PHPackages opencontent/ezuserformtoken-ls - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. opencontent/ezuserformtoken-ls ActiveEzpublish-legacy-extension[Utility & Helpers](/categories/utility) opencontent/ezuserformtoken-ls ============================== Opencontent eZ Publish Legacy User Form Token extension 05.5k↓50%1PHP Since Jul 19Pushed 6y ago7 watchersCompare [ Source](https://github.com/OpencontentCoop/ezuserformtoken)[ Packagist](https://packagist.org/packages/opencontent/ezuserformtoken-ls)[ RSS](/packages/opencontent-ezuserformtoken-ls/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependenciesVersions (1)Used By (0) eZ Publish Legacy User Form Token extension =========================================== [](#ez-publish-legacy-user-form-token-extension) This extension aims to stop CSRF attacks against eZ Publish implementing the easiest remediation described in [detectify](https://support.detectify.com/customer/portal/articles/1969819-login-csrf). It works like the official extension [eZ Form Token](https://doc.ez.no/eZ-Publish/Technical-manual/4.6/Features/eZ-Form-token-extension) adding input & output filter events, which verify that POST requests have an input matching with a generated custom cookie. The difference with eZ Form Token is that the verification is done on requests made by the anonymous user. This is all done transparently for html/xhtml forms, but requires changes to all ajax POST code. If the form token does not verify, an exception is currently thrown and an error 500 is send to the HTTP client. It is possible to configure modules to be protected and the cookie parameter in the new configuration block `[UserFormToken]` in site.ini (see defaults in settings/site.ini.append.php file of this extension) See also: [How to protect against login CSRF? in stackexchange](https://security.stackexchange.com/questions/59411/how-to-protect-against-login-csrf) ### Health Score 24 — LowBetter than 32% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity22 Limited adoption so far Community13 Small or concentrated contributor base Maturity36 Early-stage or recently created project Bus Factor1 Top contributor holds 60% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Community Maintainers ![](https://www.gravatar.com/avatar/4bb0695337c30a80b955ef72819273442a7dcbcfd69f99b80a28084d170bba0a?d=identicon)[Opencontent](/maintainers/Opencontent) --- Top Contributors [![lrealdi](https://avatars.githubusercontent.com/u/14081241?v=4)](https://github.com/lrealdi "lrealdi (3 commits)")[![Opencontent](https://avatars.githubusercontent.com/u/972033?v=4)](https://github.com/Opencontent "Opencontent (2 commits)") ### Embed Badge ![Health badge](/badges/opencontent-ezuserformtoken-ls/health.svg) ``` [![Health](https://phpackages.com/badges/opencontent-ezuserformtoken-ls/health.svg)](https://phpackages.com/packages/opencontent-ezuserformtoken-ls) ``` ### Alternatives [fab2s/nodalflow A PHP Nodal WorkFlow 16362.4k1](/packages/fab2s-nodalflow)[sheadawson/quickaddnew A decorator for form fields that manage object relationships, to allow adding a new object on the fly through a dialog window. It can handle has\_one, has\_many or many\_many relationships. At the moment it has been tested / works on DropdownField and ListboxField. It works both in the CMS and in the frontend. 4234.4k7](/packages/sheadawson-quickaddnew)[assistant-engine/filament-assistant A Filament Assistant package that enables AI features, bringing advanced assistant capabilities directly into Filament. 392.7k](/packages/assistant-engine-filament-assistant) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)