Sākums Izpētīt Palīdzība
Pierakstīties
kevin
/
Popsu-coloque
1
0
Atdalīts 0
Faili Problēmas 0 Izmaiņu pieprasījumi 0 Vikivietne
Koks: c11935cb48
Atzari Tagi
Popsu-coloque
/
web
/
core
/
lib
/
Drupal
/
Core
/
Theme
/
AjaxBasePageNegotiator.php

AjaxBasePageNegotiator.php 3.2 KB
Vēsture Neapstrādāts

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990 
  1. <?php
    2. 

  2. 

  3. namespace Drupal\Core\Theme;
    4. 

  4. 

  5. use Drupal\Core\Access\CsrfTokenGenerator;
    6. 

  6. use Drupal\Core\Config\ConfigFactoryInterface;
    7. 

  7. use Drupal\Core\Routing\RouteMatchInterface;
    8. 

  8. use Symfony\Component\HttpFoundation\RequestStack;
    9. 

  9. 

  10. /**
    11. 

  11.  * Defines a theme negotiator that deals with the active theme on ajax requests.
    12. 

  12.  *
    13. 

  13.  * Many different pages can invoke an Ajax request to a generic Ajax path. It is
    14. 

  14.  * almost always desired for an Ajax response to be rendered using the same
    15. 

  15.  * theme as the base page, because most themes are built with the assumption
    16. 

  16.  * that they control the entire page, so if the CSS for two themes are both
    17. 

  17.  * loaded for a given page, they may conflict with each other. For example,
    18. 

  18.  * Bartik is Drupal's default theme, and Seven is Drupal's default
    19. 

  19.  * administration theme. Depending on whether the "Use the administration theme
    20. 

  20.  * when editing or creating content" checkbox is checked, the node edit form may
    21. 

  21.  * be displayed in either theme, but the Ajax response to the Field module's
    22. 

  22.  * "Add another item" button should be rendered using the same theme as the rest
    23. 

  23.  * of the page.
    24. 

  24.  */
    25. 

  25. class AjaxBasePageNegotiator implements ThemeNegotiatorInterface {
    26. 

  26. 

  27.   /**
    28. 

  28.    * The CSRF token generator.
    29. 

  29.    *
    30. 

  30.    * @var \Drupal\Core\Access\CsrfTokenGenerator
    31. 

  31.    */
    32. 

  32.   protected $csrfGenerator;
    33. 

  33. 

  34.   /**
    35. 

  35.    * The config factory.
    36. 

  36.    *
    37. 

  37.    * @var \Drupal\Core\Config\ConfigFactoryInterface
    38. 

  38.    */
    39. 

  39.   protected $configFactory;
    40. 

  40. 

  41.   /**
    42. 

  42.    * The request stack.
    43. 

  43.    *
    44. 

  44.    * @var \Symfony\Component\HttpFoundation\RequestStack
    45. 

  45.    */
    46. 

  46.   protected $requestStack;
    47. 

  47. 

  48.   /**
    49. 

  49.    * Constructs a new AjaxBasePageNegotiator.
    50. 

  50.    *
    51. 

  51.    * @param \Drupal\Core\Access\CsrfTokenGenerator $token_generator
    52. 

  52.    *   The CSRF token generator.
    53. 

  53.    * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory
    54. 

  54.    *   The config factory.
    55. 

  55.    * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack
    56. 

  56.    *   The request stack used to retrieve the current request.
    57. 

  57.    */
    58. 

  58.   public function __construct(CsrfTokenGenerator $token_generator, ConfigFactoryInterface $config_factory, RequestStack $request_stack) {
    59. 

  59.     $this->csrfGenerator = $token_generator;
    60. 

  60.     $this->configFactory = $config_factory;
    61. 

  61.     $this->requestStack = $request_stack;
    62. 

  62.   }
    63. 

  63. 

  64.   /**
    65. 

  65.    * {@inheritdoc}
    66. 

  66.    */
    67. 

  67.   public function applies(RouteMatchInterface $route_match) {
    68. 

  68.     $ajax_page_state = $this->requestStack->getCurrentRequest()->request->get('ajax_page_state');
    69. 

  69.     return !empty($ajax_page_state['theme']) && isset($ajax_page_state['theme_token']);
    70. 

  70.   }
    71. 

  71. 

  72.   /**
    73. 

  73.    * {@inheritdoc}
    74. 

  74.    */
    75. 

  75.   public function determineActiveTheme(RouteMatchInterface $route_match) {
    76. 

  76.     $ajax_page_state = $this->requestStack->getCurrentRequest()->request->get('ajax_page_state');
    77. 

  77.     $theme = $ajax_page_state['theme'];
    78. 

  78.     $token = $ajax_page_state['theme_token'];
    79. 

  79. 

  80.     // Prevent a request forgery from giving a person access to a theme they
    81. 

  81.     // shouldn't be otherwise allowed to see. However, since everyone is
    82. 

  82.     // allowed to see the default theme, token validation isn't required for
    83. 

  83.     // that, and bypassing it allows most use-cases to work even when accessed
    84. 

  84.     // from the page cache.
    85. 

  85.     if ($theme === $this->configFactory->get('system.theme')->get('default') || $this->csrfGenerator->validate($token, $theme)) {
    86. 

  86.       return $theme;
    87. 

  87.     }
    88. 

  88.   }
    89. 

  89. 

  90. }
    91.