MvcPropertyMappingConfigurationService.php

Go to the documentation of this file.

<?php
namespace ‪TYPO3\CMS\Extbase\Mvc\Controller;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
use ‪TYPO3\CMS\Core\Error\Http\BadRequestException;
use ‪TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException;
use ‪TYPO3\CMS\Extbase\Security\Exception\InvalidHashException;
 
class ‪MvcPropertyMappingConfigurationService implements ‪\TYPO3\CMS\Core\SingletonInterface
{
    protected ‪$hashService;
 
    public function ‪injectHashService(\‪TYPO3\CMS\‪Extbase\Security\Cryptography\HashService ‪$hashService)
    {
        $this->hashService = ‪$hashService;
    }
 
    public function ‪generateTrustedPropertiesToken($formFieldNames, $fieldNamePrefix = '')
    {
        $formFieldArray = [];
        foreach ($formFieldNames as $formField) {
            $formFieldParts = explode('[', $formField);
            $currentPosition = &$formFieldArray;
            $formFieldPartsCount = count($formFieldParts);
            for ($i = 0; $i < $formFieldPartsCount; $i++) {
                $formFieldPart = $formFieldParts[$i];
                $formFieldPart = rtrim($formFieldPart, ']');
                if (!is_array($currentPosition)) {
                    throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is declared as array, but it collides with a previous form field of the same name which declared the field as string. This is an inconsistency you need to fix inside your Fluid form. (String overridden by Array)', 1255072196);
                }
                if ($i === $formFieldPartsCount - 1) {
                    if (isset($currentPosition[$formFieldPart]) && is_array($currentPosition[$formFieldPart])) {
                        throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is declared as string, but it collides with a previous form field of the same name which declared the field as array. This is an inconsistency you need to fix inside your Fluid form. (Array overridden by String)', 1255072587);
                    }
                    // Last iteration - add a string
                    if ($formFieldPart === '') {
                        $currentPosition[] = 1;
                    } else {
                        $currentPosition[$formFieldPart] = 1;
                    }
                } else {
                    if ($formFieldPart === '') {
                        throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is invalid. Reason: "[]" used not as last argument, but somewhere in the middle (like foo[][bar]).', 1255072832);
                    }
                    if (!isset($currentPosition[$formFieldPart])) {
                        $currentPosition[$formFieldPart] = [];
                    }
                    $currentPosition = &$currentPosition[$formFieldPart];
                }
            }
        }
        if ($fieldNamePrefix !== '') {
            $formFieldArray = ($formFieldArray[$fieldNamePrefix] ?? []);
        }
        return $this->‪serializeAndHashFormFieldArray($formFieldArray);
    }
 
    protected function ‪serializeAndHashFormFieldArray(array $formFieldArray)
    {
        $serializedFormFieldArray = serialize($formFieldArray);
        return $this->hashService->appendHmac($serializedFormFieldArray);
    }
 
    public function ‪initializePropertyMappingConfigurationFromRequest(\‪TYPO3\CMS\‪Extbase\Mvc\‪Request $request, \‪TYPO3\CMS\‪Extbase\Mvc\Controller\‪Arguments $controllerArguments)
    {
        $trustedPropertiesToken = $request->getInternalArgument('__trustedProperties');
        if (!is_string($trustedPropertiesToken)) {
            return;
        }
 
        try {
            $serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
        } catch (‪InvalidHashException | ‪InvalidArgumentForHashGenerationException $e) {
            throw new ‪BadRequestException('The HMAC of the form could not be validated.', 1581862822);
        }
        $trustedProperties = unserialize($serializedTrustedProperties, ['allowed_classes' => false]);
        foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
            if (!$controllerArguments->hasArgument($propertyName)) {
                continue;
            }
            $propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
            $this->‪modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
        }
    }
 
    protected function ‪modifyPropertyMappingConfiguration($propertyConfiguration, \‪TYPO3\CMS\‪Extbase\Property\PropertyMappingConfiguration $propertyMappingConfiguration)
    {
        if (!is_array($propertyConfiguration)) {
            return;
        }
 
        if (isset($propertyConfiguration['__identity'])) {
            $propertyMappingConfiguration->setTypeConverterOption(\‪TYPO3\CMS\‪Extbase\Property\TypeConverter\PersistentObjectConverter::class, \‪TYPO3\CMS\‪Extbase\Property\TypeConverter\PersistentObjectConverter::CONFIGURATION_MODIFICATION_ALLOWED, true);
            unset($propertyConfiguration['__identity']);
        } else {
            $propertyMappingConfiguration->setTypeConverterOption(\‪TYPO3\CMS\‪Extbase\Property\TypeConverter\PersistentObjectConverter::class, \‪TYPO3\CMS\‪Extbase\Property\TypeConverter\PersistentObjectConverter::CONFIGURATION_CREATION_ALLOWED, true);
        }
 
        foreach ($propertyConfiguration as $innerKey => $innerValue) {
            if (is_array($innerValue)) {
                $this->‪modifyPropertyMappingConfiguration($innerValue, $propertyMappingConfiguration->forProperty($innerKey));
            }
            $propertyMappingConfiguration->allowProperties($innerKey);
        }
    }
}