main/_backend_form_protection_8php_source.html

<?php


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


namespace ‪TYPO3\CMS\Core\FormProtection;


use ‪TYPO3\CMS\Core\Authentication\BackendUserAuthentication;

use ‪TYPO3\CMS\Core\Error\Exception;

use ‪TYPO3\CMS\Core\Registry;


class ‪BackendFormProtection extends ‪AbstractFormProtection

{

    protected ‪$backendUser;


    protected ‪$registry;


    public function ‪__construct(‪BackendUserAuthentication ‪$backendUser, ‪Registry ‪$registry, \Closure ‪$validationFailedCallback = null)

    {

        $this->backendUser = ‪$backendUser;

        $this->registry = ‪$registry;

        $this->validationFailedCallback = ‪$validationFailedCallback;

        if (!$this->‪isAuthorizedBackendSession()) {

            throw new ‪Exception('A back-end form protection may only be instantiated if there is an active back-end session.', 1285067843);

        }

    }


    protected function ‪retrieveSessionToken()

    {

        $this->sessionToken = $this->backendUser->getSessionData('formProtectionSessionToken');

        if (empty($this->sessionToken)) {

            $this->sessionToken = $this->‪generateSessionToken();

            $this->‪persistSessionToken();

        }

        return ‪$this->sessionToken;

    }


    public function ‪persistSessionToken()

    {

        $this->backendUser->setAndSaveSessionData('formProtectionSessionToken', $this->sessionToken);

    }


    public function ‪setSessionTokenFromRegistry()

    {

        $this->sessionToken = $this->registry->get('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);

        if (empty($this->sessionToken)) {

            throw new \UnexpectedValueException('Failed to restore the session token from the registry.', 1301827270);

        }

        return ‪$this->sessionToken;

    }


    public function ‪storeSessionTokenInRegistry()

    {

        $this->registry->set('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid'], $this->getSessionToken());

    }


    public function ‪removeSessionTokenFromRegistry()

    {

        $this->registry->remove('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);

    }


    protected function ‪isAuthorizedBackendSession()

    {

        return !empty($this->backendUser->user['uid']);

    }

}