2 declare(strict_types
= 1);
3 namespace TYPO3\CMS\Form\Domain\Configuration
;
6 * This file is part of the TYPO3 CMS project.
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
15 * The TYPO3 project - inspiring people to share!
18 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication
;
19 use TYPO3\CMS\Core\Crypto\Random
;
20 use TYPO3\CMS\Core\SingletonInterface
;
21 use TYPO3\CMS\Core\Utility\GeneralUtility
;
22 use TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessing
;
23 use TYPO3\CMS\Form\Domain\Configuration\ArrayProcessing\ArrayProcessor
;
24 use TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Converters\AddHmacDataConverter
;
25 use TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Converters\ConverterDto
;
26 use TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Converters\RemoveHmacDataConverter
;
31 class FormDefinitionConversionService
implements SingletonInterface
35 * Add a new value "_orig_<propertyName>" for each scalar property value
36 * within the form definition as a sibling of the property key.
37 * "_orig_<propertyName>" is an array which contains the property value
38 * and a hmac hash for the property value.
39 * "_orig_<propertyName>" will be used to validate the form definition on saving.
40 * @see \TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService::validateFormDefinitionProperties()
42 * @param array $formDefinition
45 public function addHmacData(array $formDefinition): array
47 // Extend the hmac hashing key with a "per form editor session" unique key.
48 $sessionToken = $this->generateSessionToken();
49 $this->persistSessionToken($sessionToken);
51 $converterDto = GeneralUtility
::makeInstance(ConverterDto
::class, $formDefinition);
53 GeneralUtility
::makeInstance(ArrayProcessor
::class, $formDefinition)->forEach(
54 GeneralUtility
::makeInstance(
55 ArrayProcessing
::class,
57 '(^identifier$|renderables\.([\d]+).\identifier$)',
58 GeneralUtility
::makeInstance(
59 AddHmacDataConverter
::class,
66 return $converterDto->getFormDefinition();
70 * Remove the "_orig_<propertyName>" values from the form definition.
72 * @param array $formDefinition
75 public function removeHmacData(array $formDefinition): array
77 $converterDto = GeneralUtility
::makeInstance(ConverterDto
::class, $formDefinition);
79 GeneralUtility
::makeInstance(ArrayProcessor
::class, $formDefinition)->forEach(
80 GeneralUtility
::makeInstance(
81 ArrayProcessing
::class,
83 '(_orig_.*|.*\._orig_.*)\.hmac',
84 GeneralUtility
::makeInstance(
85 RemoveHmacDataConverter
::class,
91 return $converterDto->getFormDefinition();
95 * @param string $sessionToken
97 protected function persistSessionToken(string $sessionToken)
99 $this->getBackendUser()->setAndSaveSessionData('extFormProtectionSessionToken', $sessionToken);
103 * Generates the random token which is used in the hash for the form tokens.
107 protected function generateSessionToken()
109 return GeneralUtility
::makeInstance(Random
::class)->generateRandomHexString(64);
113 * @return BackendUserAuthentication
115 protected function getBackendUser(): BackendUserAuthentication
117 return $GLOBALS['BE_USER'];
projects / Packages / TYPO3.CMS.git / blob