‪TYPO3CMS  10.4
FormDefinitionValidationService.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
31 
36 {
37 
41  protected ‪$configurationService;
42 
149  public function ‪validateFormDefinitionProperties(
150  array $currentFormElement,
151  string $prototypeName,
152  string $sessionToken
153  ): void {
154  $renderables = $currentFormElement['renderables'] ?? [];
155  $propertyCollectionElements = $currentFormElement['finishers'] ?? $currentFormElement['validators'] ?? [];
156  $propertyCollectionName = $currentFormElement['type'] === 'Form' ? 'finishers' : 'validators';
157  unset($currentFormElement['renderables'], $currentFormElement['finishers'], $currentFormElement['validators']);
158 
159  $validationDto = GeneralUtility::makeInstance(
160  ValidationDto::class,
161  $prototypeName,
162  $currentFormElement['type'],
163  $currentFormElement['identifier'],
164  null,
165  $propertyCollectionName
166  );
167 
168  if ($this->‪getConfigurationService()->isFormElementTypeCreatableByFormEditor($validationDto)) {
170  $currentFormElement,
171  $sessionToken,
172  $validationDto
173  );
174 
175  foreach ($propertyCollectionElements as $propertyCollectionElement) {
176  $validationDto = $validationDto->withPropertyCollectionElementIdentifier(
177  $propertyCollectionElement['identifier']
178  );
179 
180  if ($this->‪getConfigurationService()->isPropertyCollectionElementIdentifierCreatableByFormEditor($validationDto)) {
182  $propertyCollectionElement,
183  $sessionToken,
184  $validationDto
185  );
186  } else {
188  $propertyCollectionElement,
189  $sessionToken,
190  $validationDto
191  );
192  }
193  }
194  } else {
195  $this->‪validateAllFormElementPropertyValuesByHmac($currentFormElement, $sessionToken, $validationDto);
196 
197  foreach ($propertyCollectionElements as $propertyCollectionElement) {
199  $propertyCollectionElement,
200  $sessionToken,
201  $validationDto
202  );
203  }
204  }
205 
206  foreach ($renderables as $renderable) {
207  $this->‪validateFormDefinitionProperties($renderable, $prototypeName, $sessionToken);
208  }
209  }
210 
231  array $hmacContent,
232  $propertyValue,
233  array $hmacData,
234  string $sessionToken
235  ): bool {
236  $this->‪checkHmacDataIntegrity($hmacData, $hmacContent, $sessionToken);
237  $hmacContent[] = $propertyValue;
238 
239  $expectedHash = GeneralUtility::hmac(serialize($hmacContent), $sessionToken);
240  return hash_equals($expectedHash, $hmacData['hmac']);
241  }
242 
253  protected function ‪checkHmacDataIntegrity(array $hmacData, array $hmacContent, string $sessionToken)
254  {
255  $hmac = $hmacData['hmac'] ?? null;
256  if (empty($hmac)) {
257  throw new ‪PropertyException('Hmac must not be empty. #1528538222', 1528538222);
258  }
259 
260  $hmacContent[] = $hmacData['value'] ?? '';
261  $expectedHash = GeneralUtility::hmac(serialize($hmacContent), $sessionToken);
262 
263  if (!hash_equals($expectedHash, $hmac)) {
264  throw new ‪PropertyException('Unauthorized modification of historical data. #1528538252', 1528538252);
265  }
266  }
267 
277  array $currentElement,
278  $sessionToken,
279  ‪ValidationDto $validationDto
280  ): void {
281  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
282  GeneralUtility::makeInstance(
283  ArrayProcessing::class,
284  'validateProperties',
285  '^(?!(_orig_.*|.*\._orig_.*)$).*',
286  GeneralUtility::makeInstance(
287  FormElementHmacDataValidator::class,
288  $currentElement,
289  $sessionToken,
290  $validationDto
291  )
292  )
293  );
294  }
295 
305  array $currentElement,
306  $sessionToken,
307  ‪ValidationDto $validationDto
308  ): void {
309  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
310  GeneralUtility::makeInstance(
311  ArrayProcessing::class,
312  'validateProperties',
313  '^(?!(_orig_.*|.*\._orig_.*)$).*',
314  GeneralUtility::makeInstance(
315  PropertyCollectionElementHmacDataValidator::class,
316  $currentElement,
317  $sessionToken,
318  $validationDto
319  )
320  )
321  );
322  }
323 
336  array $currentElement,
337  $sessionToken,
338  ‪ValidationDto $validationDto
339  ): void {
340  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
341  GeneralUtility::makeInstance(
342  ArrayProcessing::class,
343  'validateProperties',
344  '^(?!(_orig_.*|.*\._orig_.*|type|identifier)$).*',
345  GeneralUtility::makeInstance(
346  CreatableFormElementPropertiesValidator::class,
347  $currentElement,
348  $sessionToken,
349  $validationDto
350  )
351  )
352  );
353  }
354 
367  array $currentElement,
368  $sessionToken,
369  ‪ValidationDto $validationDto
370  ): void {
371  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
372  GeneralUtility::makeInstance(
373  ArrayProcessing::class,
374  'validateProperties',
375  '^(?!(_orig_.*|.*\._orig_.*|identifier)$).*',
376  GeneralUtility::makeInstance(
377  CreatablePropertyCollectionElementPropertiesValidator::class,
378  $currentElement,
379  $sessionToken,
380  $validationDto
381  )
382  )
383  );
384  }
385 
390  {
391  if (!($this->configurationService instanceof ‪ConfigurationService)) {
392  $this->configurationService = $this->‪getObjectManager()->‪get(ConfigurationService::class);
393  }
395  }
396 
400  protected function ‪getObjectManager(): ‪ObjectManager
401  {
402  return GeneralUtility::makeInstance(ObjectManager::class);
403  }
404 }
‪TYPO3\CMS\Extbase\Property\Exception
Definition: DuplicateObjectException.php:18
‪TYPO3\CMS\Form\Domain\Configuration
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\getObjectManager
‪ObjectManager getObjectManager()
Definition: FormDefinitionValidationService.php:399
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllPropertyValuesFromCreatablePropertyCollectionElement
‪validateAllPropertyValuesFromCreatablePropertyCollectionElement(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:365
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\ValidationDto
Definition: ValidationDto.php:23
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService
Definition: FormDefinitionValidationService.php:36
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllPropertyValuesFromCreatableFormElement
‪validateAllPropertyValuesFromCreatableFormElement(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:334
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\checkHmacDataIntegrity
‪checkHmacDataIntegrity(array $hmacData, array $hmacContent, string $sessionToken)
Definition: FormDefinitionValidationService.php:252
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\CreatableFormElementPropertiesValidator
Definition: CreatableFormElementPropertiesValidator.php:27
‪TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessing
Definition: ArrayProcessing.php:27
‪TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessor
Definition: ArrayProcessor.php:30
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\CreatablePropertyCollectionElementPropertiesValidator
Definition: CreatablePropertyCollectionElementPropertiesValidator.php:27
‪TYPO3\CMS\Form\Domain\Configuration\ConfigurationService
Definition: ConfigurationService.php:51
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\getConfigurationService
‪ConfigurationService getConfigurationService()
Definition: FormDefinitionValidationService.php:388
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\PropertyCollectionElementHmacDataValidator
Definition: PropertyCollectionElementHmacDataValidator.php:24
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\$configurationService
‪ConfigurationService $configurationService
Definition: FormDefinitionValidationService.php:40
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:23
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateFormDefinitionProperties
‪validateFormDefinitionProperties(array $currentFormElement, string $prototypeName, string $sessionToken)
Definition: FormDefinitionValidationService.php:148
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllFormElementPropertyValuesByHmac
‪validateAllFormElementPropertyValuesByHmac(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:275
‪TYPO3\CMS\Extbase\Object\ObjectManager\get
‪object &T get(string $className,... $constructorArguments)
Definition: ObjectManager.php:97
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllPropertyCollectionElementValuesByHmac
‪validateAllPropertyCollectionElementValuesByHmac(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:303
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\FormElementHmacDataValidator
Definition: FormElementHmacDataValidator.php:24
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\isPropertyValueEqualToHistoricalValue
‪bool isPropertyValueEqualToHistoricalValue(array $hmacContent, $propertyValue, array $hmacData, string $sessionToken)
Definition: FormDefinitionValidationService.php:229
‪TYPO3\CMS\Form\Domain\Configuration\Exception\PropertyException
Definition: PropertyException.php:26
‪TYPO3\CMS\Extbase\Object\ObjectManager
Definition: ObjectManager.php:28