lithium\security\validation\FormSignature::check()

public static method

Validates form data using an embedded form signature string. The form signature string must be embedded in security.signature alongside the other data to check against.

Note: Will ignore any other data inside security.*.

Parameters

  • array|object $data

    The form data as an array or an object with the data inside the data property.

Returns

boolean

true if the form data is valid, false if not.

Source

	public static function check($data) {
		if (is_object($data) && isset($data->data)) {
			$data = $data->data;
		}
		if (!isset($data['security']['signature'])) {
			throw new Exception('Unable to check form signature. Cannot find signature in data.');
		}
		$signature = $data['security']['signature'];
		unset($data['security']);

		$parsed = static::_parse($signature);
		$data = Set::flatten($data);

		if (array_intersect_assoc($data, $parsed['locked']) != $parsed['locked']) {
			return false;
		}
		$fields = array_diff(
			array_keys($data),
			array_keys($parsed['locked']),
			$parsed['excluded']
		);
		return $signature === static::_compile($fields, $parsed['locked'], $parsed['excluded']);
	}