Resources/Documents/_backend_form_protection_8php_source.html

<?php

namespace TYPO3\CMS\Core\FormProtection;


/*

 * This file is part of the TYPO3 CMS project.

 *

 * It is free software; you can redistribute it and/or modify it under

 * the terms of the GNU General Public License, either version 2

 * of the License, or any later version.

 *

 * For the full copyright and license information, please read the

 * LICENSE.txt file that was distributed with this source code.

 *

 * The TYPO3 project - inspiring people to share!

 */


use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;

use TYPO3\CMS\Core\Registry;


class BackendFormProtection extends AbstractFormProtection

{

    protected $backendUser;


    protected $registry;


    public function __construct(BackendUserAuthentication $backendUser, Registry $registry, \Closure $validationFailedCallback = null)

    {

        $this->backendUser = $backendUser;

        $this->registry = $registry;

        $this->validationFailedCallback = $validationFailedCallback;

        if (!$this->isAuthorizedBackendSession()) {

            throw new \TYPO3\CMS\Core\Error\Exception('A back-end form protection may only be instantiated if there is an active back-end session.', 1285067843);

        }

    }


    protected function retrieveSessionToken()

    {

        $this->sessionToken = $this->backendUser->getSessionData('formProtectionSessionToken');

        if (empty($this->sessionToken)) {

            $this->sessionToken = $this->generateSessionToken();

            $this->persistSessionToken();

        }

        return $this->sessionToken;

    }


    public function persistSessionToken()

    {

        $this->backendUser->setAndSaveSessionData('formProtectionSessionToken', $this->sessionToken);

    }


    public function setSessionTokenFromRegistry()

    {

        $this->sessionToken = $this->registry->get('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);

        if (empty($this->sessionToken)) {

            throw new \UnexpectedValueException('Failed to restore the session token from the registry.', 1301827270);

        }

        return $this->sessionToken;

    }


    public function storeSessionTokenInRegistry()

    {

        $this->registry->set('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid'], $this->getSessionToken());

    }


    public function removeSessionTokenFromRegistry()

    {

        $this->registry->remove('core', 'formProtectionSessionToken:' . $this->backendUser->user['uid']);

    }


    protected function isAuthorizedBackendSession()

    {

        return !empty($this->backendUser->user['uid']);

    }

}