‪TYPO3CMS  ‪main
FormDefinitionValidationService.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
19 
30 
35 {
140  array $currentFormElement,
141  string $prototypeName,
142  string $sessionToken
143  ): void {
144  $renderables = $currentFormElement['renderables'] ?? [];
145  $propertyCollectionElements = $currentFormElement['finishers'] ?? $currentFormElement['validators'] ?? [];
146  $propertyCollectionName = $currentFormElement['type'] === 'Form' ? 'finishers' : 'validators';
147  unset($currentFormElement['renderables'], $currentFormElement['finishers'], $currentFormElement['validators']);
148 
149  $validationDto = GeneralUtility::makeInstance(
150  ValidationDto::class,
151  $prototypeName,
152  $currentFormElement['type'],
153  $currentFormElement['identifier'],
154  null,
155  $propertyCollectionName
156  );
157 
158  $configurationService = GeneralUtility::makeInstance(ConfigurationService::class);
159  if ($configurationService->isFormElementTypeCreatableByFormEditor($validationDto)) {
161  $currentFormElement,
162  $sessionToken,
163  $validationDto
164  );
165 
166  foreach ($propertyCollectionElements as $propertyCollectionElement) {
167  $validationDto = $validationDto->withPropertyCollectionElementIdentifier(
168  $propertyCollectionElement['identifier']
169  );
170 
171  if ($configurationService->isPropertyCollectionElementIdentifierCreatableByFormEditor($validationDto)) {
173  $propertyCollectionElement,
174  $sessionToken,
175  $validationDto
176  );
177  } else {
179  $propertyCollectionElement,
180  $sessionToken,
181  $validationDto
182  );
183  }
184  }
185  } else {
186  $this->‪validateAllFormElementPropertyValuesByHmac($currentFormElement, $sessionToken, $validationDto);
187 
188  foreach ($propertyCollectionElements as $propertyCollectionElement) {
190  $propertyCollectionElement,
191  $sessionToken,
192  $validationDto
193  );
194  }
195  }
196 
197  foreach ($renderables as $renderable) {
198  $this->‪validateFormDefinitionProperties($renderable, $prototypeName, $sessionToken);
199  }
200  }
201 
218  array $hmacContent,
219  $propertyValue,
220  array $hmacData,
221  string $sessionToken
222  ): bool {
223  $this->‪checkHmacDataIntegrity($hmacData, $hmacContent, $sessionToken);
224  $hmacContent[] = $propertyValue;
225 
226  $expectedHash = ‪GeneralUtility::hmac(serialize($hmacContent), $sessionToken);
227  return hash_equals($expectedHash, $hmacData['hmac']);
228  }
229 
237  protected function ‪checkHmacDataIntegrity(array $hmacData, array $hmacContent, string $sessionToken)
238  {
239  $hmac = $hmacData['hmac'] ?? null;
240  if (empty($hmac)) {
241  throw new ‪PropertyException('Hmac must not be empty. #1528538222', 1528538222);
242  }
243 
244  $hmacContent[] = $hmacData['value'] ?? '';
245  $expectedHash = ‪GeneralUtility::hmac(serialize($hmacContent), $sessionToken);
246 
247  if (!hash_equals($expectedHash, $hmac)) {
248  throw new ‪PropertyException('Unauthorized modification of historical data. #1528538252', 1528538252);
249  }
250  }
251 
259  array $currentElement,
260  $sessionToken,
261  ‪ValidationDto $validationDto
262  ): void {
263  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
264  GeneralUtility::makeInstance(
265  ArrayProcessing::class,
266  'validateProperties',
267  '^(?!(_orig_.*|.*\._orig_.*)$).*',
268  GeneralUtility::makeInstance(
269  FormElementHmacDataValidator::class,
270  $currentElement,
271  $sessionToken,
272  $validationDto
273  )
274  )
275  );
276  }
277 
285  array $currentElement,
286  $sessionToken,
287  ‪ValidationDto $validationDto
288  ): void {
289  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
290  GeneralUtility::makeInstance(
291  ArrayProcessing::class,
292  'validateProperties',
293  '^(?!(_orig_.*|.*\._orig_.*)$).*',
294  GeneralUtility::makeInstance(
295  PropertyCollectionElementHmacDataValidator::class,
296  $currentElement,
297  $sessionToken,
298  $validationDto
299  )
300  )
301  );
302  }
303 
314  array $currentElement,
315  $sessionToken,
316  ‪ValidationDto $validationDto
317  ): void {
318  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
319  GeneralUtility::makeInstance(
320  ArrayProcessing::class,
321  'validateProperties',
322  '^(?!(_orig_.*|.*\._orig_.*|type|identifier)$).*',
323  GeneralUtility::makeInstance(
324  CreatableFormElementPropertiesValidator::class,
325  $currentElement,
326  $sessionToken,
327  $validationDto
328  )
329  )
330  );
331  }
332 
343  array $currentElement,
344  $sessionToken,
345  ‪ValidationDto $validationDto
346  ): void {
347  GeneralUtility::makeInstance(ArrayProcessor::class, $currentElement)->forEach(
348  GeneralUtility::makeInstance(
349  ArrayProcessing::class,
350  'validateProperties',
351  '^(?!(_orig_.*|.*\._orig_.*|identifier)$).*',
352  GeneralUtility::makeInstance(
353  CreatablePropertyCollectionElementPropertiesValidator::class,
354  $currentElement,
355  $sessionToken,
356  $validationDto
357  )
358  )
359  );
360  }
361 }
‪TYPO3\CMS\Extbase\Property\Exception
Definition: DuplicateObjectException.php:18
‪TYPO3\CMS\Form\Domain\Configuration
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllPropertyValuesFromCreatablePropertyCollectionElement
‪validateAllPropertyValuesFromCreatablePropertyCollectionElement(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:342
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\ValidationDto
Definition: ValidationDto.php:23
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService
Definition: FormDefinitionValidationService.php:35
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllPropertyValuesFromCreatableFormElement
‪validateAllPropertyValuesFromCreatableFormElement(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:313
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\checkHmacDataIntegrity
‪checkHmacDataIntegrity(array $hmacData, array $hmacContent, string $sessionToken)
Definition: FormDefinitionValidationService.php:237
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\CreatableFormElementPropertiesValidator
Definition: CreatableFormElementPropertiesValidator.php:27
‪TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessing
Definition: ArrayProcessing.php:27
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\isPropertyValueEqualToHistoricalValue
‪isPropertyValueEqualToHistoricalValue(array $hmacContent, $propertyValue, array $hmacData, string $sessionToken)
Definition: FormDefinitionValidationService.php:217
‪TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessor
Definition: ArrayProcessor.php:30
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\CreatablePropertyCollectionElementPropertiesValidator
Definition: CreatablePropertyCollectionElementPropertiesValidator.php:27
‪TYPO3\CMS\Core\Utility\GeneralUtility\hmac
‪static string hmac($input, $additionalSecret='')
Definition: GeneralUtility.php:474
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\PropertyCollectionElementHmacDataValidator
Definition: PropertyCollectionElementHmacDataValidator.php:24
‪TYPO3\CMS\Core\SingletonInterface
Definition: SingletonInterface.php:22
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateFormDefinitionProperties
‪validateFormDefinitionProperties(array $currentFormElement, string $prototypeName, string $sessionToken)
Definition: FormDefinitionValidationService.php:139
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllFormElementPropertyValuesByHmac
‪validateAllFormElementPropertyValuesByHmac(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:258
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService\validateAllPropertyCollectionElementValuesByHmac
‪validateAllPropertyCollectionElementValuesByHmac(array $currentElement, $sessionToken, ValidationDto $validationDto)
Definition: FormDefinitionValidationService.php:284
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:52
‪TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators\FormElementHmacDataValidator
Definition: FormElementHmacDataValidator.php:24
‪TYPO3\CMS\Form\Domain\Configuration\Exception\PropertyException
Definition: PropertyException.php:25