TYPO3 CMS  TYPO3_8-7
FormDefinitionConversionService.php
Go to the documentation of this file.
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Form\Domain\Configuration;
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
19 use TYPO3\CMS\Core\Crypto\Random;
20 use TYPO3\CMS\Core\SingletonInterface;
21 use TYPO3\CMS\Core\Utility\GeneralUtility;
22 use TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessing;
23 use TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessor;
24 use TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Converters\AddHmacDataConverter;
25 use TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Converters\ConverterDto;
26 use TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Converters\RemoveHmacDataConverter;
27 
31 class FormDefinitionConversionService implements SingletonInterface
32 {
33 
45  public function addHmacData(array $formDefinition): array
46  {
47  // Extend the hmac hashing key with a "per form editor session" unique key.
48  $sessionToken = $this->generateSessionToken();
49  $this->persistSessionToken($sessionToken);
50 
51  $converterDto = GeneralUtility::makeInstance(ConverterDto::class, $formDefinition);
52 
53  GeneralUtility::makeInstance(ArrayProcessor::class, $formDefinition)->forEach(
54  GeneralUtility::makeInstance(
55  ArrayProcessing::class,
56  'addHmacData',
57  '(^identifier$|renderables\.([\d]+).\identifier$)',
58  GeneralUtility::makeInstance(
59  AddHmacDataConverter::class,
60  $converterDto,
61  $sessionToken
62  )
63  )
64  );
65 
66  return $converterDto->getFormDefinition();
67  }
68 
75  public function removeHmacData(array $formDefinition): array
76  {
77  $converterDto = GeneralUtility::makeInstance(ConverterDto::class, $formDefinition);
78 
79  GeneralUtility::makeInstance(ArrayProcessor::class, $formDefinition)->forEach(
80  GeneralUtility::makeInstance(
81  ArrayProcessing::class,
82  'removeHmacData',
83  '(_orig_.*|.*\._orig_.*)\.hmac',
84  GeneralUtility::makeInstance(
85  RemoveHmacDataConverter::class,
86  $converterDto
87  )
88  )
89  );
90 
91  return $converterDto->getFormDefinition();
92  }
93 
96  protected function persistSessionToken(string $sessionToken)
97  {
98  $this->getBackendUser()->setAndSaveSessionData('extFormProtectionSessionToken', $sessionToken);
99  }
100 
106  protected function generateSessionToken()
107  {
108  return GeneralUtility::makeInstance(Random::class)->generateRandomHexString(64);
109  }
110 
114  protected function getBackendUser(): BackendUserAuthentication
115  {
116  return $GLOBALS['BE_USER'];
117  }
118 }
TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance
static makeInstance($className,... $constructorArguments)
Definition: GeneralUtility.php:3945
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:38