lithium\storage\session\strategy\Hmac::read()
Read strategy method.
Validates the HMAC signature of the stored data. If the signatures match, then the data is safe and will be passed through as-is.
If the stored data being read does not contain a __signature
field, a
MissingSignatureException
is thrown. When catching this exception, you may choose
to handle it by either writing out a signature (e.g. in cases where you know that no
pre-existing signature may exist), or you can blackhole it as a possible tampering
attempt.
Parameters
-
array
$data
The data being read.
-
array
$options
Options for this method.
Returns
arrayValidated data.
Source
public function read($data, array $options = []) {
if ($data === null) {
return $data;
}
$class = $options['class'];
$currentData = $class::read(null, ['strategies' => false]);
if (!isset($currentData['__signature'])) {
throw new MissingSignatureException('HMAC signature not found.');
}
if (Hash::compare($currentData['__signature'], static::_signature($currentData))) {
return $data;
}
throw new RuntimeException('Possible data tampering: HMAC signature does not match data.');
}