Bug #24962 ยป 17490.diff
| t3lib/formprotection/class.t3lib_formprotection_abstract.php (working copy) | ||
|---|---|---|
|
protected $tokens = array();
|
||
|
/**
|
||
|
* Tokens that have been added during this request.
|
||
|
*
|
||
|
* @var array<array>
|
||
|
*/
|
||
|
protected $addedTokens = array();
|
||
|
/**
|
||
|
* Token ids of tokens that have been dropped during this request.
|
||
|
*
|
||
|
* @var array
|
||
|
*/
|
||
|
protected $droppedTokenIds = array();
|
||
|
/**
|
||
|
* Constructor. Makes sure existing tokens are read and available for
|
||
|
* checking.
|
||
|
*/
|
||
| ... | ... | |
|
'action' => $action,
|
||
|
'formInstanceName' => $formInstanceName,
|
||
|
);
|
||
|
$this->addedTokens[$tokenId] = $this->tokens[$tokenId];
|
||
|
$this->preventOverflow();
|
||
|
return $tokenId;
|
||
| ... | ... | |
|
protected function dropToken($tokenId) {
|
||
|
if (isset($this->tokens[$tokenId])) {
|
||
|
unset($this->tokens[$tokenId]);
|
||
|
$this->droppedTokenIds[] = $tokenId;
|
||
|
}
|
||
|
}
|
||
|
/**
|
||
|
* Persisting of tokens is only required, if tokens are
|
||
|
* deleted or added during this request.
|
||
|
*
|
||
|
* @return boolean
|
||
|
*/
|
||
|
protected function isPersistingRequired() {
|
||
|
return !empty($this->droppedTokenIds) || !empty($this->addedTokens);
|
||
|
}
|
||
|
/**
|
||
|
* Reset the arrays of added or deleted tokens.
|
||
|
*
|
||
|
* @return void
|
||
|
*/
|
||
|
protected function resetPersistingRequiredStatus() {
|
||
|
$this->droppedTokenIds = array();
|
||
|
$this->addedTokens = array();
|
||
|
}
|
||
|
/**
|
||
|
* Checks whether the number of current tokens still is at most
|
||
|
* $this->maximumNumberOfTokens.
|
||
|
*
|
||
| t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php (working copy) | ||
|---|---|---|
|
}
|
||
|
/**
|
||
|
* Overrule the method in the absract class, because we can drop the
|
||
|
* whole locking procedure, which is done in persistTokens, if we
|
||
|
* simply want to delete all tokens.
|
||
|
*
|
||
|
* @see t3lib/formprotection/t3lib_formprotection_Abstract::clean()
|
||
|
*/
|
||
|
public function clean() {
|
||
|
$this->tokens = array();
|
||
|
$this->backendUser->setAndSaveSessionData('formTokens', $this->tokens);
|
||
|
$this->resetPersistingRequiredStatus();
|
||
|
}
|
||
|
/**
|
||
|
* Creates or displayes an error message telling the user that the submitted
|
||
|
* form token is invalid.
|
||
|
*
|
||
| ... | ... | |
|
protected function updateTokens() {
|
||
|
$this->backendUser->user = $this->backendUser->fetchUserSession(TRUE);
|
||
|
$tokens = $this->retrieveTokens();
|
||
|
$this->tokens = array_merge($this->tokens, $tokens);
|
||
|
$this->tokens = array_merge($tokens, $this->addedTokens);
|
||
|
foreach ($this->droppedTokenIds as $tokenId) {
|
||
|
unset($this->tokens[$tokenId]);
|
||
|
}
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
* @return void
|
||
|
*/
|
||
|
public function persistTokens() {
|
||
|
$lockObject = $this->acquireLock();
|
||
|
if ($this->isPersistingRequired()) {
|
||
|
$lockObject = $this->acquireLock();
|
||
|
$this->updateTokens();
|
||
|
$this->backendUser->setAndSaveSessionData('formTokens', $this->tokens);
|
||
|
$this->updateTokens();
|
||
|
$this->backendUser->setAndSaveSessionData('formTokens', $this->tokens);
|
||
|
$this->resetPersistingRequiredStatus();
|
||
|
$this->releaseLock($lockObject);
|
||
|
$this->releaseLock($lockObject);
|
||
|
}
|
||
|
}
|
||
|
/**
|
||