[TASK] Re-work/simplify copyright header in PHP files - Part 3
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / FormProtection / InstallToolFormProtection.php
1 <?php
2 namespace TYPO3\CMS\Core\FormProtection;
3
4 /**
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * This class provides protection against cross-site request forgery (XSRF/CSRF)
19 * in the install tool.
20 *
21 *
22 * How to use this in the install tool:
23 *
24 * For each form in the install tool (or link that changes some data), create a
25 * token and insert is as a hidden form element. The name of the form element
26 * does not matter; you only need it to get the form token for verifying it.
27 *
28 * <pre>
29 * $formToken = $this->formProtection->generateToken(
30 * 'installToolPassword', 'change'
31 * );
32 * then puts the generated form token in a hidden field in the template
33 * </pre>
34 *
35 * The three parameters $formName, $action and $formInstanceName can be
36 * arbitrary strings, but they should make the form token as specific as
37 * possible. For different forms (e.g. the password change and editing a the
38 * configuration), those values should be different.
39 *
40 * When processing the data that has been submitted by the form, you can check
41 * that the form token is valid like this:
42 *
43 * <pre>
44 * if ($dataHasBeenSubmitted && $this->formProtection()->validateToken(
45 * $_POST['formToken'],
46 * 'installToolPassword',
47 * 'change'
48 * ) {
49 * processes the data
50 * } else {
51 * no need to do anything here as the install tool form protection will
52 * create an error message for an invalid token
53 * }
54 * </pre>
55 */
56 /**
57 * Install Tool form protection
58 *
59 * @author Oliver Klee <typo3-coding@oliverklee.de>
60 */
61 class InstallToolFormProtection extends AbstractFormProtection {
62
63 /**
64 * an instance of the install tool used for displaying messages
65 *
66 * @var \TYPO3\CMS\Install\Installer
67 */
68 protected $installTool = NULL;
69
70 /**
71 * Frees as much memory as possible.
72 */
73 public function __destruct() {
74 $this->installTool = NULL;
75 parent::__destruct();
76 }
77
78 /**
79 * Injects the current instance of the install tool.
80 *
81 * This instance will be used for displaying messages.
82 *
83 * @param object $installTool The current instance of the install tool
84 * @return void
85 * @deprecated since 6.2, will be removed two versions later. Message handling is done by install tool
86 */
87 public function injectInstallTool($installTool) {
88 \TYPO3\CMS\Core\Utility\GeneralUtility::logDeprecatedFunction();
89 $this->installTool = $installTool;
90 }
91
92 /**
93 * Creates or displayes an error message telling the user that the submitted
94 * form token is invalid.
95 *
96 * @return void
97 * @deprecated since 6.2, will be removed two versions later. Message handling is done by install tool
98 */
99 protected function createValidationErrorMessage() {
100 // @deprecated since 6.2, neither the install tool class nor the addErrorMessage() exist anymore
101 if (is_object($this->installTool)) {
102 $this->installTool->addErrorMessage(
103 'Validating the security token of this form has failed. '
104 . 'Please reload the form and submit it again.'
105 );
106 }
107 }
108
109 /**
110 * Retrieves or generates the session token.
111 *
112 * @return void
113 */
114 protected function retrieveSessionToken() {
115 if (isset($_SESSION['installToolFormToken']) && !empty($_SESSION['installToolFormToken'])) {
116 $this->sessionToken = $_SESSION['installToolFormToken'];
117 } else {
118 $this->sessionToken = $this->generateSessionToken();
119 $this->persistSessionToken();
120 }
121 }
122
123 /**
124 * Saves the tokens so that they can be used by a later incarnation of this
125 * class.
126 *
127 * @return void
128 */
129 public function persistSessionToken() {
130 $_SESSION['installToolFormToken'] = $this->sessionToken;
131 }
132
133 }