lithium\security\validation\FormSignature::_compile()

protected static method

Compiles form signature string. Will normalize input data and urlencode() it.

The signature is calculated over locked and exclude fields as well as a hash of $fields. The $fields data will not become part of the final form signature string. The $fields hash is not signed itself as the hash will become part of the form signature string which is already signed.

Parameters

  • array $fields
  • array $locked
  • array $excluded

Returns

string

The compiled form signature string that should be submitted with the form data in the form of: <serialized locked>::<serialized excluded>::<signature>.

Source

	protected static function _compile(array $fields, array $locked, array $excluded) {
		$string = static::$_classes['string'];

		sort($fields, SORT_STRING);
		ksort($locked, SORT_STRING);
		sort($excluded, SORT_STRING);

		foreach (array('fields', 'excluded', 'locked') as $list) {
			${$list} = urlencode(serialize(${$list}));
		}
		$hash = $string::hash($fields);
		$signature = static::_signature("{$locked}::{$excluded}::{$hash}");

		return "{$locked}::{$excluded}::{$signature}";
	}