The Csrf element pairs with the Zend/Form/View/Helper/FormHidden to provide protection from CSRF attacks on forms, ensuring the data is submitted by the user session that generated the form and not by a rogue script. Protection is achieved by adding a hash element to a form and verifying it when the form is submitted.
Basic Usage of Zend\Form\Element\Csrf
This element automatically adds a "type" attribute of value "hidden".
1 2 3 4 5 6 7 | use Zend\Form\Element;
use Zend\Form\Form;
$csrf = new Element\Csrf('csrf');
$form = new Form('my-form');
$form->add($csrf);
|
The following methods are in addition to the inherited methods of Zend\Form\Element.
getInputSpecification()
Returns a input filter specification, which includes a Zend\Filter\StringTrim filter and a Zend\Validator\Csrf to validate the CSRF value.
Returns array
The source code of this file is hosted on GitHub. Everyone can update and fix errors in this document with few clicks - no downloads needed.