"Fossies" - the Fresh Open Source Software Archive

Member "drupal-8.9.9/core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php" (18 Nov 2020, 3294 Bytes) of package /linux/www/drupal-8.9.9.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PHP source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "AjaxBasePageNegotiator.php" see the Fossies "Dox" file reference documentation.

    1 <?php
    2 
    3 namespace Drupal\Core\Theme;
    4 
    5 use Drupal\Core\Access\CsrfTokenGenerator;
    6 use Drupal\Core\Config\ConfigFactoryInterface;
    7 use Drupal\Core\Routing\RouteMatchInterface;
    8 use Symfony\Component\HttpFoundation\RequestStack;
    9 
   10 /**
   11  * Defines a theme negotiator that deals with the active theme on ajax requests.
   12  *
   13  * Many different pages can invoke an Ajax request to a generic Ajax path. It is
   14  * almost always desired for an Ajax response to be rendered using the same
   15  * theme as the base page, because most themes are built with the assumption
   16  * that they control the entire page, so if the CSS for two themes are both
   17  * loaded for a given page, they may conflict with each other. For example,
   18  * Bartik is Drupal's default theme, and Seven is Drupal's default
   19  * administration theme. Depending on whether the "Use the administration theme
   20  * when editing or creating content" checkbox is checked, the node edit form may
   21  * be displayed in either theme, but the Ajax response to the Field module's
   22  * "Add another item" button should be rendered using the same theme as the rest
   23  * of the page.
   24  */
   25 class AjaxBasePageNegotiator implements ThemeNegotiatorInterface {
   26 
   27   /**
   28    * The CSRF token generator.
   29    *
   30    * @var \Drupal\Core\Access\CsrfTokenGenerator
   31    */
   32   protected $csrfGenerator;
   33 
   34   /**
   35    * The config factory.
   36    *
   37    * @var \Drupal\Core\Config\ConfigFactoryInterface
   38    */
   39   protected $configFactory;
   40 
   41   /**
   42    * The request stack.
   43    *
   44    * @var \Symfony\Component\HttpFoundation\RequestStack
   45    */
   46   protected $requestStack;
   47 
   48   /**
   49    * Constructs a new AjaxBasePageNegotiator.
   50    *
   51    * @param \Drupal\Core\Access\CsrfTokenGenerator $token_generator
   52    *   The CSRF token generator.
   53    * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
   54    *   The config factory.
   55    * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
   56    *   The request stack used to retrieve the current request.
   57    */
   58   public function __construct(CsrfTokenGenerator $token_generator, ConfigFactoryInterface $config_factory, RequestStack $request_stack) {
   59     $this->csrfGenerator = $token_generator;
   60     $this->configFactory = $config_factory;
   61     $this->requestStack = $request_stack;
   62   }
   63 
   64   /**
   65    * {@inheritdoc}
   66    */
   67   public function applies(RouteMatchInterface $route_match) {
   68     $ajax_page_state = $this->requestStack->getCurrentRequest()->request->get('ajax_page_state');
   69     return !empty($ajax_page_state['theme']) && isset($ajax_page_state['theme_token']);
   70   }
   71 
   72   /**
   73    * {@inheritdoc}
   74    */
   75   public function determineActiveTheme(RouteMatchInterface $route_match) {
   76     $ajax_page_state = $this->requestStack->getCurrentRequest()->request->get('ajax_page_state');
   77     $theme = $ajax_page_state['theme'];
   78     $token = $ajax_page_state['theme_token'];
   79 
   80     // Prevent a request forgery from giving a person access to a theme they
   81     // shouldn't be otherwise allowed to see. However, since everyone is
   82     // allowed to see the default theme, token validation isn't required for
   83     // that, and bypassing it allows most use-cases to work even when accessed
   84     // from the page cache.
   85     if ($theme === $this->configFactory->get('system.theme')->get('default') || $this->csrfGenerator->validate($token, $theme)) {
   86       return $theme;
   87     }
   88   }
   89 
   90 }