‪TYPO3CMS  10.4
FormProtectionFactory.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
16 namespace ‪TYPO3\CMS\Core\FormProtection;
17 
18 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
19 use ‪TYPO3\CMS\Core\Localization\LanguageService;
20 use ‪TYPO3\CMS\Core\Messaging\FlashMessage;
21 use ‪TYPO3\CMS\Core\Messaging\FlashMessageQueue;
22 use ‪TYPO3\CMS\Core\Messaging\FlashMessageService;
23 use ‪TYPO3\CMS\Core\Registry;
24 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
25 use ‪TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
26 use ‪TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController;
27 
46 class ‪FormProtectionFactory
47 {
53  protected static ‪$instances = [];
54 
58  private function ‪__construct()
59  {
60  }
61 
75  public static function get($classNameOrType = 'default', ...$constructorArguments)
76  {
77  if (isset(self::$instances[$classNameOrType])) {
78  return self::$instances[$classNameOrType];
79  }
80  if ($classNameOrType === 'default' || $classNameOrType === 'installtool' || $classNameOrType === 'frontend' || $classNameOrType === 'backend') {
81  $classNameAndConstructorArguments = ‪self::getClassNameAndConstructorArgumentsByType($classNameOrType);
82  self::$instances[$classNameOrType] = ‪self::createInstance(...$classNameAndConstructorArguments);
83  } else {
84  self::$instances[$classNameOrType] = ‪self::createInstance($classNameOrType, ...$constructorArguments);
85  }
86  return self::$instances[$classNameOrType];
87  }
88 
96  protected static function ‪getClassNameAndConstructorArgumentsByType($type)
97  {
98  if (self::isInstallToolSession() && ($type === 'default' || $type === 'installtool')) {
99  $classNameAndConstructorArguments = [
100  InstallToolFormProtection::class
101  ];
102  } elseif (self::isFrontendSession() && ($type === 'default' || $type === 'frontend')) {
103  $classNameAndConstructorArguments = [
104  FrontendFormProtection::class,
105  ‪$GLOBALS['TSFE']->fe_user
106  ];
107  } elseif (self::isBackendSession() && ($type === 'default' || $type === 'backend')) {
108  $classNameAndConstructorArguments = [
109  BackendFormProtection::class,
110  ‪$GLOBALS['BE_USER'],
111  GeneralUtility::makeInstance(Registry::class),
112  ‪self::getMessageClosure(
113  ‪$GLOBALS['LANG'],
114  GeneralUtility::makeInstance(FlashMessageService::class)->getMessageQueueByIdentifier(),
115  (bool)(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_AJAX)
116  )
117  ];
118  } else {
119  // failed to use preferred type, disable form protection
120  $classNameAndConstructorArguments = [
121  DisabledFormProtection::class
122  ];
123  }
124  return $classNameAndConstructorArguments;
125  }
126 
132  protected static function ‪isInstallToolSession()
133  {
134  return TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_INSTALL;
135  }
136 
142  protected static function ‪isBackendSession()
143  {
144  return isset(‪$GLOBALS['BE_USER']) && ‪$GLOBALS['BE_USER'] instanceof ‪BackendUserAuthentication && isset(‪$GLOBALS['BE_USER']->user['uid']);
145  }
146 
152  protected static function ‪isFrontendSession()
153  {
154  return (‪$GLOBALS['TSFE'] ?? null) instanceof ‪TypoScriptFrontendController && ‪$GLOBALS['TSFE']->fe_user instanceof ‪FrontendUserAuthentication && isset(‪$GLOBALS['TSFE']->fe_user->user['uid']);
155  }
156 
164  public static function ‪getMessageClosure(‪LanguageService $languageService, ‪FlashMessageQueue $messageQueue, $isAjaxCall)
165  {
166  return function () use ($languageService, $messageQueue, $isAjaxCall) {
168  $flashMessage = GeneralUtility::makeInstance(
169  FlashMessage::class,
170  $languageService->‪sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:error.formProtection.tokenInvalid'),
171  '',
172  ‪FlashMessage::ERROR,
173  !$isAjaxCall
174  );
175  $messageQueue->‪enqueue($flashMessage);
176  };
177  }
178 
188  protected static function ‪createInstance($className, ...$constructorArguments)
189  {
190  if (!class_exists($className)) {
191  throw new \InvalidArgumentException('$className must be the name of an existing class, but actually was "' . $className . '".', 1285352962);
192  }
193  $instance = GeneralUtility::makeInstance($className, ...$constructorArguments);
194  if (!$instance instanceof ‪AbstractFormProtection) {
195  throw new \InvalidArgumentException('$className must be a subclass of ' . AbstractFormProtection::class . ', but actually was "' . $className . '".', 1285353026);
196  }
197  return $instance;
198  }
199 
210  public static function set($classNameOrType, ‪AbstractFormProtection $instance)
211  {
212  self::$instances[$classNameOrType] = $instance;
213  }
214 
220  public static function ‪purgeInstances()
221  {
222  foreach (self::$instances as $key => $instance) {
223  unset(self::$instances[$key]);
224  }
225  }
226 }
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\createInstance
‪static AbstractFormProtection createInstance($className,... $constructorArguments)
Definition: FormProtectionFactory.php:187
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\__construct
‪__construct()
Definition: FormProtectionFactory.php:57
‪TYPO3\CMS\Core\Registry
Definition: Registry.php:33
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\purgeInstances
‪static purgeInstances()
Definition: FormProtectionFactory.php:219
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\isFrontendSession
‪static bool isFrontendSession()
Definition: FormProtectionFactory.php:151
‪TYPO3\CMS\Core\Localization\LanguageService\sL
‪string sL($input)
Definition: LanguageService.php:194
‪TYPO3\CMS\Core\Messaging\FlashMessageQueue\enqueue
‪FlashMessageQueue enqueue($message)
Definition: FlashMessageQueue.php:60
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\$instances
‪static array< AbstractFormProtection > $instances
Definition: FormProtectionFactory.php:52
‪TYPO3\CMS\Core\FormProtection
Definition: AbstractFormProtection.php:16
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\isBackendSession
‪static bool isBackendSession()
Definition: FormProtectionFactory.php:141
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\getClassNameAndConstructorArgumentsByType
‪static array getClassNameAndConstructorArgumentsByType($type)
Definition: FormProtectionFactory.php:95
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\getMessageClosure
‪static Closure getMessageClosure(LanguageService $languageService, FlashMessageQueue $messageQueue, $isAjaxCall)
Definition: FormProtectionFactory.php:163
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:30
‪TYPO3\CMS\Core\Messaging\FlashMessage
Definition: FlashMessage.php:24
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory
Definition: FormProtectionFactory.php:47
‪TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController
Definition: TypoScriptFrontendController.php:98
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Core\Localization\LanguageService
Definition: LanguageService.php:42
‪TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication
Definition: FrontendUserAuthentication.php:30
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Core\Messaging\FlashMessageQueue
Definition: FlashMessageQueue.php:29
‪TYPO3\CMS\Core\Messaging\FlashMessageService
Definition: FlashMessageService.php:27
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\isInstallToolSession
‪static bool isInstallToolSession()
Definition: FormProtectionFactory.php:131
‪TYPO3\CMS\Core\Messaging\AbstractMessage\ERROR
‪const ERROR
Definition: AbstractMessage.php:31