/** * @return FormSigner */ static function getSigner() { if (is_null(self::$signer)) { self::$signer = new FormSigner(); } return self::$signer; }
/** * Переписанный подписывальщик форм. */ function postprocText($text) { // Split text by forms. $formChunks = preg_split('/(' . $this->_mf_hash . 'form\\d+\\|)/s', $text, 0, PREG_SPLIT_DELIM_CAPTURE); $text = $formChunks[0]; // Remove hashes from text outside all the forms. $this->_getMetasInText($text); // Now process each form separately. for ($i = 1, $n = count($formChunks); $i < $n; $i += 2) { $hash = $formChunks[$i]; $content = $formChunks[$i + 1]; // This form tag. $formTag = $this->_mf_collectForms[$hash]; // Extract stored hashes for form fields & clean hashes from text. $metas = $this->_getMetasInText($content); /// Step 0. Check whether the "name" attribute within <form> container is provided if (empty($formTag['name'])) { Core::Error('Container <form> should have a "name" attribute ' . 'with the unique identifier that is registered in global form pool ' . '(Form_Observer)'); } $form = FormObserver::getForm($formTag['name']); if ($formTag['action'] != $form->getAction()) { Debug::error('Invalid form action is specified: %s found, but %s is expected', $formTag['action'], $form->getAction()); } /// Step 2. We sign the form name to invoke an appropriate form object $metas['items'][self::ID_ELT] = array("type" => "text", "original" => $formTag['name'], "name" => self::ID_ELT); /// Step 3. Ok, now we compare the form object and the elements found in the container $components = array(); foreach ($metas['items'] as $meta) { $components[$meta['name']] = $meta; } $hiddenComponents = $form->compare($components); // Process only POST forms! if (strtoupper(@$formTag['method']) == 'POST') { // Generate hidden tag. $packed = $this->_packMeta($metas); if ($this->MF_USE_SESSION) { // If session is used, store data in session. $contentHash = $this->_getHashcode($packed); $_SESSION[$this->MF_META_ELT][$contentHash] = $packed; $packed = $contentHash; } // Add suffix (e.g. - current timestamp) to metadata as comment. This // should help debugging: we always know when form metadata was generated // and detect stupid proxy requests when page is cached for weeks. This // date must NOT be included in digital signature! if ($this->MF_SIGN_SUFFIX !== null) { $packed .= " " . $this->MF_SIGN_SUFFIX; } $hidden = array('_tagName' => 'input', 'type' => 'hidden', 'name' => $this->MF_META_ELT, 'value' => $packed, '_text' => null); $text .= $this->makeTag($hidden); /// So right now we add the signed element containing the ID of a form $hidden = array('_tagName' => 'input', 'type' => 'hidden', 'name' => self::ID_ELT, 'value' => $formTag['name'], '_text' => null); $text .= $this->makeTag($hidden); foreach ((array) $hiddenComponents as $component) { $defVal = $component->getDefaultValue(); $tag = array('_tagName' => 'input', 'type' => 'hidden', 'name' => $component->getName(), 'value' => is_null($defVal) ? @$_POST[$component->getName()] : $defVal, '_text' => null); $text .= $this->makeTag($tag); } } $text .= $content; } return $text; }