‪TYPO3CMS  ‪main
Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService Class Reference
Inheritance diagram for TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService:
TYPO3\CMS\Core\SingletonInterface

Public Member Functions

 injectHashService (HashService $hashService)
 
string generateTrustedPropertiesToken ($formFieldNames, $fieldNamePrefix='')
 
 initializePropertyMappingConfigurationFromRequest (Request $request, Arguments $controllerArguments)
 

Protected Member Functions

string encodeAndHashFormFieldArray (array $formFieldArray)
 
 modifyPropertyMappingConfiguration ($propertyConfiguration, PropertyMappingConfiguration $propertyMappingConfiguration)
 

Protected Attributes

HashService $hashService
 

Detailed Description

This is a service which can generate a request hash and check whether the currently given arguments fit to the request hash.

It is used when forms are generated and submitted: After a form has been generated, the method "generateTrustedPropertiesToken" is called with the names of all form fields. It cleans up the array of form fields and creates another representation of it, which is then json encoded and a hmac is appended. This is called the request hash.

The json encoded form field list and the appended hmac will be submitted with the form (as attribute __trustedProperties).

On the validation side, the validation happens in two steps: 1) Check if the request hash is consistent (the hmac value fits to the json encoded field list string) 2) Check that all GET/POST parameters submitted occur inside the form field list of the request hash.

Note: It is crucially important that a private key is computed into the hash value! This is done inside the HashService.

only to be used within Extbase, not part of TYPO3 Core API.

Definition at line 50 of file MvcPropertyMappingConfigurationService.php.

Member Function Documentation

◆ encodeAndHashFormFieldArray()

string TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::encodeAndHashFormFieldArray ( array  $formFieldArray)
protected

Encode and hash the form field array

Parameters
array$formFieldArray‪form field array to be encoded and hashed
Returns
‪string Hash

Definition at line 115 of file MvcPropertyMappingConfigurationService.php.

References TYPO3\CMS\Extbase\Security\prefix.

Referenced by TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\generateTrustedPropertiesToken().

◆ generateTrustedPropertiesToken()

string TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::generateTrustedPropertiesToken (   $formFieldNames,
  $fieldNamePrefix = '' 
)

Generate a request hash for a list of form fields

Parameters
array$formFieldNames‪Array of form fields
string$fieldNamePrefix
Returns
‪string trusted properties token
Exceptions

Definition at line 68 of file MvcPropertyMappingConfigurationService.php.

References TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\encodeAndHashFormFieldArray().

◆ initializePropertyMappingConfigurationFromRequest()

TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::initializePropertyMappingConfigurationFromRequest ( Request  $request,
Arguments  $controllerArguments 
)

Initialize the property mapping configuration in $controllerArguments if the trusted properties are set inside the request.

Exceptions
BadRequestException

Definition at line 127 of file MvcPropertyMappingConfigurationService.php.

References TYPO3\CMS\Extbase\Mvc\Controller\Arguments\getArgument(), TYPO3\CMS\Extbase\Mvc\Request\getAttribute(), TYPO3\CMS\Extbase\Mvc\Controller\Argument\getPropertyMappingConfiguration(), TYPO3\CMS\Extbase\Mvc\Controller\Arguments\hasArgument(), TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\modifyPropertyMappingConfiguration(), and TYPO3\CMS\Extbase\Security\prefix.

◆ injectHashService()

TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::injectHashService ( HashService  $hashService)

Definition at line 54 of file MvcPropertyMappingConfigurationService.php.

References TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\$hashService.

◆ modifyPropertyMappingConfiguration()

TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::modifyPropertyMappingConfiguration (   $propertyConfiguration,
PropertyMappingConfiguration  $propertyMappingConfiguration 
)
protected

Modify the passed $propertyMappingConfiguration according to the $propertyConfiguration which has been generated by Fluid. In detail, if the $propertyConfiguration contains an __identity field, we allow modification of objects; else we allow creation.

All other properties are specified as allowed properties.

Parameters
array$propertyConfiguration
\TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration$propertyMappingConfiguration

Definition at line 168 of file MvcPropertyMappingConfigurationService.php.

References TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration\allowProperties(), TYPO3\CMS\Extbase\Property\TypeConverter\PersistentObjectConverter\CONFIGURATION_CREATION_ALLOWED, TYPO3\CMS\Extbase\Property\TypeConverter\PersistentObjectConverter\CONFIGURATION_MODIFICATION_ALLOWED, TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration\forProperty(), and TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration\setTypeConverterOption().

Referenced by TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\initializePropertyMappingConfigurationFromRequest().

Member Data Documentation

◆ $hashService

HashService TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService::$hashService
protected

Definition at line 52 of file MvcPropertyMappingConfigurationService.php.

Referenced by TYPO3\CMS\Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService\injectHashService().