public function AjaxBasePageNegotiator::determineActiveTheme in Zircon Profile 8

Same name and namespace in other branches

8.0 core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator::determineActiveTheme()

Determine the active theme for the request.

Parameters

\Drupal\Core\Routing\RouteMatchInterface $route_match: The current route match object.

Return value

string|null Returns the active theme name, else return NULL.

Overrides ThemeNegotiatorInterface::determineActiveTheme

File

core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php, line 84: Contains \Drupal\Core\Theme\AjaxBasePageNegotiator.

Class

AjaxBasePageNegotiator: Defines a theme negotiator that deals with the active theme on ajax requests.

Namespace

Drupal\Core\Theme

Code

public function determineActiveTheme(RouteMatchInterface $route_match) {
  if (($ajax_page_state = $this->requestStack
    ->getCurrentRequest()->request
    ->get('ajax_page_state')) && !empty($ajax_page_state['theme']) && !empty($ajax_page_state['theme_token'])) {
    $theme = $ajax_page_state['theme'];
    $token = $ajax_page_state['theme_token'];

    // Prevent a request forgery from giving a person access to a theme they
    // shouldn't be otherwise allowed to see. However, since everyone is
    // allowed to see the default theme, token validation isn't required for
    // that, and bypassing it allows most use-cases to work even when accessed
    // from the page cache.
    if ($theme === $this->configFactory
      ->get('system.theme')
      ->get('default') || $this->csrfGenerator
      ->validate($token, $theme)) {
      return $theme;
    }
  }
}

You are here