9.5/_form_protection_factory_8php_source.html

<?php

namespace ‪TYPO3\CMS\Core\FormProtection;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;

use ‪TYPO3\CMS\Core\Localization\LanguageService;

use ‪TYPO3\CMS\Core\Messaging\FlashMessage;

use ‪TYPO3\CMS\Core\Messaging\FlashMessageQueue;

use ‪TYPO3\CMS\Core\Messaging\FlashMessageService;

use ‪TYPO3\CMS\Core\Registry;

use ‪TYPO3\CMS\Core\Utility\GeneralUtility;

use ‪TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;


class ‪FormProtectionFactory

{

    protected static ‪$instances = [];


    private function ‪__construct()

    {

    }


    public static function get($classNameOrType = 'default', ...$constructorArguments)

    {

        if (isset(self::$instances[$classNameOrType])) {

            return self::$instances[$classNameOrType];

        }

        if ($classNameOrType === 'default' || $classNameOrType === 'installtool' || $classNameOrType === 'frontend' || $classNameOrType === 'backend') {

            $classNameAndConstructorArguments = ‪self::getClassNameAndConstructorArgumentsByType($classNameOrType);

            self::$instances[$classNameOrType] = ‪self::createInstance(...$classNameAndConstructorArguments);

        } else {

            self::$instances[$classNameOrType] = ‪self::createInstance($classNameOrType, ...$constructorArguments);

        }

        return self::$instances[$classNameOrType];

    }


    protected static function ‪getClassNameAndConstructorArgumentsByType($type)

    {

        if (self::isInstallToolSession() && ($type === 'default' || $type === 'installtool')) {

            $classNameAndConstructorArguments = [

                InstallToolFormProtection::class

            ];

        } elseif (self::isFrontendSession() && ($type === 'default' || $type === 'frontend')) {

            $classNameAndConstructorArguments = [

                FrontendFormProtection::class,

                ‪$GLOBALS['TSFE']->fe_user

            ];

        } elseif (self::isBackendSession() && ($type === 'default' || $type === 'backend')) {

            $classNameAndConstructorArguments = [

                BackendFormProtection::class,

                ‪$GLOBALS['BE_USER'],

                GeneralUtility::makeInstance(Registry::class),

                ‪self::getMessageClosure(

                    ‪$GLOBALS['LANG'],

                    GeneralUtility::makeInstance(FlashMessageService::class)->getMessageQueueByIdentifier(),

                    (bool)(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_AJAX)

                )

            ];

        } else {

            // failed to use preferred type, disable form protection

            $classNameAndConstructorArguments = [

                DisabledFormProtection::class

            ];

        }

        return $classNameAndConstructorArguments;

    }


    protected static function ‪isInstallToolSession()

    {

        return TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_INSTALL;

    }


    protected static function ‪isBackendSession()

    {

        return isset(‪$GLOBALS['BE_USER']) && ‪$GLOBALS['BE_USER'] instanceof ‪BackendUserAuthentication && isset(‪$GLOBALS['BE_USER']->user['uid']);

    }


    protected static function ‪isFrontendSession()

    {

        return TYPO3_MODE === 'FE' && is_object(‪$GLOBALS['TSFE']) && ‪$GLOBALS['TSFE']->fe_user instanceof ‪FrontendUserAuthentication && isset(‪$GLOBALS['TSFE']->fe_user->user['uid']);

    }


    public static function ‪getMessageClosure(‪LanguageService $languageService, ‪FlashMessageQueue $messageQueue, $isAjaxCall)

    {

        return function () use ($languageService, $messageQueue, $isAjaxCall) {

            $flashMessage = GeneralUtility::makeInstance(

                FlashMessage::class,

                $languageService->‪sL('LLL:EXT:core/Resources/Private/Language/locallang_core.xlf:error.formProtection.tokenInvalid'),

                '',

                ‪FlashMessage::ERROR,

                !$isAjaxCall

            );

            $messageQueue->‪enqueue($flashMessage);

        };

    }


    protected static function ‪createInstance($className, ...$constructorArguments)

    {

        if (!class_exists($className)) {

            throw new \InvalidArgumentException('$className must be the name of an existing class, but ' . 'actually was "' . $className . '".', 1285352962);

        }

        $instance = GeneralUtility::makeInstance($className, ...$constructorArguments);

        if (!$instance instanceof ‪AbstractFormProtection) {

            throw new \InvalidArgumentException('$className must be a subclass of ' . AbstractFormProtection::class . ', but actually was "' . $className . '".', 1285353026);

        }

        return $instance;

    }


    public static function set($classNameOrType, ‪AbstractFormProtection $instance)

    {

        self::$instances[$classNameOrType] = $instance;

    }


    public static function ‪purgeInstances()

    {

        foreach (self::$instances as $key => $instance) {

            unset(self::$instances[$key]);

        }

    }

}