TYPO3 Formhandler HashService Interceptor
| <?php | |
| /* * | |
| * This script is part of the TYPO3 project - inspiring people to share! * | |
| * * | |
| * TYPO3 is free software; you can redistribute it and/or modify it under * | |
| * the terms of the GNU General Public License version 2 as published by * | |
| * the Free Software Foundation. * | |
| * * | |
| * This script is distributed in the hope that it will be useful, but * | |
| * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHAN- * | |
| * TABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General * | |
| * Public License for more details. * | |
| * */ | |
| /** | |
| * An interceptor which is able to validate GET/POST variables with the | |
| * TYPO3 Extbase HashService. | |
| * | |
| * NOTE: Make sure you use PreProcessor_LoadGetPost before using this interceptor! | |
| * | |
| * Example: | |
| * <code> | |
| * initInterceptors.1.class = Tx_Formhandler_Interceptor_HashService | |
| * | |
| * initInterceptors.1.config.redirectPage = 17 | |
| * | |
| * initInterceptors.1.config.validateHmac.fields.uid1 = hmacForUid1 | |
| * initInterceptors.1.config.validateHmac.fields.uid2 = hmacForUid2 | |
| * | |
| * initInterceptors.1.config.validateAndStripHmac.fields.1 = appendedHmacString1 | |
| * initInterceptors.1.config.validateAndStripHmac.fields.2 = appendedHmacString2 | |
| * | |
| * </code> | |
| * | |
| * The validateHmac configuration checks, if the the GP var hmacForUid1 is the | |
| * correct HMAC for the GP var uid1 | |
| * | |
| * The validateAndStripHmac configuration checks, if the the GP var appendedHmacString1 | |
| * is a HMAC string that can be validated | |
| * | |
| * @author Torben Hansen <derhansen@gmail.com> | |
| */ | |
| class Tx_Formhandler_Interceptor_HashService extends Tx_Formhandler_AbstractInterceptor { | |
| /** | |
| * The main method called by the controller | |
| * | |
| * @return array The GET/POST parameters | |
| */ | |
| public function process() { | |
| if (!$this->validateGPVars()) { | |
| if ($this->settings['redirectPage']) { | |
| $this->globals->getSession()->reset(); | |
| $this->utilityFuncs->doRedirectBasedOnSettings($this->settings, $this->gp); | |
| return 'Given GET/POST vars could not be validated'; | |
| } else { | |
| $content = 'Given GET/POST vars could not be validated'; | |
| $this->globals->getSession()->reset(); | |
| return $content; | |
| } | |
| } | |
| return $this->gp; | |
| } | |
| /** | |
| * Performs HMAC validation for the configured GET/POST variables | |
| * | |
| * @return bool TRUE, if successfull, else FALSE | |
| */ | |
| public function validateGPVars(){ | |
| $hashService = new \TYPO3\CMS\Extbase\Security\Cryptography\HashService(); | |
| // Checks if validateHmac is configured and validates each string/hmac | |
| if (is_array($this->settings['validateHmac.'])) { | |
| foreach ($this->settings['validateHmac.']['fields.'] as $fieldName => $hmac) { | |
| if (is_null($this->gp[$fieldName]) || is_null($this->gp[$hmac])) { | |
| return FALSE; | |
| } | |
| $result = $hashService->validateHmac($this->gp[$fieldName], $this->gp[$hmac]); | |
| if (!$result) { | |
| return FALSE; | |
| } | |
| } | |
| } | |
| // Checks if validateAndStripHmac is configured and validates the given hmacs | |
| if (is_array($this->settings['validateAndStripHmac.'])) { | |
| foreach ($this->settings['validateAndStripHmac.']['fields.'] as $fieldNum => $appendedHmac) { | |
| if (is_null($this->gp[$appendedHmac])) { | |
| return FALSE; | |
| } | |
| try { | |
| $hashService->validateAndStripHmac($this->gp[$appendedHmac]); | |
| } catch(\Exception $e) { | |
| return FALSE; | |
| } | |
| } | |
| } | |
| return TRUE; | |
| } | |
| } | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment