[SECURITY] Untrusted GP data is unserialized in old CSH handling
[Packages/TYPO3.CMS.git] / typo3 / file_newfolder.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27
28 /**
29 * Web>File: Create new folders in the filemounts
30 *
31 * Revised for TYPO3 3.6 November/2003 by Kasper Skårhøj
32 *
33 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
34 */
35
36 $BACK_PATH = '';
37 require('init.php');
38
39 /**
40 * Script Class for the create-new script; Displays a form for creating up to 10 folders or one new text file
41 *
42 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
43 * @package TYPO3
44 * @subpackage core
45 */
46 class SC_file_newfolder {
47
48 // External, static:
49 var $folderNumber = 10;
50
51 // Internal, static:
52 /**
53 * document template object
54 *
55 * @var smallDoc
56 */
57 var $doc;
58 // Name of the filemount
59 var $title;
60
61 // Internal, static (GPVar):
62 var $number;
63 // Set with the target path inputted in &target
64 var $target;
65
66 /**
67 * The folder object which is the target directory
68 *
69 * @var t3lib_file_Folder $folderObject
70 */
71 protected $folderObject;
72 // Return URL of list module.
73 var $returnUrl;
74
75 // Internal, dynamic:
76 // Accumulating content
77 var $content;
78
79 /**
80 * Constructor function for class
81 *
82 * @return void
83 */
84 function init() {
85 // Initialize GPvars:
86 $this->number = t3lib_div::_GP('number');
87 $this->target = $combinedIdentifier = t3lib_div::_GP('target');
88 $this->returnUrl = t3lib_div::sanitizeLocalUrl(t3lib_div::_GP('returnUrl'));
89
90 // create the folder object
91 if ($combinedIdentifier) {
92 $this->folderObject = t3lib_file_Factory::getInstance()->getFolderObjectFromCombinedIdentifier($combinedIdentifier);
93 }
94
95 // Cleaning and checking target directory
96 if (!$this->folderObject) {
97 $title = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xml:paramError', TRUE);
98 $message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xml:targetNoDir', TRUE);
99 throw new RuntimeException($title . ': ' . $message, 1294586843);
100 }
101
102 // Setting the title and the icon
103 $icon = t3lib_iconWorks::getSpriteIcon('apps-filetree-root');
104 $this->title = $icon . htmlspecialchars($this->folderObject->getStorage()->getName()) . ': ' . htmlspecialchars($this->folderObject->getIdentifier());
105
106 // Setting template object
107 $this->doc = t3lib_div::makeInstance('template');
108 $this->doc->setModuleTemplate('templates/file_newfolder.html');
109 $this->doc->backPath = $GLOBALS['BACK_PATH'];
110 $this->doc->JScode = $this->doc->wrapScriptTags('
111 var path = "' . $this->target . '";
112
113 function reload(a) { //
114 if (!changed || (changed && confirm(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:mess.redraw')) . '))) {
115 var params = "&target="+encodeURIComponent(path)+"&number="+a+"&returnUrl=' . rawurlencode($this->returnUrl) . '";
116 window.location.href = "file_newfolder.php?"+params;
117 }
118 }
119 function backToList() { //
120 top.goToModule("file_list");
121 }
122
123 var changed = 0;
124 ');
125 }
126
127 /**
128 * Main function, rendering the main module content
129 *
130 * @return void
131 */
132 function main() {
133
134 // Start content compilation
135 $this->content .= $this->doc->startPage($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:file_newfolder.php.pagetitle'));
136
137 // Make page header:
138 $pageContent = '';
139 $pageContent .= $this->doc->header($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:file_newfolder.php.pagetitle'));
140 $pageContent .= $this->doc->spacer(5);
141 $pageContent.=$this->doc->divider(5);
142
143 $code = '<form action="tce_file.php" method="post" name="editform">';
144 // Making the selector box for the number of concurrent folder-creations
145 $this->number = t3lib_utility_Math::forceIntegerInRange($this->number, 1, 10);
146 $code .= '
147 <div id="c-select">
148 <label for="number-of-new-folders">' .
149 $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:file_newfolder.php.number_of_folders') .
150 '</label>
151 <select name="number" id="number-of-new-folders" onchange="reload(this.options[this.selectedIndex].value);">';
152 for ($a = 1; $a <= $this->folderNumber; $a++) {
153 $code .= '<option value="' . $a . '"' .
154 ($this->number == $a ? ' selected="selected"' : '') .
155 '>' . $a . '</option>';
156 }
157 $code .= '
158 </select>
159 </div>
160 ';
161
162 // Making the number of new-folder boxes needed:
163 $code .= '
164 <div id="c-createFolders">
165 ';
166 for ($a = 0; $a < $this->number; $a++) {
167 $code .= '
168 <input'.$this->doc->formWidth(20).' type="text" name="file[newfolder]['.$a.'][data]" onchange="changed=true;" />
169 <input type="hidden" name="file[newfolder][' . $a . '][target]" value="' . htmlspecialchars($this->target) . '" /><br />
170 ';
171 }
172 $code .= '
173 </div>
174 ';
175
176 // Making submit button for folder creation:
177 $code .= '
178 <div id="c-submitFolders">
179 <input type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:file_newfolder.php.submit', 1) . '" />
180 <input type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:labels.cancel', 1) . '" onclick="backToList(); return false;" />
181 <input type="hidden" name="redirect" value="'.htmlspecialchars($this->returnUrl).'" />
182 </div>
183 ';
184
185 // CSH:
186 $code .= t3lib_BEfunc::cshItem('xMOD_csh_corebe', 'file_newfolder', $GLOBALS['BACK_PATH'], '<br />');
187
188 $pageContent .= $code;
189
190 // Add spacer:
191 $pageContent .= $this->doc->spacer(10);
192
193 // Switching form tags:
194 $pageContent .= $this->doc->sectionEnd();
195 $pageContent .= '</form><form action="tce_file.php" method="post" name="editform2">';
196
197 // Create a list of allowed file extensions with the nice format "*.jpg, *.gif" etc.
198 $fileExtList = array();
199 $textfileExt = t3lib_div::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'], TRUE);
200 foreach ($textfileExt as $fileExt) {
201 if (!preg_match('/' . $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] . '/i', '.' . $fileExt)) {
202 $fileExtList[] = '*.' . $fileExt;
203 }
204 }
205 // Add form fields for creation of a new, blank text file:
206 $code = '
207 <div id="c-newFile">
208 <p>[' . htmlspecialchars(implode(', ', $fileExtList)) . ']</p>
209 <input'.$this->doc->formWidth(20).' type="text" name="file[newfile][0][data]" onchange="changed=true;" />
210 <input type="hidden" name="file[newfile][0][target]" value="'.htmlspecialchars($this->target).'" />
211 </div>
212 ';
213
214 // Submit button for creation of a new file:
215 $code .= '
216 <div id="c-submitFiles">
217 <input type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:file_newfolder.php.newfile_submit', 1) . '" />
218 <input type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:labels.cancel', 1) . '" onclick="backToList(); return false;" />
219 <input type="hidden" name="redirect" value="'.htmlspecialchars($this->returnUrl).'" />
220 </div>
221 ';
222
223 // CSH:
224 $code.= t3lib_BEfunc::cshItem('xMOD_csh_corebe', 'file_newfile', $GLOBALS['BACK_PATH'], '<br />');
225 $pageContent .= $this->doc->section($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:file_newfolder.php.newfile'), $code);
226 $pageContent .= $this->doc->sectionEnd();
227 $pageContent .= '</form>';
228
229 $docHeaderButtons = array();
230
231 // Add the HTML as a section:
232 $markerArray = array(
233 'CSH' => $docHeaderButtons['csh'],
234 'FUNC_MENU' => t3lib_BEfunc::getFuncMenu($this->id, 'SET[function]', $this->MOD_SETTINGS['function'], $this->MOD_MENU['function']),
235 'CONTENT' => $pageContent,
236 'PATH' => $this->title,
237 );
238
239 $this->content .= $this->doc->moduleBody(array(), $docHeaderButtons, $markerArray);
240 $this->content .= $this->doc->endPage();
241
242 $this->content = $this->doc->insertStylesAndJS($this->content);
243 }
244
245 /**
246 * Outputting the accumulated content to screen
247 *
248 * @return void
249 */
250 function printContent() {
251 echo $this->content;
252 }
253 }
254
255 // Make instance:
256 $SOBE = t3lib_div::makeInstance('SC_file_newfolder');
257 $SOBE->init();
258 $SOBE->main();
259 $SOBE->printContent();
260
261 ?>