TYPO3CMS  8
 All Classes Namespaces Files Functions Variables Pages
RouteDispatcher.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Backend\Http;
3 
4 /*
5  * This file is part of the TYPO3 CMS project.
6  *
7  * It is free software; you can redistribute it and/or modify it under
8  * the terms of the GNU General Public License, either version 2
9  * of the License, or any later version.
10  *
11  * For the full copyright and license information, please read the
12  * LICENSE.txt file that was distributed with this source code.
13  *
14  * The TYPO3 project - inspiring people to share!
15  */
16 
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
26 
31 {
41  public function dispatch(ServerRequestInterface $request, ResponseInterface $response)
42  {
44  $router = GeneralUtility::makeInstance(Router::class);
46  $route = $router->matchRequest($request);
47  $request = $request->withAttribute('route', $route);
48  if (!$this->isValidRequest($request)) {
49  throw new InvalidRequestTokenException('Invalid request for route "' . $route->getPath() . '"', 1425389455);
50  }
51 
52  $targetIdentifier = $route->getOption('target');
53  $target = $this->getCallableFromTarget($targetIdentifier);
54  return call_user_func_array($target, [$request, $response]);
55  }
56 
62  protected function getFormProtection()
63  {
65  }
66 
76  protected function isValidRequest($request)
77  {
78  $route = $request->getAttribute('route');
79  if ($route->getOption('access') === 'public') {
80  return true;
81  } elseif ($route->getOption('ajax')) {
82  $token = (string)(isset($request->getParsedBody()['ajaxToken']) ? $request->getParsedBody()['ajaxToken'] : $request->getQueryParams()['ajaxToken']);
83  return $this->getFormProtection()->validateToken($token, 'ajaxCall', $route->getOption('_identifier'));
84  } else {
85  $token = (string)(isset($request->getParsedBody()['token']) ? $request->getParsedBody()['token'] : $request->getQueryParams()['token']);
86  return $this->getFormProtection()->validateToken($token, 'route', $route->getOption('_identifier'));
87  }
88  }
89 }
dispatch(ServerRequestInterface $request, ResponseInterface $response)
static get($classNameOrType= 'default',...$constructorArguments)
static makeInstance($className,...$constructorArguments)