* @copyright Since 2007 PrestaShop SA and Contributors * @license https://opensource.org/licenses/OSL-3.0 Open Software License (OSL 3.0) */ namespace PrestaShopBundle\Service\Routing; use PrestaShop\PrestaShop\Core\Feature\TokenInUrls; use PrestaShopBundle\Service\DataProvider\UserProvider; use Symfony\Bundle\FrameworkBundle\Routing\Router as BaseRouter; use Symfony\Component\Security\Csrf\CsrfTokenManager; /** * We extends Symfony Router in order to add a token to each url. * * This is done for Security purposes. */ class Router extends BaseRouter { /** * @var UserProvider */ private $userProvider; /** * @var CsrfTokenManager */ private $tokenManager; /** * @var array */ private $tokens = []; /** * {@inheritdoc} */ public function generate($name, $parameters = [], $referenceType = self::ABSOLUTE_PATH) { $username = $this->userProvider->getUsername(); // Do not generate token each time we want to generate a route for a user if (!isset($this->tokens[$username])) { $this->tokens[$username] = $this->tokenManager->getToken($username)->getValue(); } $url = parent::generate($name, $parameters, $referenceType); if (TokenInUrls::isDisabled()) { return $url; } return self::generateTokenizedUrl($url, $this->tokens[$username]); } public function setTokenManager(CsrfTokenManager $tokenManager) { $this->tokenManager = $tokenManager; } public function setUserProvider(UserProvider $userProvider) { $this->userProvider = $userProvider; } public static function generateTokenizedUrl($url, $token) { $components = parse_url($url); $baseUrl = (isset($components['path']) ? $components['path'] : ''); $queryParams = []; if (isset($components['query'])) { $query = $components['query']; parse_str($query, $queryParams); } $queryParams['_token'] = $token; $url = $baseUrl . '?' . http_build_query($queryParams, '', '&'); if (isset($components['fragment']) && $components['fragment'] !== '') { /* This copy-paste from Symfony's UrlGenerator */ $url .= '#' . strtr(rawurlencode($components['fragment']), ['%2F' => '/', '%3F' => '?']); } return $url; } }