TYPO3 CMS  TYPO3_6-2
BackendFormProtection.php
Go to the documentation of this file.
1 <?php
3 
76 
83  protected $backendUser;
84 
91  protected $registry;
92 
96  public function __construct() {
97  if (!$this->isAuthorizedBackendSession()) {
98  throw new \TYPO3\CMS\Core\Error\Exception('A back-end form protection may only be instantiated if there' . ' is an active back-end session.', 1285067843);
99  }
100  $this->backendUser = $GLOBALS['BE_USER'];
101  }
102 
109  protected function createValidationErrorMessage() {
111  'TYPO3\\CMS\\Core\\Messaging\\FlashMessage',
112  $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:error.formProtection.tokenInvalid'),
113  '',
114  \TYPO3\CMS\Core\Messaging\FlashMessage::ERROR,
115  !$this->isAjaxRequest()
116  );
119  'TYPO3\\CMS\\Core\\Messaging\\FlashMessageService'
120  );
122  $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
123  $defaultFlashMessageQueue->enqueue($flashMessage);
124  }
125 
131  protected function isAjaxRequest() {
132  return (bool)(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_AJAX);
133  }
134 
140  protected function retrieveSessionToken() {
141  $this->sessionToken = $this->backendUser->getSessionData('formSessionToken');
142  if (empty($this->sessionToken)) {
143  $this->sessionToken = $this->generateSessionToken();
144  $this->persistSessionToken();
145  }
146  return $this->sessionToken;
147  }
148 
156  public function persistSessionToken() {
157  $this->backendUser->setAndSaveSessionData('formSessionToken', $this->sessionToken);
158  }
159 
168  public function setSessionTokenFromRegistry() {
169  $this->sessionToken = $this->getRegistry()->get('core', 'formSessionToken:' . $this->backendUser->user['uid']);
170  if (empty($this->sessionToken)) {
171  throw new \UnexpectedValueException('Failed to restore the session token from the registry.', 1301827270);
172  }
173  return $this->sessionToken;
174  }
175 
183  public function storeSessionTokenInRegistry() {
184  $this->getRegistry()->set('core', 'formSessionToken:' . $this->backendUser->user['uid'], $this->getSessionToken());
185  }
186 
192  public function removeSessionTokenFromRegistry() {
193  $this->getRegistry()->remove('core', 'formSessionToken:' . $this->backendUser->user['uid']);
194  }
195 
201  protected function getRegistry() {
202  if (!$this->registry instanceof \TYPO3\CMS\Core\Registry) {
203  $this->registry = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\Registry');
204  }
205  return $this->registry;
206  }
207 
215  public function injectRegistry(\TYPO3\CMS\Core\Registry $registry) {
216  $this->registry = $registry;
217  }
218 
224  protected function isAuthorizedBackendSession() {
225  return isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof \TYPO3\CMS\Core\Authentication\BackendUserAuthentication && isset($GLOBALS['BE_USER']->user['uid']);
226  }
227 
233  protected function getLanguageService() {
234  return $GLOBALS['LANG'];
235  }
236 }
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]