public function AjaxBasePageNegotiator::determineActiveTheme

public AjaxBasePageNegotiator::determineActiveTheme(RouteMatchInterface $route_match)

Determine the active theme for the request.

Parameters

\Drupal\Core\Routing\RouteMatchInterface $route_match: The current route match object.

Return value

string|null The name of the theme, or NULL if other negotiators, like the configured default one, should be used instead.

Overrides ThemeNegotiatorInterface::determineActiveTheme

File

core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php, line 79

Class

AjaxBasePageNegotiator
Defines a theme negotiator that deals with the active theme on ajax requests.

Namespace

Drupal\Core\Theme

Code

public function determineActiveTheme(RouteMatchInterface $route_match) {
  if (($ajax_page_state = $this->requestStack->getCurrentRequest()->request->get('ajax_page_state')) && !empty($ajax_page_state['theme']) && !empty($ajax_page_state['theme_token'])) {
    $theme = $ajax_page_state['theme'];
    $token = $ajax_page_state['theme_token'];

    // Prevent a request forgery from giving a person access to a theme they
    // shouldn't be otherwise allowed to see. However, since everyone is
    // allowed to see the default theme, token validation isn't required for
    // that, and bypassing it allows most use-cases to work even when accessed
    // from the page cache.
    if ($theme === $this->configFactory->get('system.theme')->get('default') || $this->csrfGenerator->validate($token, $theme)) {
      return $theme;
    }
  }
}

© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/core!lib!Drupal!Core!Theme!AjaxBasePageNegotiator.php/function/AjaxBasePageNegotiator::determineActiveTheme/8.1.x