[SECURITY] Filter disallowed properties in form editor
[Packages/TYPO3.CMS.git] / typo3 / sysext / form / Classes / Domain / Configuration / FormDefinition / Validators / AbstractValidator.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19 use TYPO3\CMS\Extbase\Object\ObjectManager;
20 use TYPO3\CMS\Form\Domain\Configuration\ConfigurationService;
21 use TYPO3\CMS\Form\Domain\Configuration\FormDefinitionValidationService;
22
23 /**
24 * @internal
25 */
26 abstract class AbstractValidator implements ValidatorInterface
27 {
28
29 /**
30 * @var ConfigurationService
31 */
32 protected $configurationService;
33
34 /**
35 * @var array
36 */
37 protected $currentElement;
38
39 /**
40 * @var string
41 */
42 protected $sessionToken;
43
44 /**
45 * @var ValidationDto
46 */
47 protected $validationDto;
48
49 /**
50 * @param array $currentElement
51 * @param string $sessionToken
52 * @param ValidationDto $validationDto
53 */
54 public function __construct(array $currentElement, string $sessionToken, ValidationDto $validationDto)
55 {
56 $this->currentElement = $currentElement;
57 $this->sessionToken = $sessionToken;
58 $this->validationDto = $validationDto;
59 }
60
61 /**
62 * Builds the path in which the hmac value is expected based on the property path.
63 *
64 * @param string $propertyPath
65 * @return string
66 */
67 protected function buildHmacDataPath(string $propertyPath): string
68 {
69 $pathParts = explode('.', $propertyPath);
70 $lastPathSegment = array_pop($pathParts);
71 $pathParts[] = '_orig_' . $lastPathSegment;
72
73 return implode('.', $pathParts);
74 }
75
76 /**
77 * @return FormDefinitionValidationService
78 */
79 protected function getFormDefinitionValidationService(): FormDefinitionValidationService
80 {
81 return GeneralUtility::makeInstance(FormDefinitionValidationService::class);
82 }
83
84 /**
85 * @return ConfigurationService
86 */
87 protected function getConfigurationService(): ConfigurationService
88 {
89 if (!($this->configurationService instanceof ConfigurationService)) {
90 $this->configurationService = $this->getObjectManager()->get(ConfigurationService::class);
91 }
92 return $this->configurationService;
93 }
94
95 /**
96 * @return ObjectManager
97 */
98 protected function getObjectManager(): ObjectManager
99 {
100 return GeneralUtility::makeInstance(ObjectManager::class);
101 }
102 }