‪TYPO3CMS  10.4
AbstractFormProtection.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
17 
21 
30 {
32 
37 
43  protected ‪$sessionToken;
44 
48  protected function ‪getSessionToken()
49  {
50  $this->sessionToken = $this->sessionToken ?? $this->‪retrieveSessionToken();
52  }
53 
57  public function ‪__destruct()
58  {
59  unset($this->sessionToken);
60  }
61 
67  public function ‪clean()
68  {
69  unset($this->sessionToken);
70  $this->‪persistSessionToken();
71  }
72 
86  public function ‪generateToken($formName, $action = '', $formInstanceName = '')
87  {
88  if ($formName == '') {
89  throw new \InvalidArgumentException('$formName must not be empty.', 1294586643);
90  }
91  $tokenId = GeneralUtility::hmac($formName . $action . $formInstanceName . $this->‪getSessionToken());
92  return $tokenId;
93  }
94 
105  public function ‪validateToken($tokenId, $formName, $action = '', $formInstanceName = '')
106  {
107  $validTokenId = GeneralUtility::hmac(((string)$formName . (string)$action) . (string)$formInstanceName . $this->‪getSessionToken());
108  if (hash_equals($validTokenId, (string)$tokenId)) {
109  $isValid = true;
110  } else {
111  $isValid = false;
112  }
113  if (!$isValid) {
115  }
116  return $isValid;
117  }
118 
124  protected function ‪generateSessionToken()
125  {
126  return GeneralUtility::makeInstance(Random::class)->generateRandomHexString(64);
127  }
128 
133  protected function ‪createValidationErrorMessage()
134  {
135  if ($this->validationFailedCallback !== null) {
136  $this->validationFailedCallback->__invoke();
137  }
138  }
139 
145  abstract protected function ‪retrieveSessionToken();
146 
153  abstract public function ‪persistSessionToken();
154 }
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\$sessionToken
‪string $sessionToken
Definition: AbstractFormProtection.php:40
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateToken
‪string generateToken($formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:83
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\$validationFailedCallback
‪Closure $validationFailedCallback
Definition: AbstractFormProtection.php:34
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\getSessionToken
‪string getSessionToken()
Definition: AbstractFormProtection.php:45
‪TYPO3\CMS\Core\Security\BlockSerializationTrait
Definition: BlockSerializationTrait.php:28
‪TYPO3\CMS\Core\FormProtection
Definition: AbstractFormProtection.php:16
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\createValidationErrorMessage
‪createValidationErrorMessage()
Definition: AbstractFormProtection.php:130
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\clean
‪clean()
Definition: AbstractFormProtection.php:64
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\validateToken
‪bool validateToken($tokenId, $formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:102
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\__destruct
‪__destruct()
Definition: AbstractFormProtection.php:54
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:30
‪TYPO3\CMS\Core\Crypto\Random
Definition: Random.php:24
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\retrieveSessionToken
‪string retrieveSessionToken()
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\persistSessionToken
‪persistSessionToken()
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateSessionToken
‪string generateSessionToken()
Definition: AbstractFormProtection.php:121