vendor/heimrichhannot/contao-ajax-bundle/src/Backend/Hooks.php line 19

Open in your IDE?
  1. <?php
  3. /*
  4.  * Copyright (c) 2018 Heimrich & Hannot GmbH
  5.  *
  6.  * @license LGPL-3.0-or-later
  7.  */
  9. namespace HeimrichHannot\AjaxBundle\Backend;
  11. use Contao\System;
  12. use Symfony\Component\Security\Csrf\CsrfToken;
  14. class Hooks
  15. {
  16.     /**
  17.      * Contao initialize.php hook before request token validation happend.
  18.      */
  19.     public function initializeSystemHook()
  20.     {
  21.         if (System::getContainer()->get('huh.utils.container')->isBackend()) {
  22.             return;
  23.         }
  25.         if (!System::getContainer()->get('huh.request')->isXmlHttpRequest()) {
  26.             return;
  27.         }
  29.         // improved REQUEST_TOKEN handling within front end mode
  30.         if (System::getContainer()->get('huh.request')->isMethod('POST') && !System::getContainer()->get('security.csrf.token_manager')->isTokenValid(new CsrfToken(System::getContainer()->getParameter('contao.csrf_token_name'), System::getContainer()->get('huh.request')->getPost('REQUEST_TOKEN')))) {
  31.             System::getContainer()->get('huh.ajax')->setRequestTokenExpired();
  32.         }
  33.     }
  34. }