Extends
lithium\core\Object
Read strategy method.
Validates the HMAC signature of the stored data. If the signatures match, then
the data is safe, and the 'valid' key in the returned data will be
If the store being read does not contain a `__signature` field, a `MissingSignatureException`
is thrown. When catching this exception, you may choose to handle it by either writing
out a signature (e.g. in cases where you know that no pre-existing signature may exist), or
you can blackhole it as a possible tampering attempt.
Parameters
- array $data the Data being read.
- array $options Options for this method.
Returns
array validated dataSource
public function read($data, array $options = array()) {
$class = $options['class'];
$currentData = $class::read(null, array('strategies' => false));
if (!isset($currentData['__signature'])) {
throw new MissingSignatureException('HMAC signature not found.');
}
$currentSignature = $currentData['__signature'];
$signature = static::_signature($currentData);
if (!String::compare($signature, $currentSignature)) {
$message = "Possible data tampering: HMAC signature does not match data.";
throw new RuntimeException($message);
}
return $data;
}