TYPO3 CMS  TYPO3_8-7
FormProtectionFactory.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Core\FormProtection;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
18 use TYPO3\CMS\Core\Messaging\FlashMessage;
19 use TYPO3\CMS\Core\Messaging\FlashMessageQueue;
20 use TYPO3\CMS\Core\Messaging\FlashMessageService;
21 use TYPO3\CMS\Core\Registry;
22 use TYPO3\CMS\Core\Utility\GeneralUtility;
23 use TYPO3\CMS\Frontend\Authentication\FrontendUserAuthentication;
24 use TYPO3\CMS\Lang\LanguageService;
25 
44 class FormProtectionFactory
45 {
51  protected static $instances = [];
52 
56  private function __construct()
57  {
58  }
59 
73  public static function get($classNameOrType = 'default', ...$constructorArguments)
74  {
75  if (isset(self::$instances[$classNameOrType])) {
76  return self::$instances[$classNameOrType];
77  }
78  if ($classNameOrType === 'default' || $classNameOrType === 'installtool' || $classNameOrType === 'frontend' || $classNameOrType === 'backend') {
79  $classNameAndConstructorArguments = self::getClassNameAndConstructorArgumentsByType($classNameOrType);
80  self::$instances[$classNameOrType] = self::createInstance(...$classNameAndConstructorArguments);
81  } else {
82  self::$instances[$classNameOrType] = self::createInstance($classNameOrType, ...$constructorArguments);
83  }
84  return self::$instances[$classNameOrType];
85  }
86 
94  protected static function getClassNameAndConstructorArgumentsByType($type)
95  {
96  if (self::isInstallToolSession() && ($type === 'default' || $type === 'installtool')) {
97  $classNameAndConstructorArguments = [
98  InstallToolFormProtection::class
99  ];
100  } elseif (self::isFrontendSession() && ($type === 'default' || $type === 'frontend')) {
101  $classNameAndConstructorArguments = [
102  FrontendFormProtection::class,
103  $GLOBALS['TSFE']->fe_user
104  ];
105  } elseif (self::isBackendSession() && ($type === 'default' || $type === 'backend')) {
106  $classNameAndConstructorArguments = [
107  BackendFormProtection::class,
108  $GLOBALS['BE_USER'],
109  GeneralUtility::makeInstance(Registry::class),
110  self::getMessageClosure(
111  $GLOBALS['LANG'],
112  GeneralUtility::makeInstance(FlashMessageService::class)->getMessageQueueByIdentifier(),
113  (bool)(TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_AJAX)
114  )
115  ];
116  } else {
117  // failed to use preferred type, disable form protection
118  $classNameAndConstructorArguments = [
119  DisabledFormProtection::class
120  ];
121  }
122  return $classNameAndConstructorArguments;
123  }
124 
130  protected static function isInstallToolSession()
131  {
132  return TYPO3_REQUESTTYPE & TYPO3_REQUESTTYPE_INSTALL;
133  }
134 
140  protected static function isBackendSession()
141  {
142  return isset($GLOBALS['BE_USER']) && $GLOBALS['BE_USER'] instanceof BackendUserAuthentication && isset($GLOBALS['BE_USER']->user['uid']);
143  }
144 
150  protected static function isFrontendSession()
151  {
152  return TYPO3_MODE === 'FE' && is_object($GLOBALS['TSFE']) && $GLOBALS['TSFE']->fe_user instanceof FrontendUserAuthentication && isset($GLOBALS['TSFE']->fe_user->user['uid']);
153  }
154 
162  public static function getMessageClosure(LanguageService $languageService, FlashMessageQueue $messageQueue, $isAjaxCall)
163  {
164  return function () use ($languageService, $messageQueue, $isAjaxCall) {
166  $flashMessage = GeneralUtility::makeInstance(
167  FlashMessage::class,
168  $languageService->sL('LLL:EXT:lang/Resources/Private/Language/locallang_core.xlf:error.formProtection.tokenInvalid'),
169  '',
170  FlashMessage::ERROR,
171  !$isAjaxCall
172  );
173  $messageQueue->enqueue($flashMessage);
174  };
175  }
176 
186  protected static function createInstance($className, ...$constructorArguments)
187  {
188  if (!class_exists($className)) {
189  throw new \InvalidArgumentException('$className must be the name of an existing class, but ' . 'actually was "' . $className . '".', 1285352962);
190  }
191  $instance = GeneralUtility::makeInstance($className, ...$constructorArguments);
192  if (!$instance instanceof AbstractFormProtection) {
193  throw new \InvalidArgumentException('$className must be a subclass of ' . AbstractFormProtection::class . ', but actually was "' . $className . '".', 1285353026);
194  }
195  return $instance;
196  }
197 
208  public static function set($classNameOrType, AbstractFormProtection $instance)
209  {
210  self::$instances[$classNameOrType] = $instance;
211  }
212 
218  public static function purgeInstances()
219  {
220  foreach (self::$instances as $key => $instance) {
221  unset(self::$instances[$key]);
222  }
223  }
224 }
TYPO3\CMS\Core\FormProtection\FormProtectionFactory\createInstance
static createInstance($className,... $constructorArguments)
Definition: FormProtectionFactory.php:186
TYPO3\CMS\Core\Utility\GeneralUtility\makeInstance
static makeInstance($className,... $constructorArguments)
Definition: GeneralUtility.php:3945
$GLOBALS
if(TYPO3_MODE==='BE') $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_tsfebeuserauth.php']['frontendEditingController']['default']
Definition: ext_localconf.php:38