1
|
|
|
<?php |
2
|
|
|
/* |
3
|
|
|
* This file is part of EC-CUBE |
4
|
|
|
* |
5
|
|
|
* Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
6
|
|
|
* |
7
|
|
|
* http://www.lockon.co.jp/ |
8
|
|
|
* |
9
|
|
|
* This program is free software; you can redistribute it and/or |
10
|
|
|
* modify it under the terms of the GNU General Public License |
11
|
|
|
* as published by the Free Software Foundation; either version 2 |
12
|
|
|
* of the License, or (at your option) any later version. |
13
|
|
|
* |
14
|
|
|
* This program is distributed in the hope that it will be useful, |
15
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
16
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
17
|
|
|
* GNU General Public License for more details. |
18
|
|
|
* |
19
|
|
|
* You should have received a copy of the GNU General Public License |
20
|
|
|
* along with this program; if not, write to the Free Software |
21
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
22
|
|
|
*/ |
23
|
|
|
|
24
|
|
|
|
25
|
|
|
namespace Eccube\Controller; |
26
|
|
|
|
27
|
|
|
use Eccube\Application; |
28
|
|
|
use Eccube\Common\Constant; |
29
|
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; |
30
|
|
|
use Symfony\Component\Security\Csrf\CsrfToken; |
31
|
|
|
|
32
|
|
|
class AbstractController |
|
|
|
|
33
|
|
|
{ |
34
|
|
|
public function __construct() |
35
|
|
|
{ |
36
|
|
|
} |
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* getBoundForm |
40
|
|
|
* |
41
|
|
|
* @deprecated |
42
|
|
|
*/ |
43
|
|
|
protected function getBoundForm(Application $app, $type) |
44
|
|
|
{ |
45
|
|
|
@trigger_error('The '.__METHOD__.' method is deprecated.', E_USER_DEPRECATED); |
46
|
|
|
|
47
|
|
|
$form = $app['form.factory'] |
48
|
|
|
->createBuilder($app['eccube.form.type.' . $type], $app['eccube.entity.' . $type]) |
|
|
|
|
49
|
|
|
->getForm(); |
50
|
|
|
$form->handleRequest($app['request']); |
51
|
|
|
|
52
|
|
|
return $form; |
53
|
|
|
} |
54
|
|
|
|
55
|
5 |
|
protected function getSecurity($app) |
56
|
|
|
{ |
57
|
5 |
|
return $app['security.token_storage']; |
58
|
|
|
} |
59
|
|
|
|
60
|
88 |
|
protected function isTokenValid($app) |
61
|
|
|
{ |
62
|
88 |
|
$csrf = $app['form.csrf_provider']; |
63
|
88 |
|
$name = Constant::TOKEN_NAME; |
64
|
|
|
|
65
|
88 |
|
if (!$csrf->isTokenValid(new CsrfToken($name, $app['request']->request->get($name)))) { |
66
|
|
|
throw new AccessDeniedHttpException('CSRF token is invalid.'); |
67
|
|
|
} |
68
|
|
|
|
69
|
88 |
|
return true; |
70
|
|
|
} |
71
|
|
|
|
72
|
|
|
} |
73
|
|
|
|