function AjaxBasePageNegotiator::determineActiveTheme

Same name and namespace in other branches
  1. 9 core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator::determineActiveTheme()
  2. 8.9.x core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator::determineActiveTheme()
  3. 11.x core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php \Drupal\Core\Theme\AjaxBasePageNegotiator::determineActiveTheme()

Determine the active theme for the request.

Parameters

\Drupal\Core\Routing\RouteMatchInterface $route_match: The current route match object.

Return value

string|null The name of the theme, or NULL if other negotiators, like the configured default one, should be used instead.

Overrides ThemeNegotiatorInterface::determineActiveTheme

File

core/lib/Drupal/Core/Theme/AjaxBasePageNegotiator.php, line 75

Class

AjaxBasePageNegotiator
Defines a theme negotiator that deals with the active theme on ajax requests.

Namespace

Drupal\Core\Theme

Code

public function determineActiveTheme(RouteMatchInterface $route_match) {
  $ajax_page_state = $this->requestStack
    ->getCurrentRequest()
    ->get('ajax_page_state');
  $theme = $ajax_page_state['theme'];
  $token = $ajax_page_state['theme_token'];
  // Prevent a request forgery from giving a person access to a theme they
  // shouldn't be otherwise allowed to see. However, since everyone is
  // allowed to see the default theme, token validation isn't required for
  // that, and bypassing it allows most use-cases to work even when accessed
  // from the page cache.
  if ($theme === $this->configFactory
    ->get('system.theme')
    ->get('default') || $this->csrfGenerator
    ->validate($token, $theme)) {
    return $theme;
  }
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.