/** * Renders the checkbox. * * @param boolean $checked Specifies that the input element should be preselected * @throws \TYPO3\CMS\Fluid\Core\ViewHelper\Exception * @return string * @api */ public function render($checked = TRUE) { if (!$this->arguments['value'] instanceof \TYPO3\CMS\Extbase\Domain\Model\FileReference) { var_dump($this->arguments['value']); throw new \InvalidArgumentException('The value assigned to Form.Multiupload.DeleteViewhelper must be of type FileReference', 1421848917); } $resourcePointerValue = $this->arguments['value']->getUid(); if ($resourcePointerValue === NULL) { // Newly created file reference which is not persisted yet. // Use the file UID instead, but prefix it with "file:" to communicate this to the type converter $resourcePointerValue = 'file:' . $this->arguments['value']->getOriginalResource()->getOriginalFile()->getUid(); } $index = $this->viewHelperVariableContainer->get('Helhum\\UploadExample\\ViewHelpers\\Form\\MultiuploadViewHelper', 'fileReferenceIndex'); $this->viewHelperVariableContainer->addOrUpdate('Helhum\\UploadExample\\ViewHelpers\\Form\\MultiuploadViewHelper', 'fileReferenceIndex', ++$index); // TODO: Fluid automatically adds the __identity key if the argument to the // viewhelper is a persisted model, but stripping the key on our own // is ugly here. Generate the name on ourselves? $name = $this->getName(); $name = (strpos($name, '[__identity]') === FALSE ? $name : substr($name, 0, -strlen('[__identity]'))) . '[' . $index . ']'; $this->registerFieldNameForFormTokenGeneration($name); $this->tag->addAttribute('name', $name . '[submittedFile][resourcePointer]'); $this->tag->addAttribute('type', 'checkbox'); $this->tag->addAttribute('value', htmlspecialchars($this->hashService->appendHmac((string) $resourcePointerValue))); if ($checked) { $this->tag->addAttribute('checked', 'checked'); } return $this->tag->render(); }
/** * Renders the upload field with possible resource pointer * * @return string * @api */ public function render() { $output = ''; $resource = $this->getUploadedResource(); if ($resource !== NULL) { $resourcePointerIdAttribute = ''; if ($this->hasArgument('id')) { $resourcePointerIdAttribute = ' id="' . htmlspecialchars($this->arguments['id']) . '-file-reference"'; } $resourcePointerValue = $resource->getUid(); if ($resourcePointerValue === NULL) { // Newly created file reference which is not persisted yet. // Use the file UID instead, but prefix it with "file:" to communicate this to the type converter $resourcePointerValue = 'file:' . $resource->getOriginalResource()->getOriginalFile()->getUid(); } $output .= '<input type="hidden" name="' . $this->getName() . '[submittedFile][resourcePointer]" value="' . htmlspecialchars($this->hashService->appendHmac((string) $resourcePointerValue)) . '"' . $resourcePointerIdAttribute . ' />'; } $output .= parent::render(); $this->templateVariableContainer->add('resource', $resource); $this->templateVariableContainer->add('property', $this->arguments['property']); $output .= $this->renderChildren(); $this->templateVariableContainer->remove('resource'); $this->templateVariableContainer->remove('property'); return $output; }
/** * Returns the hmac for the given registration in order to cancel the registration * * @param \DERHANSEN\SfEventMgt\Domain\Model\Registration $registration Registration * * @return array */ public function render($registration) { $result = ''; if ($registration) { $result = $this->hashService->generateHmac('reg-' . $registration->getUid()); } return $result; }
/** * @return void */ public function indexAction() { //$GLOBALS['TSFE']->additionalHeaderData[md5('qbtools_jquery')] = '<script type="text/javascript" src="http://code.jquery.com/jquery-1.11.0.min.js"></script>'; $this->view->assign('required', $this->widgetConfiguration['required']); //$this->view->assign("qbmailformid", "qbmailform-".$this->controllerContext->getRequest()->getWidgetContext()->getAjaxWidgetIdentifier()); $id = 'qbmailform-' . md5(uniqid(mt_rand(), true)); $this->view->assign('qbmailformid', $id); $this->widgetConfiguration['receiver_overwrite_email'] = $this->getReceiverOverwriteEmail(); $this->view->assign('absRefPrefix', $GLOBALS['TSFE']->absRefPrefix); $this->view->assign('qbmailformConfig', $this->hashService->appendHmac(base64_encode(serialize($this->widgetConfiguration)))); $this->view->setTemplateRootPath(GeneralUtility::getFileAbsFileName('EXT:qbtools/Resources/Private/Templates/')); }
/** * @test */ public function validateAndStripHmacReturnsTheStringWithoutHmac() { $string = ' Some arbitrary string with special characters: öäüß!"§$ '; $hashedString = $this->hashService->appendHmac($string); $actualResult = $this->hashService->validateAndStripHmac($hashedString); $this->assertSame($string, $actualResult); }
/** * Import a resource and respect configuration given for properties * * @param array $uploadInfo * @param PropertyMappingConfigurationInterface $configuration * @return \TYPO3\CMS\Extbase\Domain\Model\FileReference * @throws TypeConverterException * @throws ExistingTargetFileNameException */ protected function importUploadedResource(array $uploadInfo, PropertyMappingConfigurationInterface $configuration) { if (!GeneralUtility::verifyFilenameAgainstDenyPattern($uploadInfo['name'])) { throw new TypeConverterException('Uploading files with PHP file extensions is not allowed!', 1399312430); } $allowedFileExtensions = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_ALLOWED_EXTENSIONS); if ($allowedFileExtensions !== null) { $filePathInfo = PathUtility::pathinfo($uploadInfo['name']); if (!GeneralUtility::inList($allowedFileExtensions, strtolower($filePathInfo['extension']))) { throw new TypeConverterException('File extension is not allowed!', 1399312430); } } $uploadFolderId = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_FOLDER) ?: $this->defaultUploadFolder; $conflictMode = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_CONFLICT_MODE) ?: $this->defaultConflictMode; $uploadFolder = $this->resourceFactory->retrieveFileOrFolderObject($uploadFolderId); $uploadedFile = $uploadFolder->addUploadedFile($uploadInfo, $conflictMode); $resourcePointer = null; if (isset($uploadInfo['submittedFile']['resourcePointer'])) { $submittedResourcePointer = $uploadInfo['submittedFile']['resourcePointer']; if (strpos($uploadInfo['submittedFile']['resourcePointer'], 'file:') === false) { $resourcePointer = $this->hashService->validateAndStripHmac($submittedResourcePointer); } } $fileReferenceModel = $this->createFileReferenceFromFalFileObject($uploadedFile, $resourcePointer); return $fileReferenceModel; }
/** * Returns banners for the given parameters if given Hmac validation succeeds * * @param string $categories * @param string $startingPoint * @param string $displayMode * @param int $currentPageUid * @param string $hmac * @return string */ public function getBannersAction($categories = '', $startingPoint = '', $displayMode = 'all', $currentPageUid = 0, $hmac = '') { $compareString = $currentPageUid . $categories . $startingPoint . $displayMode; if ($this->hashService->validateHmac($compareString, $hmac)) { /** @var \DERHANSEN\SfBanners\Domain\Model\BannerDemand $demand */ $demand = $this->objectManager->get('DERHANSEN\\SfBanners\\Domain\\Model\\BannerDemand'); $demand->setCategories($categories); $demand->setStartingPoint($startingPoint); $demand->setDisplayMode($displayMode); $demand->setCurrentPageUid($currentPageUid); /* Get banners */ $banners = $this->bannerRepository->findDemanded($demand); /* Update Impressions */ $this->bannerRepository->updateImpressions($banners); /* Collect identifier based on uids for all banners */ $ident = $GLOBALS['TSFE']->id . $GLOBALS['TSFE']->sys_language_uid; foreach ($banners as $banner) { $ident .= $banner->getUid(); } $ret = $this->cacheInstance->get(sha1($ident)); if ($ret === false || $ret === null) { $this->view->assign('banners', $banners); $this->view->assign('settings', $this->settings); $ret = $this->view->render(); // Save value in cache $this->cacheInstance->set(sha1($ident), $ret, array('sf_banners'), $this->settings['cacheLifetime']); } } else { $ret = LocalizationUtility::translate('wrong_hmac', 'SfBanners'); } return $ret; }
/** * Complete password reset * * @param string $hash Identification hash of a password reset token * @param string $password New password of the user * @param string $passwordRepeat Confirmation of the new password * @return void * * @validate $password NotEmpty * @validate $passwordRepeat NotEmpty */ public function completePasswordResetAction($hash, $password, $passwordRepeat) { $token = $this->tokenCache->get($hash); if ($token !== FALSE) { $user = $this->frontendUserRepository->findByIdentifier($token['uid']); if ($user !== NULL) { if ($this->hashService->validateHmac($user->getPassword(), $token['hmac'])) { $user->setPassword($this->passwordService->applyTransformations($password)); $this->frontendUserRepository->update($user); $this->tokenCache->remove($hash); if ($this->getSettingValue('passwordReset.loginOnSuccess')) { $this->authenticationService->authenticateUser($user); $this->addLocalizedFlashMessage('resetPassword.completed.login', NULL, FlashMessage::OK); } else { $this->addLocalizedFlashMessage('resetPassword.completed', NULL, FlashMessage::OK); } } else { $this->addLocalizedFlashMessage('resetPassword.failed.expired', NULL, FlashMessage::ERROR); } } else { $this->addLocalizedFlashMessage('resetPassword.failed.invalid', NULL, FlashMessage::ERROR); } } else { $this->addLocalizedFlashMessage('resetPassword.failed.expired', NULL, FlashMessage::ERROR); } $loginPageUid = $this->getSettingValue('login.page'); $this->redirect('showLoginForm', NULL, NULL, NULL, $loginPageUid); }
/** * Import a resource and respect configuration given for properties * * @param array $uploadInfo * @param PropertyMappingConfigurationInterface $configuration * @return ExtbaseFileReference * @throws TypeConverterException */ protected function importUploadedResource(array $uploadInfo, PropertyMappingConfigurationInterface $configuration) : ExtbaseFileReference { if (!GeneralUtility::verifyFilenameAgainstDenyPattern($uploadInfo['name'])) { throw new TypeConverterException('Uploading files with PHP file extensions is not allowed!', 1471710357); } $uploadFolderId = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_FOLDER) ?: $this->defaultUploadFolder; $conflictMode = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_UPLOAD_CONFLICT_MODE) ?: $this->defaultConflictMode; $uploadFolder = $this->resourceFactory->retrieveFileOrFolderObject($uploadFolderId); $uploadedFile = $uploadFolder->addUploadedFile($uploadInfo, $conflictMode); $validators = $configuration->getConfigurationValue(self::class, self::CONFIGURATION_FILE_VALIDATORS); if (is_array($validators)) { foreach ($validators as $validator) { if ($validator instanceof AbstractValidator) { $validationResult = $validator->validate($uploadedFile); if ($validationResult->hasErrors()) { $uploadedFile->getStorage()->deleteFile($uploadedFile); throw new TypeConverterException($validationResult->getErrors()[0]->getMessage(), 1471708999); } } } } $resourcePointer = isset($uploadInfo['submittedFile']['resourcePointer']) && strpos($uploadInfo['submittedFile']['resourcePointer'], 'file:') === false ? $this->hashService->validateAndStripHmac($uploadInfo['submittedFile']['resourcePointer']) : null; $fileReferenceModel = $this->createFileReferenceFromFalFileObject($uploadedFile, $resourcePointer); return $fileReferenceModel; }
/** * Checks if the registration can be cancelled and returns an array of variables * * @param int $reguid UID of registration * @param string $hmac HMAC for parameters * * @return array */ public function checkCancelRegistration($reguid, $hmac) { /* @var $registration Registration */ $registration = NULL; $failed = FALSE; $messageKey = 'event.message.cancel_successful'; $titleKey = 'cancelRegistration.title.successful'; if (!$this->hashService->validateHmac('reg-' . $reguid, $hmac)) { $failed = TRUE; $messageKey = 'event.message.cancel_failed_wrong_hmac'; $titleKey = 'cancelRegistration.title.failed'; } else { $registration = $this->registrationRepository->findByUid($reguid); } if (!$failed && is_null($registration)) { $failed = TRUE; $messageKey = 'event.message.cancel_failed_registration_not_found_or_cancelled'; $titleKey = 'cancelRegistration.title.failed'; } if (!$failed && $registration->getEvent()->getEnableCancel() === FALSE) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_cancel_disabled'; $titleKey = 'cancelRegistration.title.failed'; } if (!$failed && $registration->getEvent()->getCancelDeadline() > 0 && $registration->getEvent()->getCancelDeadline() < new \DateTime()) { $failed = TRUE; $messageKey = 'event.message.cancel_failed_deadline_expired'; $titleKey = 'cancelRegistration.title.failed'; } return array($failed, $registration, $messageKey, $titleKey); }
/** * Verify the request. Checks if there is an __hmac argument, and if yes, tries to validate and verify it. * * In the end, $request->setHmacVerified is set depending on the value. * * @param \TYPO3\CMS\Extbase\Mvc\Web\Request $request The request to verify * @throws \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException * @return void */ public function verifyRequest(\TYPO3\CMS\Extbase\Mvc\Web\Request $request) { if (!$request->getInternalArgument('__hmac')) { $request->setHmacVerified(FALSE); return; } $hmac = $request->getInternalArgument('__hmac'); if (strlen($hmac) < 40) { throw new \TYPO3\CMS\Extbase\Security\Exception\SyntacticallyWrongRequestHashException('Request hash too short. This is a probably manipulation attempt!', 1255089361); } $serializedFieldNames = substr($hmac, 0, -40); // TODO: Constant for hash length needs to be introduced $hash = substr($hmac, -40); if ($this->hashService->validateHmac($serializedFieldNames, $hash)) { $requestArguments = $request->getArguments(); // Unset framework arguments unset($requestArguments['__referrer']); unset($requestArguments['__hmac']); if ($this->checkFieldNameInclusion($requestArguments, unserialize($serializedFieldNames))) { $request->setHmacVerified(TRUE); } else { $request->setHmacVerified(FALSE); } } else { $request->setHmacVerified(FALSE); } }
/** * Retrieve fileReference UID from hmac * @param string $hmac * @return integer */ protected function retrieveFileReferenceUid($hmac) { try { return (int) $this->hashService->validateAndStripHmac($hmac); } catch (Exception $e) { return $this->returnStatus(500, $e->getMessage()); } }
/** * Returns the rendered HTML for the given template * * @param \DERHANSEN\SfEventMgt\Domain\Model\Event $event Event * @param \DERHANSEN\SfEventMgt\Domain\Model\Registration $registration Registration * @param string $template Template * @param array $settings Settings * * @return string */ protected function getNotificationBody($event, $registration, $template, $settings) { /** @var \TYPO3\CMS\Fluid\View\StandaloneView $emailView */ $emailView = $this->objectManager->get('TYPO3\\CMS\\Fluid\\View\\StandaloneView'); $emailView->setFormat('html'); $extbaseFrameworkConfiguration = $this->configurationManager->getConfiguration(ConfigurationManagerInterface::CONFIGURATION_TYPE_FULL_TYPOSCRIPT); $templateRootPath = GeneralUtility::getFileAbsFileName($extbaseFrameworkConfiguration['plugin.']['tx_sfeventmgt.']['view.']['templateRootPath']); $layoutRootPath = GeneralUtility::getFileAbsFileName($extbaseFrameworkConfiguration['plugin.']['tx_sfeventmgt.']['view.']['layoutRootPath']); $emailView->setLayoutRootPath($layoutRootPath); $emailView->setTemplatePathAndFilename($templateRootPath . $template); $emailView->assignMultiple(array('event' => $event, 'registration' => $registration, 'settings' => $settings, 'hmac' => $this->hashService->generateHmac('reg-' . $registration->getUid()), 'reghmac' => $this->hashService->appendHmac((string) $registration->getUid()))); $emailBody = $emailView->render(); return $emailBody; }
/** * @param ElectionInvitation $electionInvitation * @param string $hmac * @return string */ public function voteAction(ElectionInvitation $electionInvitation = null, $hmac = '') { if (null !== $electionInvitation && '' !== $hmac) { $saltedEmail = $electionInvitation->getSecret() . $electionInvitation->getElector()->getEmail(); if ($this->hashService->validateHmac($saltedEmail, $hmac)) { if ($electionInvitation->isVoted()) { $this->addFlashMessage(LocalizationUtility::translate('controller.fe.election.vote.already_voted', 'election'), LocalizationUtility::translate('controller.fe.election.vote.request_failed', 'election'), AbstractMessage::ERROR); $this->redirect(FeDashboardController::ACTION_INDEX, FeDashboardController::CONTROLLER_NAME); } elseif ($electionInvitation->getElectionEndDateAsTimestamp() < time()) { $this->addFlashMessage(LocalizationUtility::translate('controller.fe.election.vote.election_finished', 'election'), LocalizationUtility::translate('controller.fe.election.vote.request_failed', 'election'), AbstractMessage::ERROR); $this->redirect(FeDashboardController::ACTION_INDEX, FeDashboardController::CONTROLLER_NAME); } else { $this->view->assign('electionInvitation', $electionInvitation); $this->view->assign('electionVoting', new ElectionVoting()); } } else { $this->addFlashMessage(LocalizationUtility::translate('controller.fe.election.vote.hmac_invalid', 'election'), LocalizationUtility::translate('controller.fe.election.vote.request_failed', 'election'), AbstractMessage::ERROR); $this->redirect(FeDashboardController::ACTION_INDEX, FeDashboardController::CONTROLLER_NAME); } } else { $this->addFlashMessage(LocalizationUtility::translate('controller.fe.election.vote.no_election_or_hmac', 'election'), LocalizationUtility::translate('controller.fe.election.vote.request_failed', 'election'), AbstractMessage::ERROR); $this->redirect(FeDashboardController::ACTION_INDEX, FeDashboardController::CONTROLLER_NAME); } }
/** * Get a freshly built request object pointing to the Referrer. * * @return ReferringRequest the referring request, or null if no referrer found */ public function getReferringRequest() { if (isset($this->internalArguments['__referrer']['@request'])) { $referrerArray = unserialize($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['@request'])); $arguments = []; if (isset($this->internalArguments['__referrer']['arguments'])) { // This case is kept for compatibility in 7.6 and 6.2, but will be removed in 8 $arguments = unserialize(base64_decode($this->hashService->validateAndStripHmac($this->internalArguments['__referrer']['arguments']))); } $referringRequest = new ReferringRequest(); $referringRequest->setArguments(array_replace_recursive($arguments, $referrerArray)); return $referringRequest; } return null; }
/** * Initialize the property mapping configuration in $controllerArguments if * the trusted properties are set inside the request. * * @param \TYPO3\CMS\Extbase\Mvc\Request $request * @param \TYPO3\CMS\Extbase\Mvc\Controller\Arguments $controllerArguments * * @return void */ public function initializePropertyMappingConfigurationFromRequest(\TYPO3\CMS\Extbase\Mvc\Request $request, \TYPO3\CMS\Extbase\Mvc\Controller\Arguments $controllerArguments) { $trustedPropertiesToken = $request->getInternalArgument('__trustedProperties'); if (!is_string($trustedPropertiesToken)) { return; } $serializedTrustedProperties = $this->hashService->validateAndStripHmac($trustedPropertiesToken); $trustedProperties = unserialize($serializedTrustedProperties); foreach ($trustedProperties as $propertyName => $propertyConfiguration) { if (!$controllerArguments->hasArgument($propertyName)) { continue; } $propertyMappingConfiguration = $controllerArguments->getArgument($propertyName)->getPropertyMappingConfiguration(); $this->modifyPropertyMappingConfiguration($propertyConfiguration, $propertyMappingConfiguration); } }
/** * Get a freshly built request object pointing to the Referrer. * * @return Request the referring request, or NULL if no referrer found */ public function getReferringRequest() { if (isset($this->internalArguments['__referrer']) && is_array($this->internalArguments['__referrer'])) { $referrerArray = $this->internalArguments['__referrer']; $referringRequest = new \TYPO3\CMS\Extbase\Mvc\Web\Request(); $arguments = array(); if (isset($referrerArray['arguments'])) { $serializedArgumentsWithHmac = $referrerArray['arguments']; $serializedArguments = $this->hashService->validateAndStripHmac($serializedArgumentsWithHmac); $arguments = unserialize(base64_decode($serializedArguments)); unset($referrerArray['arguments']); } $referringRequest->setArguments(\TYPO3\CMS\Extbase\Utility\ArrayUtility::arrayMergeRecursiveOverrule($arguments, $referrerArray)); return $referringRequest; } return NULL; }
/** * Renders hidden form fields for referrer information about * the current controller and action. * * @return string Hidden fields with referrer information * @todo filter out referrer information that is equal to the target (e.g. same packageKey) */ protected function renderHiddenReferrerFields() { $request = $this->renderingContext->getControllerContext()->getRequest(); $extensionName = $request->getControllerExtensionName(); $vendorName = $request->getControllerVendorName(); $controllerName = $request->getControllerName(); $actionName = $request->getControllerActionName(); $result = LF; $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@extension]') . '" value="' . $extensionName . '" />' . LF; if ($vendorName !== null) { $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@vendor]') . '" value="' . $vendorName . '" />' . LF; } $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@controller]') . '" value="' . $controllerName . '" />' . LF; $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@action]') . '" value="' . $actionName . '" />' . LF; $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[arguments]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(base64_encode(serialize($request->getArguments())))) . '" />' . LF; return $result; }
/** * Returns the rendered HTML for the given template * * @param \DERHANSEN\SfEventMgt\Domain\Model\Event $event Event * @param \DERHANSEN\SfEventMgt\Domain\Model\Registration $registration Registration * @param string $template Template * @param array $settings Settings * * @return string */ protected function getNotificationBody($event, $registration, $template, $settings) { /** @var \TYPO3\CMS\Fluid\View\StandaloneView $emailView */ $emailView = $this->objectManager->get('TYPO3\\CMS\\Fluid\\View\\StandaloneView'); $emailView->setFormat('html'); $layoutRootPaths = $this->fluidStandaloneService->getTemplateFolders('layout'); $partialRootPaths = $this->fluidStandaloneService->getTemplateFolders('partial'); if (TYPO3_MODE === 'BE' && $registration->getLanguage() !== '') { // Temporary set Language of current BE user to given language $GLOBALS['BE_USER']->uc['lang'] = $registration->getLanguage(); $emailView->getRequest()->setControllerExtensionName('SfEventMgt'); } $emailView->setLayoutRootPaths($layoutRootPaths); $emailView->setPartialRootPaths($partialRootPaths); $emailView->setTemplatePathAndFilename($this->fluidStandaloneService->getTemplatePath($template)); $emailView->assignMultiple(['event' => $event, 'registration' => $registration, 'settings' => $settings, 'hmac' => $this->hashService->generateHmac('reg-' . $registration->getUid()), 'reghmac' => $this->hashService->appendHmac((string) $registration->getUid())]); $emailBody = $emailView->render(); return $emailBody; }
/** * Renders hidden form fields for referrer information about * the current controller and action. * * @return string Hidden fields with referrer information * @todo filter out referrer information that is equal to the target (e.g. same packageKey) */ protected function renderHiddenReferrerFields() { $request = $this->controllerContext->getRequest(); $extensionName = $request->getControllerExtensionName(); $controllerName = $request->getControllerName(); $actionName = $request->getControllerActionName(); $result = chr(10); if ($this->configurationManager->isFeatureEnabled('rewrittenPropertyMapper')) { $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@extension]') . '" value="' . $extensionName . '" />' . chr(10); $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@controller]') . '" value="' . $controllerName . '" />' . chr(10); $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@action]') . '" value="' . $actionName . '" />' . chr(10); $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[arguments]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(base64_encode(serialize($request->getArguments())))) . '" />' . chr(10); } else { // @deprecated since Extbase 1.4.0, will be removed with Extbase 1.6.0. $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[extensionName]') . '" value="' . $extensionName . '" />' . chr(10); $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[controllerName]') . '" value="' . $controllerName . '" />' . chr(10); $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[actionName]') . '" value="' . $actionName . '" />' . chr(10); } return $result; }
/** * Saves the registration * * @param \DERHANSEN\SfEventMgt\Domain\Model\Registration $registration Registration * @param \DERHANSEN\SfEventMgt\Domain\Model\Event $event Event * @validate $registration \DERHANSEN\SfEventMgt\Validation\Validator\RegistrationValidator * * @return void */ public function saveRegistrationAction(Registration $registration, Event $event) { $autoConfirmation = (bool) $this->settings['registration']['autoConfirmation']; $result = RegistrationResult::REGISTRATION_SUCCESSFUL; $success = $this->checkRegistrationSuccess($event, $registration, $result); // Save registration if no errors if ($success) { $linkValidity = (int) $this->settings['confirmation']['linkValidity']; if ($linkValidity === 0) { // Use 3600 seconds as default value if not set $linkValidity = 3600; } $confirmationUntil = new \DateTime(); $confirmationUntil->add(new \DateInterval('PT' . $linkValidity . 'S')); $registration->setEvent($event); $registration->setPid($event->getPid()); $registration->setConfirmationUntil($confirmationUntil); $registration->_setProperty('_languageUid', $GLOBALS['TSFE']->sys_language_uid); $this->registrationRepository->add($registration); // Persist registration, so we have an UID $this->objectManager->get('TYPO3\\CMS\\Extbase\\Persistence\\Generic\\PersistenceManager')->persistAll(); // Send notifications to user and admin if confirmation link should be sent if (!$autoConfirmation) { $this->notificationService->sendUserMessage($event, $registration, $this->settings, MessageType::REGISTRATION_NEW); $this->notificationService->sendAdminMessage($event, $registration, $this->settings, MessageType::REGISTRATION_NEW); } // Create given amount of registrations if necessary if ($registration->getAmountOfRegistrations() > 1) { $this->registrationService->createDependingRegistrations($registration); } // Clear cache for configured pages $this->utilityService->clearCacheForConfiguredUids($this->settings); } if ($autoConfirmation && $success) { $this->redirect('confirmRegistration', NULL, NULL, array('reguid' => $registration->getUid(), 'hmac' => $this->hashService->generateHmac('reg-' . $registration->getUid()))); } else { $this->redirect('saveRegistrationResult', NULL, NULL, array('result' => $result)); } }
/** * Confirms the registration if possible and sends e-mails to admin and user * * @param int $reguid UID of registration * @param string $hmac HMAC for parameters * * @return void */ public function confirmRegistrationAction($reguid, $hmac) { /* @var $registration Registration */ $registration = NULL; $failed = FALSE; $messageKey = 'event.message.confirmation_successful'; $titleKey = 'confirmRegistration.title.successful'; if (!$this->hashService->validateHmac('reg-' . $reguid, $hmac)) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_wrong_hmac'; $titleKey = 'confirmRegistration.title.failed'; } else { $registration = $this->registrationRepository->findByUid($reguid); } if (!$failed && is_null($registration)) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_registration_not_found'; $titleKey = 'confirmRegistration.title.failed'; } if (!$failed && $registration->getConfirmationUntil() < new \DateTime()) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_confirmation_until_expired'; $titleKey = 'confirmRegistration.title.failed'; } if (!$failed && $registration->getConfirmed() === TRUE) { $failed = TRUE; $messageKey = 'event.message.confirmation_failed_already_confirmed'; $titleKey = 'confirmRegistration.title.failed'; } if ($failed === FALSE) { $registration->setConfirmed(TRUE); $this->registrationRepository->update($registration); // Send notifications to user and admin $this->notificationService->sendUserMessage($registration->getEvent(), $registration, $this->settings, MessageType::REGISTRATION_CONFIRMED); $this->notificationService->sendAdminMessage($registration->getEvent(), $registration, $this->settings, MessageType::REGISTRATION_CONFIRMED); // Confirm registrations depending on main registration if necessary if ($registration->getAmountOfRegistrations() > 1) { $this->registrationService->confirmDependingRegistrations($registration); } } $this->view->assign('messageKey', $messageKey); $this->view->assign('titleKey', $titleKey); }
/** * Returns the payment Uri for the given action and registration * * @param string $action * @param \DERHANSEN\SfEventMgt\Domain\Model\Registration $registration * @return string * @throws \TYPO3\CMS\Extbase\Security\Exception\InvalidArgumentForHashGenerationException */ protected function getPaymentUriForAction($action, $registration) { $this->uriBuilder->setCreateAbsoluteUri(true)->setUseCacheHash(false); return $this->uriBuilder->uriFor($action, ['registration' => $registration, 'hmac' => $this->hashService->generateHmac($action . 'Action-' . $registration->getUid())], 'Payment', 'sfeventmgt', 'Pipayment'); }
/** * @return void */ protected function initializeFormStateFromRequest() { $serializedFormStateWithHmac = $this->request->getInternalArgument('__state'); if ($serializedFormStateWithHmac === null) { $this->formState = GeneralUtility::makeInstance(FormState::class); } else { $serializedFormState = $this->hashService->validateAndStripHmac($serializedFormStateWithHmac); $this->formState = unserialize(base64_decode($serializedFormState)); } }
/** * Confirms the registration if possible and sends e-mails to admin and user * * @param int $reguid UID of registration * @param string $hmac HMAC for parameters * * @return void */ public function confirmRegistrationAction($reguid, $hmac) { /* @var $registration Registration */ list($failed, $registration, $messageKey, $titleKey) = $this->registrationService->checkConfirmRegistration($reguid, $hmac); if ($failed === false) { $registration->setConfirmed(true); $this->registrationRepository->update($registration); $messageType = MessageType::REGISTRATION_CONFIRMED; if ($registration->getWaitlist()) { $messageType = MessageType::REGISTRATION_WAITLIST_CONFIRMED; } // Send notifications to user and admin $this->notificationService->sendUserMessage($registration->getEvent(), $registration, $this->settings, $messageType); $this->notificationService->sendAdminMessage($registration->getEvent(), $registration, $this->settings, $messageType); // Confirm registrations depending on main registration if necessary if ($registration->getAmountOfRegistrations() > 1) { $this->registrationService->confirmDependingRegistrations($registration); } } // Redirect to payment provider if payment/redirect is enabled $paymentPid = (int) $this->settings['paymentPid']; if (!$failed && $paymentPid > 0 && $this->registrationService->redirectPaymentEnabled($registration)) { $this->uriBuilder->reset()->setTargetPageUid($paymentPid)->setUseCacheHash(false); $uri = $this->uriBuilder->uriFor('redirect', ['registration' => $registration, 'hmac' => $this->hashService->generateHmac('redirectAction-' . $registration->getUid())], 'Payment', 'sfeventmgt', 'Pipayment'); $this->redirectToUri($uri); } $this->view->assign('messageKey', $messageKey); $this->view->assign('titleKey', $titleKey); }