[TASK] FormEngine JS refactoring: copy JS files
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / FormProtection / InstallToolFormProtection.php
1 <?php
2 namespace TYPO3\CMS\Core\FormProtection;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * This class provides protection against cross-site request forgery (XSRF/CSRF)
19 * in the install tool.
20 *
21 *
22 * How to use this in the install tool:
23 *
24 * For each form in the install tool (or link that changes some data), create a
25 * token and insert is as a hidden form element. The name of the form element
26 * does not matter; you only need it to get the form token for verifying it.
27 *
28 * <pre>
29 * $formToken = $this->formProtection->generateToken(
30 * 'installToolPassword', 'change'
31 * );
32 * then puts the generated form token in a hidden field in the template
33 * </pre>
34 *
35 * The three parameters $formName, $action and $formInstanceName can be
36 * arbitrary strings, but they should make the form token as specific as
37 * possible. For different forms (e.g. the password change and editing a the
38 * configuration), those values should be different.
39 *
40 * When processing the data that has been submitted by the form, you can check
41 * that the form token is valid like this:
42 *
43 * <pre>
44 * if ($dataHasBeenSubmitted && $this->formProtection()->validateToken(
45 * $_POST['formToken'],
46 * 'installToolPassword',
47 * 'change'
48 * ) {
49 * processes the data
50 * } else {
51 * no need to do anything here as the install tool form protection will
52 * create an error message for an invalid token
53 * }
54 * </pre>
55 */
56 /**
57 * Install Tool form protection
58 *
59 * @author Oliver Klee <typo3-coding@oliverklee.de>
60 */
61 class InstallToolFormProtection extends AbstractFormProtection {
62
63 /**
64 * Creates or displays an error message telling the user that the submitted
65 * form token is invalid.
66 *
67 * @return void
68 */
69 protected function createValidationErrorMessage() {
70 }
71
72 /**
73 * Retrieves or generates the session token.
74 *
75 * @return void
76 */
77 protected function retrieveSessionToken() {
78 if (isset($_SESSION['installToolFormToken']) && !empty($_SESSION['installToolFormToken'])) {
79 $this->sessionToken = $_SESSION['installToolFormToken'];
80 } else {
81 $this->sessionToken = $this->generateSessionToken();
82 $this->persistSessionToken();
83 }
84 }
85
86 /**
87 * Saves the tokens so that they can be used by a later incarnation of this
88 * class.
89 *
90 * @return void
91 */
92 public function persistSessionToken() {
93 $_SESSION['installToolFormToken'] = $this->sessionToken;
94 }
95
96 }