MvcPropertyMappingConfigurationService implements SingletonInterface
This is a service which can generate a request hash and check whether the currently given arguments fit to the request hash.
It is used when forms are generated and submitted: After a form has been generated, the method "generateTrustedPropertiesToken" is called with the names of all form fields. It cleans up the array of form fields and creates another representation of it, which is then json encoded and a hmac is appended. This is called the request hash.
The json encoded form field list and the appended hmac will be submitted with the form (as attribute __trustedProperties).
On the validation side, the validation happens in two steps:
- Check if the request hash is consistent (the hmac value fits to the json encoded field list string)
- Check that all GET/POST parameters submitted occur inside the form field list of the request hash.
Note: It is crucially important that a private key is computed into the hash value! This is done inside the HashService.
only to be used within Extbase, not part of TYPO3 Core API.
Table of Contents
Interfaces
- SingletonInterface
- "empty" interface for singletons (marker interface pattern)
Properties
Methods
- generateTrustedPropertiesToken() : string
- Generate a request hash for a list of form fields
- initializePropertyMappingConfigurationFromRequest() : mixed
- Initialize the property mapping configuration in $controllerArguments if the trusted properties are set inside the request.
- injectHashService() : mixed
- encodeAndHashFormFieldArray() : string
- Encode and hash the form field array
- modifyPropertyMappingConfiguration() : mixed
- Modify the passed $propertyMappingConfiguration according to the $propertyConfiguration which has been generated by Fluid. In detail, if the $propertyConfiguration contains an __identity field, we allow modification of objects; else we allow creation.
Properties
$hashService
protected
HashService
$hashService
Methods
generateTrustedPropertiesToken()
Generate a request hash for a list of form fields
public
generateTrustedPropertiesToken(array<string|int, mixed> $formFieldNames[, string $fieldNamePrefix = '' ]) : string
Parameters
- $formFieldNames : array<string|int, mixed>
-
Array of form fields
- $fieldNamePrefix : string = ''
Tags
Return values
string —trusted properties token
initializePropertyMappingConfigurationFromRequest()
Initialize the property mapping configuration in $controllerArguments if the trusted properties are set inside the request.
public
initializePropertyMappingConfigurationFromRequest(Request $request, Arguments $controllerArguments) : mixed
Parameters
Tags
injectHashService()
public
injectHashService(HashService $hashService) : mixed
Parameters
- $hashService : HashService
encodeAndHashFormFieldArray()
Encode and hash the form field array
protected
encodeAndHashFormFieldArray(array<string|int, mixed> $formFieldArray) : string
Parameters
- $formFieldArray : array<string|int, mixed>
-
form field array to be encoded and hashed
Return values
string —Hash
modifyPropertyMappingConfiguration()
Modify the passed $propertyMappingConfiguration according to the $propertyConfiguration which has been generated by Fluid. In detail, if the $propertyConfiguration contains an __identity field, we allow modification of objects; else we allow creation.
protected
modifyPropertyMappingConfiguration(array<string|int, mixed> $propertyConfiguration, PropertyMappingConfiguration $propertyMappingConfiguration) : mixed
All other properties are specified as allowed properties.
Parameters
- $propertyConfiguration : array<string|int, mixed>
- $propertyMappingConfiguration : PropertyMappingConfiguration