TYPO3 Core

<?php

/***************************************************************

* Copyright notice

*

* (c) 2010-2011 Oliver Klee <typo3-coding@oliverklee.de>

* All rights reserved

*

* This script is part of the TYPO3 project. The TYPO3 project is

* free software; you can redistribute it and/or modify

* it under the terms of the GNU General Public License as published by

* the Free Software Foundation; either version 2 of the License, or

* (at your option) any later version.

*

* The GNU General Public License can be found at

* http://www.gnu.org/copyleft/gpl.html.

*

* This script is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU General Public License for more details.

*

* This copyright notice MUST APPEAR in all copies of the script!

***************************************************************/

/**

* Class t3lib_formprotection_FrontendFormProtection.

*

* This class provides protection against cross-site request forgery (XSRF/CSRF)

* for forms in the FE.

*

*

* $Id$

*

* @package TYPO3

* @subpackage t3lib

*

* @author Oliver Klee <typo3-coding@oliverklee.de>

*/

class t3lib_formprotection_FrontendFormProtection extends t3lib_formprotection_Abstract {

/**

* the maximum number of tokens that can exist at the same time

*

* @var integer

*/

protected $maximumNumberOfTokens = 20000;

/**

* Keeps the instance of the user which existed during creation

* of the object.

*

* @var tslib_feUserAuth

*/

protected $frontendUser;

/**

* Only allow construction if we have a backend session

*/

public function __construct() {

if (!isset($GLOBALS['TSFE']->fe_user)) {

throw new t3lib_error_Exception(

'A front-end form protection may only be instantiated if there' .

' is an active front-end session.',

1285067843

);

}

$this->frontendUser = $GLOBALS['TSFE']->fe_user;

parent::__construct();

}

/**

* Creates or displayes an error message telling the user that the submitted

* form token is invalid.

*

* @return void

*/

protected function createValidationErrorMessage() {

}

/**

* Retrieves all saved tokens.

*

* @return array<array>

* the saved tokens as, will be empty if no tokens have been saved

*/

protected function retrieveTokens() {

$tokens = $this->frontendUser->getSessionData('formTokens');

if (!is_array($tokens)) {

$tokens = array();

}

$this->tokens = $tokens;

}

/**

* Saves the tokens so that they can be used by a later incarnation of this

* class.

*

* @return void

*/

public function persistTokens() {

$this->frontendUser->setAndSaveSessionData('formTokens', $this->tokens);

}

}

if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php'])) {

include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php']);

}

?>

't3lib_formprotection_frontendformprotection' => PATH_t3lib . 'formprotection/class.t3lib_formprotection_frontendformprotection.php',

if (TYPO3_MODE === 'BE') {

$formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');

} else {

$formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_FrontendFormProtection');

}

if (is_object($GLOBALS['BE_USER'])) {

$formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');

} else {

$formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_FrontendFormProtection');

}

$GLOBALS['TSFE']->fe_user = tslib_eidtools::initFeUser();