9.5/_form_slug_ajax_controller_8php_source.html

<?php

declare(strict_types = 1);


namespace ‪TYPO3\CMS\Backend\Controller;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use Psr\Http\Message\ResponseInterface;

use Psr\Http\Message\ServerRequestInterface;

use ‪TYPO3\CMS\Backend\Utility\BackendUtility;

use ‪TYPO3\CMS\Core\DataHandling\Model\RecordStateFactory;

use ‪TYPO3\CMS\Core\DataHandling\SlugHelper;

use ‪TYPO3\CMS\Core\Http\JsonResponse;

use ‪TYPO3\CMS\Core\Utility\ArrayUtility;

use ‪TYPO3\CMS\Core\Utility\GeneralUtility;


class ‪FormSlugAjaxController extends ‪AbstractFormEngineAjaxController

{


    public function ‪suggestAction(ServerRequestInterface $request): ResponseInterface

    {

        $this->‪checkRequest($request);


        $queryParameters = $request->getParsedBody() ?? [];

        $values = $queryParameters['values'];

        $mode = $queryParameters['mode'];

        $tableName = $queryParameters['tableName'];

        $pid = (int)$queryParameters['pageId'];

        $parentPageId = (int)$queryParameters['parentPageId'];

        $recordId = (int)$queryParameters['recordId'];

        $languageId = (int)$queryParameters['language'];

        $fieldName = $queryParameters['fieldName'];


        $fieldConfig = ‪$GLOBALS['TCA'][$tableName]['columns'][$fieldName]['config'] ?? [];

        $row = ‪BackendUtility::getRecord($tableName, $recordId);

        $recordType = ‪BackendUtility::getTCAtypeValue($tableName, $row);

        $columnsOverridesConfigOfField = ‪$GLOBALS['TCA'][$tableName]['types'][$recordType]['columnsOverrides'][$fieldName]['config'] ?? null;

        if ($columnsOverridesConfigOfField) {

            ‪ArrayUtility::mergeRecursiveWithOverrule($fieldConfig, $columnsOverridesConfigOfField);

        }

        if (empty($fieldConfig)) {

            throw new \RuntimeException(

                'No valid field configuration for table ' . $tableName . ' field name ' . $fieldName . ' found.',

                1535379534

            );

        }


        $evalInfo = !empty($fieldConfig['eval']) ? GeneralUtility::trimExplode(',', $fieldConfig['eval'], true) : [];

        $hasToBeUniqueInDb = in_array('unique', $evalInfo, true);

        $hasToBeUniqueInSite = in_array('uniqueInSite', $evalInfo, true);

        $hasToBeUniqueInPid = in_array('uniqueInPid', $evalInfo, true);


        $hasConflict = false;


        $recordData = $values;

        if (!isset($recordData['uid'])) {

            $recordData['uid'] = $recordId;

        }

        $recordData['pid'] = $pid;

        if (!empty(‪$GLOBALS['TCA'][$tableName]['ctrl']['languageField'])) {

            $recordData[‪$GLOBALS['TCA'][$tableName]['ctrl']['languageField']] = $languageId;

        }

        if ($tableName === 'pages' && empty($recordData['is_siteroot'])) {

            $recordData['is_siteroot'] = $row['is_siteroot'];

        }


        $slug = GeneralUtility::makeInstance(SlugHelper::class, $tableName, $fieldName, $fieldConfig);

        if ($mode === 'auto') {

            // New page - Feed incoming values to generator

            $proposal = $slug->generate($recordData, $pid);

        } elseif ($mode === 'recreate') {

            $proposal = $slug->generate($recordData, $parentPageId);

        } elseif ($mode === 'manual') {

            // Existing record - Fetch full record and only validate against the new "slug" field.

            $proposal = $slug->sanitize($values['manual']);

        } else {

            throw new \RuntimeException('mode must be either "auto", "recreate" or "manual"', 1535835666);

        }


        $state = ‪RecordStateFactory::forName($tableName)

            ->fromArray($recordData, $pid, $recordId);

        if ($hasToBeUniqueInDb && !$slug->isUniqueInTable($proposal, $state)) {

            $hasConflict = true;

            $proposal = $slug->buildSlugForUniqueInTable($proposal, $state);

        }

        if ($hasToBeUniqueInSite && !$slug->isUniqueInSite($proposal, $state)) {

            $hasConflict = true;

            $proposal = $slug->buildSlugForUniqueInSite($proposal, $state);

        }

        if ($hasToBeUniqueInPid && !$slug->isUniqueInPid($proposal, $state)) {

            $hasConflict = true;

            $proposal = $slug->buildSlugForUniqueInPid($proposal, $state);

        }


        return new ‪JsonResponse([

            'hasConflicts' => !$mode && $hasConflict,

            'manual' => $values['manual'] ?? '',

            'proposal' => $proposal,

        ]);

    }


    protected function ‪checkRequest(ServerRequestInterface $request): bool

    {

        $queryParameters = $request->getParsedBody() ?? [];

        $expectedHash = GeneralUtility::hmac(

            implode(

                '',

                [

                    $queryParameters['tableName'],

                    $queryParameters['pageId'],

                    $queryParameters['recordId'],

                    $queryParameters['language'],

                    $queryParameters['fieldName'],

                    $queryParameters['command'],

                    $queryParameters['parentPageId'],

                ]

            ),

            __CLASS__

        );

        if (!hash_equals($expectedHash, $queryParameters['signature'])) {

            throw new \InvalidArgumentException(

                'HMAC could not be verified',

                1535137045

            );

        }

        return true;

    }

}