/**
* Do something after resolving is done
*
* @param \Cx\Core\ContentManager\Model\Entity\Page $page The resolved page
*/
public function postResolve(\Cx\Core\ContentManager\Model\Entity\Page $page)
{
global $plainCmd, $cmd, $_CORELANG;
// CSRF code needs to be even in the login form. otherwise, we
// could not do a super-generic check later.. NOTE: do NOT move
// this above the "new cmsSession" line!
Csrf::add_code();
// CSRF protection.
// Note that we only do the check as long as there's no
// cmd given; this is so we can reload the main screen if
// the check has failed somehow.
// fileBrowser is an exception, as it eats CSRF codes like
// candy. We're doing \Cx\Core\Csrf\Controller\Csrf::check_code() in the relevant
// parts in the module instead.
// The CSRF code needn't to be checked in the login module
// because the user isn't logged in at this point.
// TODO: Why is upload excluded? The CSRF check doesn't take place in the upload module!
if (!empty($plainCmd) && !empty($cmd) and !in_array($plainCmd, array('FileBrowser', 'Upload', 'Login', 'Home'))) {
// Since language initialization in in the same hook as this
// and we cannot define the order of module-processing,
// we need to check if language is already initialized:
if (!is_array($_CORELANG) || !count($_CORELANG)) {
$objInit = \Env::get('init');
$objInit->_initBackendLanguage();
$_CORELANG = $objInit->loadLanguageData('core');
}
Csrf::check_code();
}
}
