TYPO3_6-2/_abstract_form_protection_8php_source.html

 <?php
 namespace TYPO3\CMS\Core\FormProtection;

 abstract class AbstractFormProtection {

     protected $sessionToken;

     protected function getSessionToken() {
         if ($this->sessionToken === NULL) {
             $this->sessionToken = $this->retrieveSessionToken();
         }
         return $this->sessionToken;
     }

     public function __destruct() {
         unset($this->sessionToken);
     }

     public function clean() {
         unset($this->sessionToken);
         $this->persistSessionToken();
     }

     public function generateToken($formName, $action = '', $formInstanceName = '') {
         if ($formName == '') {
             throw new \InvalidArgumentException('$formName must not be empty.', 1294586643);
         }
         $tokenId = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac($formName . $action . $formInstanceName . $this->getSessionToken());
         return $tokenId;
     }

     public function validateToken($tokenId, $formName, $action = '', $formInstanceName = '') {
         $validTokenId = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac(((string) $formName . (string) $action) . (string) $formInstanceName . $this->getSessionToken());
         if ((string) $tokenId === $validTokenId) {
             $isValid = TRUE;
         } else {
             $isValid = FALSE;
         }
         if (!$isValid) {
             $this->createValidationErrorMessage();
         }
         return $isValid;
     }

     protected function generateSessionToken() {
         return bin2hex(\TYPO3\CMS\Core\Utility\GeneralUtility::generateRandomBytes(32));
     }

     abstract protected function createValidationErrorMessage();

     abstract protected function retrieveSessionToken();

     abstract public function persistSessionToken();

 }
TYPO3

TYPO3\CMS\Core\FormProtection
Definition: AbstractFormProtection.php:2

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateToken
generateToken($formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:78

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\persistSessionToken
persistSessionToken()

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\clean
clean()
Definition: AbstractFormProtection.php:60

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\getSessionToken
getSessionToken()
Definition: AbstractFormProtection.php:39

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\validateToken
validateToken($tokenId, $formName, $action='', $formInstanceName='')
Definition: AbstractFormProtection.php:96

TYPO3\CMS\Core\Utility\GeneralUtility\hmac
static hmac($input, $additionalSecret='')
Definition: GeneralUtility.php:828

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\generateSessionToken
generateSessionToken()
Definition: AbstractFormProtection.php:114

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\$sessionToken
$sessionToken
Definition: AbstractFormProtection.php:34

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\__destruct
__destruct()
Definition: AbstractFormProtection.php:49

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\createValidationErrorMessage
createValidationErrorMessage()

TYPO3\CMS\Core\FormProtection\AbstractFormProtection
Definition: AbstractFormProtection.php:27

TYPO3\CMS\Core\FormProtection\AbstractFormProtection\retrieveSessionToken
retrieveSessionToken()