lithium\security\validation\FormSignature::_compile()
Compiles form signature string. Will normalize input data and urlencode()
it.
The signature is calculated over locked and exclude fields as well as a hash of $fields. The $fields data will not become part of the final form signature string. The $fields hash is not signed itself as the hash will become part of the form signature string which is already signed.
Parameters
-
array
$fields
-
array
$locked
-
array
$excluded
Returns
stringThe compiled form signature string that should be submitted
with the form data in the form of:
<serialized locked>::<serialized excluded>::<signature>
.
Source
protected static function _compile(array $fields, array $locked, array $excluded) {
$hash = static::$_classes['hash'];
sort($fields, SORT_STRING);
ksort($locked, SORT_STRING);
sort($excluded, SORT_STRING);
foreach (['fields', 'excluded', 'locked'] as $list) {
${$list} = urlencode(serialize(${$list}));
}
$hash = $hash::calculate($fields);
$signature = static::_signature("{$locked}::{$excluded}::{$hash}");
return "{$locked}::{$excluded}::{$signature}";
}