Esempio n. 1
0
 /**
  * Adds a CSRF token as argument in the URI builder
  *
  * @FLOW3\Before("setting(TYPO3.FLOW3.security.enable) && method(TYPO3\FLOW3\Mvc\Routing\UriBuilder->build())")
  * @param \TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint The current join point
  * @return void
  */
 public function addCsrfTokenToUri(\TYPO3\FLOW3\Aop\JoinPointInterface $joinPoint)
 {
     $uriBuilder = $joinPoint->getProxy();
     $arguments = $joinPoint->getMethodArgument('arguments');
     $packageKey = isset($arguments['@package']) ? $arguments['@package'] : '';
     $subpackageKey = isset($arguments['@subpackage']) ? $arguments['@subpackage'] : '';
     $controllerName = isset($arguments['@controller']) ? $arguments['@controller'] : 'Standard';
     $actionName = (isset($arguments['@action']) ? $arguments['@action'] : 'index') . 'Action';
     $possibleObjectName = '@package\\@subpackage\\Controller\\@controllerController';
     $possibleObjectName = str_replace('@package', str_replace('.', '\\', $packageKey), $possibleObjectName);
     $possibleObjectName = str_replace('@subpackage', $subpackageKey, $possibleObjectName);
     $possibleObjectName = str_replace('@controller', $controllerName, $possibleObjectName);
     $possibleObjectName = str_replace('\\\\', '\\', $possibleObjectName);
     $lowercaseObjectName = strtolower($possibleObjectName);
     $className = $this->objectManager->getClassNameByObjectName($this->objectManager->getCaseSensitiveObjectName($lowercaseObjectName));
     if ($this->policyService->hasPolicyEntryForMethod($className, $actionName) && !$this->reflectionService->isMethodAnnotatedWith($className, $actionName, 'TYPO3\\FLOW3\\Annotations\\SkipCsrfProtection')) {
         $internalArguments = $uriBuilder->getArguments();
         $internalArguments['__csrfToken'] = $this->securityContext->getCsrfProtectionToken();
         $uriBuilder->setArguments($internalArguments);
     }
 }