/** * @return void */ protected function initializeCurrentPageFromRequest() { if (!$this->formState->isFormSubmitted()) { $this->currentPage = $this->formDefinition->getPageByIndex(0); return; } $this->lastDisplayedPage = $this->formDefinition->getPageByIndex($this->formState->getLastDisplayedPageIndex()); // We know now that lastDisplayedPage is filled $currentPageIndex = (int) $this->request->getInternalArgument('__currentPage'); if ($currentPageIndex > $this->lastDisplayedPage->getIndex() + 1) { // We only allow jumps to following pages $currentPageIndex = $this->lastDisplayedPage->getIndex() + 1; } // We now know that the user did not try to skip a page if ($currentPageIndex === count($this->formDefinition->getPages())) { // Last Page $this->currentPage = null; } else { $this->currentPage = $this->formDefinition->getPageByIndex($currentPageIndex); } }
/** * Verify the request. Checks if there is an __hmac argument, and if yes, tries to validate and verify it. * * In the end, $request->setHmacVerified is set depending on the value. * * @param \TYPO3\CMS\Extbase\Mvc\Web\Request $request The request to verify * @throws \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException * @return void */ public function verifyRequest(\TYPO3\CMS\Extbase\Mvc\Web\Request $request) { if (!$request->getInternalArgument('__hmac')) { $request->setHmacVerified(FALSE); return; } $hmac = $request->getInternalArgument('__hmac'); if (strlen($hmac) < 40) { throw new \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException('Request hash too short. This is a probably manipulation attempt!', 1255089361); } $serializedFieldNames = substr($hmac, 0, -40); // TODO: Constant for hash length needs to be introduced $hash = substr($hmac, -40); if ($this->hashService->validateHmac($serializedFieldNames, $hash)) { $requestArguments = $request->getArguments(); // Unset framework arguments unset($requestArguments['__referrer']); unset($requestArguments['__hmac']); if ($this->checkFieldNameInclusion($requestArguments, unserialize($serializedFieldNames))) { $request->setHmacVerified(TRUE); } else { $request->setHmacVerified(FALSE); } } else { $request->setHmacVerified(FALSE); } }