From 5347ef612d1242065adcf170f4b47e508aaf8896 Mon Sep 17 00:00:00 2001 From: Thorsten Rinne Date: Mon, 4 Nov 2024 19:36:52 +0100 Subject: [PATCH] refactor: inject the session class into the Token class (#3202) --- phpmyfaq/404.php | 2 +- phpmyfaq/add.php | 2 +- phpmyfaq/admin/attachments.php | 4 ++-- phpmyfaq/admin/backup.import.php | 2 +- phpmyfaq/admin/backup.main.php | 2 +- phpmyfaq/admin/category.add.php | 2 +- phpmyfaq/admin/category.edit.php | 2 +- phpmyfaq/admin/category.main.php | 13 +++++++++---- phpmyfaq/admin/category.overview.php | 8 +++----- phpmyfaq/admin/category.translate.php | 2 +- phpmyfaq/admin/comments.php | 2 +- phpmyfaq/admin/configuration.php | 2 +- phpmyfaq/admin/faqs.editor.php | 6 +++--- phpmyfaq/admin/faqs.overview.php | 4 ++-- phpmyfaq/admin/forms.php | 4 ++-- phpmyfaq/admin/forms.translations.php | 4 ++-- phpmyfaq/admin/glossary.php | 4 ++-- phpmyfaq/admin/group.php | 2 +- phpmyfaq/admin/header.php | 2 +- phpmyfaq/admin/import.csv.php | 2 +- phpmyfaq/admin/index.php | 2 +- phpmyfaq/admin/instances.php | 4 ++-- phpmyfaq/admin/news.php | 8 ++++---- phpmyfaq/admin/open-questions.php | 4 ++-- phpmyfaq/admin/password.change.php | 6 +++--- phpmyfaq/admin/report.main.php | 2 +- phpmyfaq/admin/session.keepalive.php | 16 +++++++++++++++- phpmyfaq/admin/statistics.admin-log.php | 2 +- phpmyfaq/admin/statistics.ratings.php | 4 ++-- phpmyfaq/admin/statistics.search.php | 2 +- phpmyfaq/admin/statistics.sessions.php | 10 +++++----- phpmyfaq/admin/stickyfaqs.php | 2 +- phpmyfaq/admin/stopwords.php | 2 +- phpmyfaq/admin/tags.php | 2 +- phpmyfaq/admin/user.php | 12 ++++++------ phpmyfaq/ask.php | 2 +- phpmyfaq/bookmarks.php | 4 ++-- phpmyfaq/contact.php | 2 +- phpmyfaq/faq.php | 8 ++++---- phpmyfaq/glossary.php | 2 +- phpmyfaq/index.php | 4 ++-- phpmyfaq/login.php | 2 +- phpmyfaq/news.php | 4 ++-- phpmyfaq/open-questions.php | 2 +- phpmyfaq/overview.php | 2 +- phpmyfaq/password.php | 2 +- phpmyfaq/register.php | 2 +- phpmyfaq/request-removal.php | 4 ++-- phpmyfaq/search.php | 2 +- phpmyfaq/show.php | 2 +- phpmyfaq/sitemap.php | 2 +- .../Administration/AttachmentController.php | 10 ++++++++-- .../Administration/CategoryController.php | 4 ++-- .../Administration/CommentController.php | 5 ++++- .../Administration/ConfigurationController.php | 2 +- .../ConfigurationTabController.php | 2 +- .../Administration/ExportController.php | 5 ++++- .../Administration/FaqController.php | 2 +- .../Administration/FormController.php | 10 +++++----- .../Administration/GlossaryController.php | 6 +++--- .../Administration/ImageController.php | 5 ++++- .../Administration/InstanceController.php | 4 ++-- .../Administration/NewsController.php | 8 ++++---- .../Administration/QuestionController.php | 7 +++++-- .../Administration/SearchController.php | 5 ++++- .../Administration/SessionController.php | 2 +- .../Administration/StatisticsController.php | 7 +++++-- .../Administration/StopWordController.php | 4 ++-- .../Administration/TagController.php | 2 +- .../Administration/UserController.php | 15 +++++++++------ .../Controller/Frontend/BookmarkController.php | 10 +++++----- .../Controller/Frontend/CommentController.php | 5 ++++- .../Controller/Frontend/UserController.php | 6 +++--- phpmyfaq/src/phpMyFAQ/Session/Token.php | 12 ++++++++---- phpmyfaq/src/services.php | 16 +++++++++++----- phpmyfaq/ucp.php | 6 +++--- tests/phpMyFAQ/ApplicationTest.php | 1 - tests/phpMyFAQ/Session/TokenTest.php | 18 +++++++++++++----- 78 files changed, 219 insertions(+), 155 deletions(-) diff --git a/phpmyfaq/404.php b/phpmyfaq/404.php index 87684f1b92..6d66e533bc 100644 --- a/phpmyfaq/404.php +++ b/phpmyfaq/404.php @@ -26,7 +26,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking(SessionActionType::NOT_FOUND->value, 0); diff --git a/phpmyfaq/add.php b/phpmyfaq/add.php index 4ec0ad611e..b1afad1e0c 100644 --- a/phpmyfaq/add.php +++ b/phpmyfaq/add.php @@ -40,7 +40,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); // Check user permissions diff --git a/phpmyfaq/admin/attachments.php b/phpmyfaq/admin/attachments.php index 34a5fd3499..84701d3424 100644 --- a/phpmyfaq/admin/attachments.php +++ b/phpmyfaq/admin/attachments.php @@ -70,8 +70,8 @@ 'adminMsgTransToolLanguage' => Translation::get('msgTransToolLanguage'), 'adminMsgAttachmentsFilesize' => Translation::get('msgAttachmentsFilesize'), 'adminMsgAttachmentsMimeType' => Translation::get('msgAttachmentsMimeType'), - 'csrfTokenDeletion' => Token::getInstance()->getTokenString('delete-attachment'), - 'csrfTokenRefresh' => Token::getInstance()->getTokenString('refresh-attachment'), + 'csrfTokenDeletion' => Token::getInstance($container->get('session'))->getTokenString('delete-attachment'), + 'csrfTokenRefresh' => Token::getInstance($container->get('session'))->getTokenString('refresh-attachment'), 'attachments' => $crumbs, 'adminMsgButtonDelete' => Translation::get('ad_gen_delete'), 'adminMsgFaqTitle' => Translation::get('ad_entry_faq_record'), diff --git a/phpmyfaq/admin/backup.import.php b/phpmyfaq/admin/backup.import.php index 813a56a9ea..74d734bdda 100644 --- a/phpmyfaq/admin/backup.import.php +++ b/phpmyfaq/admin/backup.import.php @@ -40,7 +40,7 @@ if ( $user->perm->hasPermission($user->getUserId(), PermissionType::RESTORE->value) && - Token::getInstance()->verifyToken('restore', $csrfToken) + Token::getInstance($container->get('session'))->verifyToken('restore', $csrfToken) ) { $twig = new TwigWrapper(PMF_ROOT_DIR . '/assets/templates'); $template = $twig->loadTemplate('./admin/backup/import.twig'); diff --git a/phpmyfaq/admin/backup.main.php b/phpmyfaq/admin/backup.main.php index 6067cc3db1..b21a163005 100644 --- a/phpmyfaq/admin/backup.main.php +++ b/phpmyfaq/admin/backup.main.php @@ -40,7 +40,7 @@ 'adminBackupCardBody' => Translation::get('ad_csv_make'), 'adminBackupLinkData' => Translation::get('ad_csv_linkdat'), 'adminBackupLinkLogs' => Translation::get('ad_csv_linklog'), - 'csrfToken' => Token::getInstance()->getTokenString('restore'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('restore'), 'adminRestoreCardHeader' => Translation::get('ad_csv_head2'), 'adminRestoreCardBody' => Translation::get('ad_csv_restore'), 'adminRestoreLabel' => Translation::get('ad_csv_file'), diff --git a/phpmyfaq/admin/category.add.php b/phpmyfaq/admin/category.add.php index b4a7395825..54abf30041 100644 --- a/phpmyfaq/admin/category.add.php +++ b/phpmyfaq/admin/category.add.php @@ -46,7 +46,7 @@ $parentId = Filter::filterInput(INPUT_GET, 'cat', FILTER_VALIDATE_INT, 0); $templateVars = [ - 'csrfTokenInput' => Token::getInstance()->getTokenInput('save-category'), + 'csrfTokenInput' => Token::getInstance($container->get('session'))->getTokenInput('save-category'), 'faqLangCode' => $faqLangCode, 'parentId' => $parentId, 'ad_categ_new' => Translation::get('ad_categ_new'), diff --git a/phpmyfaq/admin/category.edit.php b/phpmyfaq/admin/category.edit.php index c45cf3145f..661baa527e 100644 --- a/phpmyfaq/admin/category.edit.php +++ b/phpmyfaq/admin/category.edit.php @@ -94,7 +94,7 @@ 'categoryId' => $categoryId, 'categoryLanguage' => $categoryData->getLang(), 'parentId' => $categoryData->getParentId(), - 'csrfInputToken' => Token::getInstance()->getTokenInput('update-category'), + 'csrfInputToken' => Token::getInstance($container->get('session'))->getTokenInput('update-category'), 'categoryImage' => $categoryData->getImage(), 'categoryNameLabel' => Translation::get('ad_categ_titel'), 'categoryName' => $categoryData->getName(), diff --git a/phpmyfaq/admin/category.main.php b/phpmyfaq/admin/category.main.php index 52fed2a6f0..b989bc122e 100644 --- a/phpmyfaq/admin/category.main.php +++ b/phpmyfaq/admin/category.main.php @@ -19,7 +19,6 @@ use phpMyFAQ\Category\Image; use phpMyFAQ\Category\Order; use phpMyFAQ\Category\Permission; -use phpMyFAQ\Configuration; use phpMyFAQ\Database; use phpMyFAQ\Entity\CategoryEntity; use phpMyFAQ\Entity\SeoEntity; @@ -38,7 +37,7 @@ exit(); } -$faqConfig = Configuration::getConfigurationInstance(); +$faqConfig = $container->get('phpmyfaq.configuration'); $currentUser = CurrentUser::getCurrentUser($faqConfig); $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_SPECIAL_CHARS); @@ -60,7 +59,10 @@ ]; // Save a new category - if ($action === 'savecategory' && Token::getInstance()->verifyToken('save-category', $csrfToken)) { + if ( + $action === 'savecategory' && + Token::getInstance($container->get('session'))->verifyToken('save-category', $csrfToken) + ) { $category = new Category($faqConfig, [], false); $category->setUser($currentAdminUser); $category->setGroups($currentAdminGroups); @@ -176,7 +178,10 @@ } // Updates an existing category - if ($action === 'updatecategory' && Token::getInstance()->verifyToken('update-category', $csrfToken)) { + if ( + $action === 'updatecategory' && + Token::getInstance($container->get('session'))->verifyToken('update-category', $csrfToken) + ) { $category = new Category($faqConfig, [], false); $category->setUser($currentAdminUser); $category->setGroups($currentAdminGroups); diff --git a/phpmyfaq/admin/category.overview.php b/phpmyfaq/admin/category.overview.php index 31a10566ce..f60ddf8a95 100644 --- a/phpmyfaq/admin/category.overview.php +++ b/phpmyfaq/admin/category.overview.php @@ -16,8 +16,6 @@ */ use phpMyFAQ\Category; -use phpMyFAQ\Category\Order; -use phpMyFAQ\Configuration; use phpMyFAQ\Session\Token; use phpMyFAQ\Template\TwigWrapper; use Symfony\Component\HttpFoundation\Request; @@ -28,13 +26,13 @@ } $request = Request::createFromGlobals(); -$faqConfig = Configuration::getConfigurationInstance(); +$faqConfig = $container->get('phpmyfaq.configuration'); $category = new Category($faqConfig, [], false); $category->buildCategoryTree(); $categoryInfo = $category->getAllCategories(); -$categoryOrder = new Order($faqConfig); +$categoryOrder = $container->get('phpmyfaq.category.order'); $orderedCategories = $categoryOrder->getAllCategories(); $categoryTree = $categoryOrder->getCategoryTree($orderedCategories); @@ -47,7 +45,7 @@ $template = $twig->loadTemplate('./admin/content/category.overview.twig'); $templateVars = [ - 'csrfTokenInput' => Token::getInstance()->getTokenInput('category'), + 'csrfTokenInput' => Token::getInstance($container->get('session'))->getTokenInput('category'), 'categoryTree' => $categoryTree, 'categoryInfo' => $categoryInfo, ]; diff --git a/phpmyfaq/admin/category.translate.php b/phpmyfaq/admin/category.translate.php index ca64e026fa..4f5c15ee7b 100644 --- a/phpmyfaq/admin/category.translate.php +++ b/phpmyfaq/admin/category.translate.php @@ -70,7 +70,7 @@ 'permLevel' => $faqConfig->get('security.permLevel'), 'groupPermission' => $groupPermission[0], 'userPermission' => $userPermission[0], - 'csrf' => Token::getInstance()->getTokenString('update-category'), + 'csrf' => Token::getInstance($container->get('session'))->getTokenString('update-category'), 'ad_categ_title' => Translation::get('ad_categ_titel'), 'ad_categ_lang' => Translation::get('ad_categ_lang'), 'langToTranslate' => $category->getCategoryLanguagesToTranslate($id, $selectedLanguage), diff --git a/phpmyfaq/admin/comments.php b/phpmyfaq/admin/comments.php index 4cbf518b32..84a3b9bb76 100644 --- a/phpmyfaq/admin/comments.php +++ b/phpmyfaq/admin/comments.php @@ -53,7 +53,7 @@ 'currentLocale' => $faqConfig->getLanguage()->getLanguage(), 'faqComments' => $faqComments, 'newsComments' => $newsComments, - 'csrfToken' => Token::getInstance()->getTokenString('delete-comment'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('delete-comment'), ]; echo $template->render($templateVars); diff --git a/phpmyfaq/admin/configuration.php b/phpmyfaq/admin/configuration.php index df4842fd22..7a0e0528b0 100644 --- a/phpmyfaq/admin/configuration.php +++ b/phpmyfaq/admin/configuration.php @@ -36,7 +36,7 @@ $templateVars = [ 'adminHeaderConfiguration' => Translation::get('ad_config_edit'), - 'csrfToken' => Token::getInstance()->getTokenString('configuration'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('configuration'), 'language' => $faqLangCode, 'adminConfigurationButtonReset' => Translation::get('ad_config_reset'), 'adminConfigurationButtonSave' => Translation::get('ad_config_save'), diff --git a/phpmyfaq/admin/faqs.editor.php b/phpmyfaq/admin/faqs.editor.php index 9810fc0dc9..338639ef5e 100644 --- a/phpmyfaq/admin/faqs.editor.php +++ b/phpmyfaq/admin/faqs.editor.php @@ -333,7 +333,7 @@ 'openQuestionId' => $questionId, 'notifyUser' => $notifyUser, 'notifyEmail' => $notifyEmail, - 'csrfToken' => Token::getInstance()->getTokenString('edit-faq'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('edit-faq'), 'ad_entry_theme' => Translation::get('ad_entry_theme'), 'msgNoHashAllowed' => Translation::get('msgNoHashAllowed'), 'msgShowHelp' => Translation::get('msgShowHelp'), @@ -351,7 +351,7 @@ PermissionType::ATTACHMENT_DELETE->value ), 'ad_menu_attachments' => Translation::get('ad_menu_attachments'), - 'csrfTokenDeleteAttachment' => Token::getInstance()->getTokenString('delete-attachment'), + 'csrfTokenDeleteAttachment' => Token::getInstance($container->get('session'))->getTokenString('delete-attachment'), 'attachments' => $attList, 'ad_att_add' => Translation::get('ad_att_add'), 'ad_entry_tags' => Translation::get('ad_entry_tags'), @@ -410,7 +410,7 @@ 'ad_att_addto_2' => Translation::get('ad_att_addto_2'), 'ad_att_att' => Translation::get('ad_att_att'), 'maxAttachmentSize' => $faqConfig->get('records.maxAttachmentSize'), - 'csrfTokenUploadAttachment' => Token::getInstance()->getTokenString('upload-attachment'), + 'csrfTokenUploadAttachment' => Token::getInstance($container->get('session'))->getTokenString('upload-attachment'), 'msgAttachmentsFilesize' => Translation::get('msgAttachmentsFilesize'), 'ad_att_butt' => Translation::get('ad_att_butt'), ]; diff --git a/phpmyfaq/admin/faqs.overview.php b/phpmyfaq/admin/faqs.overview.php index 3bea3931a4..c6090cf88d 100644 --- a/phpmyfaq/admin/faqs.overview.php +++ b/phpmyfaq/admin/faqs.overview.php @@ -48,8 +48,8 @@ $template = $twig->loadTemplate('./admin/content/faq.overview.twig'); $templateVars = [ - 'csrfTokenSearch' => Token::getInstance()->getTokenInput('edit-faq'), - 'csrfTokenOverview' => Token::getInstance()->getTokenString('faq-overview'), + 'csrfTokenSearch' => Token::getInstance($container->get('session'))->getTokenInput('edit-faq'), + 'csrfTokenOverview' => Token::getInstance($container->get('session'))->getTokenString('faq-overview'), 'categories' => $category->getCategoryTree(), 'numberOfRecords' => $categoryRelation->getNumberOfFaqsPerCategory(), 'numberOfComments' => $comments->getNumberOfCommentsByCategory(), diff --git a/phpmyfaq/admin/forms.php b/phpmyfaq/admin/forms.php index 87071dde6a..0831a65067 100644 --- a/phpmyfaq/admin/forms.php +++ b/phpmyfaq/admin/forms.php @@ -40,8 +40,8 @@ 'formDataAddContent' => $forms->getFormData(FormIds::ADD_NEW_FAQ->value), 'msgQuestion' => Translation::get('msgQuestion'), 'msgAddContent' => Translation::get('msgAddContent'), - 'csrfActivate' => Token::getInstance()->getTokenString('activate-input'), - 'csrfRequired' => Token::getInstance()->getTokenString('require-input'), + 'csrfActivate' => Token::getInstance($container->get('session'))->getTokenString('activate-input'), + 'csrfRequired' => Token::getInstance($container->get('session'))->getTokenString('require-input'), 'ad_entry_id' => Translation::get('ad_entry_id'), 'msgInputLabel' => Translation::get('msgInputLabel'), 'msgInputType' => Translation::get('msgInputType'), diff --git a/phpmyfaq/admin/forms.translations.php b/phpmyfaq/admin/forms.translations.php index 045769105c..d6f4b932a9 100644 --- a/phpmyfaq/admin/forms.translations.php +++ b/phpmyfaq/admin/forms.translations.php @@ -62,8 +62,8 @@ 'msgInputLabel' => Translation::get('msgInputLabel'), 'ad_sess_pageviews' => Translation::get('ad_sess_pageviews'), 'msgFormsEditTranslations' => Translation::get('msgFormsEditTranslations'), - 'csrfTokenEditTranslation' => Token::getInstance()->getTokenString('edit-translation'), - 'csrfTokenDeleteTranslation' => Token::getInstance()->getTokenString('delete-translation'), + 'csrfTokenEditTranslation' => Token::getInstance($container->get('session'))->getTokenString('edit-translation'), + 'csrfTokenDeleteTranslation' => Token::getInstance($container->get('session'))->getTokenString('delete-translation'), 'languages' => $languages, 'msgSelectLanguage' => Translation::get('msgSelectLanguage'), 'msgTranslationText' => Translation::get('msgTranslationText'), diff --git a/phpmyfaq/admin/glossary.php b/phpmyfaq/admin/glossary.php index 47c0a5e3a3..116c66214c 100644 --- a/phpmyfaq/admin/glossary.php +++ b/phpmyfaq/admin/glossary.php @@ -49,10 +49,10 @@ 'msgGlossaryDefinition' => Translation::get('ad_glossary_definition'), 'glossaryItems' => $glossary->fetchAll(), 'buttonDelete' => Translation::get('msgDelete'), - 'csrfTokenDelete' => Token::getInstance()->getTokenString('delete-glossary'), + 'csrfTokenDelete' => Token::getInstance($container->get('session'))->getTokenString('delete-glossary'), 'currentLanguage' => $faqLangCode, 'addGlossaryTitle' => Translation::get('ad_glossary_add'), - 'addGlossaryCsrfTokenInput' => Token::getInstance()->getTokenInput('add-glossary'), + 'addGlossaryCsrfTokenInput' => Token::getInstance($container->get('session'))->getTokenInput('add-glossary'), 'closeModal' => Translation::get('ad_att_close'), 'saveModal' => Translation::get('ad_gen_save'), 'updateGlossaryTitle' => Translation::get('ad_glossary_edit'), diff --git a/phpmyfaq/admin/group.php b/phpmyfaq/admin/group.php index ecb36fae53..da86ae348f 100644 --- a/phpmyfaq/admin/group.php +++ b/phpmyfaq/admin/group.php @@ -193,7 +193,7 @@ 'groupName' => Strings::htmlentities($groupData['name']), 'ad_group_deleteQuestion' => Translation::get('ad_group_deleteQuestion'), 'groupId' => $groupId, - 'csrfDeleteGroup' => Token::getInstance()->getTokenString('delete-group'), + 'csrfDeleteGroup' => Token::getInstance($container->get('session'))->getTokenString('delete-group'), 'ad_gen_no' => Translation::get('ad_gen_no'), 'ad_gen_yes' => Translation::get('ad_gen_yes'), 'showDeleteGroupForm' => $showDeleteGroupForm diff --git a/phpmyfaq/admin/header.php b/phpmyfaq/admin/header.php index 4e4c16edc7..0e77662439 100644 --- a/phpmyfaq/admin/header.php +++ b/phpmyfaq/admin/header.php @@ -269,7 +269,7 @@ 'hasGravatarSupport' => $faqConfig->get('main.enableGravatarSupport'), 'gravatarImage' => $gravatarImage ?? '', 'msgChangePassword' => Translation::get('ad_menu_passwd'), - 'csrfTokenLogout' => Token::getInstance()->getTokenString('admin-logout'), + 'csrfTokenLogout' => Token::getInstance($container->get('session'))->getTokenString('admin-logout'), 'msgLogout' => Translation::get('admin_mainmenu_logout'), 'secondLevelEntries' => $secLevelEntries, 'menuUsers' => Translation::get('admin_mainmenu_users'), diff --git a/phpmyfaq/admin/import.csv.php b/phpmyfaq/admin/import.csv.php index a87388ca15..a4863e8e2a 100644 --- a/phpmyfaq/admin/import.csv.php +++ b/phpmyfaq/admin/import.csv.php @@ -51,7 +51,7 @@ 'seperateWithCommas' => Translation::get('msgSeperateWithCommas'), 'tags' => Translation::get('ad_entry_tags'), 'msgImportRecordsColumnStructure' => Translation::get('msgImportRecordsColumnStructure'), - 'csrfToken' => Token::getInstance()->getTokenString('importfaqs'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('importfaqs'), 'is_active' => Translation::get('ad_entry_active'), 'is_sticky' => Translation::get('ad_entry_sticky'), 'trueFalse' => Translation::get('msgCSVImportTrueOrFalse') diff --git a/phpmyfaq/admin/index.php b/phpmyfaq/admin/index.php index 930435de0a..fc259fb508 100755 --- a/phpmyfaq/admin/index.php +++ b/phpmyfaq/admin/index.php @@ -224,7 +224,7 @@ $csrfToken = Filter::filterInput(INPUT_GET, 'csrf', FILTER_SANITIZE_SPECIAL_CHARS); if ( $csrfToken && - Token::getInstance()->verifyToken('admin-logout', $csrfToken) && + Token::getInstance($container->get('session'))->verifyToken('admin-logout', $csrfToken) && $action === 'logout' && $user->isLoggedIn() ) { diff --git a/phpmyfaq/admin/instances.php b/phpmyfaq/admin/instances.php index c1fd8ba519..b902c26e36 100644 --- a/phpmyfaq/admin/instances.php +++ b/phpmyfaq/admin/instances.php @@ -101,8 +101,8 @@ 'multisiteFolderIsWritable' => is_writable(PMF_ROOT_DIR . DIRECTORY_SEPARATOR . 'multisite'), 'ad_instance_add' => Translation::get('ad_instance_add'), 'allInstances' => $instance->getAll(), - 'csrfTokenDeleteInstance' => Token::getInstance()->getTokenString('delete-instance'), - 'csrfTokenAddInstance' => Token::getInstance()->getTokenString('add-instance'), + 'csrfTokenDeleteInstance' => Token::getInstance($container->get('session'))->getTokenString('delete-instance'), + 'csrfTokenAddInstance' => Token::getInstance($container->get('session'))->getTokenString('add-instance'), 'mainConfig' => $mainConfig, 'requestHost' => Request::createFromGlobals()->getHost(), 'ad_instance_button' => Translation::get('ad_instance_button'), diff --git a/phpmyfaq/admin/news.php b/phpmyfaq/admin/news.php index 893e624c0d..1d1a8c5dca 100644 --- a/phpmyfaq/admin/news.php +++ b/phpmyfaq/admin/news.php @@ -45,7 +45,7 @@ 'defaultUrl' => $faqConfig->getDefaultUrl(), 'enableWysiwyg' => $faqConfig->get('main.enableWysiwygEditor'), 'ad_news_add' => Translation::get('ad_news_add'), - 'csrfToken_saveNews' => Token::getInstance()->getTokenString('save-news'), + 'csrfToken_saveNews' => Token::getInstance($container->get('session'))->getTokenString('save-news'), 'ad_news_author_name' => Translation::get('ad_news_author_name'), 'ad_news_set_active' => Translation::get('ad_news_set_active'), 'ad_news_link_url' => Translation::get('ad_news_link_url'), @@ -82,10 +82,10 @@ 'ad_news_delsuc' => Translation::get('ad_news_delsuc'), 'ad_news_updatesuc' => Translation::get('ad_news_updatesuc'), 'msgDeleteNews' => Translation::get('msgDeleteNews'), - 'csrfToken_deleteNews' => Token::getInstance()->getTokenString('delete-news'), - 'csrfToken_updateNews' => Token::getInstance()->getTokenString('update-news'), + 'csrfToken_deleteNews' => Token::getInstance($container->get('session'))->getTokenString('delete-news'), + 'csrfToken_updateNews' => Token::getInstance($container->get('session'))->getTokenString('update-news'), 'ad_entry_active' => Translation::get('ad_entry_active'), - 'csrfToken_activateNews' => Token::getInstance()->getTokenString('activate-news') + 'csrfToken_activateNews' => Token::getInstance($container->get('session'))->getTokenString('activate-news') ]; if ('add-news' == $action && $user->perm->hasPermission($user->getUserId(), PermissionType::NEWS_ADD)) { diff --git a/phpmyfaq/admin/open-questions.php b/phpmyfaq/admin/open-questions.php index b4a563c88b..2d8e7e2aea 100644 --- a/phpmyfaq/admin/open-questions.php +++ b/phpmyfaq/admin/open-questions.php @@ -43,10 +43,10 @@ $category->setGroups($currentAdminGroups); $date = new Date($faqConfig); - $questionId = Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT); + $questionId= Filter::filterInput(INPUT_GET, 'id', FILTER_VALIDATE_INT); $csrfToken = Filter::filterInput(INPUT_GET, 'csrf', FILTER_SANITIZE_SPECIAL_CHARS); - if ($csrfToken && Token::getInstance()->verifyToken('toggle-question-visibility', $csrfToken)) { + if (Token::getInstance($container->get('session'))->verifyToken('toggle-question-visibility', $csrfToken)) { $csrfChecked = true; } else { $csrfChecked = false; diff --git a/phpmyfaq/admin/password.change.php b/phpmyfaq/admin/password.change.php index 1ace7910ab..5a9682ecb4 100644 --- a/phpmyfaq/admin/password.change.php +++ b/phpmyfaq/admin/password.change.php @@ -29,7 +29,7 @@ exit(); } -$faqConfig = Configuration::getConfigurationInstance(); +$faqConfig = $container->get('phpmyfaq.configuration'); $user = CurrentUser::getCurrentUser($faqConfig); $twig = new TwigWrapper(PMF_ROOT_DIR . '/assets/templates'); @@ -41,7 +41,7 @@ $csrfToken = Filter::filterInput(INPUT_POST, 'csrf', FILTER_SANITIZE_SPECIAL_CHARS); $successMessage = $errorMessage = ''; - if (!is_null($save) && Token::getInstance()->verifyToken('password', $csrfToken)) { + if (!is_null($save) && Token::getInstance($container->get('session'))->verifyToken('password', $csrfToken)) { // Define the (Local/Current) Authentication Source $auth = new Auth($faqConfig); $authSource = $auth->selectAuth($user->getAuthSource('name')); @@ -75,7 +75,7 @@ 'adminHeaderPasswordChange' => Translation::get('ad_passwd_cop'), 'successMessage' => $successMessage, 'errorMessage' => $errorMessage, - 'csrfToken' => Token::getInstance()->getTokenString('password'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('password'), 'adminMsgOldPassword' => Translation::get('ad_passwd_old'), 'adminMsgNewPassword' => Translation::get('ad_passwd_new'), 'adminMsgNewPasswordConfirm' => Translation::get('ad_passwd_con'), diff --git a/phpmyfaq/admin/report.main.php b/phpmyfaq/admin/report.main.php index f249945bda..8336c62767 100644 --- a/phpmyfaq/admin/report.main.php +++ b/phpmyfaq/admin/report.main.php @@ -33,7 +33,7 @@ if ($user->perm->hasPermission($user->getUserId(), PermissionType::REPORTS->value)) { $templateVars = [ 'ad_menu_reports' => Translation::get('ad_menu_reports'), - 'csrfTokenInput' => Token::getInstance()->getTokenInput('create-report'), + 'csrfTokenInput' => Token::getInstance($container->get('session'))->getTokenInput('create-report'), 'ad_stat_report_make_report' => Translation::get('ad_stat_report_make_report'), 'ad_stat_report_fields' => Translation::get('ad_stat_report_fields'), 'ad_stat_report_category' => Translation::get('ad_stat_report_category'), diff --git a/phpmyfaq/admin/session.keepalive.php b/phpmyfaq/admin/session.keepalive.php index 109a1ec471..fe11d4d52f 100644 --- a/phpmyfaq/admin/session.keepalive.php +++ b/phpmyfaq/admin/session.keepalive.php @@ -28,6 +28,9 @@ use phpMyFAQ\Template\TwigWrapper; use phpMyFAQ\Translation; use phpMyFAQ\User\CurrentUser; +use Symfony\Component\Config\FileLocator; +use Symfony\Component\DependencyInjection\ContainerBuilder; +use Symfony\Component\DependencyInjection\Loader\PhpFileLoader; define('PMF_ROOT_DIR', dirname(__DIR__)); @@ -42,6 +45,17 @@ require PMF_ROOT_DIR . '/src/Bootstrap.php'; require PMF_ROOT_DIR . '/translations/language_en.php'; +// +// Service Containers +// +$container = new ContainerBuilder(); +$loader = new PhpFileLoader($container, new FileLocator(__DIR__)); +try { + $loader->load('../src/services.php'); +} catch (Exception $e) { + echo $e->getMessage(); +} + $faqConfig = Configuration::getConfigurationInstance(); // @@ -81,7 +95,7 @@ 'phpMyFAQVersion' => System::getVersion(), 'currentYear' => date('Y'), 'isUserLoggedIn' => $user->isLoggedIn() && ($refreshTime > 0), - 'csrfToken' => Token::getInstance()->getTokenString('admin-logout'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('admin-logout'), 'msgConfirm' => sprintf(Translation::get('ad_session_expiring'), PMF_AUTH_TIMEOUT_WARNING), 'sessionTimeout' => PMF_AUTH_TIMEOUT, 'refreshTime' => $refreshTime, diff --git a/phpmyfaq/admin/statistics.admin-log.php b/phpmyfaq/admin/statistics.admin-log.php index af20a7565c..d03772e53a 100644 --- a/phpmyfaq/admin/statistics.admin-log.php +++ b/phpmyfaq/admin/statistics.admin-log.php @@ -75,7 +75,7 @@ $templateVars = [ 'headerAdminLog' => Translation::get('ad_menu_adminlog'), 'buttonDeleteAdminLog' => Translation::get('ad_adminlog_del_older_30d'), - 'csrfDeleteAdminLogToken' => Token::getInstance()->getTokenString('delete-adminlog'), + 'csrfDeleteAdminLogToken' => Token::getInstance($container->get('session'))->getTokenString('delete-adminlog'), 'currentLocale' => $faqConfig->getLanguage()->getLanguage(), 'pagination' => $pagination->render(), 'msgId' => Translation::get('ad_categ_id'), diff --git a/phpmyfaq/admin/statistics.ratings.php b/phpmyfaq/admin/statistics.ratings.php index 9cac2c772c..3827e4a40b 100644 --- a/phpmyfaq/admin/statistics.ratings.php +++ b/phpmyfaq/admin/statistics.ratings.php @@ -48,7 +48,7 @@ $ratingData = new RatingData($faqConfig); $ratings = new Rating($faqConfig); - if ($csrfToken && !Token::getInstance()->verifyToken('clear-statistics', $csrfToken)) { + if ($csrfToken && !Token::getInstance($container->get('session'))->verifyToken('clear-statistics', $csrfToken)) { $clearStatistics = false; } else { $clearStatistics = true; @@ -68,7 +68,7 @@ $templateVars = [ 'adminHeaderRatings' => Translation::get('ad_rs'), - 'csrfToken' => Token::getInstance()->getTokenString('clear-statistics'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('clear-statistics'), 'buttonDeleteAllVotings' => Translation::get('ad_delete_all_votings'), 'isDeleteAllVotings' => 'clear-statistics' === $action && $clearStatistics, 'isDeletedStatistics' => $deletedStatistics ?? false, diff --git a/phpmyfaq/admin/statistics.search.php b/phpmyfaq/admin/statistics.search.php index 60df69d988..53164b1cff 100644 --- a/phpmyfaq/admin/statistics.search.php +++ b/phpmyfaq/admin/statistics.search.php @@ -76,7 +76,7 @@ $templateVars = [ 'ad_menu_searchstats' => Translation::get('ad_menu_searchstats'), - 'csrfToken' => Token::getInstance()->getTokenString('truncate-search-terms'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('truncate-search-terms'), 'ad_searchterm_del' => Translation::get('ad_searchterm_del'), 'ad_searchstats_search_term' => Translation::get('ad_searchstats_search_term'), 'ad_searchstats_search_term_count' => Translation::get('ad_searchstats_search_term_count'), diff --git a/phpmyfaq/admin/statistics.sessions.php b/phpmyfaq/admin/statistics.sessions.php index 5281e653d1..6e264d59a8 100644 --- a/phpmyfaq/admin/statistics.sessions.php +++ b/phpmyfaq/admin/statistics.sessions.php @@ -51,11 +51,11 @@ $csrfTokenFromPost = Filter::filterVar($request->request->get('csrf'), FILTER_SANITIZE_SPECIAL_CHARS); $csrfTokenFromGet = Filter::filterVar($request->query->get('csrf'), FILTER_SANITIZE_SPECIAL_CHARS); - if ($csrfTokenFromPost && !Token::getInstance()->verifyToken('sessions', $csrfTokenFromPost)) { + if (!Token::getInstance($container->get('session'))->verifyToken('sessions', $csrfTokenFromPost)) { $statdelete = null; } - if ($csrfTokenFromGet && !Token::getInstance()->verifyToken('clear-visits', $csrfTokenFromGet)) { + if (!Token::getInstance($container->get('session'))->verifyToken('clear-visits', $csrfTokenFromGet)) { $clearVisits = false; } else { $clearVisits = true; @@ -75,7 +75,7 @@ $templateVars = [ 'adminHeaderSessions' => Translation::get('ad_stat_sess'), - 'csrfTokenClearVisits' => Token::getInstance()->getTokenString('clear-visits'), + 'csrfTokenClearVisits' => Token::getInstance($container->get('session'))->getTokenString('clear-visits'), 'msgClearVisits' => Translation::get('ad_clear_all_visits'), 'hasMessage' => $hasMessage ?? false, 'message' => $message ?? '', @@ -93,13 +93,13 @@ 'renderedDaySelector' => $statisticsHelper->renderDaySelector(), 'buttonOkay' => Translation::get('ad_stat_ok'), 'msgSessionManagement' => Translation::get('ad_stat_management'), - 'csrfTokenSessions' => Token::getInstance()->getTokenInput('sessions'), + 'csrfTokenSessions' => Token::getInstance($container->get('session'))->getTokenInput('sessions'), 'msgChooseMonth' => Translation::get('ad_stat_choose'), 'renderedMonthSelector' => $statisticsHelper->renderMonthSelector(), 'buttonDeleteMonth' => Translation::get('ad_stat_delete'), 'msgExportSessions' => Translation::get('msgExportSessions'), 'msgExportSessionsAsCSV' => Translation::get('msgExportSessionsAsCSV'), - 'csrfTokenExport' => Token::getInstance()->getTokenString('export-sessions'), + 'csrfTokenExport' => Token::getInstance($container->get('session'))->getTokenString('export-sessions'), 'dateToday' => date('Y-m-d'), 'msgExportSessionsFrom' => Translation::get('msgExportSessionsFrom'), 'msgExportSessionsTo' => Translation::get('msgExportSessionsTo'), diff --git a/phpmyfaq/admin/stickyfaqs.php b/phpmyfaq/admin/stickyfaqs.php index 7f839dfae2..25a543c90f 100644 --- a/phpmyfaq/admin/stickyfaqs.php +++ b/phpmyfaq/admin/stickyfaqs.php @@ -41,7 +41,7 @@ 'orderingStickyFaqsActivated' => $faqConfig->get('records.orderStickyFaqsCustom'), 'alertMessageStickyFaqsDeactivated' => Translation::get('msgOrderStickyFaqsCustomDeactivated'), 'alertMessageNoStickyRecords' => Translation::get('msgNoStickyFaqs'), - 'csrfToken' => Token::getInstance()->getTokenString('order-stickyfaqs') + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenString('order-stickyfaqs') ]; echo $template->render($templateVars); diff --git a/phpmyfaq/admin/stopwords.php b/phpmyfaq/admin/stopwords.php index 170adb7566..8e000d7bb2 100644 --- a/phpmyfaq/admin/stopwords.php +++ b/phpmyfaq/admin/stopwords.php @@ -46,7 +46,7 @@ 'adminHeaderStopWords' => Translation::get('ad_menu_stopwordsconfig'), 'hasPermission' => $user->perm->hasPermission($user->getUserId(), PermissionType::CONFIGURATION_EDIT), 'msgDescription' => Translation::get('ad_stopwords_desc'), - 'csrfToken' => Token::getInstance()->getTokenInput('stopwords'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenInput('stopwords'), 'msgStopWordsLabel' => Translation::get('ad_stopwords_desc'), 'sortedLanguageCodes' => $sortedLanguageCodes, 'buttonAdd' => Translation::get('ad_config_stopword_input'), diff --git a/phpmyfaq/admin/tags.php b/phpmyfaq/admin/tags.php index 2578d4eba9..b476a4f770 100644 --- a/phpmyfaq/admin/tags.php +++ b/phpmyfaq/admin/tags.php @@ -52,7 +52,7 @@ $templateVars = [ 'adminHeaderTags' => Translation::get('ad_entry_tags'), - 'csrfToken' => Token::getInstance()->getTokenInput('tags'), + 'csrfToken' => Token::getInstance($container->get('session'))->getTokenInput('tags'), 'isDelete' => 'delete-tag' === $action, 'isDeleteSuccess' => $deleteSuccess ?? false, 'msgDeleteSuccess' => Translation::get('ad_tag_delete_success'), diff --git a/phpmyfaq/admin/user.php b/phpmyfaq/admin/user.php index bab5a82f64..f3b4c7063f 100755 --- a/phpmyfaq/admin/user.php +++ b/phpmyfaq/admin/user.php @@ -139,7 +139,7 @@ 'msgSearch' => Translation::get('msgSearch'), 'ad_auth_user' => Translation::get('ad_auth_user'), 'ad_user_profou' => Translation::get('ad_user_profou'), - 'csrfToken_updateUserData' => Token::getInstance()->getTokenString('update-user-data'), + 'csrfToken_updateUserData' => Token::getInstance($container->get('session'))->getTokenString('update-user-data'), 'msgAuthenticationSource' => Translation::get('msgAuthenticationSource'), 'ad_user_status' => Translation::get('ad_user_status'), 'ad_user_active' => Translation::get('ad_user_active'), @@ -152,7 +152,7 @@ 'ad_user_overwrite_twofactor' => Translation::get('ad_user_overwrite_twofactor'), 'ad_user_delete' => Translation::get('ad_user_delete'), 'ad_gen_save' => Translation::get('ad_gen_save'), - 'csrfToken_updateUserRights' => Token::getInstance()->getTokenString('update-user-rights'), + 'csrfToken_updateUserRights' => Token::getInstance($container->get('session'))->getTokenString('update-user-rights'), 'ad_user_rights' => Translation::get('ad_user_rights'), 'ad_user_checkall' => Translation::get('ad_user_checkall'), 'ad_user_uncheckall' => Translation::get('ad_user_uncheckall'), @@ -162,20 +162,20 @@ 'msgNewContentMail' => Translation::get('msgNewContentMail'), 'ad_user_is_visible' => Translation::get('ad_user_is_visible'), 'ad_user_edit' => Translation::get('ad_user_edit'), - 'csrfToken_activateUser' => Token::getInstance()->getTokenString('activate-user'), + 'csrfToken_activateUser' => Token::getInstance($container->get('session'))->getTokenString('activate-user'), 'ad_news_set_active' => Translation::get('ad_news_set_active'), 'permissionDeleteUser' => $currentUser->perm->hasPermission($user->getUserId(), PermissionType::USER_DELETE->value), - 'csrfToken_deleteUser' => Token::getInstance()->getTokenString('delete-user'), + 'csrfToken_deleteUser' => Token::getInstance($container->get('session'))->getTokenString('delete-user'), 'ad_adus_adduser' => Translation::get('ad_adus_adduser'), - 'csrfToken_addUser' => Token::getInstance()->getTokenString('add-user'), + 'csrfToken_addUser' => Token::getInstance($container->get('session'))->getTokenString('add-user'), 'ad_adus_name' => Translation::get('ad_adus_name'), 'ad_add_user_change_password' => Translation::get('ad_add_user_change_password'), 'ad_adus_password' => Translation::get('ad_adus_password'), 'ad_passwd_con' => Translation::get('ad_passwd_con'), 'ad_gen_cancel' => Translation::get('ad_gen_cancel'), 'ad_menu_passwd' => Translation::get('ad_menu_passwd'), - 'csrfToken_overwritePassword' => Token::getInstance()->getTokenString('overwrite-password'), + 'csrfToken_overwritePassword' => Token::getInstance($container->get('session'))->getTokenString('overwrite-password'), 'ad_passwd_new' => Translation::get('ad_passwd_new'), 'msgWarning' => Translation::get('msgWarning'), 'ad_gen_yes' => Translation::get('ad_gen_yes'), diff --git a/phpmyfaq/ask.php b/phpmyfaq/ask.php index 1685d18210..fcf7f9ee87 100644 --- a/phpmyfaq/ask.php +++ b/phpmyfaq/ask.php @@ -34,7 +34,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); // Check user permissions diff --git a/phpmyfaq/bookmarks.php b/phpmyfaq/bookmarks.php index 949ce8b905..782f428792 100644 --- a/phpmyfaq/bookmarks.php +++ b/phpmyfaq/bookmarks.php @@ -41,8 +41,8 @@ ... $templateVars, 'title' => sprintf('%s - %s', Translation::get('msgBookmarks'), $faqConfig->getTitle()), 'bookmarksList' => $bookmark->getBookmarkList(), - 'csrfTokenDeleteBookmark' => Token::getInstance()->getTokenString('delete-bookmark'), - 'csrfTokenDeleteAllBookmarks' => Token::getInstance()->getTokenString('delete-all-bookmarks') + 'csrfTokenDeleteBookmark' => Token::getInstance($container->get('session'))->getTokenString('delete-bookmark'), + 'csrfTokenDeleteAllBookmarks' => Token::getInstance($container->get('session'))->getTokenString('delete-all-bookmarks') ]; return $templateVars; diff --git a/phpmyfaq/contact.php b/phpmyfaq/contact.php index 1a21a7734d..ebe6027855 100644 --- a/phpmyfaq/contact.php +++ b/phpmyfaq/contact.php @@ -27,7 +27,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('contact', 0); diff --git a/phpmyfaq/faq.php b/phpmyfaq/faq.php index 02017e717a..12d371431d 100644 --- a/phpmyfaq/faq.php +++ b/phpmyfaq/faq.php @@ -68,7 +68,7 @@ $seo = new Seo($faqConfig); $attachmentHelper = new AttachmentHelper(); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $converter = new CommonMarkConverter([ @@ -344,7 +344,7 @@ 'msgYourComment' => Translation::get('msgYourComment'), 'msgCancel' => Translation::get('ad_gen_cancel'), 'msgNewContentSubmit' => Translation::get('msgNewContentSubmit'), - 'csrfTokenAddComment' => Token::getInstance()->getTokenString('add-comment'), + 'csrfTokenAddComment' => Token::getInstance($container->get('session'))->getTokenString('add-comment'), 'captchaFieldset' => $captchaHelper->renderCaptcha( $captcha, 'writecomment', @@ -360,8 +360,8 @@ 'bookmarkAction' => $bookmarkAction ?? '', 'msgBookmarkAdded' => Translation::get('msgBookmarkAdded'), 'msgBookmarkRemoved' => Translation::get('msgBookmarkRemoved'), - 'csrfTokenRemoveBookmark' => Token::getInstance()->getTokenString('delete-bookmark'), - 'csrfTokenAddBookmark' => Token::getInstance()->getTokenString('add-bookmark') + 'csrfTokenRemoveBookmark' => Token::getInstance($container->get('session'))->getTokenString('delete-bookmark'), + 'csrfTokenAddBookmark' => Token::getInstance($container->get('session'))->getTokenString('add-bookmark') ]; return $templateVars; diff --git a/phpmyfaq/glossary.php b/phpmyfaq/glossary.php index 262679a13f..f3a06544a4 100644 --- a/phpmyfaq/glossary.php +++ b/phpmyfaq/glossary.php @@ -30,7 +30,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('glossary', 0); diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php index cfc54f8f26..896413df8d 100755 --- a/phpmyfaq/index.php +++ b/phpmyfaq/index.php @@ -157,7 +157,7 @@ // Get CSRF Token // $csrfToken = Filter::filterVar($request->query->get('csrf'), FILTER_SANITIZE_SPECIAL_CHARS); -if ($csrfToken !== '' && Token::getInstance()->verifyToken('logout', $csrfToken)) { +if ($csrfToken !== '' && Token::getInstance($container->get('session'))->verifyToken('logout', $csrfToken)) { $csrfChecked = true; } else { $csrfChecked = false; @@ -638,7 +638,7 @@ 'msgBookmarks' => Translation::get('msgBookmarks'), 'msgUserRemoval' => Translation::get('ad_menu_RequestRemove'), 'msgLogoutUser' => Translation::get('ad_menu_logout'), - 'csrfLogout' => Token::getInstance()->getTokenString('logout'), + 'csrfLogout' => Token::getInstance($container->get('session'))->getTokenString('logout'), ]; } diff --git a/phpmyfaq/login.php b/phpmyfaq/login.php index 78cf1586b4..a4637bb025 100644 --- a/phpmyfaq/login.php +++ b/phpmyfaq/login.php @@ -26,7 +26,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('login', 0); diff --git a/phpmyfaq/news.php b/phpmyfaq/news.php index 604223bb4c..b9213e5b24 100644 --- a/phpmyfaq/news.php +++ b/phpmyfaq/news.php @@ -41,7 +41,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $captcha = $container->get('phpmyfaq.captcha'); @@ -149,7 +149,7 @@ 'defaultContentMail' => ($user->getUserId() > 0) ? $user->getUserData('email') : '', 'defaultContentName' => ($user->getUserId() > 0) ? $user->getUserData('display_name') : '', 'msgYourComment' => Translation::get('msgYourComment'), - 'csrfInput' => Token::getInstance()->getTokenInput('add-comment'), + 'csrfInput' => Token::getInstance($container->get('session'))->getTokenInput('add-comment'), 'msgCancel' => Translation::get('ad_gen_cancel'), 'msgNewContentSubmit' => Translation::get('msgNewContentSubmit'), 'captchaFieldset' => $captchaHelper->renderCaptcha( diff --git a/phpmyfaq/open-questions.php b/phpmyfaq/open-questions.php index c0b7f8e058..5b63a216ac 100644 --- a/phpmyfaq/open-questions.php +++ b/phpmyfaq/open-questions.php @@ -28,7 +28,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('open_questions', 0); diff --git a/phpmyfaq/overview.php b/phpmyfaq/overview.php index ab2725f839..1e13e27cf1 100644 --- a/phpmyfaq/overview.php +++ b/phpmyfaq/overview.php @@ -30,7 +30,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('overview', 0); diff --git a/phpmyfaq/password.php b/phpmyfaq/password.php index 31a5b9c2f4..92bb7fbd8e 100644 --- a/phpmyfaq/password.php +++ b/phpmyfaq/password.php @@ -24,7 +24,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->userTracking('forgot_password', 0); $twig = new TwigWrapper(PMF_ROOT_DIR . '/assets/templates/' . TwigWrapper::getTemplateSetName()); diff --git a/phpmyfaq/register.php b/phpmyfaq/register.php index 50163364c0..f14871c792 100644 --- a/phpmyfaq/register.php +++ b/phpmyfaq/register.php @@ -35,7 +35,7 @@ $redirect->send(); } -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('registration', 0); diff --git a/phpmyfaq/request-removal.php b/phpmyfaq/request-removal.php index 144cb43858..7f2c32c017 100644 --- a/phpmyfaq/request-removal.php +++ b/phpmyfaq/request-removal.php @@ -26,7 +26,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('request_removal', 0); @@ -36,7 +36,7 @@ $templateVars = [ ... $templateVars, 'privacyURL' => $faqConfig->get('main.privacyURL'), - 'csrf' => Token::getInstance()->getTokenInput('request-removal'), + 'csrf' => Token::getInstance($container->get('session'))->getTokenInput('request-removal'), 'lang' => $Language->getLanguage(), 'userId' => $user->getUserId(), 'defaultContentMail' => ($user->getUserId() > 0) ? $user->getUserData('email') : '', diff --git a/phpmyfaq/search.php b/phpmyfaq/search.php index 5f755d71b4..f3ecd5110f 100755 --- a/phpmyfaq/search.php +++ b/phpmyfaq/search.php @@ -42,7 +42,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('fulltext_search', 0); diff --git a/phpmyfaq/show.php b/phpmyfaq/show.php index 7c047d3fd7..ebb27f1139 100644 --- a/phpmyfaq/show.php +++ b/phpmyfaq/show.php @@ -35,7 +35,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $selectedCategoryId = Filter::filterVar($request->query->get('cat'), FILTER_VALIDATE_INT); diff --git a/phpmyfaq/sitemap.php b/phpmyfaq/sitemap.php index e86d46425b..d9196818ae 100644 --- a/phpmyfaq/sitemap.php +++ b/phpmyfaq/sitemap.php @@ -30,7 +30,7 @@ $faqConfig = $container->get('phpmyfaq.configuration'); $user = $container->get('phpmyfaq.user.current_user'); -$faqSession = $container->get('phpmyfaq.session'); +$faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('sitemap', 0); diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/AttachmentController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/AttachmentController.php index 4d3f395f06..42e77277a3 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/AttachmentController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/AttachmentController.php @@ -42,7 +42,10 @@ public function delete(Request $request): JsonResponse $deleteData = json_decode($request->getContent()); try { - if (!Token::getInstance()->verifyToken('delete-attachment', $deleteData->csrf)) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('delete-attachment', $deleteData->csrf) + ) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -68,7 +71,10 @@ public function refresh(Request $request): JsonResponse $dataToCheck = json_decode($request->getContent()); try { - if (!Token::getInstance()->verifyToken('refresh-attachment', $dataToCheck->csrf)) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('refresh-attachment', $dataToCheck->csrf) + ) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/CategoryController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/CategoryController.php index c4edc6f48d..aba338b71b 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/CategoryController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/CategoryController.php @@ -48,7 +48,7 @@ public function delete(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('category', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('category', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -150,7 +150,7 @@ public function updateOrder(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('category', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('category', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/CommentController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/CommentController.php index 4881c61f7c..27a21edaf1 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/CommentController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/CommentController.php @@ -40,7 +40,10 @@ public function delete(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('delete-comment', $data->data->{'pmf-csrf-token'})) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('delete-comment', $data->data->{'pmf-csrf-token'}) + ) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/ConfigurationController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/ConfigurationController.php index dd6090cf83..c8bcb86a54 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/ConfigurationController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/ConfigurationController.php @@ -41,7 +41,7 @@ public function sendTestMail(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('configuration', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('configuration', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/ConfigurationTabController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/ConfigurationTabController.php index d15e11139d..abee43a5a2 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/ConfigurationTabController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/ConfigurationTabController.php @@ -91,7 +91,7 @@ public function save(Request $request): JsonResponse $configurationData = $request->get('edit'); $oldConfigurationData = $this->configuration->getAll(); - if (!Token::getInstance()->verifyToken('configuration', $csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('configuration', $csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } else { // Set the new values diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/ExportController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/ExportController.php index 2df36efa8f..3566bdb3ec 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/ExportController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/ExportController.php @@ -80,7 +80,10 @@ public function exportReport(Request $request): Response $this->userHasPermission(PermissionType::REPORTS); $data = json_decode($request->getContent())->data; - if (!Token::getInstance()->verifyToken('create-report', $data->{'pmf-csrf-token'})) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('create-report', $data->{'pmf-csrf-token'}) + ) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/FaqController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/FaqController.php index 7dcbce807b..f8fe31ab9f 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/FaqController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/FaqController.php @@ -85,7 +85,7 @@ public function create(Request $request): JsonResponse $data = json_decode($request->getContent())->data; - if (!Token::getInstance()->verifyToken('edit-faq', $data->{'pmf-csrf-token'})) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('edit-faq', $data->{'pmf-csrf-token'})) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/FormController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/FormController.php index 0979419535..70ea1743bf 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/FormController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/FormController.php @@ -40,7 +40,7 @@ public function activateInput(Request $request) $inputId = Filter::filterVar($data->inputid, FILTER_VALIDATE_INT); $forms = new Forms($this->configuration); - if (!Token::getInstance()->verifyToken('activate-input', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('activate-input', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -62,7 +62,7 @@ public function setInputAsRequired(Request $request) $inputId = Filter::filterVar($data->inputid, FILTER_VALIDATE_INT); $forms = new Forms($this->configuration); - if (!Token::getInstance()->verifyToken('require-input', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('require-input', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -85,7 +85,7 @@ public function editTranslation(Request $request) $lang = Filter::filterVar($data->lang, FILTER_SANITIZE_SPECIAL_CHARS); $forms = new Forms($this->configuration); - if (!Token::getInstance()->verifyToken('edit-translation', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('edit-translation', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -107,7 +107,7 @@ public function deleteTranslation(Request $request) $lang = Filter::filterVar($data->lang, FILTER_SANITIZE_SPECIAL_CHARS); $forms = new Forms($this->configuration); - if (!Token::getInstance()->verifyToken('delete-translation', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('delete-translation', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -138,7 +138,7 @@ public function addTranslation(Request $request): JsonResponse $translation = Filter::filterVar($data->translation, FILTER_SANITIZE_SPECIAL_CHARS); $forms = new Forms($this->configuration); - if (!Token::getInstance()->verifyToken('add-translation', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('add-translation', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/GlossaryController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/GlossaryController.php index 99f9b5040f..da96cd0b99 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/GlossaryController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/GlossaryController.php @@ -61,7 +61,7 @@ public function delete(Request $request): JsonResponse $glossaryId = Filter::filterVar($data->id, FILTER_VALIDATE_INT); $glossaryLanguage = Filter::filterVar($data->lang, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('delete-glossary', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('delete-glossary', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -89,7 +89,7 @@ public function create(Request $request): JsonResponse $glossaryItem = Filter::filterVar($data->item, FILTER_SANITIZE_SPECIAL_CHARS); $glossaryDefinition = Filter::filterVar($data->definition, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('add-glossary', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('add-glossary', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -118,7 +118,7 @@ public function update(Request $request): JsonResponse $glossaryItem = Filter::filterVar($data->item, FILTER_SANITIZE_SPECIAL_CHARS); $glossaryDefinition = Filter::filterVar($data->definition, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('update-glossary', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('update-glossary', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/ImageController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/ImageController.php index 5ef7395dea..89ba6a963d 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/ImageController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/ImageController.php @@ -41,7 +41,10 @@ public function upload(Request $request): JsonResponse $validFileExtensions = ['gif', 'jpg', 'jpeg', 'png']; $timestamp = time(); - if (!Token::getInstance()->verifyToken('edit-faq', $request->query->get('csrf'))) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('edit-faq', $request->query->get('csrf')) + ) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/InstanceController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/InstanceController.php index 836802d31e..96f7a1fe44 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/InstanceController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/InstanceController.php @@ -50,7 +50,7 @@ public function add(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('add-instance', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('add-instance', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -159,7 +159,7 @@ public function delete(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('delete-instance', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('delete-instance', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/NewsController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/NewsController.php index 7269cbf7cf..2f5eb2fccc 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/NewsController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/NewsController.php @@ -45,7 +45,7 @@ public function create(Request $request): JsonResponse $news = new News($this->configuration); - if (!Token::getInstance()->verifyToken('save-news', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('save-news', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -93,7 +93,7 @@ public function delete(Request $request): JsonResponse $news = new News($this->configuration); - if (!Token::getInstance()->verifyToken('delete-news', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('delete-news', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -118,7 +118,7 @@ public function update(Request $request): JsonResponse $news = new News($this->configuration); - if (!Token::getInstance()->verifyToken('update-news', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('update-news', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -167,7 +167,7 @@ public function activate(Request $request): JsonResponse $news = new News($this->configuration); - if (!Token::getInstance()->verifyToken('activate-news', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('activate-news', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/QuestionController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/QuestionController.php index c23e6a8402..505a4f2a8e 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/QuestionController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/QuestionController.php @@ -31,7 +31,7 @@ class QuestionController extends AbstractController { /** - * @throws Exception + * @throws \Exception */ #[Route('admin/api/question/delete')] public function delete(Request $request): JsonResponse @@ -40,7 +40,10 @@ public function delete(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('delete-questions', $data->data->{'pmf-csrf-token'})) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('delete-questions', $data->data->{'pmf-csrf-token'}) + ) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/SearchController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/SearchController.php index 41482b784e..52b47a27ab 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/SearchController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/SearchController.php @@ -43,7 +43,10 @@ public function deleteTerm(Request $request): JsonResponse $search = new Search($this->configuration); - if (!Token::getInstance()->verifyToken('delete-searchterm', $deleteData->csrf)) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('delete-searchterm', $deleteData->csrf) + ) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/SessionController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/SessionController.php index 17bf55775b..d58300980d 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/SessionController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/SessionController.php @@ -42,7 +42,7 @@ public function export(Request $request): BinaryFileResponse|JsonResponse $requestData = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('export-sessions', $requestData->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('export-sessions', $requestData->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/StatisticsController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/StatisticsController.php index 334d825a79..d09d44adea 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/StatisticsController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/StatisticsController.php @@ -42,7 +42,7 @@ public function deleteAdminLog(Request $request): JsonResponse $data = json_decode($request->getContent(), false, 512, JSON_THROW_ON_ERROR); - if (!Token::getInstance()->verifyToken('delete-adminlog', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('delete-adminlog', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -64,7 +64,10 @@ public function truncateSearchTerms(Request $request): JsonResponse $data = json_decode($request->getContent(), false, 512, JSON_THROW_ON_ERROR); - if (!Token::getInstance()->verifyToken('truncate-search-terms', $data->csrfToken)) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('truncate-search-terms', $data->csrfToken) + ) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/StopWordController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/StopWordController.php index e6914dc7c0..08adeaa1d4 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/StopWordController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/StopWordController.php @@ -65,7 +65,7 @@ public function delete(Request $request): JsonResponse $stopWordsLang = Filter::filterVar($data->stopWordsLang, FILTER_SANITIZE_SPECIAL_CHARS); $stopWords = new StopWords($this->configuration); - if (!Token::getInstance()->verifyToken('stopwords', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('stopwords', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -94,7 +94,7 @@ public function save(Request $request): JsonResponse $stopWord = Filter::filterVar($data->stopWord, FILTER_SANITIZE_SPECIAL_CHARS); $stopWords = new StopWords($this->configuration); - if (!Token::getInstance()->verifyToken('stopwords', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('stopwords', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/TagController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/TagController.php index 2b3fb8a818..f9adb96b57 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/TagController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/TagController.php @@ -47,7 +47,7 @@ public function update(Request $request): JsonResponse $postData = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('tags', $postData->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('tags', $postData->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Administration/UserController.php b/phpmyfaq/src/phpMyFAQ/Controller/Administration/UserController.php index 4ece8eec17..ca6e309f4e 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Administration/UserController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Administration/UserController.php @@ -181,7 +181,7 @@ public function activate(Request $request): JsonResponse $user = CurrentUser::getCurrentUser($this->configuration); $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('activate-user', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('activate-user', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -217,7 +217,7 @@ public function overwritePassword(Request $request): JsonResponse $newPassword = Filter::filterVar($data->newPassword, FILTER_SANITIZE_SPECIAL_CHARS); $retypedPassword = Filter::filterVar($data->passwordRepeat, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('overwrite-password', $csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('overwrite-password', $csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -251,7 +251,7 @@ public function deleteUser(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('delete-user', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('delete-user', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -289,7 +289,7 @@ public function addUser(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('add-user', $data->csrf)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('add-user', $data->csrf)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -357,7 +357,7 @@ public function editUser(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('update-user-data', $data->csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('update-user-data', $data->csrfToken)) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } @@ -419,7 +419,10 @@ public function updateUserRights(Request $request): JsonResponse $data = json_decode($request->getContent()); - if (!Token::getInstance()->verifyToken('update-user-rights', $data->csrfToken)) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('update-user-rights', $data->csrfToken) + ) { return $this->json(['error' => Translation::get('err_NotAuth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/BookmarkController.php b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/BookmarkController.php index dd2935223a..1a1d68eed5 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/BookmarkController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/BookmarkController.php @@ -43,7 +43,7 @@ public function create(Request $request): JsonResponse $id = Filter::filterVar($data->id, FILTER_VALIDATE_INT); $csrfToken = Filter::filterVar($data->csrfToken, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('add-bookmark', $csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('add-bookmark', $csrfToken)) { return $this->json(['error' => Translation::get('ad_msg_noauth')], Response::HTTP_UNAUTHORIZED); } @@ -55,7 +55,7 @@ public function create(Request $request): JsonResponse return $this->json([ 'success' => Translation::get('msgBookmarkAdded'), 'linkText' => Translation::get('removeBookmark'), - 'csrfToken' => Token::getInstance()->getTokenString('delete-bookmark') + 'csrfToken' => Token::getInstance($this->container->get('session'))->getTokenString('delete-bookmark') ], Response::HTTP_OK); } else { return $this->json(['error' => Translation::get('msgError')], Response::HTTP_BAD_REQUEST); @@ -74,7 +74,7 @@ public function delete(Request $request): JsonResponse $id = Filter::filterVar($data->id, FILTER_VALIDATE_INT); $csrfToken = Filter::filterVar($data->csrfToken, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('delete-bookmark', $csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('delete-bookmark', $csrfToken)) { return $this->json(['error' => Translation::get('ad_msg_noauth')], Response::HTTP_UNAUTHORIZED); } @@ -86,7 +86,7 @@ public function delete(Request $request): JsonResponse return $this->json([ 'success' => Translation::get('msgBookmarkRemoved'), 'linkText' => Translation::get('msgAddBookmark'), - 'csrfToken' => Token::getInstance()->getTokenString('add-bookmark') + 'csrfToken' => Token::getInstance($this->container->get('session'))->getTokenString('add-bookmark') ], Response::HTTP_OK); } else { return $this->json(['error' => Translation::get('msgError')], Response::HTTP_BAD_REQUEST); @@ -104,7 +104,7 @@ public function deleteAll(Request $request): JsonResponse $data = json_decode($request->getContent(), false, 512, JSON_THROW_ON_ERROR); $csrfToken = Filter::filterVar($data->csrfToken, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('delete-all-bookmarks', $csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('delete-all-bookmarks', $csrfToken)) { return $this->json(['error' => Translation::get('ad_msg_noauth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/CommentController.php b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/CommentController.php index 6642d003f1..13b6809e51 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/CommentController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/CommentController.php @@ -70,7 +70,10 @@ public function create(Request $request): JsonResponse $data = json_decode($request->getContent(), false, 512, JSON_THROW_ON_ERROR); - if (!Token::getInstance()->verifyToken('add-comment', $data->{'pmf-csrf-token'})) { + if ( + !Token::getInstance($this->container->get('session')) + ->verifyToken('add-comment', $data->{'pmf-csrf-token'}) + ) { return $this->json(['error' => Translation::get('ad_msg_noauth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/UserController.php b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/UserController.php index 0c7a2730dd..8affafaf4b 100644 --- a/phpmyfaq/src/phpMyFAQ/Controller/Frontend/UserController.php +++ b/phpmyfaq/src/phpMyFAQ/Controller/Frontend/UserController.php @@ -49,7 +49,7 @@ public function updateData(Request $request): JsonResponse $csrfToken = Filter::filterVar($data->{'pmf-csrf-token'}, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('ucp', $csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('ucp', $csrfToken)) { return $this->json(['error' => Translation::get('ad_msg_noauth')], Response::HTTP_UNAUTHORIZED); } @@ -137,7 +137,7 @@ public function requestUserRemoval(Request $request): JsonResponse $data = json_decode($request->getContent()); $csrfToken = Filter::filterVar($data->{'pmf-csrf-token'}, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('request-removal', $csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('request-removal', $csrfToken)) { return $this->json(['error' => Translation::get('ad_msg_noauth')], Response::HTTP_UNAUTHORIZED); } @@ -206,7 +206,7 @@ public function removeTwofactorConfig(Request $request): JsonResponse $twoFactor = new TwoFactor($this->configuration, $user); $csrfToken = Filter::filterVar($data->csrfToken, FILTER_SANITIZE_SPECIAL_CHARS); - if (!Token::getInstance()->verifyToken('remove-twofactor', $csrfToken)) { + if (!Token::getInstance($this->container->get('session'))->verifyToken('remove-twofactor', $csrfToken)) { return $this->json(['error' => Translation::get('ad_msg_noauth')], Response::HTTP_UNAUTHORIZED); } diff --git a/phpmyfaq/src/phpMyFAQ/Session/Token.php b/phpmyfaq/src/phpMyFAQ/Session/Token.php index 761f8b916a..8d75d693a2 100644 --- a/phpmyfaq/src/phpMyFAQ/Session/Token.php +++ b/phpmyfaq/src/phpMyFAQ/Session/Token.php @@ -20,6 +20,7 @@ use Exception; use phpMyFAQ\Configuration; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Session\SessionInterface; class Token { @@ -40,7 +41,7 @@ class Token /** * Constructor. */ - final private function __construct() + final private function __construct(private readonly SessionInterface $session) { } @@ -89,10 +90,13 @@ public function setCookieToken(string $cookieToken): Token } - public static function getInstance(): Token + /** + * @throws Exception + */ + public static function getInstance(SessionInterface $session): Token { if (!(self::$token instanceof Token)) { - self::$token = new self(); + self::$token = new self($session); } return self::$token; @@ -181,7 +185,7 @@ private function setSession(string $page, int $expiry): Token { $request = Request::createFromGlobals(); $randomToken = md5(base64_encode(random_bytes(32))); - $token = new self(); + $token = new self($this->session); $token ->setPage($page) ->setExpiry(time() + $expiry) diff --git a/phpmyfaq/src/services.php b/phpmyfaq/src/services.php index 033f0ebb47..2782938b82 100644 --- a/phpmyfaq/src/services.php +++ b/phpmyfaq/src/services.php @@ -20,6 +20,7 @@ use phpMyFAQ\Bookmark; use phpMyFAQ\Captcha\Captcha; use phpMyFAQ\Captcha\Helper\CaptchaHelper; +use phpMyFAQ\Category\Order; use phpMyFAQ\Category\Permission; use phpMyFAQ\Configuration; use phpMyFAQ\Faq; @@ -75,6 +76,11 @@ new Reference('phpmyfaq.configuration') ]); + $services->set('phpmyfaq.category.order', Order::class) + ->args([ + new Reference('phpmyfaq.configuration') + ]); + $services->set('phpmyfaq.category.permission', Permission::class) ->args([ new Reference('phpmyfaq.configuration') @@ -109,11 +115,6 @@ new Reference('session') ]); - $services->set('phpmyfaq.session', UserSession::class) - ->args([ - new Reference('phpmyfaq.configuration') - ]); - $services->set('phpmyfaq.session.token', Token::class) ->factory([Token::class, 'getInstance']) ->args([ @@ -138,6 +139,11 @@ new Reference('phpmyfaq.configuration') ]); + $services->set('phpmyfaq.user.session', UserSession::class) + ->args([ + new Reference('phpmyfaq.configuration') + ]); + $services->set('phpmyfaq.visits', Visits::class) ->args([ new Reference('phpmyfaq.configuration') diff --git a/phpmyfaq/ucp.php b/phpmyfaq/ucp.php index 46d724658e..a9da044a3d 100644 --- a/phpmyfaq/ucp.php +++ b/phpmyfaq/ucp.php @@ -32,7 +32,7 @@ $user = $container->get('phpmyfaq.user.current_user'); if ($user->isLoggedIn()) { - $faqSession = $container->get('phpmyfaq.session'); + $faqSession = $container->get('phpmyfaq.user.session'); $faqSession->setCurrentUser($user); $faqSession->userTracking('user_control_panel', $user->getUserId()); @@ -76,7 +76,7 @@ 'ucpGravatarImage' => $gravatarImg, 'msgHeaderUserData' => Translation::get('headerUserControlPanel'), 'userid' => $user->getUserId(), - 'csrf' => Token::getInstance()->getTokenInput('ucp'), + 'csrf' => Token::getInstance($container->get('session'))->getTokenInput('ucp'), 'lang' => $faqConfig->getLanguage()->getLanguage(), 'readonly' => $user->isLocalUser() ? '' : 'readonly disabled', 'msgRealName' => Translation::get('ad_user_name'), @@ -101,7 +101,7 @@ 'ad_gen_yes' => Translation::get('ad_gen_yes'), 'ad_gen_no' => Translation::get('ad_gen_no'), 'msgConfirmTwofactorConfig' => Translation::get('msgConfirmTwofactorConfig'), - 'csrfTokenRemoveTwofactor' => Token::getInstance()->getTokenString('remove-twofactor'), + 'csrfTokenRemoveTwofactor' => Token::getInstance($container->get('session'))->getTokenString('remove-twofactor'), 'msgGravatarNotConnected' => Translation::get('msgGravatarNotConnected') ]; diff --git a/tests/phpMyFAQ/ApplicationTest.php b/tests/phpMyFAQ/ApplicationTest.php index 91b6e4214f..8d86f05f88 100644 --- a/tests/phpMyFAQ/ApplicationTest.php +++ b/tests/phpMyFAQ/ApplicationTest.php @@ -25,7 +25,6 @@ public function testConstructor(): void $this->assertInstanceOf(Application::class, $application); } - /** * @throws Exception * @throws \ReflectionException diff --git a/tests/phpMyFAQ/Session/TokenTest.php b/tests/phpMyFAQ/Session/TokenTest.php index 0cf71c16e2..c0fcef876c 100644 --- a/tests/phpMyFAQ/Session/TokenTest.php +++ b/tests/phpMyFAQ/Session/TokenTest.php @@ -2,19 +2,27 @@ namespace phpMyFAQ\Session; +use PHPUnit\Framework\MockObject\Exception; use PHPUnit\Framework\TestCase; +use Symfony\Component\HttpFoundation\Session\SessionInterface; class TokenTest extends TestCase { + private SessionInterface $session; + + /** + * @throws Exception + */ protected function setUp(): void { $_SERVER['SERVER_PORT'] = 443; + $this->session = $this->createMock(SessionInterface::class); } public function testGetInstance(): void { - $token1 = Token::getInstance(); - $token2 = Token::getInstance(); + $token1 = Token::getInstance($this->session); + $token2 = Token::getInstance($this->session); $this->assertInstanceOf(Token::class, $token1); $this->assertSame($token1, $token2); @@ -25,7 +33,7 @@ public function testGetInstance(): void */ public function testGetTokenInput(): void { - $token = Token::getInstance(); + $token = Token::getInstance($this->session); $page = 'example_page'; $tokenInput = $token->getTokenInput($page); @@ -41,7 +49,7 @@ public function testGetTokenInput(): void */ public function testVerifyToken(): void { - $token = Token::getInstance(); + $token = Token::getInstance($this->session); $page = 'example_page'; $_POST['pmf-csrf-token'] = $token->getTokenString($page); @@ -55,7 +63,7 @@ public function testVerifyToken(): void */ public function testRemoveToken(): void { - $token = Token::getInstance(); + $token = Token::getInstance($this->session); $page = 'example_page'; // Add a token to session and cookie