1<?php
2
3declare(strict_types=1);
4
5/*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18namespace TYPO3\CMS\Form\Domain\Configuration\FormDefinition\Validators;
19
20use TYPO3\CMS\Core\Utility\ArrayUtility;
21use TYPO3\CMS\Form\Domain\Configuration\Exception\PropertyException;
22
23/**
24 * @internal
25 */
26abstract class CollectionBasedValidator extends AbstractValidator
27{
28
29    /**
30     * Throws an exception if value from a property collection property
31     * does not match its hmac hash or if there is no hmac hash
32     * available for the value.
33     *
34     * @param array $currentElement
35     * @param mixed $value
36     * @param string $sessionToken
37     * @param ValidationDto $dto
38     * @throws PropertyException
39     */
40    public function validatePropertyCollectionElementPropertyValueByHmacData(
41        array $currentElement,
42        $value,
43        string $sessionToken,
44        ValidationDto $dto
45    ): void {
46        $hmacDataPath = $this->buildHmacDataPath($dto->getPropertyPath());
47        if (ArrayUtility::isValidPath($currentElement, $hmacDataPath, '.')) {
48            $hmacData = ArrayUtility::getValueByPath($currentElement, $hmacDataPath, '.');
49
50            $hmacContent = [
51                $dto->getFormElementIdentifier(),
52                $dto->getPropertyCollectionName(),
53                $dto->getPropertyCollectionElementIdentifier(),
54                $dto->getPropertyPath()
55            ];
56
57            if (!$this->getFormDefinitionValidationService()->isPropertyValueEqualToHistoricalValue($hmacContent, $value, $hmacData, $sessionToken)) {
58                $message = 'The value "%s" of property "%s" (form element "%s" / "%s.%s") is not equal to the historical value "%s" #1528591586';
59                throw new PropertyException(
60                    sprintf(
61                        $message,
62                        $value,
63                        $dto->getPropertyPath(),
64                        $dto->getFormElementIdentifier(),
65                        $dto->getPropertyCollectionName(),
66                        $dto->getPropertyCollectionElementIdentifier(),
67                        $hmacData['value'] ?? ''
68                    ),
69                    1528591586
70                );
71            }
72        } else {
73            $message = 'No hmac found for property "%s" (form element "%s" / "%s.%s") #1528591585';
74            throw new PropertyException(
75                sprintf(
76                    $message,
77                    $dto->getPropertyPath(),
78                    $dto->getFormElementIdentifier(),
79                    $dto->getPropertyCollectionName(),
80                    $dto->getPropertyCollectionElementIdentifier()
81                ),
82                1528591585
83            );
84        }
85    }
86}
87