Project

General

Profile

Bug #24809 ยป 17309.diff

Administrator Admin, 2011-01-25 18:46

View differences:

t3lib/class.t3lib_befunc.php 2011-01-25 18:23:47.000000000 +0100
* @return string a URL GET variable including ampersand
*/
public static function getUrlToken($formName = 'securityToken', $tokenName = 'formToken') {
$formprotection = t3lib_formprotection_Factory::get();
$formprotection = t3lib_formprotection::get();
return '&' . $tokenName . '=' . $formprotection->generateToken($formName);
}
t3lib/class.t3lib_pagerenderer.php 2011-01-25 18:23:49.000000000 +0100
public function addExtDirectCode() {
$token = '';
if (TYPO3_MODE === 'BE') {
$formprotection = t3lib_formprotection_Factory::get();
$formprotection = t3lib_formprotection::get();
$token = $formprotection->generateToken('extDirect');
}
t3lib/class.t3lib_tceforms.php 2011-01-25 18:23:48.000000000 +0100
* @return string a complete input field
*/
public static function getHiddenTokenField($formName = 'securityToken', $tokenName = 'formToken') {
$formprotection = t3lib_formprotection_Factory::get();
$formprotection = t3lib_formprotection::get();
return '<input type="hidden" name="' .$tokenName . '" value="' . $formprotection->generateToken($formName) . '" />';
}
t3lib/extjs/class.t3lib_extjs_extdirectrouter.php 2011-01-25 18:23:47.000000000 +0100
$token = array_pop($singleRequest->data);
if ($firstCall) {
$firstCall = FALSE;
$formprotection = t3lib_formprotection_Factory::get();
$formprotection = t3lib_formprotection::get();
$validToken = $formprotection->validateToken($token, 'extDirect');
}
t3lib/formprotection/class.t3lib_formprotection_backendformprotection.php 2011-01-25 18:23:48.000000000 +0100
* matter; you only need it to get the form token for verifying it.
*
* <pre>
* $formToken = t3lib_formprotection_Factory::get(
* t3lib_formprotection_Factory::TYPE_BACK_END
* $formToken = t3lib_formprotection::get(
* t3lib_formprotection::TYPE_BACK_END
* )->generateToken(
* 'BE user setup', 'edit'
* );
......
* For editing a tt_content record, the call could look like this:
*
* <pre>
* $formToken = t3lib_formprotection_Factory::get(
* t3lib_formprotection_Factory::TYPE_BACK_END
* $formToken = t3lib_formprotection::get(
* t3lib_formprotection::TYPE_BACK_END
* )->getFormProtection()->generateToken(
* 'tt_content', 'edit', $uid
* );
......
* generated tokens get saved, and also that removed tokens stay removed:
*
* <pre>
* t3lib_formprotection_Factory::get(
* t3lib_formprotection_Factory::TYPE_BACK_END
* t3lib_formprotection::get(
* t3lib_formprotection::TYPE_BACK_END
* )->persistTokens();
* </pre>
*
......
* that the form token is valid like this:
*
* <pre>
* if ($dataHasBeenSubmitted && t3lib_formprotection_Factory::get(
* t3lib_formprotection_Factory::TYPE_BACK_END
* if ($dataHasBeenSubmitted && t3lib_formprotection::get(
* t3lib_formprotection::TYPE_BACK_END
* )->validateToken(
* (string) t3lib_div::_POST('formToken'),
* 'BE user setup', 'edit
t3lib/formprotection/class.t3lib_formprotection_factory.php 2011-01-25 18:23:47.000000000 +0100
***************************************************************/
/**
* Class t3lib_formprotection_Factory.
* Class t3lib_formprotection.
*
* This class creates and manages instances of the various form protection
* classes.
......
* Usage for the back-end form protection:
*
* <pre>
* $formProtection = t3lib_formprotection_Factory::get(
* $formProtection = t3lib_formprotection::get(
* 't3lib_formProtection_BackEnd'
* );
* </pre>
......
* Usage for the install tool form protection:
*
* <pre>
* $formProtection = t3lib_formprotection_Factory::get(
* $formProtection = t3lib_formprotection::get(
* 'tx_install_formprotection'
* );
* $formProtection->injectInstallTool($this);
......
* @author Oliver Klee <typo3-coding@oliverklee.de>
* @author Ernesto Baschny <ernst@cron-it.de>
*/
final class t3lib_formprotection_Factory {
final class t3lib_formprotection {
/**
* created instances of form protections using the type as array key
*
tests/t3lib/formprotection/t3lib_formprotection_FactoryTest.php 2011-01-25 18:23:47.000000000 +0100
require_once('fixtures/class.t3lib_formprotection_testing.php');
/**
* Testcase for the t3lib_formprotection_Factory class.
* Testcase for the t3lib_formprotection class.
*
* $Id$
*
......
* @author Oliver Klee <typo3-coding@oliverklee.de>
* @author Ernesto Baschny <ernst@cron-it.de>
*/
class t3lib_formprotection_FactoryTest extends tx_phpunit_testcase {
class t3lib_formprotectionTest extends tx_phpunit_testcase {
public function setUp() {
}
public function tearDown() {
t3lib_formprotection_Factory::purgeInstances();
t3lib_formprotection::purgeInstances();
}
......
* @expectedException InvalidArgumentException
*/
public function getForInexistentClassThrowsException() {
t3lib_formprotection_Factory::get('noSuchClass');
t3lib_formprotection::get('noSuchClass');
}
/**
......
* @expectedException InvalidArgumentException
*/
public function getForClassThatIsNoFormProtectionSubclassThrowsException() {
t3lib_formprotection_Factory::get('t3lib_formprotection_FactoryTest');
t3lib_formprotection::get('t3lib_formprotectionTest');
}
/**
......
*/
public function getForTypeBackEndWithExistingBackEndReturnsBackEndFormProtection() {
$this->assertTrue(
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_BackendFormProtection'
) instanceof t3lib_formprotection_BackendFormProtection
);
......
*/
public function getForTypeBackEndCalledTwoTimesReturnsTheSameInstance() {
$this->assertSame(
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_BackendFormProtection'
),
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_BackendFormProtection'
)
);
......
*/
public function getForTypeInstallToolReturnsInstallToolFormProtection() {
$this->assertTrue(
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_InstallToolFormProtection'
) instanceof t3lib_formprotection_InstallToolFormProtection
);
......
*/
public function getForTypeInstallToolCalledTwoTimesReturnsTheSameInstance() {
$this->assertSame(
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_InstallToolFormProtection'
),
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_InstallToolFormProtection'
)
);
......
*/
public function getForTypesInstallToolAndBackEndReturnsDifferentInstances() {
$this->assertNotSame(
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_InstallToolFormProtection'
),
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_BackendFormProtection'
)
);
......
*/
public function setSetsInstanceForType() {
$instance = new t3lib_formProtection_Testing();
t3lib_formprotection_Factory::set(
t3lib_formprotection::set(
't3lib_formprotection_BackendFormProtection', $instance
);
$this->assertSame(
$instance,
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_BackendFormProtection'
)
);
......
*/
public function setNotSetsInstanceForOtherType() {
$instance = new t3lib_formProtection_Testing();
t3lib_formprotection_Factory::set(
t3lib_formprotection::set(
't3lib_formprotection_BackendFormProtection', $instance
);
$this->assertNotSame(
$instance,
t3lib_formprotection_Factory::get(
t3lib_formprotection::get(
't3lib_formprotection_InstallToolFormProtection'
)
);
typo3/alt_doc.php 2011-01-25 18:23:49.000000000 +0100
// Preprocessing, storing data if submitted to
$SOBE->preInit();
$formprotection = t3lib_formprotection_Factory::get();
$formprotection = t3lib_formprotection::get();
if ($SOBE->doProcessData()) { // Checks, if a save button has been clicked (or the doSave variable is sent)
if ($formprotection->validateToken(t3lib_div::_GP('formToken'), 'editRecord')) {
typo3/classes/class.ajaxlogin.php 2011-01-25 18:23:48.000000000 +0100
*/
public function login(array $parameters, TYPO3AJAX $ajaxObj) {
if ($GLOBALS['BE_USER']->user['uid']) {
$formprotection = t3lib_formprotection_Factory::get();
$formprotection = t3lib_formprotection::get();
$token = $formprotection->generateToken('extDirect');
$json = array(
typo3/classes/class.clearcachemenu.php 2011-01-25 18:23:48.000000000 +0100
}
}
t3lib_formprotection_Factory::get()->persistTokens();
t3lib_formprotection::get()->persistTokens();
}
/**
typo3/index.php 2011-01-25 18:23:48.000000000 +0100
if (!$this->loginRefresh) {
t3lib_utility_Http::redirect($this->redirectToURL);
} else {
$formprotection = t3lib_formprotection_Factory::get();
$formprotection = t3lib_formprotection::get();
$token = $formprotection->generateToken('extDirect');
$TBE_TEMPLATE->JScode.=$TBE_TEMPLATE->wrapScriptTags('
if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) {
typo3/tce_db.php 2011-01-25 18:23:48.000000000 +0100
// Include files?
foreach($SOBE->include_once as $INC_FILE) include_once($INC_FILE);
$formprotection = t3lib_formprotection_Factory::get();
$formprotection = t3lib_formprotection::get();
if ($formprotection->validateToken(t3lib_div::_GP('formToken'), 'tceAction')) {
$SOBE->initClipboard();
typo3/template.php 2011-01-25 18:23:48.000000000 +0100
<!-- Wrapping DIV-section for whole page END -->
</div>':'') . $this->endOfPageJsBlock ;
t3lib_formprotection_Factory::get()->persistTokens();
t3lib_formprotection::get()->persistTokens();
}
    (1-1/1)