[SECURITY] Validate complete referring request
[Packages/TYPO3.CMS.git] / typo3 / sysext / extbase / Classes / Mvc / Web / Request.php
1 <?php
2 namespace TYPO3\CMS\Extbase\Mvc\Web;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 /**
18 * Represents a web request.
19 *
20 * @api
21 */
22 class Request extends \TYPO3\CMS\Extbase\Mvc\Request
23 {
24 /**
25 * @var \TYPO3\CMS\Extbase\Security\Cryptography\HashService
26 */
27 protected $hashService;
28
29 /**
30 * @var string The requested representation format
31 */
32 protected $format = 'html';
33
34 /**
35 * @var string Contains the request method
36 */
37 protected $method = 'GET';
38
39 /**
40 * @var string
41 */
42 protected $requestUri;
43
44 /**
45 * @var string The base URI for this request - ie. the host and path leading to the index.php
46 */
47 protected $baseUri;
48
49 /**
50 * @var bool TRUE if the current request is cached, false otherwise.
51 */
52 protected $isCached = false;
53
54 /**
55 * @var \TYPO3\CMS\Extbase\Configuration\ConfigurationManagerInterface
56 */
57 protected $configurationManager;
58
59 /**
60 * @var \TYPO3\CMS\Extbase\Service\EnvironmentService
61 */
62 protected $environmentService;
63
64 /**
65 * @param \TYPO3\CMS\Extbase\Security\Cryptography\HashService $hashService
66 */
67 public function injectHashService(\TYPO3\CMS\Extbase\Security\Cryptography\HashService $hashService)
68 {
69 $this->hashService = $hashService;
70 }
71
72 /**
73 * @param \TYPO3\CMS\Extbase\Configuration\ConfigurationManagerInterface $configurationManager
74 */
75 public function injectConfigurationManager(\TYPO3\CMS\Extbase\Configuration\ConfigurationManagerInterface $configurationManager)
76 {
77 $this->configurationManager = $configurationManager;
78 }
79
80 /**
81 * @param \TYPO3\CMS\Extbase\Service\EnvironmentService $environmentService
82 */
83 public function injectEnvironmentService(\TYPO3\CMS\Extbase\Service\EnvironmentService $environmentService)
84 {
85 $this->environmentService = $environmentService;
86 }
87
88 /**
89 * Sets the request method
90 *
91 * @param string $method Name of the request method
92 * @return void
93 * @throws \TYPO3\CMS\Extbase\Mvc\Exception\InvalidRequestMethodException if the request method is not supported
94 */
95 public function setMethod($method)
96 {
97 if ($method === '' || strtoupper($method) !== $method) {
98 throw new \TYPO3\CMS\Extbase\Mvc\Exception\InvalidRequestMethodException('The request method "' . $method . '" is not supported.', 1217778382);
99 }
100 $this->method = $method;
101 }
102
103 /**
104 * Returns the name of the request method
105 *
106 * @return string Name of the request method
107 * @api
108 */
109 public function getMethod()
110 {
111 return $this->method;
112 }
113
114 /**
115 * Sets the request URI
116 *
117 * @param string $requestUri URI of this web request
118 * @return void
119 */
120 public function setRequestUri($requestUri)
121 {
122 $this->requestUri = $requestUri;
123 }
124
125 /**
126 * Returns the request URI
127 *
128 * @return string URI of this web request
129 * @api
130 */
131 public function getRequestUri()
132 {
133 return $this->requestUri;
134 }
135
136 /**
137 * Sets the base URI for this request.
138 *
139 * @param string $baseUri New base URI
140 * @return void
141 */
142 public function setBaseUri($baseUri)
143 {
144 $this->baseUri = $baseUri;
145 }
146
147 /**
148 * Returns the base URI
149 *
150 * @return string Base URI of this web request
151 * @api
152 */
153 public function getBaseUri()
154 {
155 if ($this->environmentService->isEnvironmentInBackendMode()) {
156 return $this->baseUri . TYPO3_mainDir;
157 } else {
158 return $this->baseUri;
159 }
160 }
161
162 /**
163 * Set if the current request is cached.
164 *
165 * @param bool $isCached
166 */
167 public function setIsCached($isCached)
168 {
169 $this->isCached = (bool)$isCached;
170 }
171
172 /**
173 * Return whether the current request is a cached request or not.
174 *
175 * @api (v4 only)
176 * @return bool the caching status.
177 */
178 public function isCached()
179 {
180 return $this->isCached;
181 }
182
183 /**
184 * Get a freshly built request object pointing to the Referrer.
185 *
186 * @return ReferringRequest the referring request, or null if no referrer found
187 */
188 public function getReferringRequest()
189 {
190 if (isset($this->internalArguments['__referrer']['@request'])) {
191 $referrerArray = unserialize($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['@request']));
192 $arguments = array();
193 if (isset($this->internalArguments['__referrer']['arguments'])) {
194 // This case is kept for compatibility in 7.6 and 6.2, but will be removed in 8
195 $arguments = unserialize(base64_decode($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['arguments'])));
196 }
197 $referringRequest = new ReferringRequest();
198 $referringRequest->setArguments(\TYPO3\CMS\Extbase\Utility\ArrayUtility::arrayMergeRecursiveOverrule($arguments, $referrerArray));
199 return $referringRequest;
200 }
201 return null;
202 }
203 }