‪TYPO3CMS  9.5
All Classes Namespaces Files Functions Variables Pages
BackendFormProtection.php
Go to the documentation of this file.
1 <?php
2 namespace ‪TYPO3\CMS\Core\FormProtection;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
18 use ‪TYPO3\CMS\Core\Registry;
19 
72 class ‪BackendFormProtection extends ‪AbstractFormProtection
73 {
80  protected ‪$backendUser;
81 
88  protected ‪$registry;
89 
98  public function ‪__construct(‪BackendUserAuthentication ‪$backendUser, ‪Registry ‪$registry, \Closure ‪$validationFailedCallback = null)
99  {
100  $this->backendUser = ‪$backendUser;
101  $this->registry = ‪$registry;
102  $this->validationFailedCallback = ‪$validationFailedCallback;
103  if (!$this->‪isAuthorizedBackendSession()) {
104  throw new \TYPO3\CMS\Core\Error\Exception('A back-end form protection may only be instantiated if there is an active back-end session.', 1285067843);
105  }
106  }
107 
113  protected function ‪retrieveSessionToken()
114  {
115  $this->sessionToken = $this->backendUser->getSessionData('formProtectionSessionToken');
116  if (empty($this->sessionToken)) {
117  $this->sessionToken = $this->‪generateSessionToken();
118  $this->‪persistSessionToken();
119  }
120  return ‪$this->sessionToken;
121  }
122 
129  public function ‪persistSessionToken()
130  {
131  $this->backendUser->setAndSaveSessionData('formProtectionSessionToken', $this->sessionToken);
132  }
133 
142  public function ‪setSessionTokenFromRegistry()
143  {
144  $this->sessionToken = $this->registry->get('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
145  if (empty($this->sessionToken)) {
146  throw new \UnexpectedValueException('Failed to restore the session token from the registry.', 1301827270);
147  }
148  return ‪$this->sessionToken;
149  }
150 
157  public function ‪storeSessionTokenInRegistry()
158  {
159  $this->registry->set('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid'], $this->getSessionToken());
160  }
161 
167  public function ‪removeSessionTokenFromRegistry()
168  {
169  $this->registry->remove('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
170  }
171 
177  protected function ‪isAuthorizedBackendSession()
178  {
179  return !empty($this->backendUser->user['uid']);
180  }
181 }
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\$sessionToken
‪string $sessionToken
Definition: AbstractFormProtection.php:39
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\removeSessionTokenFromRegistry
‪removeSessionTokenFromRegistry()
Definition: BackendFormProtection.php:165
‪TYPO3\CMS\Core\Registry
Definition: Registry.php:32
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection
Definition: BackendFormProtection.php:73
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\isAuthorizedBackendSession
‪bool isAuthorizedBackendSession()
Definition: BackendFormProtection.php:175
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\$validationFailedCallback
‪Closure $validationFailedCallback
Definition: AbstractFormProtection.php:33
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\__construct
‪__construct(BackendUserAuthentication $backendUser, Registry $registry, \Closure $validationFailedCallback=null)
Definition: BackendFormProtection.php:96
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\setSessionTokenFromRegistry
‪string setSessionTokenFromRegistry()
Definition: BackendFormProtection.php:140
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\persistSessionToken
‪persistSessionToken()
Definition: BackendFormProtection.php:127
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\$backendUser
‪BackendUserAuthentication $backendUser
Definition: BackendFormProtection.php:79
‪TYPO3\CMS\Core\FormProtection
Definition: AbstractFormProtection.php:2
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\retrieveSessionToken
‪string retrieveSessionToken()
Definition: BackendFormProtection.php:111
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:45
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\storeSessionTokenInRegistry
‪storeSessionTokenInRegistry()
Definition: BackendFormProtection.php:155
‪TYPO3\CMS\Core\FormProtection\BackendFormProtection\$registry
‪Registry $registry
Definition: BackendFormProtection.php:86
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:29
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateSessionToken
‪string generateSessionToken()
Definition: AbstractFormProtection.php:120