‪TYPO3CMS  9.5
FormProtectionFactory.php
Go to the documentation of this file.
1 <?php
2 namespace ‪TYPO3\CMS\Core\FormProtection;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
18 use ‪TYPO3\CMS\Core\Localization\LanguageService;
19 use ‪TYPO3\CMS\Core\Messaging\FlashMessage;
20 use ‪TYPO3\CMS\Core\Messaging\FlashMessageQueue;
21 use ‪TYPO3\CMS\Core\Messaging\FlashMessageService;
22 use ‪TYPO3\CMS\Core\Registry;
23 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
24 use ‪TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
25 
44 class ‪FormProtectionFactory
45 {
51  protected static ‪$instances = [];
52 
56  private function ‪__construct()
57  {
58  }
59 
73  public static function get($classNameOrType = 'default', ...$constructorArguments)
74  {
75  if (isset(self::$instances[$classNameOrType])) {
76  return self::$instances[$classNameOrType];
77  }
78  if ($classNameOrType === 'default' || $classNameOrType === 'installtool' || $classNameOrType === 'frontend' || $classNameOrType === 'backend') {
79  $classNameAndConstructorArguments = ‪self::getClassNameAndConstructorArgumentsByType($classNameOrType);
80  self::$instances[$classNameOrType] = ‪self::createInstance(...$classNameAndConstructorArguments);
81  } else {
82  self::$instances[$classNameOrType] = ‪self::createInstance($classNameOrType, ...$constructorArguments);
83  }
84  return self::$instances[$classNameOrType];
85  }
86 
94  protected static function ‪getClassNameAndConstructorArgumentsByType($type)
95  {
96  if (self::isInstallToolSession() && ($type === 'default' || $type === 'installtool')) {
97  $classNameAndConstructorArguments = [
98  InstallToolFormProtection::class
99  ];
100  } elseif (self::isFrontendSession() && ($type === 'default' || $type === 'frontend')) {
101  $classNameAndConstructorArguments = [
102  FrontendFormProtection::class,
103  ‪$GLOBALS['TSFE']->fe_user
104  ];
105  } elseif (self::isBackendSession() && ($type === 'default' || $type === 'backend')) {
106  $classNameAndConstructorArguments = [
107  BackendFormProtection::class,
108  ‪$GLOBALS['BE_USER'],
109  GeneralUtility::makeInstance(Registry::class),
110  ‪self::getMessageClosure(
111  ‪$GLOBALS['LANG'],
112  GeneralUtility::makeInstance(FlashMessageService::class)->getMessageQueueByIdentifier(),
113  (bool)(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_AJAX)
114  )
115  ];
116  } else {
117  // failed to use preferred type, disable form protection
118  $classNameAndConstructorArguments = [
119  DisabledFormProtection::class
120  ];
121  }
122  return $classNameAndConstructorArguments;
123  }
124 
130  protected static function ‪isInstallToolSession()
131  {
132  return TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_INSTALL;
133  }
134 
140  protected static function ‪isBackendSession()
141  {
142  return isset(‪$GLOBALS['BE_USER']) && ‪$GLOBALS['BE_USER'] instanceof ‪BackendUserAuthentication && isset(‪$GLOBALS['BE_USER']->user['uid']);
143  }
144 
150  protected static function ‪isFrontendSession()
151  {
152  return TYPO3_MODE === 'FE' && is_object(‪$GLOBALS['TSFE']) && ‪$GLOBALS['TSFE']->fe_user instanceof ‪FrontendUserAuthentication && isset(‪$GLOBALS['TSFE']->fe_user->user['uid']);
153  }
154 
162  public static function ‪getMessageClosure(‪LanguageService $languageService, ‪FlashMessageQueue $messageQueue, $isAjaxCall)
163  {
164  return function () use ($languageService, $messageQueue, $isAjaxCall) {
166  $flashMessage = GeneralUtility::makeInstance(
167  FlashMessage::class,
168  $languageService->‪sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:error.formProtection.tokenInvalid'),
169  '',
170  ‪FlashMessage::ERROR,
171  !$isAjaxCall
172  );
173  $messageQueue->‪enqueue($flashMessage);
174  };
175  }
176 
186  protected static function ‪createInstance($className, ...$constructorArguments)
187  {
188  if (!class_exists($className)) {
189  throw new \InvalidArgumentException('$className must be the name of an existing class, but ' . 'actually was "' . $className . '".', 1285352962);
190  }
191  $instance = GeneralUtility::makeInstance($className, ...$constructorArguments);
192  if (!$instance instanceof ‪AbstractFormProtection) {
193  throw new \InvalidArgumentException('$className must be a subclass of ' . AbstractFormProtection::class . ', but actually was "' . $className . '".', 1285353026);
194  }
195  return $instance;
196  }
197 
208  public static function set($classNameOrType, ‪AbstractFormProtection $instance)
209  {
210  self::$instances[$classNameOrType] = $instance;
211  }
212 
218  public static function ‪purgeInstances()
219  {
220  foreach (self::$instances as $key => $instance) {
221  unset(self::$instances[$key]);
222  }
223  }
224 }
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\createInstance
‪static AbstractFormProtection createInstance($className,... $constructorArguments)
Definition: FormProtectionFactory.php:185
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\__construct
‪__construct()
Definition: FormProtectionFactory.php:55
‪TYPO3\CMS\Core\Registry
Definition: Registry.php:32
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\purgeInstances
‪static purgeInstances()
Definition: FormProtectionFactory.php:217
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\isFrontendSession
‪static bool isFrontendSession()
Definition: FormProtectionFactory.php:149
‪TYPO3\CMS\Core\Localization\LanguageService\sL
‪string sL($input)
Definition: LanguageService.php:158
‪TYPO3\CMS\Core\Messaging\FlashMessageQueue\enqueue
‪FlashMessageQueue enqueue($message)
Definition: FlashMessageQueue.php:56
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\$instances
‪static array< AbstractFormProtection > $instances
Definition: FormProtectionFactory.php:50
‪TYPO3\CMS\Core\FormProtection
Definition: AbstractFormProtection.php:2
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\isBackendSession
‪static bool isBackendSession()
Definition: FormProtectionFactory.php:139
‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication
Definition: BackendUserAuthentication.php:45
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\getClassNameAndConstructorArgumentsByType
‪static array getClassNameAndConstructorArgumentsByType($type)
Definition: FormProtectionFactory.php:93
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\getMessageClosure
‪static Closure getMessageClosure(LanguageService $languageService, FlashMessageQueue $messageQueue, $isAjaxCall)
Definition: FormProtectionFactory.php:161
‪TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:29
‪TYPO3\CMS\Core\Messaging\FlashMessage
Definition: FlashMessage.php:22
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory
Definition: FormProtectionFactory.php:45
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Core\Localization\LanguageService
Definition: LanguageService.php:29
‪TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication
Definition: FrontendUserAuthentication.php:28
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:45
‪TYPO3\CMS\Core\Messaging\FlashMessageQueue
Definition: FlashMessageQueue.php:25
‪TYPO3\CMS\Core\Messaging\FlashMessageService
Definition: FlashMessageService.php:25
‪TYPO3\CMS\Core\FormProtection\FormProtectionFactory\isInstallToolSession
‪static bool isInstallToolSession()
Definition: FormProtectionFactory.php:129
‪TYPO3\CMS\Core\Messaging\AbstractMessage\ERROR
‪const ERROR
Definition: AbstractMessage.php:29