‪TYPO3CMS  10.4
BackendFormProtection.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
16 namespace ‪TYPO3\CMS\Core\FormProtection;
17 
18 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
19 use ‪TYPO3\CMS\Core\Error\Exception;
20 use ‪TYPO3\CMS\Core\Registry;
21 
74 class ‪BackendFormProtection extends ‪AbstractFormProtection
75 {
82  protected ‪$backendUser;
83 
90  protected ‪$registry;
91 
100  public function ‪__construct(‪BackendUserAuthentication ‪$backendUser, ‪Registry ‪$registry, \Closure ‪$validationFailedCallback = null)
101  {
102  $this->backendUser = ‪$backendUser;
103  $this->registry = ‪$registry;
104  $this->validationFailedCallback = ‪$validationFailedCallback;
105  if (!$this->‪isAuthorizedBackendSession()) {
106  throw new ‪Exception('A back-end form protection may only be instantiated if there is an active back-end session.', 1285067843);
107  }
108  }
109 
115  protected function ‪retrieveSessionToken()
116  {
117  $this->sessionToken = $this->backendUser->getSessionData('formProtectionSessionToken');
118  if (empty($this->sessionToken)) {
119  $this->sessionToken = $this->‪generateSessionToken();
120  $this->‪persistSessionToken();
121  }
122  return ‪$this->sessionToken;
123  }
124 
131  public function ‪persistSessionToken()
132  {
133  $this->backendUser->setAndSaveSessionData('formProtectionSessionToken', $this->sessionToken);
134  }
135 
144  public function ‪setSessionTokenFromRegistry()
145  {
146  $this->sessionToken = $this->registry->get('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
147  if (empty($this->sessionToken)) {
148  throw new \UnexpectedValueException('Failed to restore the session token from the registry.', 1301827270);
149  }
150  return ‪$this->sessionToken;
151  }
152 
159  public function ‪storeSessionTokenInRegistry()
160  {
161  $this->registry->set('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid'], $this->getSessionToken());
162  }
163 
169  public function ‪removeSessionTokenFromRegistry()
170  {
171  $this->registry->remove('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
172  }
173 
179  protected function ‪isAuthorizedBackendSession()
180  {
181  return !empty($this->backendUser->user['uid']);
182  }
183 }
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\$sessionToken
‪string $sessionToken
Definition: AbstractFormProtection.php:40
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\removeSessionTokenFromRegistry
‪removeSessionTokenFromRegistry()
Definition: BackendFormProtection.php:167
‪TYPO3\CMS\Core\Registry
Definition: Registry.php:33
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection
Definition: BackendFormProtection.php:75
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\isAuthorizedBackendSession
‪bool isAuthorizedBackendSession()
Definition: BackendFormProtection.php:177
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\$validationFailedCallback
‪Closure $validationFailedCallback
Definition: AbstractFormProtection.php:34
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\__construct
‪__construct(BackendUserAuthentication $backendUser, Registry $registry, \Closure $validationFailedCallback=null)
Definition: BackendFormProtection.php:98
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\setSessionTokenFromRegistry
‪string setSessionTokenFromRegistry()
Definition: BackendFormProtection.php:142
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\persistSessionToken
‪persistSessionToken()
Definition: BackendFormProtection.php:129
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\$backendUser
‪BackendUserAuthentication $backendUser
Definition: BackendFormProtection.php:81
‪TYPO3\CMS\Core\FormProtection
Definition: AbstractFormProtection.php:16
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\retrieveSessionToken
‪string retrieveSessionToken()
Definition: BackendFormProtection.php:113
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Core\Error\Exception
Definition: Exception.php:22
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\storeSessionTokenInRegistry
‪storeSessionTokenInRegistry()
Definition: BackendFormProtection.php:157
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\$registry
‪Registry $registry
Definition: BackendFormProtection.php:88
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:30
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateSessionToken
‪string generateSessionToken()
Definition: AbstractFormProtection.php:121