Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
TYPO3 Formhandler HashService Interceptor
<?php
/* *
* This script is part of the TYPO3 project - inspiring people to share! *
* *
* TYPO3 is free software; you can redistribute it and/or modify it under *
* the terms of the GNU General Public License version 2 as published by *
* the Free Software Foundation. *
* *
* This script is distributed in the hope that it will be useful, but *
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHAN- *
* TABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General *
* Public License for more details. *
* */
/**
* An interceptor which is able to validate GET/POST variables with the
* TYPO3 Extbase HashService.
*
* NOTE: Make sure you use PreProcessor_LoadGetPost before using this interceptor!
*
* Example:
* <code>
* initInterceptors.1.class = Tx_Formhandler_Interceptor_HashService
*
* initInterceptors.1.config.redirectPage = 17
*
* initInterceptors.1.config.validateHmac.fields.uid1 = hmacForUid1
* initInterceptors.1.config.validateHmac.fields.uid2 = hmacForUid2
*
* initInterceptors.1.config.validateAndStripHmac.fields.1 = appendedHmacString1
* initInterceptors.1.config.validateAndStripHmac.fields.2 = appendedHmacString2
*
* </code>
*
* The validateHmac configuration checks, if the the GP var hmacForUid1 is the
* correct HMAC for the GP var uid1
*
* The validateAndStripHmac configuration checks, if the the GP var appendedHmacString1
* is a HMAC string that can be validated
*
* @author Torben Hansen <derhansen@gmail.com>
*/
class Tx_Formhandler_Interceptor_HashService extends Tx_Formhandler_AbstractInterceptor {
/**
* The main method called by the controller
*
* @return array The GET/POST parameters
*/
public function process() {
if (!$this->validateGPVars()) {
if ($this->settings['redirectPage']) {
$this->globals->getSession()->reset();
$this->utilityFuncs->doRedirectBasedOnSettings($this->settings, $this->gp);
return 'Given GET/POST vars could not be validated';
} else {
$content = 'Given GET/POST vars could not be validated';
$this->globals->getSession()->reset();
return $content;
}
}
return $this->gp;
}
/**
* Performs HMAC validation for the configured GET/POST variables
*
* @return bool TRUE, if successfull, else FALSE
*/
public function validateGPVars(){
$hashService = new \TYPO3\CMS\Extbase\Security\Cryptography\HashService();
// Checks if validateHmac is configured and validates each string/hmac
if (is_array($this->settings['validateHmac.'])) {
foreach ($this->settings['validateHmac.']['fields.'] as $fieldName => $hmac) {
if (is_null($this->gp[$fieldName]) || is_null($this->gp[$hmac])) {
return FALSE;
}
$result = $hashService->validateHmac($this->gp[$fieldName], $this->gp[$hmac]);
if (!$result) {
return FALSE;
}
}
}
// Checks if validateAndStripHmac is configured and validates the given hmacs
if (is_array($this->settings['validateAndStripHmac.'])) {
foreach ($this->settings['validateAndStripHmac.']['fields.'] as $fieldNum => $appendedHmac) {
if (is_null($this->gp[$appendedHmac])) {
return FALSE;
}
try {
$hashService->validateAndStripHmac($this->gp[$appendedHmac]);
} catch(\Exception $e) {
return FALSE;
}
}
}
return TRUE;
}
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.