9.5/_form_definition_validation_service_8php_source.html

<?php

declare(strict_types = 1);

namespace ‪TYPO3\CMS\Form\Domain\Configuration;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use ‪TYPO3\CMS\Core\SingletonInterface;

use ‪TYPO3\CMS\Core\Utility\GeneralUtility;

use ‪TYPO3\CMS\Extbase\Object\ObjectManager;

use ‪TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessing;

use ‪TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessor;

use ‪TYPO3\CMS\Form\Domain\Configuration\Exception\PropertyException;

use ‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\CreatableFormElementPropertiesValidator;

use ‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\CreatablePropertyCollectionElementPropertiesValidator;

use ‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\FormElementHmacDataValidator;

use ‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\PropertyCollectionElementHmacDataValidator;

use ‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\ValidationDto;


class ‪FormDefinitionValidationService implements ‪SingletonInterface

{


    protected ‪$configurationService;


    public function ‪validateFormDefinitionProperties(

        array $currentFormElement,

        string $prototypeName,

        string $sessionToken

    ): void {

        $renderables = $currentFormElement['renderables'] ?? [];

        $propertyCollectionElements = $currentFormElement['finishers'] ?? $currentFormElement['validators'] ?? [];

        $propertyCollectionName = $currentFormElement['type'] === 'Form' ? 'finishers' : 'validators';

        unset($currentFormElement['renderables'], $currentFormElement['finishers'], $currentFormElement['validators']);


        $validationDto = GeneralUtility::makeInstance(

            ValidationDto::class,

            $prototypeName,

            $currentFormElement['type'],

            $currentFormElement['identifier'],

            null,

            $propertyCollectionName

        );


        if ($this->‪getConfigurationService()->isFormElementTypeCreatableByFormEditor($validationDto)) {

            $this->‪validateAllPropertyValuesFromCreatableFormElement(

                $currentFormElement,

                $sessionToken,

                $validationDto

            );


            foreach ($propertyCollectionElements as $propertyCollectionElement) {

                $validationDto = $validationDto->withPropertyCollectionElementIdentifier(

                    $propertyCollectionElement['identifier']

                );


                if ($this->‪getConfigurationService()->isPropertyCollectionElementIdentifierCreatableByFormEditor($validationDto)) {

                    $this->‪validateAllPropertyValuesFromCreatablePropertyCollectionElement(

                        $propertyCollectionElement,

                        $sessionToken,

                        $validationDto

                    );

                } else {

                    $this->‪validateAllPropertyCollectionElementValuesByHmac(

                        $propertyCollectionElement,

                        $sessionToken,

                        $validationDto

                    );

                }

            }

        } else {

            $this->‪validateAllFormElementPropertyValuesByHmac($currentFormElement, $sessionToken, $validationDto);


            foreach ($propertyCollectionElements as $propertyCollectionElement) {

                $this->‪validateAllPropertyCollectionElementValuesByHmac(

                    $propertyCollectionElement,

                    $sessionToken,

                    $validationDto

                );

            }

        }


        foreach ($renderables as $renderable) {

            $this->‪validateFormDefinitionProperties($renderable, $prototypeName, $sessionToken);

        }

    }


    public function ‪isPropertyValueEqualToHistoricalValue(

        array $hmacContent,

        $propertyValue,

        array $hmacData,

        string $sessionToken

    ): bool {

        $this->‪checkHmacDataIntegrity($hmacData, $hmacContent, $sessionToken);

        $hmacContent[] = $propertyValue;


        $expectedHash = GeneralUtility::hmac(serialize($hmacContent), $sessionToken);

        return hash_equals($expectedHash, $hmacData['hmac']);

    }


    protected function ‪checkHmacDataIntegrity(array $hmacData, array $hmacContent, string $sessionToken)

    {

        $hmac = $hmacData['hmac'] ?? null;

        if (empty($hmac)) {

            throw new ‪PropertyException('Hmac must not be empty. #1528538222', 1528538222);

        }


        $hmacContent[] = $hmacData['value'] ?? '';

        $expectedHash = GeneralUtility::hmac(serialize($hmacContent), $sessionToken);


        if (!hash_equals($expectedHash, $hmac)) {

            throw new ‪PropertyException('Unauthorized modification of historical data. #1528538252', 1528538252);

        }

    }


    protected function ‪validateAllFormElementPropertyValuesByHmac(

        array $currentElement,

        $sessionToken,

        ‪ValidationDto $validationDto

    ): void {

        GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(

            GeneralUtility::makeInstance(

                ArrayProcessing::class,

                'validateProperties',

                '^(?!(_orig_.*|.*\._orig_.*)$).*',

                GeneralUtility::makeInstance(

                    FormElementHmacDataValidator::class,

                    $currentElement,

                    $sessionToken,

                    $validationDto

                )

            )

        );

    }


    protected function ‪validateAllPropertyCollectionElementValuesByHmac(

        array $currentElement,

        $sessionToken,

        ‪ValidationDto $validationDto

    ): void {

        GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(

            GeneralUtility::makeInstance(

                ArrayProcessing::class,

                'validateProperties',

                '^(?!(_orig_.*|.*\._orig_.*)$).*',

                GeneralUtility::makeInstance(

                    PropertyCollectionElementHmacDataValidator::class,

                    $currentElement,

                    $sessionToken,

                    $validationDto

                )

            )

        );

    }


    protected function ‪validateAllPropertyValuesFromCreatableFormElement(

        array $currentElement,

        $sessionToken,

        ‪ValidationDto $validationDto

    ): void {

        GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(

            GeneralUtility::makeInstance(

                ArrayProcessing::class,

                'validateProperties',

                '^(?!(_orig_.*|.*\._orig_.*|type|identifier)$).*',

                GeneralUtility::makeInstance(

                    CreatableFormElementPropertiesValidator::class,

                    $currentElement,

                    $sessionToken,

                    $validationDto

                )

            )

        );

    }


    protected function ‪validateAllPropertyValuesFromCreatablePropertyCollectionElement(

        array $currentElement,

        $sessionToken,

        ‪ValidationDto $validationDto

    ): void {

        GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(

            GeneralUtility::makeInstance(

                ArrayProcessing::class,

                'validateProperties',

                '^(?!(_orig_.*|.*\._orig_.*|identifier)$).*',

                GeneralUtility::makeInstance(

                    CreatablePropertyCollectionElementPropertiesValidator::class,

                    $currentElement,

                    $sessionToken,

                    $validationDto

                )

            )

        );

    }


    protected function ‪getConfigurationService(): ‪ConfigurationService

    {

        if (!($this->configurationService instanceof ‪ConfigurationService)) {

            $this->configurationService = $this->‪getObjectManager()->‪get(ConfigurationService::class);

        }

        return ‪$this->configurationService;

    }


    protected function ‪getObjectManager(): ‪ObjectManager

    {

        return GeneralUtility::makeInstance(ObjectManager::class);

    }

}