Zend Framework csrf会话问题

时间:2011-08-14 09:01:35

标签: zend-framework session frameworks csrf zend-form-element

当我尝试以这种方式向表单添加cssrf元素时,我的代码工作正常且突然:

$this->addElement('hash', 'csrf', 'Category' . time());

发生以下错误

Fatal error: Cannot return string offsets by reference in /usr/share/Zend/library/Zend/Session/Abstract.php on line 160 Stack trace: 1. {main}() /Users/myname/Sites/Zend_Projects/myproject/public/index.php:0 2. Zend_Application->run() /Users/myname/Sites/Zend_Projects/myproject/public/index.php:26 3. Zend_Application_Bootstrap_Bootstrap->run() /usr/share/Zend/library/Zend/Application.php:366 4. Zend_Controller_Front->dispatch() /usr/share/Zend/library/Zend/Application/Bootstrap/Bootstrap.php:97 5. Zend_Controller_Dispatcher_Standard->dispatch() /usr/share/Zend/library/Zend/Controller/Front.php:954 6. Zend_Controller_Action->dispatch() /usr/share/Zend/library/Zend/Controller/Dispatcher/Standard.php:295 7. Effigy_MaestroController->editAction() /usr/share/Zend/library/Zend/Controller/Action.php:513 8. Zend_Form->__construct() /Users/myname/Sites/Zend_Projects/myproject/application/modules/effigy/controllers/MaestroController.php:109 9. Application_Form_Extendible_Category->init() /usr/share/Zend/library/Zend/Form.php:240 10. Zend_Form->addElement() /Users/myname/Sites/Zend_Projects/myproject/application/forms/Extendible/Category.php:100 11. Zend_Form->createElement() /usr/share/Zend/library/Zend/Form.php:1040 12. Zend_Form_Element_Hash->__construct() /usr/share/Zend/library/Zend/Form.php:1112 13. Zend_Form_Element_Hash->initCsrfValidator() /usr/share/Zend/library/Zend/Form/Element/Hash.php:83 14. Zend_Session_Namespace->__get() /usr/share/Zend/library/Zend/Session/Namespace.php:0 15. Zend_Session_Abstract::_namespaceGet() /usr/share/Zend/library/Zend/Session/Namespace.php:287

为什么会发生这种情况以及可以采取哪些措施?

1 个答案:

答案 0 :(得分:0)

根据对quick start的评论,我觉得你也使用了一个模块并遇到了同样的问题。引用它以便快速参考。

But if you put the same same code in a module, it tries to create the session file iin the directory APPLICATION_PATH "/../data/session" which doesn't exist by default so an exception is raised. 

$this->addElement('hash', 'csrf', array(
    'ignore' => true,
));

我觉得你可以使用这个插件http://codeutopia.net/blog/2008/10/16/how-to-csrf-protect-all-your-forms/

  

它做什么?

ZF控制器插件可以自动保护所有表格 - 整洁,呵呵?

相关问题
最新问题