‪TYPO3CMS  11.5
FormProtectionFactory.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
17 
18 use Psr\Http\Message\ServerRequestInterface;
28 
48 {
54  protected static ‪$instances = [];
55 
59  private function ‪__construct() {}
60 
74  public static function get($classNameOrType = 'default', ...$constructorArguments)
75  {
76  if (isset(self::$instances[$classNameOrType])) {
77  return self::$instances[$classNameOrType];
78  }
79  if ($classNameOrType === 'default' || $classNameOrType === 'installtool' || $classNameOrType === 'frontend' || $classNameOrType === 'backend') {
80  $classNameAndConstructorArguments = ‪self::getClassNameAndConstructorArgumentsByType($classNameOrType);
81  self::$instances[$classNameOrType] = ‪self::createInstance(...$classNameAndConstructorArguments);
82  } else {
83  self::$instances[$classNameOrType] = ‪self::createInstance($classNameOrType, ...$constructorArguments);
84  }
85  return self::$instances[$classNameOrType];
86  }
87 
95  protected static function ‪getClassNameAndConstructorArgumentsByType($type)
96  {
97  if (self::isInstallToolSession() && ($type === 'default' || $type === 'installtool')) {
98  $classNameAndConstructorArguments = [
99  InstallToolFormProtection::class,
100  ];
101  } elseif (self::isFrontendSession() && ($type === 'default' || $type === 'frontend')) {
102  $classNameAndConstructorArguments = [
103  FrontendFormProtection::class,
104  ‪$GLOBALS['TSFE']->fe_user,
105  ];
106  } elseif (self::isBackendSession() && ($type === 'default' || $type === 'backend')) {
107  $isAjaxCall = false;
108  $request = ‪$GLOBALS['TYPO3_REQUEST'] ?? null;
109  if ($request instanceof ServerRequestInterface
110  && (bool)((int)$request->getAttribute('applicationType') & TYPO3_REQUESTTYPE_AJAX)
111  ) {
112  $isAjaxCall = true;
113  }
114  $classNameAndConstructorArguments = [
115  BackendFormProtection::class,
116  ‪$GLOBALS['BE_USER'],
117  GeneralUtility::makeInstance(Registry::class),
119  ‪$GLOBALS['LANG'],
120  GeneralUtility::makeInstance(FlashMessageService::class)->getMessageQueueByIdentifier(),
121  $isAjaxCall
122  ),
123  ];
124  } else {
125  // failed to use preferred type, disable form protection
126  $classNameAndConstructorArguments = [
127  DisabledFormProtection::class,
128  ];
129  }
130  return $classNameAndConstructorArguments;
131  }
132 
138  protected static function ‪isInstallToolSession()
139  {
140  $isInstallTool = false;
141  $request = ‪$GLOBALS['TYPO3_REQUEST'] ?? null;
142  if ($request instanceof ServerRequestInterface
143  && (bool)((int)$request->getAttribute('applicationType') & TYPO3_REQUESTTYPE_INSTALL)
144  ) {
145  $isInstallTool = true;
146  }
147  return $isInstallTool;
148  }
149 
155  protected static function ‪isBackendSession()
156  {
157  return isset(‪$GLOBALS['BE_USER']) && ‪$GLOBALS['BE_USER'] instanceof ‪BackendUserAuthentication && isset(‪$GLOBALS['BE_USER']->user['uid']);
158  }
159 
165  protected static function ‪isFrontendSession()
166  {
167  return (‪$GLOBALS['TSFE'] ?? null) instanceof ‪TypoScriptFrontendController && ‪$GLOBALS['TSFE']->fe_user instanceof ‪FrontendUserAuthentication && isset(‪$GLOBALS['TSFE']->fe_user->user['uid']);
168  }
169 
177  public static function ‪getMessageClosure(‪LanguageService $languageService, ‪FlashMessageQueue $messageQueue, $isAjaxCall)
178  {
179  return static function () use ($languageService, $messageQueue, $isAjaxCall) {
180  $flashMessage = GeneralUtility::makeInstance(
181  FlashMessage::class,
182  $languageService->‪sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:error.formProtection.tokenInvalid'),
183  '',
185  !$isAjaxCall
186  );
187  $messageQueue->‪enqueue($flashMessage);
188  };
189  }
190 
200  protected static function ‪createInstance($className, ...$constructorArguments)
201  {
202  if (!class_exists($className)) {
203  throw new \InvalidArgumentException('$className must be the name of an existing class, but actually was "' . $className . '".', 1285352962);
204  }
205  $instance = GeneralUtility::makeInstance($className, ...$constructorArguments);
206  if (!$instance instanceof ‪AbstractFormProtection) {
207  throw new \InvalidArgumentException('$className must be a subclass of ' . AbstractFormProtection::class . ', but actually was "' . $className . '".', 1285353026);
208  }
209  return $instance;
210  }
211 
222  public static function set($classNameOrType, ‪AbstractFormProtection $instance)
223  {
224  self::$instances[$classNameOrType] = $instance;
225  }
226 
232  public static function ‪purgeInstances()
233  {
234  foreach (self::$instances as $key => $instance) {
235  unset(self::$instances[$key]);
236  }
237  }
238 }
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\createInstance
‪static AbstractFormProtection createInstance($className,... $constructorArguments)
Definition: FormProtectionFactory.php:199
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\__construct
‪__construct()
Definition: FormProtectionFactory.php:58
‪TYPO3\CMS\Core\Registry
Definition: Registry.php:33
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\purgeInstances
‪static purgeInstances()
Definition: FormProtectionFactory.php:231
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\isFrontendSession
‪static bool isFrontendSession()
Definition: FormProtectionFactory.php:164
‪TYPO3\CMS\Core\Localization\LanguageService\sL
‪string sL($input)
Definition: LanguageService.php:161
‪TYPO3\CMS\Core\Messaging\FlashMessageQueue\enqueue
‪FlashMessageQueue enqueue($message)
Definition: FlashMessageQueue.php:62
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\$instances
‪static array< AbstractFormProtection > $instances
Definition: FormProtectionFactory.php:53
‪TYPO3\CMS\Core\FormProtection
Definition: AbstractFormProtection.php:16
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\isBackendSession
‪static bool isBackendSession()
Definition: FormProtectionFactory.php:154
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:62
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\getClassNameAndConstructorArgumentsByType
‪static array getClassNameAndConstructorArgumentsByType($type)
Definition: FormProtectionFactory.php:94
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\getMessageClosure
‪static Closure getMessageClosure(LanguageService $languageService, FlashMessageQueue $messageQueue, $isAjaxCall)
Definition: FormProtectionFactory.php:176
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:30
‪TYPO3\CMS\Core\Messaging\FlashMessage
Definition: FlashMessage.php:26
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory
Definition: FormProtectionFactory.php:48
‪TYPO3\CMS\Frontend\Controller\TypoScriptFrontendController
Definition: TypoScriptFrontendController.php:104
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:25
‪TYPO3\CMS\Core\Localization\LanguageService
Definition: LanguageService.php:42
‪TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication
Definition: FrontendUserAuthentication.php:32
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:50
‪TYPO3\CMS\Core\Messaging\FlashMessageQueue
Definition: FlashMessageQueue.php:29
‪TYPO3\CMS\Core\Messaging\FlashMessageService
Definition: FlashMessageService.php:27
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\isInstallToolSession
‪static bool isInstallToolSession()
Definition: FormProtectionFactory.php:137
‪TYPO3\CMS\Core\Messaging\AbstractMessage\ERROR
‪const ERROR
Definition: AbstractMessage.php:31