MvcPropertyMappingConfigurationService.php

Go to the documentation of this file.

<?php
 
declare(strict_types=1);
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
namespace ‪TYPO3\CMS\Extbase\Mvc\Controller;
 
use ‪TYPO3\CMS\Core\Crypto\HashService;
use ‪TYPO3\CMS\Core\Error\Http\BadRequestException;
use ‪TYPO3\CMS\Core\Exception\Crypto\InvalidHashStringException;
use ‪TYPO3\CMS\Core\SingletonInterface;
use ‪TYPO3\CMS\Extbase\Mvc\ExtbaseRequestParameters;
use ‪TYPO3\CMS\Extbase\Mvc\Request;
use ‪TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration;
use ‪TYPO3\CMS\Extbase\Property\TypeConverter\PersistentObjectConverter;
use ‪TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException;
use ‪TYPO3\CMS\Extbase\Security\HashScope;
 
class ‪MvcPropertyMappingConfigurationService implements ‪SingletonInterface
{
    protected ‪HashService ‪$hashService;
 
    public function ‪injectHashService(‪HashService ‪$hashService)
    {
        $this->hashService = ‪$hashService;
    }
 
    public function ‪generateTrustedPropertiesToken($formFieldNames, $fieldNamePrefix = '')
    {
        $formFieldArray = [];
        foreach ($formFieldNames as $formField) {
            $formFieldParts = explode('[', $formField);
            $currentPosition = &$formFieldArray;
            $formFieldPartsCount = count($formFieldParts);
            for ($i = 0; $i < $formFieldPartsCount; $i++) {
                $formFieldPart = $formFieldParts[$i];
                $formFieldPart = rtrim($formFieldPart, ']');
                if (!is_array($currentPosition)) {
                    throw new ‪InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is declared as array, but it collides with a previous form field of the same name which declared the field as string. This is an inconsistency you need to fix inside your Fluid form. (String overridden by Array)', 1255072196);
                }
                if ($i === $formFieldPartsCount - 1) {
                    if (isset($currentPosition[$formFieldPart]) && is_array($currentPosition[$formFieldPart])) {
                        throw new ‪InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is declared as string, but it collides with a previous form field of the same name which declared the field as array. This is an inconsistency you need to fix inside your Fluid form. (Array overridden by String)', 1255072587);
                    }
                    // Last iteration - add a string
                    if ($formFieldPart === '') {
                        $currentPosition[] = 1;
                    } else {
                        $currentPosition[$formFieldPart] = 1;
                    }
                } else {
                    if ($formFieldPart === '') {
                        throw new ‪InvalidArgumentForHashGenerationException('The form field "' . $formField . '" is invalid. Reason: "[]" used not as last argument, but somewhere in the middle (like foo[][bar]).', 1255072832);
                    }
                    if (!isset($currentPosition[$formFieldPart])) {
                        $currentPosition[$formFieldPart] = [];
                    }
                    $currentPosition = &$currentPosition[$formFieldPart];
                }
            }
        }
        if ($fieldNamePrefix !== '') {
            $formFieldArray = ($formFieldArray[$fieldNamePrefix] ?? []);
        }
        return $this->‪encodeAndHashFormFieldArray($formFieldArray);
    }
 
    protected function ‪encodeAndHashFormFieldArray(array $formFieldArray)
    {
        $encodedFormFieldArray = json_encode($formFieldArray);
        return $this->hashService->appendHmac($encodedFormFieldArray, HashScope::TrustedProperties->‪prefix());
    }
 
    public function ‪initializePropertyMappingConfigurationFromRequest(‪Request $request, ‪Arguments $controllerArguments)
    {
        $extbaseRequestParameters = $request->‪getAttribute('extbase');
        $trustedPropertiesToken = $extbaseRequestParameters->getInternalArgument('__trustedProperties');
        if (!is_string($trustedPropertiesToken)) {
            return;
        }
 
        try {
            $encodedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken, HashScope::TrustedProperties->‪prefix());
        } catch (‪InvalidHashStringException $e) {
            throw new ‪BadRequestException('The HMAC of the form could not be validated.', 1581862822);
        }
        $trustedProperties = json_decode($encodedTrustedProperties, true);
        if (!is_array($trustedProperties)) {
            if (str_starts_with($encodedTrustedProperties, 'a:')) {
                throw new ‪BadRequestException('Trusted properties used outdated serialization format instead json.', 1699604555);
            }
            throw new ‪BadRequestException('The HMAC of the form could not be utilized.', 1691267306);
        }
 
        foreach ($trustedProperties as $propertyName => $propertyConfiguration) {
            if (!$controllerArguments->‪hasArgument($propertyName)) {
                continue;
            }
            $propertyMappingConfiguration = $controllerArguments->‪getArgument($propertyName)->‪getPropertyMappingConfiguration();
            $this->‪modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration);
        }
    }
 
    protected function ‪modifyPropertyMappingConfiguration($propertyConfiguration, ‪PropertyMappingConfiguration $propertyMappingConfiguration)
    {
        if (!is_array($propertyConfiguration)) {
            return;
        }
 
        if (isset($propertyConfiguration['__identity'])) {
            $propertyMappingConfiguration->‪setTypeConverterOption(PersistentObjectConverter::class, ‪PersistentObjectConverter::CONFIGURATION_MODIFICATION_ALLOWED, true);
            unset($propertyConfiguration['__identity']);
        } else {
            $propertyMappingConfiguration->‪setTypeConverterOption(PersistentObjectConverter::class, ‪PersistentObjectConverter::CONFIGURATION_CREATION_ALLOWED, true);
        }
 
        foreach ($propertyConfiguration as $innerKey => $innerValue) {
            if (is_array($innerValue)) {
                $this->‪modifyPropertyMappingConfiguration($innerValue, $propertyMappingConfiguration->‪forProperty($innerKey));
            }
            $propertyMappingConfiguration->‪allowProperties($innerKey);
        }
    }
}