TYPO3 CMS  TYPO3_8-7
BackendFormProtection.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Core\FormProtection;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
18 use TYPO3\CMS\Core\Registry;
19 
72 class BackendFormProtection extends AbstractFormProtection
73 {
80  protected $backendUser;
81 
88  protected $registry;
89 
98  public function __construct(BackendUserAuthentication $backendUser, Registry $registry, \Closure $validationFailedCallback = null)
99  {
100  $this->backendUser = $backendUser;
101  $this->registry = $registry;
102  $this->validationFailedCallback = $validationFailedCallback;
103  if (!$this->isAuthorizedBackendSession()) {
104  throw new \TYPO3\CMS\Core\Error\Exception('A back-end form protection may only be instantiated if there is an active back-end session.', 1285067843);
105  }
106  }
107 
113  protected function retrieveSessionToken()
114  {
115  $this->sessionToken = $this->backendUser->getSessionData('formProtectionSessionToken');
116  if (empty($this->sessionToken)) {
117  $this->sessionToken = $this->generateSessionToken();
118  $this->persistSessionToken();
119  }
120  return $this->sessionToken;
121  }
122 
129  public function persistSessionToken()
130  {
131  $this->backendUser->setAndSaveSessionData('formProtectionSessionToken', $this->sessionToken);
132  }
133 
142  public function setSessionTokenFromRegistry()
143  {
144  $this->sessionToken = $this->registry->get('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
145  if (empty($this->sessionToken)) {
146  throw new \UnexpectedValueException('Failed to restore the session token from the registry.', 1301827270);
147  }
148  return $this->sessionToken;
149  }
150 
157  public function storeSessionTokenInRegistry()
158  {
159  $this->registry->set('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid'], $this->getSessionToken());
160  }
161 
167  public function removeSessionTokenFromRegistry()
168  {
169  $this->registry->remove('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);
170  }
171 
177  protected function isAuthorizedBackendSession()
178  {
179  return !empty($this->backendUser->user['uid']);
180  }
181 }
TYPO3\CMS\Core\FormProtection\BackendFormProtection\__construct
__construct(BackendUserAuthentication $backendUser, Registry $registry, \Closure $validationFailedCallback=null)
Definition: BackendFormProtection.php:98