10.4/_ajax_widget_context_holder_8php_source.html

<?php


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


namespace ‪TYPO3\CMS\Fluid\Core\Widget;


use ‪TYPO3\CMS\Core\SingletonInterface;

use ‪TYPO3\CMS\Core\Utility\GeneralUtility;

use ‪TYPO3\CMS\Core\Utility\StringUtility;

use ‪TYPO3\CMS\Extbase\Security\Cryptography\HashService;

use ‪TYPO3\CMS\Fluid\Core\Widget\Exception\WidgetContextNotFoundException;

use ‪TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;


class ‪AjaxWidgetContextHolder implements ‪SingletonInterface

{

    protected ‪$widgetContexts = [];


    protected ‪$widgetContextsStorageKey = 'TYPO3\\CMS\\Fluid\\Core\\Widget\\AjaxWidgetContextHolder_widgetContexts';


    protected ‪$hashService;


    public function ‪__construct()

    {

        $this->hashService = GeneralUtility::makeInstance(HashService::class);

        $this->‪loadWidgetContexts();

    }


    protected function ‪loadWidgetContexts()

    {

        if (isset(‪$GLOBALS['TSFE']) && ‪$GLOBALS['TSFE'] instanceof ‪TypoScriptFrontendController) {

            $this->widgetContexts = $this->‪unserializeWithHmac(‪$GLOBALS['TSFE']->fe_user->getKey('ses', $this->widgetContextsStorageKey));

        } else {

            $this->widgetContexts = isset(‪$GLOBALS['BE_USER']->uc[$this->widgetContextsStorageKey]) ? $this->‪unserializeWithHmac(‪$GLOBALS['BE_USER']->uc[$this->widgetContextsStorageKey]) : [];

            ‪$GLOBALS['BE_USER']->writeUC();

        }

    }


    public function get($ajaxWidgetId)

    {

        if (!isset($this->widgetContexts[$ajaxWidgetId])) {

            throw new ‪WidgetContextNotFoundException('No widget context was found for the Ajax Widget Identifier "' . $ajaxWidgetId . '". This only happens if AJAX URIs are called without including the widget on a page.', 1284793775);

        }

        return $this->widgetContexts[$ajaxWidgetId];

    }


    public function ‪store(‪WidgetContext $widgetContext)

    {

        $ajaxWidgetId = md5(‪StringUtility::getUniqueId());

        $widgetContext->‪setAjaxWidgetIdentifier($ajaxWidgetId);

        $this->widgetContexts[$ajaxWidgetId] = $widgetContext;

        $this->‪storeWidgetContexts();

    }


    protected function ‪storeWidgetContexts()

    {

        if (isset(‪$GLOBALS['TSFE']) && ‪$GLOBALS['TSFE'] instanceof ‪TypoScriptFrontendController) {

            ‪$GLOBALS['TSFE']->fe_user->setKey('ses', $this->widgetContextsStorageKey, $this->‪serializeWithHmac($this->widgetContexts));

            ‪$GLOBALS['TSFE']->fe_user->storeSessionData();

        } else {

            ‪$GLOBALS['BE_USER']->uc[‪$this->widgetContextsStorageKey] = $this->‪serializeWithHmac($this->widgetContexts);

            ‪$GLOBALS['BE_USER']->writeUC();

        }

    }


    protected function ‪serializeWithHmac(array ‪$widgetContexts): string

    {

        $data = serialize(‪$widgetContexts);

        return $this->hashService->appendHmac($data);

    }


    protected function ‪unserializeWithHmac(?string $data): array

    {

        if ($data === null || $data === '') {

            return [];

        }

        try {

            $data = $this->hashService->validateAndStripHmac($data);

            // widget contexts literally can contain everything, that why using

            // HMAC-signed `unserialize()` is the only option here unless Extbase

            // structures have been refactored further

            ‪$widgetContexts = unserialize($data);

        } finally {

            return is_array(‪$widgetContexts ?? null) ? ‪$widgetContexts : [];

        }

    }

}