Fixed bug #11621: XSS vulnerabilities in workspace module
[Packages/TYPO3.CMS.git] / typo3 / backend.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2007-2009 Ingo Renner <ingo@typo3.org>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27
28 require_once('init.php');
29 require_once('template.php');
30 require_once('interfaces/interface.backend_toolbaritem.php');
31
32 require('classes/class.typo3logo.php');
33 require('classes/class.modulemenu.php');
34
35 // core toolbar items
36 require('classes/class.workspaceselector.php');
37 require('classes/class.clearcachemenu.php');
38 require('classes/class.shortcutmenu.php');
39 require('classes/class.backendsearchmenu.php');
40
41 require_once('class.alt_menu_functions.inc');
42 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_misc.xml');
43
44
45 /**
46 * Class for rendering the TYPO3 backend version 4.2+
47 *
48 * @author Ingo Renner <ingo@typo3.org>
49 * @package TYPO3
50 * @subpackage core
51 */
52 class TYPO3backend {
53
54 protected $content;
55 protected $css;
56 protected $cssFiles;
57 protected $js;
58 protected $jsFiles;
59 protected $jsFilesAfterInline;
60 protected $toolbarItems;
61 private $menuWidthDefault = 160; // intentionally private as nobody should modify defaults
62 protected $menuWidth;
63
64 /**
65 * Object for loading backend modules
66 *
67 * @var t3lib_loadModules
68 */
69 protected $moduleLoader;
70
71 /**
72 * module menu generating object
73 *
74 * @var ModuleMenu
75 */
76 protected $moduleMenu;
77
78 /**
79 * constructor
80 *
81 * @return void
82 */
83 public function __construct() {
84
85 // Initializes the backend modules structure for use later.
86 $this->moduleLoader = t3lib_div::makeInstance('t3lib_loadModules');
87 $this->moduleLoader->load($GLOBALS['TBE_MODULES']);
88
89 $this->moduleMenu = t3lib_div::makeInstance('ModuleMenu');
90
91 // add default BE javascript
92 $this->js = '';
93 $this->jsFiles = array(
94 'contrib/swfupload/swfupload.js',
95 'contrib/swfupload/plugins/swfupload.swfobject.js',
96 'contrib/swfupload/plugins/swfupload.cookies.js',
97 'contrib/swfupload/plugins/swfupload.queue.js',
98 'md5.js',
99 'js/common.js',
100 'js/sizemanager.js',
101 'js/toolbarmanager.js',
102 'js/modulemenu.js',
103 'js/iecompatibility.js',
104 'js/flashupload.js',
105 '../t3lib/jsfunc.evalfield.js',
106 'ajax.php?ajaxID=ExtDirect::getAPI&namespace=TYPO3.Backend'
107 );
108
109 $this->jsFilesAfterInline = array(
110 'js/backend.js',
111 'js/loginrefresh.js',
112 );
113 // add default BE css
114 $this->css = '';
115 $this->cssFiles = array(
116 'backend-scaffolding' => 'css/backend-scaffolding.css',
117 'backend-style' => 'css/backend-style.css',
118 'modulemenu' => 'css/modulemenu.css',
119 );
120
121 $this->toolbarItems = array();
122 $this->initializeCoreToolbarItems();
123
124 $this->menuWidth = $this->menuWidthDefault;
125 if (isset($GLOBALS['TBE_STYLES']['dims']['leftMenuFrameW']) && (int) $GLOBALS['TBE_STYLES']['dims']['leftMenuFrameW'] != (int) $this->menuWidth) {
126 $this->menuWidth = (int) $GLOBALS['TBE_STYLES']['dims']['leftMenuFrameW'];
127 }
128 }
129
130 /**
131 * initializes the core toolbar items
132 *
133 * @return void
134 */
135 protected function initializeCoreToolbarItems() {
136
137 $coreToolbarItems = array(
138 'workspaceSelector' => 'WorkspaceSelector',
139 'shortcuts' => 'ShortcutMenu',
140 'clearCacheActions' => 'ClearCacheMenu',
141 'backendSearch' => 'BackendSearchMenu'
142 );
143
144 foreach($coreToolbarItems as $toolbarItemName => $toolbarItemClassName) {
145 $toolbarItem = t3lib_div::makeInstance($toolbarItemClassName, $this);
146
147 if(!($toolbarItem instanceof backend_toolbarItem)) {
148 throw new UnexpectedValueException('$toolbarItem "'.$toolbarItemName.'" must implement interface backend_toolbarItem', 1195126772);
149 }
150
151 if($toolbarItem->checkAccess()) {
152 $this->toolbarItems[$toolbarItemName] = $toolbarItem;
153 } else {
154 unset($toolbarItem);
155 }
156 }
157 }
158
159 /**
160 * main function generating the BE scaffolding
161 *
162 * @return void
163 */
164 public function render() {
165
166 // prepare the scaffolding, at this point extension may still add javascript and css
167 $logo = t3lib_div::makeInstance('TYPO3Logo');
168 $logo->setLogo('gfx/typo3logo_mini.png');
169
170 $menu = $this->moduleMenu->render();
171
172 if ($this->menuWidth != $this->menuWidthDefault) {
173 $this->css .= '
174 #typo3-logo,
175 #typo3-side-menu {
176 width: ' . ($this->menuWidth - 1) . 'px;
177 }
178
179 #typo3-top,
180 #typo3-content {
181 margin-left: ' . $this->menuWidth . 'px;
182 }
183 ';
184 }
185
186 // create backend scaffolding
187 $backendScaffolding = '
188 <div id="typo3-backend">
189 <div id="typo3-top-container">
190 <div id="typo3-logo">'.$logo->render().'</div>
191 <div id="typo3-top" class="typo3-top-toolbar">'
192 .$this->renderToolbar()
193 .'</div>
194 </div>
195 <div id="typo3-main-container">
196 <div id="typo3-side-menu">
197 '.$menu.'
198 </div>
199 <div id="typo3-content">
200 <iframe src="alt_intro.php" name="content" id="content" marginwidth="0" marginheight="0" frameborder="0" scrolling="auto"></iframe>
201 </div>
202 </div>
203 </div>
204 ';
205
206 /******************************************************
207 * now put the complete backend document together
208 ******************************************************/
209
210 /** @var $pageRenderer t3lib_PageRenderer */
211 $pageRenderer = $GLOBALS['TBE_TEMPLATE']->getPageRenderer();
212 $pageRenderer->loadScriptaculous('builder,effects,controls,dragdrop');
213 $pageRenderer->loadExtJS();
214
215 // register the extDirect API providers
216 // Note: we need to iterate thru the object, because the addProvider method
217 // does this only with multiple arguments
218 $pageRenderer->addExtOnReadyCode(
219 'for (var api in Ext.app.ExtDirectAPI) {
220 Ext.Direct.addProvider(Ext.app.ExtDirectAPI[api]);
221 }',
222 TRUE
223 );
224
225 // remove duplicate entries
226 $this->jsFiles = array_unique($this->jsFiles);
227
228 // add javascript
229 foreach($this->jsFiles as $jsFile) {
230 $GLOBALS['TBE_TEMPLATE']->loadJavascriptLib($jsFile);
231 }
232 $GLOBALS['TBE_TEMPLATE']->JScode .= chr(10);
233 $this->generateJavascript();
234 $GLOBALS['TBE_TEMPLATE']->JScode .= $GLOBALS['TBE_TEMPLATE']->wrapScriptTags($this->js) . chr(10);
235
236 foreach($this->jsFilesAfterInline as $jsFile) {
237 $GLOBALS['TBE_TEMPLATE']->JScode .= '
238 <script type="text/javascript" src="' . $jsFile . '"></script>';
239 }
240
241
242 // FIXME abusing the JS container to add CSS, need to fix template.php
243 foreach($this->cssFiles as $cssFileName => $cssFile) {
244 $GLOBALS['TBE_TEMPLATE']->addStyleSheet($cssFileName, $cssFile);
245
246 // load addditional css files to overwrite existing core styles
247 if(!empty($GLOBALS['TBE_STYLES']['stylesheets'][$cssFileName])) {
248 $GLOBALS['TBE_TEMPLATE']->addStyleSheet($cssFileName . 'TBE_STYLES', $GLOBALS['TBE_STYLES']['stylesheets'][$cssFileName]);
249 }
250 }
251
252 if(!empty($this->css)) {
253 $GLOBALS['TBE_TEMPLATE']->inDocStylesArray['backend.php'] = $this->css;
254 }
255
256 // set document title:
257 $title = ($GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']
258 ? $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'].' [TYPO3 '.TYPO3_version.']'
259 : 'TYPO3 '.TYPO3_version
260 );
261
262 // start page header:
263 $this->content .= $GLOBALS['TBE_TEMPLATE']->startPage($title);
264 $this->content .= $backendScaffolding;
265 $this->content .= $GLOBALS['TBE_TEMPLATE']->endPage();
266
267 echo $this->content;
268 }
269
270 /**
271 * renders the items in the top toolbar
272 *
273 * @return string top toolbar elements as HTML
274 */
275 protected function renderToolbar() {
276
277 // move search to last position
278 $search = $this->toolbarItems['backendSearch'];
279 unset($this->toolbarItems['backendSearch']);
280 $this->toolbarItems['backendSearch'] = $search;
281
282 $toolbar = '<ul id="typo3-toolbar">';
283 $toolbar.= '<li>'.$this->getLoggedInUserLabel().'</li>
284 <li><div id="logout-button" class="toolbar-item no-separator">'.$this->moduleMenu->renderLogoutButton().'</div></li>';
285
286 foreach($this->toolbarItems as $toolbarItem) {
287 $menu = $toolbarItem->render();
288 if ($menu) {
289 $additionalAttributes = $toolbarItem->getAdditionalAttributes();
290 $toolbar .= '<li' . $additionalAttributes . '>' .$menu. '</li>';
291 }
292 }
293
294 return $toolbar.'</ul>';
295 }
296
297 /**
298 * Gets the label of the BE user currently logged in
299 *
300 * @return string html code snippet displaying the currently logged in user
301 */
302 protected function getLoggedInUserLabel() {
303 global $BE_USER, $BACK_PATH;
304
305 $icon = '<img'.t3lib_iconWorks::skinImg(
306 '',
307 $BE_USER->isAdmin() ?
308 'gfx/i/be_users_admin.gif' :
309 'gfx/i/be_users.gif',
310 'width="18" height="16"'
311 )
312 .' title="" alt="" />';
313
314 $label = $GLOBALS['BE_USER']->user['realName'] ?
315 $BE_USER->user['realName'].' ['.$BE_USER->user['username'].']' :
316 $BE_USER->user['username'];
317
318 // Link to user setup if it's loaded and user has access
319 $link = '';
320 if (t3lib_extMgm::isLoaded('setup') && $BE_USER->check('modules','user_setup')) {
321 $link = '<a href="#" onclick="top.goToModule(\'user_setup\');this.blur();return false;">';
322 }
323
324 $username = '">'.$link.$icon.'<span>'.htmlspecialchars($label).'</span>'.($link?'</a>':'');
325
326 // superuser mode
327 if($BE_USER->user['ses_backuserid']) {
328 $username = ' su-user">'.$icon.
329 '<span title="' . $GLOBALS['LANG']->getLL('switchtouser') . '">' .
330 $GLOBALS['LANG']->getLL('switchtousershort') . ' </span>' .
331 '<span>' . htmlspecialchars($label) . '</span>';
332 }
333
334 return '<div id="username" class="toolbar-item no-separator'.$username.'</div>';
335 }
336
337 /**
338 * Generates the JavaScript code for the backend.
339 *
340 * @return void
341 */
342 protected function generateJavascript() {
343
344 $pathTYPO3 = t3lib_div::dirname(t3lib_div::getIndpEnv('SCRIPT_NAME')).'/';
345 $goToModuleSwitch = $this->moduleMenu->getGotoModuleJavascript();
346 $moduleFramesHelper = implode(chr(10), $this->moduleMenu->getFsMod());
347
348 // If another page module was specified, replace the default Page module with the new one
349 $newPageModule = trim($GLOBALS['BE_USER']->getTSConfigVal('options.overridePageModule'));
350 $pageModule = t3lib_BEfunc::isModuleSetInTBE_MODULES($newPageModule) ? $newPageModule : 'web_layout';
351
352 $menuFrameName = 'menu';
353 if($GLOBALS['BE_USER']->uc['noMenuMode'] === 'icons') {
354 $menuFrameName = 'topmenuFrame';
355 }
356
357 // determine security level from conf vars and default to super challenged
358 if ($GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel']) {
359 $this->loginSecurityLevel = $GLOBALS['TYPO3_CONF_VARS']['BE']['loginSecurityLevel'];
360 } else {
361 $this->loginSecurityLevel = 'superchallenged';
362 }
363
364 $t3Configuration = array(
365 'siteUrl' => t3lib_div::getIndpEnv('TYPO3_SITE_URL'),
366 'PATH_typo3' => $pathTYPO3,
367 'PATH_typo3_enc' => rawurlencode($pathTYPO3),
368 'username' => htmlspecialchars($GLOBALS['BE_USER']->user['username']),
369 'uniqueID' => t3lib_div::shortMD5(uniqid('')),
370 'securityLevel' => $this->loginSecurityLevel,
371 'TYPO3_mainDir' => TYPO3_mainDir,
372 'pageModule' => $pageModule,
373 'condensedMode' => $GLOBALS['BE_USER']->uc['condensedMode'] ? 1 : 0 ,
374 'workspaceFrontendPreviewEnabled' => $GLOBALS['BE_USER']->workspace != 0 && !$GLOBALS['BE_USER']->user['workspace_preview'] ? 0 : 1,
375 'veriCode' => $GLOBALS['BE_USER']->veriCode(),
376 'denyFileTypes' => PHP_EXTENSIONS_DEFAULT,
377 'showRefreshLoginPopup' => isset($GLOBALS['TYPO3_CONF_VARS']['BE']['showRefreshLoginPopup']) ? intval($GLOBALS['TYPO3_CONF_VARS']['BE']['showRefreshLoginPopup']) : FALSE,
378 );
379 $t3LLLcore = array(
380 'waitTitle' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_logging_in') ,
381 'refresh_login_failed' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_failed'),
382 'refresh_login_failed_message' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_failed_message'),
383 'refresh_login_title' => sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_title'), htmlspecialchars($GLOBALS['BE_USER']->user['username'])),
384 'login_expired' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.login_expired'),
385 'refresh_login_username' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_username'),
386 'refresh_login_password' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_password'),
387 'refresh_login_emptyPassword' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_emptyPassword'),
388 'refresh_login_button' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_button'),
389 'refresh_logout_button' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_logout_button'),
390 'please_wait' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.please_wait'),
391 'be_locked' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.be_locked'),
392 'refresh_login_countdown_singular' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_countdown_singular'),
393 'refresh_login_countdown' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_countdown'),
394 'login_about_to_expire' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.login_about_to_expire'),
395 'login_about_to_expire_title' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.login_about_to_expire_title'),
396 'refresh_login_refresh_button' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_login_refresh_button'),
397 'refresh_direct_logout_button' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:mess.refresh_direct_logout_button'),
398 );
399 $t3LLLfileUpload = array(
400 'windowTitle' => $GLOBALS['LANG']->getLL('fileUpload_windowTitle'),
401 'buttonSelectFiles' => $GLOBALS['LANG']->getLL('fileUpload_buttonSelectFiles'),
402 'buttonCancelAll' => $GLOBALS['LANG']->getLL('fileUpload_buttonCancelAll'),
403 'infoComponentMaxFileSize' => $GLOBALS['LANG']->getLL('fileUpload_infoComponentMaxFileSize'),
404 'infoComponentFileUploadLimit' => $GLOBALS['LANG']->getLL('fileUpload_infoComponentFileUploadLimit'),
405 'infoComponentFileTypeLimit' => $GLOBALS['LANG']->getLL('fileUpload_infoComponentFileTypeLimit'),
406 'infoComponentOverrideFiles' => $GLOBALS['LANG']->getLL('fileUpload_infoComponentOverrideFiles'),
407 'processRunning' => $GLOBALS['LANG']->getLL('fileUpload_processRunning'),
408 'uploadWait' => $GLOBALS['LANG']->getLL('fileUpload_uploadWait'),
409 'uploadStarting' => $GLOBALS['LANG']->getLL('fileUpload_uploadStarting'),
410 'uploadProgress' => $GLOBALS['LANG']->getLL('fileUpload_uploadProgress'),
411 'uploadSuccess' => $GLOBALS['LANG']->getLL('fileUpload_uploadSuccess'),
412 'errorQueueLimitExceeded' => $GLOBALS['LANG']->getLL('fileUpload_errorQueueLimitExceeded'),
413 'errorQueueFileSizeLimit' => $GLOBALS['LANG']->getLL('fileUpload_errorQueueFileSizeLimit'),
414 'errorQueueZeroByteFile' => $GLOBALS['LANG']->getLL('fileUpload_errorQueueZeroByteFile'),
415 'errorQueueInvalidFiletype' => $GLOBALS['LANG']->getLL('fileUpload_errorQueueInvalidFiletype'),
416 'errorUploadHttp' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadHttpError'),
417 'errorUploadMissingUrl' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadMissingUrl'),
418 'errorUploadIO' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadIO'),
419 'errorUploadSecurityError' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadSecurityError'),
420 'errorUploadLimit' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadLimit'),
421 'errorUploadFailed' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadFailed'),
422 'errorUploadFileIDNotFound' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadFileIDNotFound'),
423 'errorUploadFileValidation' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadFileValidation'),
424 'errorUploadFileCancelled' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadFileCancelled'),
425 'errorUploadStopped' => $GLOBALS['LANG']->getLL('fileUpload_errorUploadStopped'),
426 'allErrorMessageTitle' => $GLOBALS['LANG']->getLL('fileUpload_allErrorMessageTitle'),
427 'allErrorMessageText' => $GLOBALS['LANG']->getLL('fileUpload_allErrorMessageText'),
428 'allError401' => $GLOBALS['LANG']->getLL('fileUpload_allError401'),
429 'allError2038' => $GLOBALS['LANG']->getLL('fileUpload_allError2038'),
430 );
431
432 // Convert labels/settings back to UTF-8 since json_encode() only works with UTF-8:
433 if ($GLOBALS['LANG']->charSet !== 'utf-8') {
434 $t3Configuration['username'] = $GLOBALS['LANG']->csConvObj->conv($t3Configuration['username'], $GLOBALS['LANG']->charSet, 'utf-8');
435 $GLOBALS['LANG']->csConvObj->convArray($t3LLLcore, $GLOBALS['LANG']->charSet, 'utf-8');
436 $GLOBALS['LANG']->csConvObj->convArray($t3LLLfileUpload, $GLOBALS['LANG']->charSet, 'utf-8');
437 }
438
439 $this->js .= '
440 TYPO3.configuration = ' . json_encode($t3Configuration) . ';
441 TYPO3.LLL = {
442 core : ' . json_encode($t3LLLcore) . ',
443 fileUpload: ' . json_encode($t3LLLfileUpload) . '
444 };
445
446 /**
447 * TypoSetup object.
448 */
449 function typoSetup() { //
450 this.PATH_typo3 = TYPO3.configuration.PATH_typo3;
451 this.PATH_typo3_enc = TYPO3.configuration.PATH_typo3_enc;
452 this.username = TYPO3.configuration.username;
453 this.uniqueID = TYPO3.configuration.uniqueID;
454 this.navFrameWidth = 0;
455 this.securityLevel = TYPO3.configuration.securityLevel;
456 this.veriCode = TYPO3.configuration.veriCode;
457 this.denyFileTypes = TYPO3.configuration.denyFileTypes;
458 }
459 var TS = new typoSetup();
460
461 var currentModuleLoaded = "";
462 var goToModule = ' . $goToModuleSwitch . ';
463
464 /**
465 * Frameset Module object
466 *
467 * Used in main modules with a frameset for submodules to keep the ID between modules
468 * Typically that is set by something like this in a Web>* sub module:
469 * if (top.fsMod) top.fsMod.recentIds["web"] = "\'.intval($this->id).\'";
470 * if (top.fsMod) top.fsMod.recentIds["file"] = "...(file reference/string)...";
471 */
472 function fsModules() { //
473 this.recentIds=new Array(); // used by frameset modules to track the most recent used id for list frame.
474 this.navFrameHighlightedID=new Array(); // used by navigation frames to track which row id was highlighted last time
475 this.currentMainLoaded="";
476 this.currentBank="0";
477 }
478 var fsMod = new fsModules();' . $moduleFramesHelper . ';';
479
480
481
482 // Check editing of page:
483 $this->handlePageEditing();
484 $this->setStartupModule();
485 }
486
487 /**
488 * Checking if the "&edit" variable was sent so we can open it for editing the page.
489 * Code based on code from "alt_shortcut.php"
490 *
491 * @return void
492 */
493 protected function handlePageEditing() {
494
495 if(!t3lib_extMgm::isLoaded('cms')) {
496 return;
497 }
498
499 // EDIT page:
500 $editId = preg_replace('/[^[:alnum:]_]/', '', t3lib_div::_GET('edit'));
501 $editRecord = '';
502
503 if($editId) {
504
505 // Looking up the page to edit, checking permissions:
506 $where = ' AND ('.$GLOBALS['BE_USER']->getPagePermsClause(2)
507 .' OR '.$GLOBALS['BE_USER']->getPagePermsClause(16).')';
508
509 if(t3lib_div::testInt($editId)) {
510 $editRecord = t3lib_BEfunc::getRecordWSOL('pages', $editId, '*', $where);
511 } else {
512 $records = t3lib_BEfunc::getRecordsByField('pages', 'alias', $editId, $where);
513
514 if(is_array($records)) {
515 reset($records);
516 $editRecord = current($records);
517 t3lib_BEfunc::workspaceOL('pages', $editRecord);
518 }
519 }
520
521 // If the page was accessible, then let the user edit it.
522 if(is_array($editRecord) && $GLOBALS['BE_USER']->isInWebMount($editRecord['uid'])) {
523 // Setting JS code to open editing:
524 $this->js .= '
525 // Load page to edit:
526 window.setTimeout("top.loadEditId('.intval($editRecord['uid']).');", 500);
527 ';
528 // Checking page edit parameter:
529 if(!$GLOBALS['BE_USER']->getTSConfigVal('options.shortcut_onEditId_dontSetPageTree')) {
530
531 // Expanding page tree:
532 t3lib_BEfunc::openPageTree(intval($editRecord['pid']), !$GLOBALS['BE_USER']->getTSConfigVal('options.shortcut_onEditId_keepExistingExpanded'));
533 }
534 } else {
535 $this->js .= '
536 // Warning about page editing:
537 alert('.$GLOBALS['LANG']->JScharCode(sprintf($GLOBALS['LANG']->getLL('noEditPage'), $editId)).');
538 ';
539 }
540 }
541 }
542
543 /**
544 * Sets the startup module from either GETvars module and mpdParams or user configuration.
545 *
546 * @return void
547 */
548 protected function setStartupModule() {
549 $startModule = preg_replace('/[^[:alnum:]_]/', '', t3lib_div::_GET('module'));
550
551 if(!$startModule) {
552 if ($GLOBALS['BE_USER']->uc['startModule']) {
553 $startModule = $GLOBALS['BE_USER']->uc['startModule'];
554 } else if($GLOBALS['BE_USER']->uc['startInTaskCenter']) {
555 $startModule = 'user_task';
556 }
557 }
558
559 $moduleParameters = t3lib_div::_GET('modParams');
560 if($startModule) {
561 $this->js .= '
562 // start in module:
563 function startInModule(modName, cMR_flag, addGetVars) {
564 Event.observe(document, \'dom:loaded\', function() {
565 top.goToModule(modName, cMR_flag, addGetVars);
566 });
567 }
568
569 startInModule(\''.$startModule.'\', false, '.t3lib_div::quoteJSvalue($moduleParameters).');
570 ';
571 }
572 }
573
574 /**
575 * generates the code for the TYPO3 logo, either the default TYPO3 logo or a custom one
576 *
577 * @return string HTML code snippet to display the TYPO3 logo
578 */
579 protected function getLogo() {
580 $logo = '<a href="http://www.typo3.com/" target="_blank" onclick="'.$GLOBALS['TBE_TEMPLATE']->thisBlur().'">'.
581 '<img'.t3lib_iconWorks::skinImg('','gfx/alt_backend_logo.gif','width="117" height="32"').' title="TYPO3 Content Management Framework" alt="" />'.
582 '</a>';
583
584 // overwrite with custom logo
585 if($GLOBALS['TBE_STYLES']['logo']) {
586 if(substr($GLOBALS['TBE_STYLES']['logo'], 0, 3) == '../') {
587 $imgInfo = @getimagesize(PATH_site.substr($GLOBALS['TBE_STYLES']['logo'], 3));
588 }
589 $logo = '<a href="http://www.typo3.com/" target="_blank" onclick="'.$GLOBALS['TBE_TEMPLATE']->thisBlur().'">'.
590 '<img src="'.$GLOBALS['TBE_STYLES']['logo'].'" '.$imgInfo[3].' title="TYPO3 Content Management Framework" alt="" />'.
591 '</a>';
592 }
593
594 return $logo;
595 }
596
597 /**
598 * adds a javascript snippet to the backend
599 *
600 * @param string javascript snippet
601 * @return void
602 */
603 public function addJavascript($javascript) {
604 // TODO do we need more checks?
605 if(!is_string($javascript)) {
606 throw new InvalidArgumentException('parameter $javascript must be of type string', 1195129553);
607 }
608
609 $this->js .= $javascript;
610 }
611
612 /**
613 * adds a javscript file to the backend after it has been checked that it exists
614 *
615 * @param string javascript file reference
616 * @return boolean true if the javascript file was successfully added, false otherwise
617 */
618 public function addJavascriptFile($javascriptFile) {
619 $jsFileAdded = false;
620
621 //TODO add more checks if neccessary
622 if(file_exists(t3lib_div::resolveBackPath(PATH_typo3.$javascriptFile))) {
623 $this->jsFiles[] = $javascriptFile;
624 $jsFileAdded = true;
625 }
626
627 return $jsFileAdded;
628 }
629
630 /**
631 * adds a css snippet to the backend
632 *
633 * @param string css snippet
634 * @return void
635 */
636 public function addCss($css) {
637 if(!is_string($css)) {
638 throw new InvalidArgumentException('parameter $css must be of type string', 1195129642);
639 }
640
641 $this->css .= $css;
642 }
643
644 /**
645 * adds a css file to the backend after it has been checked that it exists
646 *
647 * @param string the css file's name with out the .css ending
648 * @param string css file reference
649 * @return boolean true if the css file was added, false otherwise
650 */
651 public function addCssFile($cssFileName, $cssFile) {
652 $cssFileAdded = false;
653
654 //TODO add more checks if neccessary
655 if(file_exists(t3lib_div::resolveBackPath(PATH_typo3.$cssFile))) {
656 // prevent overwriting existing css files
657 if(empty($this->cssFiles[$cssFileName])) {
658 $this->cssFiles[$cssFileName] = $cssFile;
659 $cssFileAdded = true;
660 }
661 }
662
663 return $cssFileAdded;
664 }
665
666 /**
667 * adds an item to the toolbar, the class file for the toolbar item must be loaded at this point
668 *
669 * @param string toolbar item name, f.e. tx_toolbarExtension_coolItem
670 * @param string toolbar item class name, f.e. tx_toolbarExtension_coolItem
671 * @return void
672 */
673 public function addToolbarItem($toolbarItemName, $toolbarItemClassName) {
674 $toolbarItem = t3lib_div::makeInstance($toolbarItemClassName, $this);
675
676 if(!($toolbarItem instanceof backend_toolbarItem)) {
677 throw new UnexpectedValueException('$toolbarItem "'.$toolbarItemName.'" must implement interface backend_toolbarItem', 1195125501);
678 }
679
680 if($toolbarItem->checkAccess()) {
681 $this->toolbarItems[$toolbarItemName] = $toolbarItem;
682 } else {
683 unset($toolbarItem);
684 }
685 }
686 }
687
688
689 // include XCLASS
690 if(defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/backend.php']) {
691 include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/backend.php']);
692 }
693
694
695 // document generation
696 $TYPO3backend = t3lib_div::makeInstance('TYPO3backend');
697
698 // include extensions which may add css, javascript or toolbar items
699 if(is_array($GLOBALS['TYPO3_CONF_VARS']['typo3/backend.php']['additionalBackendItems'])) {
700 foreach($GLOBALS['TYPO3_CONF_VARS']['typo3/backend.php']['additionalBackendItems'] as $additionalBackendItem) {
701 include_once($additionalBackendItem);
702 }
703 }
704
705 $TYPO3backend->render();
706
707 ?>