/** * Renders hidden form fields for referrer information about * the current request. * * @return string Hidden fields with referrer information */ protected function renderHiddenReferrerFields() { $tagBuilder = new TagBuilder('input'); $tagBuilder->addAttribute('type', 'hidden'); $tagBuilder->addAttribute('name', $this->prefixFieldName('__state')); $serializedFormState = base64_encode(serialize($this->arguments['object']->getFormState())); $tagBuilder->addAttribute('value', $this->hashService->appendHmac($serializedFormState)); return $tagBuilder->render(); }
/** * @test */ public function validateAndStripHmacReturnsTheStringWithoutHmac() { $string = ' Some arbitrary string with special characters: öäüß!"§$ '; $hashedString = $this->hashService->appendHmac($string); $actualResult = $this->hashService->validateAndStripHmac($hashedString); $this->assertSame($string, $actualResult); }
/** * Renders hidden form fields for referrer information about * the current controller and action. * * @return string Hidden fields with referrer information * @todo filter out referrer information that is equal to the target (e.g. same packageKey) */ protected function renderHiddenReferrerFields() { $result = chr(10); $request = $this->controllerContext->getRequest(); $argumentNamespace = NULL; if (!$request->isMainRequest()) { $argumentNamespace = $request->getArgumentNamespace(); $referrer = array('@package' => $request->getControllerPackageKey(), '@subpackage' => $request->getControllerSubpackageKey(), '@controller' => $request->getControllerName(), '@action' => $request->getControllerActionName(), 'arguments' => $this->hashService->appendHmac(base64_encode(serialize($request->getArguments())))); foreach ($referrer as $referrerKey => $referrerValue) { $referrerValue = \htmlspecialchars($referrerValue); $result .= '<input type="hidden" name="' . $argumentNamespace . '[__referrer][' . $referrerKey . ']" value="' . $referrerValue . '" />' . chr(10); } $request = $request->getParentRequest(); } $arguments = $request->getArguments(); if ($argumentNamespace !== NULL && isset($arguments[$argumentNamespace])) { // A sub request was there; thus we can unset the sub requests arguments, // as they are transferred separately via the code block shown above. unset($arguments[$argumentNamespace]); } $referrer = array('@package' => $request->getControllerPackageKey(), '@subpackage' => $request->getControllerSubpackageKey(), '@controller' => $request->getControllerName(), '@action' => $request->getControllerActionName(), 'arguments' => $this->hashService->appendHmac(base64_encode(serialize($arguments)))); foreach ($referrer as $referrerKey => $referrerValue) { $result .= '<input type="hidden" name="__referrer[' . $referrerKey . ']' . '" value="' . htmlspecialchars($referrerValue) . '" />' . chr(10); } return $result; }
/** * Returns the web accessible URI pointing to the specified persistent resource * * @param Resource $resource Resource object * @return string The URI * @throws Exception */ public function getPublicPersistentResourceUri(Resource $resource) { $resourceData = array('resourceIdentifier' => $resource->getSha1()); if ($this->shouldIncludeSecurityContext()) { $resourceData['securityContextHash'] = $this->securityContext->getContextHash(); } elseif (!empty($this->options['tokenLifetime'])) { $expirationDateTime = clone $this->now; $expirationDateTime = $expirationDateTime->modify(sprintf('+%d seconds', $this->options['tokenLifetime'])); $resourceData['expirationDateTime'] = $expirationDateTime->format(\DateTime::ISO8601); } $encodedResourceData = base64_encode(json_encode($resourceData)); $signedResourceData = $this->hashService->appendHmac($encodedResourceData); return $this->detectResourcesBaseUri() . '?__protectedResource=' . $signedResourceData; }
/** * Get the URI for an AJAX Request. * * @return string the AJAX URI * @throws WidgetContextNotFoundException */ protected function getAjaxUri() { $action = $this->arguments['action']; $arguments = $this->arguments['arguments']; if ($action === NULL) { $action = $this->controllerContext->getRequest()->getControllerActionName(); } $arguments['@action'] = $action; if (strlen($this->arguments['format']) > 0) { $arguments['@format'] = $this->arguments['format']; } /** @var $widgetContext WidgetContext */ $widgetContext = $this->controllerContext->getRequest()->getInternalArgument('__widgetContext'); if ($widgetContext === NULL) { throw new WidgetContextNotFoundException('Widget context not found in <f:widget.uri>', 1307450639); } if ($this->arguments['includeWidgetContext'] === TRUE) { $serializedWidgetContext = base64_encode(serialize($widgetContext)); $arguments['__widgetContext'] = $this->hashService->appendHmac($serializedWidgetContext); } else { $arguments['__widgetId'] = $widgetContext->getAjaxWidgetIdentifier(); } return '?' . http_build_query($arguments, NULL, '&'); }
/** * Serialize and hash the form field array * * @param array $formFieldArray form field array to be serialized and hashed * @return string Hash */ protected function serializeAndHashFormFieldArray($formFieldArray) { $serializedFormFieldArray = serialize($formFieldArray); return $this->hashService->appendHmac($serializedFormFieldArray); }