/** * Helper function for a mapping result with errors */ protected function stubRequestWithMappingErrors() { $this->request->getOriginalRequest()->willReturn(null); $this->request->getArguments()->willReturn([]); $result = $this->prophesize(Result::class); $result->forProperty('objectName')->willReturn($result->reveal()); $result->forProperty('someProperty')->willReturn($result->reveal()); $result->hasErrors()->willReturn(true); $this->request->getOriginalRequestMappingResults()->willReturn($result->reveal()); }
/** * Checks if cHash is required for the current request and calls * TypoScriptFrontendController::reqCHash() if so. * This call will trigger a PageNotFoundException if arguments are required and cHash is not present. * * @param Request $request * @param string $pluginNamespace */ public function enforceForRequest(Request $request, string $pluginNamespace) { $arguments = $request->getArguments(); if (is_array($arguments) && count($arguments) > 0) { $parameters = [$pluginNamespace => $arguments]; $parameters['id'] = $this->typoScriptFrontendController->id; $relevantParameters = $this->cacheHashCalculator->getRelevantParameters(http_build_query($parameters)); if (count($relevantParameters) > 0) { $this->typoScriptFrontendController->reqCHash(); } } }
/** * @param Page $page * @return Result * @throws PropertyMappingException */ protected function mapAndValidatePage(Page $page) : Result { $result = $this->objectManager->get(Result::class); $requestArguments = $this->request->getArguments(); $propertyPathsForWhichPropertyMappingShouldHappen = []; $registerPropertyPaths = function ($propertyPath) use(&$propertyPathsForWhichPropertyMappingShouldHappen) { $propertyPathParts = explode('.', $propertyPath); $accumulatedPropertyPathParts = []; foreach ($propertyPathParts as $propertyPathPart) { $accumulatedPropertyPathParts[] = $propertyPathPart; $temporaryPropertyPath = implode('.', $accumulatedPropertyPathParts); $propertyPathsForWhichPropertyMappingShouldHappen[$temporaryPropertyPath] = $temporaryPropertyPath; } }; foreach ($page->getElementsRecursively() as $element) { $value = ArrayUtility::getValueByPath($requestArguments, $element->getIdentifier()); $element->onSubmit($this, $value, $requestArguments); $this->formState->setFormValue($element->getIdentifier(), $value); $registerPropertyPaths($element->getIdentifier()); } // The more parts the path has, the more early it is processed usort($propertyPathsForWhichPropertyMappingShouldHappen, function ($a, $b) { return substr_count($b, '.') - substr_count($a, '.'); }); $processingRules = $this->formDefinition->getProcessingRules(); foreach ($propertyPathsForWhichPropertyMappingShouldHappen as $propertyPath) { if (isset($processingRules[$propertyPath])) { $processingRule = $processingRules[$propertyPath]; $value = $this->formState->getFormValue($propertyPath); try { $value = $processingRule->process($value); } catch (PropertyException $exception) { throw new PropertyMappingException('Failed to process FormValue at "' . $propertyPath . '" from "' . gettype($value) . '" to "' . $processingRule->getDataType() . '"', 1480024933, $exception); } $result->forProperty($propertyPath)->merge($processingRule->getProcessingMessages()); $this->formState->setFormValue($propertyPath, $value); } } return $result; }
/** * Verify the request. Checks if there is an __hmac argument, and if yes, tries to validate and verify it. * * In the end, $request->setHmacVerified is set depending on the value. * * @param \TYPO3\CMS\Extbase\Mvc\Web\Request $request The request to verify * @throws \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException * @return void */ public function verifyRequest(\TYPO3\CMS\Extbase\Mvc\Web\Request $request) { if (!$request->getInternalArgument('__hmac')) { $request->setHmacVerified(FALSE); return; } $hmac = $request->getInternalArgument('__hmac'); if (strlen($hmac) < 40) { throw new \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException('Request hash too short. This is a probably manipulation attempt!', 1255089361); } $serializedFieldNames = substr($hmac, 0, -40); // TODO: Constant for hash length needs to be introduced $hash = substr($hmac, -40); if ($this->hashService->validateHmac($serializedFieldNames, $hash)) { $requestArguments = $request->getArguments(); // Unset framework arguments unset($requestArguments['__referrer']); unset($requestArguments['__hmac']); if ($this->checkFieldNameInclusion($requestArguments, unserialize($serializedFieldNames))) { $request->setHmacVerified(TRUE); } else { $request->setHmacVerified(FALSE); } } else { $request->setHmacVerified(FALSE); } }