BackendFormProtection.php

Go to the documentation of this file.

<?php
namespace ‪TYPO3\CMS\Core\FormProtection;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
use ‪TYPO3\CMS\Core\Registry;
 
class ‪BackendFormProtection extends ‪AbstractFormProtection
{
    protected ‪$backendUser;
 
    protected ‪$registry;
 
    public function ‪__construct(‪BackendUserAuthentication ‪$backendUser, ‪Registry ‪$registry, \Closure ‪$validationFailedCallback = null)
    {
        $this->backendUser = ‪$backendUser;
        $this->registry = ‪$registry;
        $this->validationFailedCallback = ‪$validationFailedCallback;
        if (!$this->‪isAuthorizedBackendSession()) {
            throw new \TYPO3\CMS\Core\Error\Exception('A back-end form protection may only be instantiated if there is an active back-end session.', 1285067843);
        }
    }
 
    protected function ‪retrieveSessionToken()
    {
        $this->sessionToken = $this->backendUser->getSessionData('formProtectionSessionToken');
        if (empty($this->sessionToken)) {
            $this->sessionToken = $this->‪generateSessionToken();
            $this->‪persistSessionToken();
        }
        return ‪$this->sessionToken;
    }
 
    public function ‪persistSessionToken()
    {
        $this->backendUser->setAndSaveSessionData('formProtectionSessionToken', $this->sessionToken);
    }
 
    public function ‪setSessionTokenFromRegistry()
    {
        $this->sessionToken = $this->registry->get('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
        if (empty($this->sessionToken)) {
            throw new \UnexpectedValueException('Failed to restore the session token from the registry.', 1301827270);
        }
        return ‪$this->sessionToken;
    }
 
    public function ‪storeSessionTokenInRegistry()
    {
        $this->registry->set('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid'], $this->getSessionToken());
    }
 
    public function ‪removeSessionTokenFromRegistry()
    {
        $this->registry->remove('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
    }
 
    protected function ‪isAuthorizedBackendSession()
    {
        return !empty($this->backendUser->user['uid']);
    }
}