TYPO3 CMS  TYPO3_7-6
BackendFormProtection.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
19 
73 {
80  protected $backendUser;
81 
88  protected $registry;
89 
99  {
100  $this->backendUser = $backendUser;
101  $this->registry = $registry;
102  $this->validationFailedCallback = $validationFailedCallback;
103  if (!$this->isAuthorizedBackendSession()) {
104  throw new \TYPO3\CMS\Core\Error\Exception('A back-end form protection may only be instantiated if there is an active back-end session.', 1285067843);
105  }
106  }
107 
113  protected function retrieveSessionToken()
114  {
115  $this->sessionToken = $this->backendUser->getSessionData('formProtectionSessionToken');
116  if (empty($this->sessionToken)) {
117  $this->sessionToken = $this->generateSessionToken();
118  $this->persistSessionToken();
119  }
120  return $this->sessionToken;
121  }
122 
130  public function persistSessionToken()
131  {
132  $this->backendUser->setAndSaveSessionData('formProtectionSessionToken', $this->sessionToken);
133  }
134 
143  public function setSessionTokenFromRegistry()
144  {
145  $this->sessionToken = $this->registry->get('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
146  if (empty($this->sessionToken)) {
147  throw new \UnexpectedValueException('Failed to restore the session token from the registry.', 1301827270);
148  }
149  return $this->sessionToken;
150  }
151 
159  public function storeSessionTokenInRegistry()
160  {
161  $this->registry->set('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid'], $this->getSessionToken());
162  }
163 
170  {
171  $this->registry->remove('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
172  }
173 
179  protected function isAuthorizedBackendSession()
180  {
181  return !empty($this->backendUser->user['uid']);
182  }
183 }
__construct(BackendUserAuthentication $backendUser, Registry $registry, \Closure $validationFailedCallback=null)