‪TYPO3CMS  9.5
MvcPropertyMappingConfigurationService.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
20 
40 {
46  protected ‪$hashService;
47 
51  public function ‪injectHashService(\‪TYPO3\CMS\‪Extbase\Security\Cryptography\HashService ‪$hashService)
52  {
53  $this->hashService = ‪$hashService;
54  }
55 
65  public function ‪generateTrustedPropertiesToken($formFieldNames, $fieldNamePrefix = '')
66  {
67  $formFieldArray = [];
68  foreach ($formFieldNames as $formField) {
69  $formFieldParts = explode('[', $formField);
70  $currentPosition = &$formFieldArray;
71  $formFieldPartsCount = count($formFieldParts);
72  for ($i = 0; $i < $formFieldPartsCount; $i++) {
73  $formFieldPart = $formFieldParts[$i];
74  $formFieldPart = rtrim($formFieldPart, ']');
75  if (!is_array($currentPosition)) {
76  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is declared as array, but it collides with a previous form field of the same name which declared the field as string. This is an inconsistency you need to fix inside your Fluid form. (String overridden by Array)', 1255072196);
77  }
78  if ($i === $formFieldPartsCount - 1) {
79  if (isset($currentPosition[$formFieldPart]) && is_array($currentPosition[$formFieldPart])) {
80  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is declared as string, but it collides with a previous form field of the same name which declared the field as array. This is an inconsistency you need to fix inside your Fluid form. (Array overridden by String)', 1255072587);
81  }
82  // Last iteration - add a string
83  if ($formFieldPart === '') {
84  $currentPosition[] = 1;
85  } else {
86  $currentPosition[$formFieldPart] = 1;
87  }
88  } else {
89  if ($formFieldPart === '') {
90  throw new \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is invalid. Reason: "[]" used not as last argument, but somewhere in the middle (like foo[][bar]).', 1255072832);
91  }
92  if (!isset($currentPosition[$formFieldPart])) {
93  $currentPosition[$formFieldPart] = [];
94  }
95  $currentPosition = &$currentPosition[$formFieldPart];
96  }
97  }
98  }
99  if ($fieldNamePrefix !== '') {
100  $formFieldArray = ($formFieldArray[$fieldNamePrefix] ?? []);
101  }
102  return $this->‪serializeAndHashFormFieldArray($formFieldArray);
103  }
104 
112  protected function ‪serializeAndHashFormFieldArray(array $formFieldArray)
113  {
114  $serializedFormFieldArray = serialize($formFieldArray);
115  return $this->hashService->appendHmac($serializedFormFieldArray);
116  }
117 
126  public function ‪initializePropertyMappingConfigurationFromRequest(\‪TYPO3\CMS\‪Extbase\Mvc\‪Request $request, \‪TYPO3\CMS\‪Extbase\Mvc\Controller\‪Arguments $controllerArguments)
127  {
128  $trustedPropertiesToken = $request->getInternalArgument('__trustedProperties');
129  if (!is_string($trustedPropertiesToken)) {
130  return;
131  }
132 
133  try {
134  $serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken);
136  throw new ‪BadRequestException('The HMAC of the form could not be validated.', 1581862822);
137  }
138  $trustedProperties = unserialize($serializedTrustedProperties, ['allowed_classes' => false]);
139  foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
140  if (!$controllerArguments->hasArgument($propertyName)) {
141  continue;
142  }
143  $propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration();
144  $this->‪modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
145  }
146  }
147 
158  protected function ‪modifyPropertyMappingConfiguration($propertyConfiguration, \‪TYPO3\CMS\‪Extbase\Property\PropertyMappingConfiguration $propertyMappingConfiguration)
159  {
160  if (!is_array($propertyConfiguration)) {
161  return;
162  }
163 
164  if (isset($propertyConfiguration['__identity'])) {
165  $propertyMappingConfiguration->setTypeConverterOption(\‪TYPO3\CMS\‪Extbase\Property\TypeConverter\PersistentObjectConverter::class, \‪TYPO3\CMS\‪Extbase\Property\TypeConverter\PersistentObjectConverter::CONFIGURATION_MODIFICATION_ALLOWED, true);
166  unset($propertyConfiguration['__identity']);
167  } else {
168  $propertyMappingConfiguration->setTypeConverterOption(\‪TYPO3\CMS\‪Extbase\Property\TypeConverter\PersistentObjectConverter::class, \‪TYPO3\CMS\‪Extbase\Property\TypeConverter\PersistentObjectConverter::CONFIGURATION_CREATION_ALLOWED, true);
169  }
170 
171  foreach ($propertyConfiguration as $innerKey => $innerValue) {
172  if (is_array($innerValue)) {
173  $this->‪modifyPropertyMappingConfiguration($innerValue, $propertyMappingConfiguration->forProperty($innerKey));
174  }
175  $propertyMappingConfiguration->allowProperties($innerKey);
176  }
177  }
178 }
‪TYPO3\CMS\Extbase\Annotation
Definition: IgnoreValidation.php:4
‪TYPO3
‪TYPO3\CMS\Extbase\Mvc\Controller\Arguments
Definition: Arguments.php:22
‪TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException
Definition: InvalidArgumentForHashGenerationException.php:21
‪TYPO3\CMS\Core\Error\Http\BadRequestException
Definition: BadRequestException.php:21
‪TYPO3\CMS\Extbase\Mvc\Controller
Definition: AbstractController.php:2
‪TYPO3\CMS\Extbase\Mvc\Cli\Request
Definition: Request.php:23
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\modifyPropertyMappingConfiguration
‪modifyPropertyMappingConfiguration($propertyConfiguration, \TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration $propertyMappingConfiguration)
Definition: MvcPropertyMappingConfigurationService.php:157
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\initializePropertyMappingConfigurationFromRequest
‪initializePropertyMappingConfigurationFromRequest(\TYPO3\CMS\Extbase\Mvc\Request $request, \TYPO3\CMS\Extbase\Mvc\Controller\Arguments $controllerArguments)
Definition: MvcPropertyMappingConfigurationService.php:125
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\$hashService
‪TYPO3 CMS Extbase Security Cryptography HashService $hashService
Definition: MvcPropertyMappingConfigurationService.php:45
‪TYPO3\CMS\Extbase\Security\Exception\InvalidHashException
Definition: InvalidHashException.php:21
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:22
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\generateTrustedPropertiesToken
‪string generateTrustedPropertiesToken($formFieldNames, $fieldNamePrefix='')
Definition: MvcPropertyMappingConfigurationService.php:64
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService
Definition: MvcPropertyMappingConfigurationService.php:40
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\serializeAndHashFormFieldArray
‪string serializeAndHashFormFieldArray(array $formFieldArray)
Definition: MvcPropertyMappingConfigurationService.php:111
‪TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\injectHashService
‪injectHashService(\TYPO3\CMS\Extbase\Security\Cryptography\HashService $hashService)
Definition: MvcPropertyMappingConfigurationService.php:50