TYPO3
7.6
|
Public Member Functions | |
injectHashService (\TYPO3\CMS\Extbase\Security\Cryptography\HashService $hashService) | |
generateTrustedPropertiesToken ($formFieldNames, $fieldNamePrefix= '') | |
initializePropertyMappingConfigurationFromRequest (\TYPO3\CMS\Extbase\Mvc\Request $request,\TYPO3\CMS\Extbase\Mvc\Controller\Arguments $controllerArguments) | |
Protected Member Functions | |
serializeAndHashFormFieldArray (array $formFieldArray) | |
modifyPropertyMappingConfiguration ($propertyConfiguration,\TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration $propertyMappingConfiguration) | |
Protected Attributes | |
$hashService | |
This is a Service which can generate a request hash and check whether the currently given arguments fit to the request hash.
It is used when forms are generated and submitted: After a form has been generated, the method "generateRequestHash" is called with the names of all form fields. It cleans up the array of form fields and creates another representation of it, which is then serialized and hashed.
Both serialized form field list and the added hash form the request hash, which will be sent over the wire (as an argument __hmac).
On the validation side, the validation happens in two steps: 1) Check if the request hash is consistent (the hash value fits to the serialized string) 2) Check that all GET/POST parameters submitted occur inside the form field list of the request hash.
Note: It is crucially important that a private key is computed into the hash value! This is done inside the HashService.
Definition at line 33 of file MvcPropertyMappingConfigurationService.php.
generateTrustedPropertiesToken | ( | $formFieldNames, | |
$fieldNamePrefix = '' |
|||
) |
Generate a request hash for a list of form fields
array | $formFieldNames | Array of form fields |
string | $fieldNamePrefix |
\TYPO3\CMS\EXTBASE\Security\Exception\InvalidArgumentForHashGenerationException |
Definition at line 59 of file MvcPropertyMappingConfigurationService.php.
References MvcPropertyMappingConfigurationService\serializeAndHashFormFieldArray().
initializePropertyMappingConfigurationFromRequest | ( | \TYPO3\CMS\Extbase\Mvc\Request | $request, |
\TYPO3\CMS\Extbase\Mvc\Controller\Arguments | $controllerArguments | ||
) |
Initialize the property mapping configuration in $controllerArguments if the trusted properties are set inside the request.
\TYPO3\CMS\Extbase\Mvc\Request | $request | |
\TYPO3\CMS\Extbase\Mvc\Controller\Arguments | $controllerArguments |
Definition at line 121 of file MvcPropertyMappingConfigurationService.php.
References MvcPropertyMappingConfigurationService\modifyPropertyMappingConfiguration().
injectHashService | ( | \TYPO3\CMS\Extbase\Security\Cryptography\HashService | $hashService | ) |
\TYPO3\CMS\Extbase\Security\Cryptography\HashService | $hashService |
Definition at line 45 of file MvcPropertyMappingConfigurationService.php.
References MvcPropertyMappingConfigurationService\$hashService.
|
protected |
Modify the passed $propertyMappingConfiguration according to the $propertyConfiguration which has been generated by Fluid. In detail, if the $propertyConfiguration contains an __identity field, we allow modification of objects; else we allow creation.
All other properties are specified as allowed properties.
array | $propertyConfiguration | |
\TYPO3\CMS\Extbase\Property\PropertyMappingConfiguration | $propertyMappingConfiguration |
Definition at line 151 of file MvcPropertyMappingConfigurationService.php.
Referenced by MvcPropertyMappingConfigurationService\initializePropertyMappingConfigurationFromRequest().
|
protected |
Serialize and hash the form field array
array | $formFieldArray | form field array to be serialized and hashed |
Definition at line 106 of file MvcPropertyMappingConfigurationService.php.
Referenced by MvcPropertyMappingConfigurationService\generateTrustedPropertiesToken().
|
protected |
Definition at line 40 of file MvcPropertyMappingConfigurationService.php.
Referenced by MvcPropertyMappingConfigurationService\injectHashService().