Friday, March 26, 2010

Custom message for Zend CSRF token

Ever see the following message when using Zends CSRF token?:

The token 'cea65eff4f464dsl57729a21fbd56aea' does not match the given token 'd2479b415baafe5791ase68f85122828a'

Wouldn't it be more useful to have an intelligible message? To set custom messages for the Zend_Form_Element_Hash do the following:

$this->addElement('hash', 'csrf_token', array(
'salt' => get_class($this) . '',
'timeout' => ,
'errorMessages' => array('Identical' => 'Form has timed out (probably), or you are attempting a cross-site request forgery. Please submit form again.'),

'Identical' is the validator that Zend_Form_Element_Hash uses. So adding the errorMessages line when creating the hash should do the trick.

There is probably a setErrorMessages() method also, but I haven't tried this.