{"id":31847270,"url":"https://github.com/opencontentcoop/ezuserformtoken","last_synced_at":"2025-10-12T09:43:01.396Z","repository":{"id":57032116,"uuid":"158575808","full_name":"OpencontentCoop/ezuserformtoken","owner":"OpencontentCoop","description":null,"archived":false,"fork":false,"pushed_at":"2019-07-19T13:05:42.000Z","size":12,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-09-28T23:52:27.370Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/OpencontentCoop.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-11-21T16:20:07.000Z","updated_at":"2019-07-19T13:05:44.000Z","dependencies_parsed_at":"2022-08-24T06:30:44.295Z","dependency_job_id":null,"html_url":"https://github.com/OpencontentCoop/ezuserformtoken","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/OpencontentCoop/ezuserformtoken","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpencontentCoop%2Fezuserformtoken","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpencontentCoop%2Fezuserformtoken/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpencontentCoop%2Fezuserformtoken/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpencontentCoop%2Fezuserformtoken/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/OpencontentCoop","download_url":"https://codeload.github.com/OpencontentCoop/ezuserformtoken/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/OpencontentCoop%2Fezuserformtoken/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279010942,"owners_count":26084837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-12T09:42:57.414Z","updated_at":"2025-10-12T09:43:01.383Z","avatar_url":"https://github.com/OpencontentCoop.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# eZ Publish Legacy User Form Token extension\n\n\nThis extension aims to stop CSRF attacks against eZ Publish \nimplementing the easiest remediation described in [detectify](https://support.detectify.com/customer/portal/articles/1969819-login-csrf).\n\nIt works like the official extension [eZ Form Token](https://doc.ez.no/eZ-Publish/Technical-manual/4.6/Features/eZ-Form-token-extension) adding input \u0026 output filter events, \nwhich verify that POST requests have an input matching with a generated custom cookie.\nThe difference with eZ Form Token is that the verification is done on requests made by the anonymous user.\n\nThis is all done transparently for html/xhtml forms, but requires changes to all ajax POST code.\nIf the form token does not verify, an exception is currently thrown and an\nerror 500 is send to the HTTP client.\n\nIt is possible to configure modules to be protected and the cookie parameter in the new configuration block ```[UserFormToken]``` in site.ini\n(see defaults in settings/site.ini.append.php file of this extension)\n\nSee also:\n[How to protect against login CSRF? in stackexchange](https://security.stackexchange.com/questions/59411/how-to-protect-against-login-csrf)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencontentcoop%2Fezuserformtoken","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopencontentcoop%2Fezuserformtoken","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopencontentcoop%2Fezuserformtoken/lists"}