[SECURITY] Filter disallowed properties in form editor
[Packages/TYPO3.CMS.git] / typo3 / sysext / form / Classes / Domain / Configuration / FrameworkConfiguration / Extractors / FormElement / IsCreatableFormElementExtractor.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Form\Domain\Configuration\FrameworkConfiguration\Extractors\FormElement;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use TYPO3\CMS\Core\Utility\ArrayUtility;
19 use TYPO3\CMS\Form\Domain\Configuration\FrameworkConfiguration\Extractors\AbstractExtractor;
20
21 /**
22 * @internal
23 */
24 class IsCreatableFormElementExtractor extends AbstractExtractor
25 {
26
27 /**
28 * @param string $_
29 * @param mixed $value
30 * @param array $matches
31 */
32 public function __invoke(string $_, $value, array $matches)
33 {
34 [, $formElementType] = $matches;
35
36 $formElementGroup = $value;
37
38 $result = $this->extractorDto->getResult();
39
40 if (!ArrayUtility::isValidPath(
41 $this->extractorDto->getPrototypeConfiguration(),
42 'formElementsDefinition.' . $formElementType . '.formEditor.groupSorting',
43 '.'
44 )) {
45 $result['formElements'][$formElementType]['creatable'] = false;
46 $this->extractorDto->setResult($result);
47 return;
48 }
49
50 $formElementGroups = array_keys(
51 ArrayUtility::getValueByPath($this->extractorDto->getPrototypeConfiguration(), 'formEditor.formElementGroups', '.')
52 );
53
54 $result['formElements'][$formElementType]['creatable'] = in_array(
55 $formElementGroup,
56 $formElementGroups,
57 true
58 );
59
60 $this->extractorDto->setResult($result);
61 }
62 }