TYPO3 CMS  TYPO3_7-6
FormProtectionFactory.php
Go to the documentation of this file.
1 <?php
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
25 
45 {
51  protected static $instances = [];
52 
56  private function __construct()
57  {
58  }
59 
72  public static function get($classNameOrType = 'default')
73  {
74  if (isset(self::$instances[$classNameOrType])) {
75  return self::$instances[$classNameOrType];
76  }
77  if ($classNameOrType === 'default' || $classNameOrType === 'installtool' || $classNameOrType === 'frontend' || $classNameOrType === 'backend') {
78  $classNameAndConstructorArguments = self::getClassNameAndConstructorArgumentsByType($classNameOrType);
79  } else {
80  $classNameAndConstructorArguments = func_get_args();
81  }
82  self::$instances[$classNameOrType] = self::createInstance($classNameAndConstructorArguments);
83  return self::$instances[$classNameOrType];
84  }
85 
93  protected static function getClassNameAndConstructorArgumentsByType($type)
94  {
95  if (self::isInstallToolSession() && ($type === 'default' || $type === 'installtool')) {
96  $classNameAndConstructorArguments = [
97  InstallToolFormProtection::class
98  ];
99  } elseif (self::isFrontendSession() && ($type === 'default' || $type === 'frontend')) {
100  $classNameAndConstructorArguments = [
101  FrontendFormProtection::class,
102  $GLOBALS['TSFE']->fe_user
103  ];
104  } elseif (self::isBackendSession() && ($type === 'default' || $type === 'backend')) {
105  $classNameAndConstructorArguments = [
106  BackendFormProtection::class,
107  $GLOBALS['BE_USER'],
108  GeneralUtility::makeInstance(Registry::class),
109  self::getMessageClosure(
110  $GLOBALS['LANG'],
111  GeneralUtility::makeInstance(FlashMessageService::class)->getMessageQueueByIdentifier(),
112  (bool)(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_AJAX)
113  )
114  ];
115  } else {
116  // failed to use preferred type, disable form protection
117  $classNameAndConstructorArguments = [
118  DisabledFormProtection::class
119  ];
120  }
121  return $classNameAndConstructorArguments;
122  }
123 
129  protected static function isInstallToolSession()
130  {
131  return defined('TYPO3_enterInstallScript') && TYPO3_enterInstallScript;
132  }
133 
139  protected static function isBackendSession()
140  {
141  return isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof BackendUserAuthentication && isset($GLOBALS['BE_USER']->user['uid']);
142  }
143 
149  protected static function isFrontendSession()
150  {
151  return TYPO3_MODE === 'FE' && is_object($GLOBALS['TSFE']) && $GLOBALS['TSFE']->fe_user instanceof FrontendUserAuthentication && isset($GLOBALS['TSFE']->fe_user->user['uid']);
152  }
153 
161  public static function getMessageClosure(LanguageService $languageService, FlashMessageQueue $messageQueue, $isAjaxCall)
162  {
163  return function () use ($languageService, $messageQueue, $isAjaxCall) {
165  $flashMessage = GeneralUtility::makeInstance(
166  FlashMessage::class,
167  $languageService->sL('LLL:EXT:lang/locallang_core.xlf:error.formProtection.tokenInvalid'),
168  '',
170  !$isAjaxCall
171  );
172  $messageQueue->enqueue($flashMessage);
173  };
174  }
175 
184  protected static function createInstance(array $classNameAndConstructorArguments)
185  {
186  $className = $classNameAndConstructorArguments[0];
187  if (!class_exists($className)) {
188  throw new \InvalidArgumentException('$className must be the name of an existing class, but ' . 'actually was "' . $className . '".', 1285352962);
189  }
190  $instance = call_user_func_array([GeneralUtility::class, 'makeInstance'], $classNameAndConstructorArguments);
191  if (!$instance instanceof AbstractFormProtection) {
192  throw new \InvalidArgumentException('$className must be a subclass of ' . AbstractFormProtection::class . ', but actually was "' . $className . '".', 1285353026);
193  }
194  return $instance;
195  }
196 
208  public static function set($classNameOrType, AbstractFormProtection $instance)
209  {
210  self::$instances[$classNameOrType] = $instance;
211  }
212 
220  public static function purgeInstances()
221  {
222  foreach (self::$instances as $key => $instance) {
223  unset(self::$instances[$key]);
224  }
225  }
226 }
static createInstance(array $classNameAndConstructorArguments)
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']