[Summary view] [Print] [Text view]

   1  <?php
   2  /**
   3   * Part of the Joomla Framework Application Package
   4   *
   5   * @copyright  Copyright (C) 2005 - 2021 Open Source Matters, Inc. All rights reserved.
   6   * @license    GNU General Public License version 2 or later; see LICENSE
   7   */
   8  
   9  namespace Joomla\Application;
  10  
  11  use Joomla\Input\Input;
  12  use Joomla\Session\SessionInterface;
  13  
  14  /**
  15   * Trait which helps implementing `Joomla\Application\SessionAwareWebApplicationInterface` in a web application class.
  16   *
  17   * @since  2.0.0
  18   */
  19  trait SessionAwareWebApplicationTrait
  20  {
  21      /**
  22       * The application session object.
  23       *
  24       * @var    SessionInterface
  25       * @since  2.0.0
  26       */
  27      protected $session;
  28  
  29      /**
  30       * Method to get the application input object.
  31       *
  32       * @return  Input
  33       *
  34       * @since   2.0.0
  35       */
  36      abstract public function getInput(): Input;
  37  
  38      /**
  39       * Method to get the application session object.
  40       *
  41       * @return  SessionInterface  The session object
  42       *
  43       * @since   2.0.0
  44       */
  45  	public function getSession()
  46      {
  47          if ($this->session === null)
  48          {
  49              throw new \RuntimeException(\sprintf('A %s object has not been set.', SessionInterface::class));
  50          }
  51  
  52          return $this->session;
  53      }
  54  
  55      /**
  56       * Sets the session for the application to use, if required.
  57       *
  58       * @param   SessionInterface  $session  A session object.
  59       *
  60       * @return  $this
  61       *
  62       * @since   2.0.0
  63       */
  64  	public function setSession(SessionInterface $session)
  65      {
  66          $this->session = $session;
  67  
  68          return $this;
  69      }
  70  
  71      /**
  72       * Checks for a form token in the request.
  73       *
  74       * @param   string  $method  The request method in which to look for the token key.
  75       *
  76       * @return  boolean
  77       *
  78       * @since   2.0.0
  79       */
  80  	public function checkToken($method = 'post')
  81      {
  82          $token = $this->getFormToken();
  83  
  84          // Support a token sent via the X-CSRF-Token header, then fall back to a token in the request
  85          $requestToken = $this->getInput()->server->get(
  86              'HTTP_X_CSRF_TOKEN',
  87              $this->getInput()->$method->get($token, '', 'alnum'),
  88              'alnum'
  89          );
  90  
  91          if (!$requestToken)
  92          {
  93              return false;
  94          }
  95  
  96          return $this->getSession()->hasToken($token);
  97      }
  98  
  99      /**
 100       * Method to determine a hash for anti-spoofing variable names
 101       *
 102       * @param   boolean  $forceNew  If true, force a new token to be created
 103       *
 104       * @return  string  Hashed var name
 105       *
 106       * @since   2.0.0
 107       */
 108  	public function getFormToken($forceNew = false)
 109      {
 110          return $this->getSession()->getToken($forceNew);
 111      }
 112  }