Symphony Extensions

Symphony CMS

Follow @symextensions for updates to the 412 extensions that we track. What is this?

What is symphonyextensions.com?

Symphony Extensions tracks Symphony CMS extensions that are hosted on Github.

How do I submit an extension?

Host your extension on Github and make sure the repository has a good README and an extension.meta.xml file. Then sign in to this site using your GitHub profile where you will see a list of your public repositories. Pick one, and add it to the site. When you make changes, just update the XML file in your repository and we do the rest.

What is an extension.meta.xml file?

It is an XML file that you add to your repository to describe your extension. You can include a name and description, developer contact details, version history, changelog, dependencies and more. Please read the documentation for a full list. You can use the lint tool to check your XML against the schema before submitting your extension to the site.

Who runs this site?

This site is now run by the community @symextensions. The site was created by nickdunn. Contact him at @nickdunn

Found a bug?

Please report it here.

0.1releasedXSRF/CSRF Protection

Validates all POST requests on backend were intentional and not part of a forged request.

Clone URLhttps://github.com/richadams/xsrf_protection.git

Add as a submodulegit submodule add https://github.com/richadams/xsrf_protection.git extensions/xsrf_protection --recursive

Download: .tar.gz, .zip
Links: Github, Homepage

Compatibility

2.x.x	2.1.x	2.2.x	2.3.x	2.4.x	2.5.x	2.6.x	2.7.0	2.7.1	2.7.2	2.7.3	2.7.4	2.7.5	2.7.6	2.7.7	2.7.8	2.7.9	2.7.10
No	No	No	0.1	No	No	No	No	No	No	No	No	No	No	No	No	No	No

Symphony Version	Extension version
2.7.10	No
2.7.9	No
2.7.8	No
2.7.7	No
2.7.6	No
2.7.5	No
2.7.4	No
2.7.3	No
2.7.2	No
2.7.1	No
2.7.0	No
2.6.x	No
2.5.x	No
2.4.x	No
2.3.x	0.1
2.2.x	No
2.1.x	No
2.x.x	No

Readme

XSRF/CSRF Protection

Version: 0.1
Author: Rich Adams (http://richadams.me)
Licensed under the GPL.

Overview

Protects the backend of Symphony CMS against cross-site request forgery.

What it does

Adds a xsrf input to any form using the POST method with a one use token.
When the backend receives a POST request, the token is validated.
If the token is incorrect, not provided, or has expired, then the request is rejected.

Requirements

Only tested in Symphony CMS 2.3

Installation

Unzip the file.
Put the xsrf_protection folder into your extension directory.
Enable the same as any other extension.

Add the following to your configuration file,

"xsrf-protection" => array("token-lifetime"               => "15 mins", // How long the tokens are valid for.
                           "invalidate-tokens-on-request" => true),     // If true, then tokens are invalidated on every request or after expiry time, whichever is first. If false, tokens only expire after the lifetime.

Configuration Options

Token Lifetime - How long before a token expires and becomes invalid. Default is 15 minutes. Can specify any strtotime() recognised string.
Invalidate Tokens On Request - If set, this will invalidate any previous tokens on every request. If not set, then tokens will only be invalidated once their expiry time is reached. Most times you probably want this disabled, otherwise when a user goes back and submits something again, they'll get the XSRF error even if the token is still within it's lifetime.

Version history

Requires Symphony 2.3

Initial release.