Bug #24809 ยป 17309.diff
| t3lib/class.t3lib_befunc.php 2011-01-25 18:23:47.000000000 +0100 | ||
|---|---|---|
|
* @return string a URL GET variable including ampersand
|
||
|
*/
|
||
|
public static function getUrlToken($formName = 'securityToken', $tokenName = 'formToken') {
|
||
|
$formprotection = t3lib_formprotection_Factory::get();
|
||
|
$formprotection = t3lib_formprotection::get();
|
||
|
return '&' . $tokenName . '=' . $formprotection->generateToken($formName);
|
||
|
}
|
||
| t3lib/class.t3lib_pagerenderer.php 2011-01-25 18:23:49.000000000 +0100 | ||
|---|---|---|
|
public function addExtDirectCode() {
|
||
|
$token = '';
|
||
|
if (TYPO3_MODE === 'BE') {
|
||
|
$formprotection = t3lib_formprotection_Factory::get();
|
||
|
$formprotection = t3lib_formprotection::get();
|
||
|
$token = $formprotection->generateToken('extDirect');
|
||
|
}
|
||
| t3lib/class.t3lib_tceforms.php 2011-01-25 18:23:48.000000000 +0100 | ||
|---|---|---|
|
* @return string a complete input field
|
||
|
*/
|
||
|
public static function getHiddenTokenField($formName = 'securityToken', $tokenName = 'formToken') {
|
||
|
$formprotection = t3lib_formprotection_Factory::get();
|
||
|
$formprotection = t3lib_formprotection::get();
|
||
|
return '<input type="hidden" name="' .$tokenName . '" value="' . $formprotection->generateToken($formName) . '" />';
|
||
|
}
|
||
| t3lib/extjs/class.t3lib_extjs_extdirectrouter.php 2011-01-25 18:23:47.000000000 +0100 | ||
|---|---|---|
|
$token = array_pop($singleRequest->data);
|
||
|
if ($firstCall) {
|
||
|
$firstCall = FALSE;
|
||
|
$formprotection = t3lib_formprotection_Factory::get();
|
||
|
$formprotection = t3lib_formprotection::get();
|
||
|
$validToken = $formprotection->validateToken($token, 'extDirect');
|
||
|
}
|
||
| t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php 2011-01-25 18:23:48.000000000 +0100 | ||
|---|---|---|
|
* matter; you only need it to get the form token for verifying it.
|
||
|
*
|
||
|
* <pre>
|
||
|
* $formToken = t3lib_formprotection_Factory::get(
|
||
|
* t3lib_formprotection_Factory::TYPE_BACK_END
|
||
|
* $formToken = t3lib_formprotection::get(
|
||
|
* t3lib_formprotection::TYPE_BACK_END
|
||
|
* )->generateToken(
|
||
|
* 'BE user setup', 'edit'
|
||
|
* );
|
||
| ... | ... | |
|
* For editing a tt_content record, the call could look like this:
|
||
|
*
|
||
|
* <pre>
|
||
|
* $formToken = t3lib_formprotection_Factory::get(
|
||
|
* t3lib_formprotection_Factory::TYPE_BACK_END
|
||
|
* $formToken = t3lib_formprotection::get(
|
||
|
* t3lib_formprotection::TYPE_BACK_END
|
||
|
* )->getFormProtection()->generateToken(
|
||
|
* 'tt_content', 'edit', $uid
|
||
|
* );
|
||
| ... | ... | |
|
* generated tokens get saved, and also that removed tokens stay removed:
|
||
|
*
|
||
|
* <pre>
|
||
|
* t3lib_formprotection_Factory::get(
|
||
|
* t3lib_formprotection_Factory::TYPE_BACK_END
|
||
|
* t3lib_formprotection::get(
|
||
|
* t3lib_formprotection::TYPE_BACK_END
|
||
|
* )->persistTokens();
|
||
|
* </pre>
|
||
|
*
|
||
| ... | ... | |
|
* that the form token is valid like this:
|
||
|
*
|
||
|
* <pre>
|
||
|
* if ($dataHasBeenSubmitted && t3lib_formprotection_Factory::get(
|
||
|
* t3lib_formprotection_Factory::TYPE_BACK_END
|
||
|
* if ($dataHasBeenSubmitted && t3lib_formprotection::get(
|
||
|
* t3lib_formprotection::TYPE_BACK_END
|
||
|
* )->validateToken(
|
||
|
* (string) t3lib_div::_POST('formToken'),
|
||
|
* 'BE user setup', 'edit
|
||
| t3lib/formprotection/class.t3lib_formprotection_factory.php 2011-01-25 18:23:47.000000000 +0100 | ||
|---|---|---|
|
***************************************************************/
|
||
|
/**
|
||
|
* Class t3lib_formprotection_Factory.
|
||
|
* Class t3lib_formprotection.
|
||
|
*
|
||
|
* This class creates and manages instances of the various form protection
|
||
|
* classes.
|
||
| ... | ... | |
|
* Usage for the back-end form protection:
|
||
|
*
|
||
|
* <pre>
|
||
|
* $formProtection = t3lib_formprotection_Factory::get(
|
||
|
* $formProtection = t3lib_formprotection::get(
|
||
|
* 't3lib_formProtection_BackEnd'
|
||
|
* );
|
||
|
* </pre>
|
||
| ... | ... | |
|
* Usage for the install tool form protection:
|
||
|
*
|
||
|
* <pre>
|
||
|
* $formProtection = t3lib_formprotection_Factory::get(
|
||
|
* $formProtection = t3lib_formprotection::get(
|
||
|
* 'tx_install_formprotection'
|
||
|
* );
|
||
|
* $formProtection->injectInstallTool($this);
|
||
| ... | ... | |
|
* @author Oliver Klee <typo3-coding@oliverklee.de>
|
||
|
* @author Ernesto Baschny <ernst@cron-it.de>
|
||
|
*/
|
||
|
final class t3lib_formprotection_Factory {
|
||
|
final class t3lib_formprotection {
|
||
|
/**
|
||
|
* created instances of form protections using the type as array key
|
||
|
*
|
||
| tests/t3lib/formprotection/t3lib_formprotection_FactoryTest.php 2011-01-25 18:23:47.000000000 +0100 | ||
|---|---|---|
|
require_once('fixtures/class.t3lib_formprotection_testing.php');
|
||
|
/**
|
||
|
* Testcase for the t3lib_formprotection_Factory class.
|
||
|
* Testcase for the t3lib_formprotection class.
|
||
|
*
|
||
|
* $Id$
|
||
|
*
|
||
| ... | ... | |
|
* @author Oliver Klee <typo3-coding@oliverklee.de>
|
||
|
* @author Ernesto Baschny <ernst@cron-it.de>
|
||
|
*/
|
||
|
class t3lib_formprotection_FactoryTest extends tx_phpunit_testcase {
|
||
|
class t3lib_formprotectionTest extends tx_phpunit_testcase {
|
||
|
public function setUp() {
|
||
|
}
|
||
|
public function tearDown() {
|
||
|
t3lib_formprotection_Factory::purgeInstances();
|
||
|
t3lib_formprotection::purgeInstances();
|
||
|
}
|
||
| ... | ... | |
|
* @expectedException InvalidArgumentException
|
||
|
*/
|
||
|
public function getForInexistentClassThrowsException() {
|
||
|
t3lib_formprotection_Factory::get('noSuchClass');
|
||
|
t3lib_formprotection::get('noSuchClass');
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
* @expectedException InvalidArgumentException
|
||
|
*/
|
||
|
public function getForClassThatIsNoFormProtectionSubclassThrowsException() {
|
||
|
t3lib_formprotection_Factory::get('t3lib_formprotection_FactoryTest');
|
||
|
t3lib_formprotection::get('t3lib_formprotectionTest');
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
*/
|
||
|
public function getForTypeBackEndWithExistingBackEndReturnsBackEndFormProtection() {
|
||
|
$this->assertTrue(
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_BackendFormProtection'
|
||
|
) instanceof t3lib_formprotection_BackendFormProtection
|
||
|
);
|
||
| ... | ... | |
|
*/
|
||
|
public function getForTypeBackEndCalledTwoTimesReturnsTheSameInstance() {
|
||
|
$this->assertSame(
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_BackendFormProtection'
|
||
|
),
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_BackendFormProtection'
|
||
|
)
|
||
|
);
|
||
| ... | ... | |
|
*/
|
||
|
public function getForTypeInstallToolReturnsInstallToolFormProtection() {
|
||
|
$this->assertTrue(
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_InstallToolFormProtection'
|
||
|
) instanceof t3lib_formprotection_InstallToolFormProtection
|
||
|
);
|
||
| ... | ... | |
|
*/
|
||
|
public function getForTypeInstallToolCalledTwoTimesReturnsTheSameInstance() {
|
||
|
$this->assertSame(
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_InstallToolFormProtection'
|
||
|
),
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_InstallToolFormProtection'
|
||
|
)
|
||
|
);
|
||
| ... | ... | |
|
*/
|
||
|
public function getForTypesInstallToolAndBackEndReturnsDifferentInstances() {
|
||
|
$this->assertNotSame(
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_InstallToolFormProtection'
|
||
|
),
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_BackendFormProtection'
|
||
|
)
|
||
|
);
|
||
| ... | ... | |
|
*/
|
||
|
public function setSetsInstanceForType() {
|
||
|
$instance = new t3lib_formProtection_Testing();
|
||
|
t3lib_formprotection_Factory::set(
|
||
|
t3lib_formprotection::set(
|
||
|
't3lib_formprotection_BackendFormProtection', $instance
|
||
|
);
|
||
|
$this->assertSame(
|
||
|
$instance,
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_BackendFormProtection'
|
||
|
)
|
||
|
);
|
||
| ... | ... | |
|
*/
|
||
|
public function setNotSetsInstanceForOtherType() {
|
||
|
$instance = new t3lib_formProtection_Testing();
|
||
|
t3lib_formprotection_Factory::set(
|
||
|
t3lib_formprotection::set(
|
||
|
't3lib_formprotection_BackendFormProtection', $instance
|
||
|
);
|
||
|
$this->assertNotSame(
|
||
|
$instance,
|
||
|
t3lib_formprotection_Factory::get(
|
||
|
t3lib_formprotection::get(
|
||
|
't3lib_formprotection_InstallToolFormProtection'
|
||
|
)
|
||
|
);
|
||
| typo3/alt_doc.php 2011-01-25 18:23:49.000000000 +0100 | ||
|---|---|---|
|
// Preprocessing, storing data if submitted to
|
||
|
$SOBE->preInit();
|
||
|
$formprotection = t3lib_formprotection_Factory::get();
|
||
|
$formprotection = t3lib_formprotection::get();
|
||
|
if ($SOBE->doProcessData()) { // Checks, if a save button has been clicked (or the doSave variable is sent)
|
||
|
if ($formprotection->validateToken(t3lib_div::_GP('formToken'), 'editRecord')) {
|
||
| typo3/classes/class.ajaxlogin.php 2011-01-25 18:23:48.000000000 +0100 | ||
|---|---|---|
|
*/
|
||
|
public function login(array $parameters, TYPO3AJAX $ajaxObj) {
|
||
|
if ($GLOBALS['BE_USER']->user['uid']) {
|
||
|
$formprotection = t3lib_formprotection_Factory::get();
|
||
|
$formprotection = t3lib_formprotection::get();
|
||
|
$token = $formprotection->generateToken('extDirect');
|
||
|
$json = array(
|
||
| typo3/classes/class.clearcachemenu.php 2011-01-25 18:23:48.000000000 +0100 | ||
|---|---|---|
|
}
|
||
|
}
|
||
|
t3lib_formprotection_Factory::get()->persistTokens();
|
||
|
t3lib_formprotection::get()->persistTokens();
|
||
|
}
|
||
|
/**
|
||
| typo3/index.php 2011-01-25 18:23:48.000000000 +0100 | ||
|---|---|---|
|
if (!$this->loginRefresh) {
|
||
|
t3lib_utility_Http::redirect($this->redirectToURL);
|
||
|
} else {
|
||
|
$formprotection = t3lib_formprotection_Factory::get();
|
||
|
$formprotection = t3lib_formprotection::get();
|
||
|
$token = $formprotection->generateToken('extDirect');
|
||
|
$TBE_TEMPLATE->JScode.=$TBE_TEMPLATE->wrapScriptTags('
|
||
|
if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) {
|
||
| typo3/tce_db.php 2011-01-25 18:23:48.000000000 +0100 | ||
|---|---|---|
|
// Include files?
|
||
|
foreach($SOBE->include_once as $INC_FILE) include_once($INC_FILE);
|
||
|
$formprotection = t3lib_formprotection_Factory::get();
|
||
|
$formprotection = t3lib_formprotection::get();
|
||
|
if ($formprotection->validateToken(t3lib_div::_GP('formToken'), 'tceAction')) {
|
||
|
$SOBE->initClipboard();
|
||
| typo3/template.php 2011-01-25 18:23:48.000000000 +0100 | ||
|---|---|---|
|
<!-- Wrapping DIV-section for whole page END -->
|
||
|
</div>':'') . $this->endOfPageJsBlock ;
|
||
|
t3lib_formprotection_Factory::get()->persistTokens();
|
||
|
t3lib_formprotection::get()->persistTokens();
|
||
|
}
|
||