X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FBaseModule.php;h=f70662a62f80cbab285daf597b262fa233ed370e;hb=fff6e30782f57d41f5ed925f1c661e7b5acd3e72;hp=c03a77e29e2e3cc935e7b43e2907d280efc89a23;hpb=55369613d46eda72d5e120d5cf66703867eb03e3;p=friendica.git

diff --git a/src/BaseModule.php b/src/BaseModule.php
index c03a77e29e..f70662a62f 100644
--- a/src/BaseModule.php
+++ b/src/BaseModule.php
@@ -331,7 +331,7 @@ abstract class BaseModule implements ICanHandleRequests
 	 *    Actually, important actions should not be triggered by Links / GET-Requests at all, but sometimes they still are,
 	 *    so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
 	 */
-	public static function getFormSecurityToken($typename = '')
+	public static function getFormSecurityToken(string $typename = '')
 	{
 		$user      = User::getById(DI::app()->getLoggedInUserId(), ['guid', 'prvkey']);
 		$timestamp = time();
@@ -340,7 +340,14 @@ abstract class BaseModule implements ICanHandleRequests
 		return $timestamp . '.' . $sec_hash;
 	}
 
-	public static function checkFormSecurityToken($typename = '', $formname = 'form_security_token')
+	/**
+	 * Checks if form's security (CSRF) token is valid.
+	 *
+	 * @param string $typename ???
+	 * @param string $formname Name of form/field (???)
+	 * @return bool Whether it is valid
+	 */
+	public static function checkFormSecurityToken(string $typename = '', string $formname = 'form_security_token'): bool
 	{
 		$hash = null;
 
@@ -372,12 +379,12 @@ abstract class BaseModule implements ICanHandleRequests
 		return ($sec_hash == $x[1]);
 	}
 
-	public static function getFormSecurityStandardErrorMessage()
+	public static function getFormSecurityStandardErrorMessage(): string
 	{
 		return DI::l10n()->t("The form security token was not correct. This probably happened because the form has been opened for too long \x28>3 hours\x29 before submitting it.") . EOL;
 	}
 
-	public static function checkFormSecurityTokenRedirectOnError($err_redirect, $typename = '', $formname = 'form_security_token')
+	public static function checkFormSecurityTokenRedirectOnError(string $err_redirect, string $typename = '', string $formname = 'form_security_token')
 	{
 		if (!self::checkFormSecurityToken($typename, $formname)) {
 			Logger::notice('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename);
@@ -387,7 +394,7 @@ abstract class BaseModule implements ICanHandleRequests
 		}
 	}
 
-	public static function checkFormSecurityTokenForbiddenOnError($typename = '', $formname = 'form_security_token')
+	public static function checkFormSecurityTokenForbiddenOnError(string $typename = '', string $formname = 'form_security_token')
 	{
 		if (!self::checkFormSecurityToken($typename, $formname)) {
 			Logger::notice('checkFormSecurityToken failed: user ' . DI::app()->getLoggedInUserNickname() . ' - form element ' . $typename);