‪TYPO3CMS  9.5
FormDefinitionValidationService.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
29 
34 {
35 
39  protected ‪$configurationService;
40 
147  public function ‪validateFormDefinitionProperties(
148  array $currentFormElement,
149  string $prototypeName,
150  string $sessionToken
151  ): void {
152  $renderables = $currentFormElement['renderables'] ?? [];
153  $propertyCollectionElements = $currentFormElement['finishers'] ?? $currentFormElement['validators'] ?? [];
154  $propertyCollectionName = $currentFormElement['type'] === 'Form' ? 'finishers' : 'validators';
155  unset($currentFormElement['renderables'], $currentFormElement['finishers'], $currentFormElement['validators']);
156 
157  $validationDto = GeneralUtility::makeInstance(
158  ValidationDto::class,
159  $prototypeName,
160  $currentFormElement['type'],
161  $currentFormElement['identifier'],
162  null,
163  $propertyCollectionName
164  );
165 
166  if ($this->‪getConfigurationService()->isFormElementTypeCreatableByFormEditor($validationDto)) {
168  $currentFormElement,
169  $sessionToken,
170  $validationDto
171  );
172 
173  foreach ($propertyCollectionElements as $propertyCollectionElement) {
174  $validationDto = $validationDto->withPropertyCollectionElementIdentifier(
175  $propertyCollectionElement['identifier']
176  );
177 
178  if ($this->‪getConfigurationService()->isPropertyCollectionElementIdentifierCreatableByFormEditor($validationDto)) {
180  $propertyCollectionElement,
181  $sessionToken,
182  $validationDto
183  );
184  } else {
186  $propertyCollectionElement,
187  $sessionToken,
188  $validationDto
189  );
190  }
191  }
192  } else {
193  $this->‪validateAllFormElementPropertyValuesByHmac($currentFormElement, $sessionToken, $validationDto);
194 
195  foreach ($propertyCollectionElements as $propertyCollectionElement) {
197  $propertyCollectionElement,
198  $sessionToken,
199  $validationDto
200  );
201  }
202  }
203 
204  foreach ($renderables as $renderable) {
205  $this->‪validateFormDefinitionProperties($renderable, $prototypeName, $sessionToken);
206  }
207  }
208 
229  array $hmacContent,
230  $propertyValue,
231  array $hmacData,
232  string $sessionToken
233  ): bool {
234  $this->‪checkHmacDataIntegrity($hmacData, $hmacContent, $sessionToken);
235  $hmacContent[] = $propertyValue;
236 
237  $expectedHash = GeneralUtility::hmac(serialize($hmacContent), $sessionToken);
238  return hash_equals($expectedHash, $hmacData['hmac']);
239  }
240 
251  protected function ‪checkHmacDataIntegrity(array $hmacData, array $hmacContent, string $sessionToken)
252  {
253  $hmac = $hmacData['hmac'] ?? null;
254  if (empty($hmac)) {
255  throw new ‪PropertyException('Hmac must not be empty. #1528538222', 1528538222);
256  }
257 
258  $hmacContent[] = $hmacData['value'] ?? '';
259  $expectedHash = GeneralUtility::hmac(serialize($hmacContent), $sessionToken);
260 
261  if (!hash_equals($expectedHash, $hmac)) {
262  throw new ‪PropertyException('Unauthorized modification of historical data. #1528538252', 1528538252);
263  }
264  }
265 
275  array $currentElement,
276  $sessionToken,
277  ‪ValidationDto $validationDto
278  ): void {
279  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
280  GeneralUtility::makeInstance(
281  ArrayProcessing::class,
282  'validateProperties',
283  '^(?!(_orig_.*|.*\._orig_.*)$).*',
284  GeneralUtility::makeInstance(
285  FormElementHmacDataValidator::class,
286  $currentElement,
287  $sessionToken,
288  $validationDto
289  )
290  )
291  );
292  }
293 
303  array $currentElement,
304  $sessionToken,
305  ‪ValidationDto $validationDto
306  ): void {
307  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
308  GeneralUtility::makeInstance(
309  ArrayProcessing::class,
310  'validateProperties',
311  '^(?!(_orig_.*|.*\._orig_.*)$).*',
312  GeneralUtility::makeInstance(
313  PropertyCollectionElementHmacDataValidator::class,
314  $currentElement,
315  $sessionToken,
316  $validationDto
317  )
318  )
319  );
320  }
321 
334  array $currentElement,
335  $sessionToken,
336  ‪ValidationDto $validationDto
337  ): void {
338  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
339  GeneralUtility::makeInstance(
340  ArrayProcessing::class,
341  'validateProperties',
342  '^(?!(_orig_.*|.*\._orig_.*|type|identifier)$).*',
343  GeneralUtility::makeInstance(
344  CreatableFormElementPropertiesValidator::class,
345  $currentElement,
346  $sessionToken,
347  $validationDto
348  )
349  )
350  );
351  }
352 
365  array $currentElement,
366  $sessionToken,
367  ‪ValidationDto $validationDto
368  ): void {
369  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
370  GeneralUtility::makeInstance(
371  ArrayProcessing::class,
372  'validateProperties',
373  '^(?!(_orig_.*|.*\._orig_.*|identifier)$).*',
374  GeneralUtility::makeInstance(
375  CreatablePropertyCollectionElementPropertiesValidator::class,
376  $currentElement,
377  $sessionToken,
378  $validationDto
379  )
380  )
381  );
382  }
383 
388  {
389  if (!($this->configurationService instanceof ‪ConfigurationService)) {
390  $this->configurationService = $this->‪getObjectManager()->‪get(ConfigurationService::class);
391  }
393  }
394 
398  protected function ‪getObjectManager(): ‪ObjectManager
399  {
400  return GeneralUtility::makeInstance(ObjectManager::class);
401  }
402 }
‪TYPO3\CMS\Extbase\Property\Exception
Definition: DuplicateObjectException.php:2
‪TYPO3\CMS\Form\Domain\Configuration
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\getObjectManager
‪ObjectManager getObjectManager()
Definition: FormDefinitionValidationService.php:397
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllPropertyValuesFromCreatablePropertyCollectionElement
‪validateAllPropertyValuesFromCreatablePropertyCollectionElement(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:363
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\ValidationDto
Definition: ValidationDto.php:23
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService
Definition: FormDefinitionValidationService.php:34
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllPropertyValuesFromCreatableFormElement
‪validateAllPropertyValuesFromCreatableFormElement(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:332
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\checkHmacDataIntegrity
‪checkHmacDataIntegrity(array $hmacData, array $hmacContent, string $sessionToken)
Definition: FormDefinitionValidationService.php:250
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\CreatableFormElementPropertiesValidator
Definition: CreatableFormElementPropertiesValidator.php:25
‪TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessing
Definition: ArrayProcessing.php:25
‪TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessor
Definition: ArrayProcessor.php:28
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\CreatablePropertyCollectionElementPropertiesValidator
Definition: CreatablePropertyCollectionElementPropertiesValidator.php:25
‪TYPO3\CMS\Form\Domain\Configuration\ConfigurationService
Definition: ConfigurationService.php:49
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\getConfigurationService
‪ConfigurationService getConfigurationService()
Definition: FormDefinitionValidationService.php:386
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\PropertyCollectionElementHmacDataValidator
Definition: PropertyCollectionElementHmacDataValidator.php:22
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\$configurationService
‪ConfigurationService $configurationService
Definition: FormDefinitionValidationService.php:38
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:22
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateFormDefinitionProperties
‪validateFormDefinitionProperties(array $currentFormElement, string $prototypeName, string $sessionToken)
Definition: FormDefinitionValidationService.php:146
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllFormElementPropertyValuesByHmac
‪validateAllFormElementPropertyValuesByHmac(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:273
‪TYPO3\CMS\Extbase\Object\ObjectManager\get
‪object &T get($objectName,... $constructorArguments)
Definition: ObjectManager.php:94
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllPropertyCollectionElementValuesByHmac
‪validateAllPropertyCollectionElementValuesByHmac(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:301
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:45
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\FormElementHmacDataValidator
Definition: FormElementHmacDataValidator.php:22
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\isPropertyValueEqualToHistoricalValue
‪bool isPropertyValueEqualToHistoricalValue(array $hmacContent, $propertyValue, array $hmacData, string $sessionToken)
Definition: FormDefinitionValidationService.php:227
‪TYPO3\CMS\Form\Domain\Configuration\Exception\PropertyException
Definition: PropertyException.php:24
‪TYPO3\CMS\Extbase\Object\ObjectManager
Definition: ObjectManager.php:25