/** * Main event loop handler. * * This is the function to call instead of the normal $view->fetch(...). * * @param boolean $template Name of template file. * @param Zikula_Form_AbstractHandler $eventHandler Instance of object that inherits from Zikula_Form_AbstractHandler. * * @return mixed False on errors, true on redirects, and otherwise it returns the HTML output for the page. */ public function execute($template, Zikula_Form_AbstractHandler $eventHandler) { if (!$eventHandler instanceof Zikula_Form_AbstractHandler) { throw new Zikula_Exception_Fatal('Form handlers must inherit from Zikula_Form_AbstractHandler.'); } // Save handler for later use $this->eventHandler = $eventHandler; $this->eventHandler->setView($this); $this->eventHandler->setEntityManager($this->entityManager); $this->eventHandler->setRequest($this->request); $this->eventHandler->setDomain($this->domain); $this->eventHandler->setName($this->getModuleName()); $this->eventHandler->setup(); $this->eventHandler->preInitialize(); if ($this->isPostBack()) { if (!SecurityUtil::validateCsrfToken($this->request->request->filter('csrftoken', '', FILTER_SANITIZE_STRING), $this->serviceManager)) { return LogUtil::registerAuthidError(); } // retrieve form id $formId = $this->request->request->filter("__formid", '', FILTER_SANITIZE_STRING); $this->setFormId($formId); $this->decodeIncludes(); $this->decodeStateData(); $this->decodeState(); if ($this->eventHandler->initialize($this) === false) { return $this->getErrorMsg(); } // if we get this far, the form processed correctly and we can GC the session unset($_SESSION['__formid'][$this->formId]); $this->eventHandler->postInitialize(); // (no create event) $this->initializePlugins(); // initialize event $this->decodePlugins(); // decode event $this->decodePostBackEvent(); // Execute optional postback after plugins have read their values } else { $this->setFormId(uniqid('f')); if ($this->eventHandler->initialize($this) === false) { return $this->getErrorMsg(); } $this->eventHandler->postInitialize(); } // render event (calls registerPlugin) $this->assign('__formid', $this->formId); $output = $this->fetch($template); if ($this->hasError()) { return $this->getErrorMsg(); } // Check redirection at this point, ignore any generated HTML if redirected is required. // We cannot skip HTML generation entirely in case of System::redirect since there might be // some relevant code to execute in the plugins. if ($this->redirected) { // only reach this point if redirectTarget is a Zikula\Core\ModUrl return new RedirectResponse(System::normalizeUrl($this->redirectTarget->getUrl())); } return $output; }
/** * {@inheritdoc} */ public function isCsrfTokenValid($intention, $token) { return \SecurityUtil::validateCsrfToken($token); }