32);
+ }
+
+ /**
+ * ¥ê¥¯¥¨¥¹¥È¤«¤é¥È¡¼¥¯¥óID¤È¥ê¥¯¥¨¥¹¥ÈID¤òÈ´¤½Ð¤¹
+ *
+ * @access public
+ * @return mixed Àµ¾ï¤Î¾ì¹ç¤Ï¥È¡¼¥¯¥ó̾, ÉÔÀµ¤Î¾ì¹ç¤Ïfalse
+ */
+ function _get_token()
+ {
+ $token_name = $this->getName();
+ if (strcasecmp($_SERVER['REQUEST_METHOD'], 'post') === 0) {
+ return isset($_POST[$token_name]) ? $_POST[$token_name] : null;
+ } else {
+ return isset($_GET[$token_name]) ? $_GET[$token_name] : null;
+ }
+ }
+}
+// }}}
+?>