- 2020-02-19 3.36

EFTEC · Feb 19, 2020 · 74ac141 · 74ac141
1 parent 791b79b
commit 74ac141
Show file tree

Hide file tree

Showing 7 changed files with 44 additions and 37 deletions.
diff --git a/README.md b/README.md
@@ -1112,6 +1112,13 @@ Also, BladeOneHTML adds multiple select, fixed values (without array), grouped s
 
 ## Version
 
+- 2020-02-19 3.36
+    * removed compileExpression() // it was never used
+    * solved csrfIsValid() when it is compile with mode BladeOne::MODE_FAST	
+    * @csrf tag it has a new argument (name of the token)
+        * @csrf('_mytag')
+    * method csrfIsValid has a new argument (name of the token)
+        * $blade->csrfIsValid(true,'_mytag');
 - 2020-02-15 3.35
     * Added a new argument optional for csrfIsValid()
 - 2020-01-17 3.34

diff --git a/composer.json b/composer.json
@@ -19,7 +19,7 @@
   ],
   "extra": {
     "branch-alias": {
-      "dev-master": "3.34-dev"
+      "dev-master": "3.36-dev"
     }
   },
   "config": {

diff --git a/examples/test.php b/examples/test.php
@@ -9,7 +9,6 @@
 
 $blade=new BladeOne(null, null, BladeOne::MODE_DEBUG);
 
-$blade->setCompiledExtension();
 
 //<editor-fold desc="Example data">
 $name="New User";

diff --git a/examples/testtoken.php b/examples/testtoken.php
@@ -9,9 +9,9 @@
 
 $views = __DIR__ . '/views';
 $compiledFolder = __DIR__ . '/compiled';
-$blade=new BladeOne($views, $compiledFolder, BladeOne::MODE_SLOW);
+$blade=new BladeOne($views, $compiledFolder, BladeOne::MODE_FAST);
 
-$isvalid=$blade->csrfIsValid(); // a) for get= it generates a new token, b) for post, it validates the token.
+$isvalid=$blade->csrfIsValid(true, '_mytoken'); // a) for get= it generates a new token, b) for post, it validates the token.
 session_write_close();// we close the session for writes.
 
 

diff --git a/examples/views/Test/hello.blade.php b/examples/views/Test/hello.blade.php
@@ -119,7 +119,11 @@
 @push('first')
 after the stack<br>
 @endpush
+@use("
 
+@if(SomeClass::method())
+    
+@endif    
 
 {{'kevinbacon@email.com'}}
 

diff --git a/examples/views/Test/token.blade.php b/examples/views/Test/token.blade.php
@@ -1,6 +1,6 @@
 <h1>Testing the token {{$token}}</h1>
 <form method="post">
-    @csrf
+    @csrf('_mytoken')
     <input type="text" name="field" value="{{$field}}" /><br/>
     <input type="submit" name="button" value="send"/>
 

diff --git a/lib/BladeOne.php b/lib/BladeOne.php
@@ -20,7 +20,7 @@
  * @copyright Copyright (c) 2016-2019 Jorge Patricio Castro Castillo MIT License.
  *            Don't delete this comment, its part of the license.
  *            Part of this code is based in the work of Laravel PHP Components.
- * @version   3.35 2020-02-15
+ * @version   3.36 2020-02-19
  * @link      https://github.com/EFTEC/BladeOne
  */
 class BladeOne
@@ -260,7 +260,7 @@ public function addInclude($view, $alias = null)
         }
         $this->directive($alias, function ($expression) use ($view) {
             $expression = $this->stripParentheses($expression) ?: '[]';
-            return "<?php echo \$this->runChild('{$view}', {$expression}); ?>";
+            return "{$this->phpTag} echo \$this->runChild('{$view}', {$expression}); ?>";
         });
     }
 
@@ -921,7 +921,7 @@ protected function evaluateText($content, $variables)
         // flush out any stray output that might get out before an error occurs or
         // an exception is thrown. This prevents any partial views from leaking.
         try {
-            eval(' ?>' . $content . '<?php ');
+            eval(' ?>' . $content . $this->phpTag);
         } catch (Exception $e) {
             $this->handleViewException($e);
         }
@@ -1013,13 +1013,15 @@ public function convertArg($array)
      * Returns the current token. if there is not a token then it generates a new one.
      * It could require an open session.
      *
-     * @param bool $fullToken It returns a token with the current ip.
+     * @param bool   $fullToken It returns a token with the current ip.
+     * @param string $tokenId [optional] Name of the token.
+     *
      * @return string
      */
-    public function getCsrfToken($fullToken = false)
+    public function getCsrfToken($fullToken = false, $tokenId = '_token')
     {
         if ($this->csrf_token == "") {
-            $this->regenerateToken();
+            $this->regenerateToken($tokenId);
         }
         if ($fullToken) {
             return $this->csrf_token . "|" . $this->ipClient();
@@ -1030,15 +1032,17 @@ public function getCsrfToken($fullToken = false)
     /**
      * Regenerates the csrf token and stores in the session.
      * It requires an open session.
+     *
+     * @param string $tokenId [optional] Name of the token.
      */
-    public function regenerateToken()
+    public function regenerateToken($tokenId = '_token')
     {
         try {
             $this->csrf_token = \bin2hex(\random_bytes(10));
         } catch (Exception $e) {
             $this->csrf_token = "123456789012345678901234567890"; // unable to generates a random token.
         }
-        @$_SESSION["_token"] = $this->csrf_token . "|" . $this->ipClient();
+        @$_SESSION[$tokenId] = $this->csrf_token . "|" . $this->ipClient();
     }
 
     public function ipClient()
@@ -1055,23 +1059,25 @@ public function ipClient()
      * Validates if the csrf token is valid or not.<br>
      * It requires an open session.
      *
-     * @param bool $alwaysRegenerate  [optional] Default is false.<br>
-     *                                If <b>true</b> then it will generate a new token regardless
-     *                                of the method.<br>
-     *                                If <b>false</b>, then it will generate only if the method is POST.<br>
-     *                                Note: You must not use true if you want to use csrf with AJAX.
+     * @param bool   $alwaysRegenerate [optional] Default is false.<br>
+     *                                 If <b>true</b> then it will generate a new token regardless
+     *                                 of the method.<br>
+     *                                 If <b>false</b>, then it will generate only if the method is POST.<br>
+     *                                 Note: You must not use true if you want to use csrf with AJAX.
+     *
+     * @param string $tokenId [optional] Name of the token.
      *
      * @return bool It returns true if the token is valid or it is generated. Otherwise, false.
      */
-    public function csrfIsValid($alwaysRegenerate = false)
+    public function csrfIsValid($alwaysRegenerate = false, $tokenId = '_token')
     {
         if (@$_SERVER['REQUEST_METHOD'] == 'POST' && $alwaysRegenerate === false) {
-            $this->csrf_token = @$_POST['_token']; // ping pong the token.
-            return $this->csrf_token . "|" . $this->ipClient() == @$_SESSION["_token"];
+            $this->csrf_token = @$_POST[$tokenId]; // ping pong the token.
+            return $this->csrf_token . "|" . $this->ipClient() == @$_SESSION[$tokenId];
         } else {
             if ($this->csrf_token == ""  || $alwaysRegenerate) {
                 // if not token then we generate a new one
-                $this->regenerateToken();
+                $this->regenerateToken($tokenId);
             }
             return true;
         }
@@ -1706,16 +1712,11 @@ protected function compileRelative($expression)
     {
         return $this->phpTag . " echo \$this->relative{$expression};?>";
     }
-
-    protected function compileMethod($expression)
-    {
-        $v = $this->stripParentheses($expression);
-        return $this->phpTag . " echo '<input type=\"hidden\" name=\"_method\" value=\"$v\"/>';?>";
-    }
-
-    protected function compilecsrf()
+
+    protected function compilecsrf($expression = null)
     {
-        return $this->phpTag . " echo '<input type=\"hidden\" name=\"_token\" value=\"" . $this->csrf_token . "\"/>';?>";
+        $expression=($expression === null)?"'_token'" : $expression;
+        return "<input type='hidden' name='{$this->phpTag} echo {$expression}; ?>' value='{$this->phpTag}echo \$this->csrf_token; " . "?>'/>";
     }
 
     protected function compileDd($expression)
@@ -1905,10 +1906,6 @@ protected function compileStatements($value)
          * @return mixed|string
          */
         $callback = function ($match) {
-            /*echo "<pre>";
-            var_dump($match);
-            echo "</pre>";*/
-
             if (static::contains($match[1], '@')) {
                 // @@escaped tag
                 $match[0] = isset($match[3]) ? $match[1] . $match[3] : $match[1];
@@ -1949,9 +1946,9 @@ protected function compileStatements($value)
     private function compileStatementClass($match)
     {
         if (isset($match[3])) {
-            return '<?php echo '.$this->fixNamespaceClass($match[1]). $match[3].'; ?>';
+            return $this->phpTag.'echo '.$this->fixNamespaceClass($match[1]). $match[3].'; ?>';
         } else {
-            return '<?php echo '.$this->fixNamespaceClass($match[1]).'(); ?>';
+            return $this->phpTag.'echo '.$this->fixNamespaceClass($match[1]).'(); ?>';
         }
     }