[SECURITY][TASK] Blind more options in the configuration module
[Packages/TYPO3.CMS.git] / typo3 / sysext / lowlevel / Classes / View / ConfigurationView.php
1 <?php
2 namespace TYPO3\CMS\Lowlevel\View;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Module\BaseScriptClass;
20 use TYPO3\CMS\Backend\Template\ModuleTemplate;
21 use TYPO3\CMS\Backend\Utility\BackendUtility;
22 use TYPO3\CMS\Core\Utility\ArrayUtility;
23 use TYPO3\CMS\Core\Utility\GeneralUtility;
24 use TYPO3\CMS\Extbase\Utility\LocalizationUtility;
25 use TYPO3\CMS\Fluid\View\StandaloneView;
26 use TYPO3\CMS\Lowlevel\Utility\ArrayBrowser;
27
28 /**
29 * Script class for the Config module
30 */
31 class ConfigurationView extends BaseScriptClass
32 {
33 /**
34 * @var StandaloneView
35 */
36 protected $view;
37
38 /**
39 * The name of the module
40 *
41 * @var string
42 */
43 protected $moduleName = 'system_config';
44
45 /**
46 * ModuleTemplate Container
47 *
48 * @var ModuleTemplate
49 */
50 protected $moduleTemplate;
51
52 /**
53 * Blind configurations which should not be visible
54 *
55 * @var array
56 */
57 protected $blindedConfigurationOptions = [
58 'TYPO3_CONF_VARS' => [
59 'DB' => [
60 'database' => '******',
61 'host' => '******',
62 'password' => '******',
63 'port' => '******',
64 'socket' => '******',
65 'username' => '******'
66 ],
67 'SYS' => [
68 'encryptionKey' => '******'
69 ]
70 ]
71 ];
72
73 /**
74 * Constructor
75 */
76 public function __construct()
77 {
78 $this->view = GeneralUtility::makeInstance(StandaloneView::class);
79 $this->view->getRequest()->setControllerExtensionName('lowlevel');
80 }
81
82 /**
83 * Initialization
84 *
85 * @return void
86 */
87 public function init()
88 {
89 $this->menuConfig();
90 $this->moduleTemplate = GeneralUtility::makeInstance(ModuleTemplate::class);
91 }
92
93 /**
94 * Menu Configuration
95 *
96 * @return void
97 */
98 public function menuConfig()
99 {
100 // MENU-ITEMS:
101 // If array, then it's a selector box menu
102 // If empty string it's just a variable, that'll be saved.
103 // Values NOT in this array will not be saved in the settings-array for the module.
104 $this->MOD_MENU = array(
105 'function' => array(
106 0 => LocalizationUtility::translate('typo3ConfVars', 'lowlevel'),
107 1 => LocalizationUtility::translate('tca', 'lowlevel'),
108 2 => LocalizationUtility::translate('tcaDescr', 'lowlevel'),
109 3 => LocalizationUtility::translate('loadedExt', 'lowlevel'),
110 4 => LocalizationUtility::translate('t3services', 'lowlevel'),
111 5 => LocalizationUtility::translate('tbemodules', 'lowlevel'),
112 6 => LocalizationUtility::translate('tbemodulesext', 'lowlevel'),
113 7 => LocalizationUtility::translate('tbeStyles', 'lowlevel'),
114 8 => LocalizationUtility::translate('beUser', 'lowlevel'),
115 9 => LocalizationUtility::translate('usersettings', 'lowlevel')
116 ),
117 'regexsearch' => '',
118 'fixedLgd' => ''
119 );
120 // CLEANSE SETTINGS
121 $this->MOD_SETTINGS = BackendUtility::getModuleData($this->MOD_MENU, GeneralUtility::_GP('SET'), $this->moduleName);
122 }
123
124 /**
125 * Main function
126 *
127 * @return void
128 */
129 public function main()
130 {
131 /** @var ArrayBrowser $arrayBrowser */
132 $arrayBrowser = GeneralUtility::makeInstance(ArrayBrowser::class);
133 $label = $this->MOD_MENU['function'][$this->MOD_SETTINGS['function']];
134 $search_field = GeneralUtility::_GP('search_field');
135
136 $templatePathAndFilename = GeneralUtility::getFileAbsFileName('EXT:lowlevel/Resources/Private/Templates/Backend/Configuration.html');
137 $this->view->setTemplatePathAndFilename($templatePathAndFilename);
138 $this->view->assign('label', $label);
139 $this->view->assign('search_field', $search_field);
140 $this->view->assign('checkbox_checkRegexsearch', BackendUtility::getFuncCheck(0, 'SET[regexsearch]', $this->MOD_SETTINGS['regexsearch'], '', '', 'id="checkRegexsearch"'));
141
142 switch ($this->MOD_SETTINGS['function']) {
143 case 0:
144 $theVar = $GLOBALS['TYPO3_CONF_VARS'];
145 ArrayUtility::naturalKeySortRecursive($theVar);
146 $arrayBrowser->varName = '$TYPO3_CONF_VARS';
147 break;
148 case 1:
149 $theVar = $GLOBALS['TCA'];
150 ArrayUtility::naturalKeySortRecursive($theVar);
151 $arrayBrowser->varName = '$TCA';
152 break;
153 case 2:
154 $theVar = $GLOBALS['TCA_DESCR'];
155 ArrayUtility::naturalKeySortRecursive($theVar);
156 $arrayBrowser->varName = '$TCA_DESCR';
157 break;
158 case 3:
159 $theVar = $GLOBALS['TYPO3_LOADED_EXT'];
160 ArrayUtility::naturalKeySortRecursive($theVar);
161 $arrayBrowser->varName = '$TYPO3_LOADED_EXT';
162 break;
163 case 4:
164 $theVar = $GLOBALS['T3_SERVICES'];
165 ArrayUtility::naturalKeySortRecursive($theVar);
166 $arrayBrowser->varName = '$T3_SERVICES';
167 break;
168 case 5:
169 $theVar = $GLOBALS['TBE_MODULES'];
170 ArrayUtility::naturalKeySortRecursive($theVar);
171 $arrayBrowser->varName = '$TBE_MODULES';
172 break;
173 case 6:
174 $theVar = $GLOBALS['TBE_MODULES_EXT'];
175 ArrayUtility::naturalKeySortRecursive($theVar);
176 $arrayBrowser->varName = '$TBE_MODULES_EXT';
177 break;
178 case 7:
179 $theVar = $GLOBALS['TBE_STYLES'];
180 ArrayUtility::naturalKeySortRecursive($theVar);
181 $arrayBrowser->varName = '$TBE_STYLES';
182 break;
183 case 8:
184 $theVar = $GLOBALS['BE_USER']->uc;
185 ArrayUtility::naturalKeySortRecursive($theVar);
186 $arrayBrowser->varName = '$BE_USER->uc';
187 break;
188 case 9:
189 $theVar = $GLOBALS['TYPO3_USER_SETTINGS'];
190 ArrayUtility::naturalKeySortRecursive($theVar);
191 $arrayBrowser->varName = '$TYPO3_USER_SETTINGS';
192 break;
193 default:
194 $theVar = array();
195 }
196 // Update node:
197 $update = 0;
198 $node = GeneralUtility::_GET('node');
199 // If any plus-signs were clicked, it's registered.
200 if (is_array($node)) {
201 $this->MOD_SETTINGS['node_' . $this->MOD_SETTINGS['function']] = $arrayBrowser->depthKeys($node, $this->MOD_SETTINGS['node_' . $this->MOD_SETTINGS['function']]);
202 $update = 1;
203 }
204 if ($update) {
205 $this->getBackendUser()->pushModuleData($this->moduleName, $this->MOD_SETTINGS);
206 }
207 $arrayBrowser->dontLinkVar = true;
208 $arrayBrowser->depthKeys = $this->MOD_SETTINGS['node_' . $this->MOD_SETTINGS['function']];
209 $arrayBrowser->regexMode = $this->MOD_SETTINGS['regexsearch'];
210 $arrayBrowser->fixedLgd = $this->MOD_SETTINGS['fixedLgd'];
211 $arrayBrowser->searchKeysToo = true;
212
213 // If any POST-vars are send, update the condition array
214 if (GeneralUtility::_POST('search') && trim($search_field)) {
215 $arrayBrowser->depthKeys = $arrayBrowser->getSearchKeys($theVar, '', $search_field, array());
216 }
217
218 // mask sensitive information
219 $varName = trim($arrayBrowser->varName, '$');
220 if (isset($this->blindedConfigurationOptions[$varName])) {
221 ArrayUtility::mergeRecursiveWithOverrule($theVar, $this->blindedConfigurationOptions[$varName]);
222 }
223 $tree = $arrayBrowser->tree($theVar, '', '');
224 $this->view->assign('tree', $tree);
225
226 // Setting up the shortcut button for docheader
227 $buttonBar = $this->moduleTemplate->getDocHeaderComponent()->getButtonBar();
228 // Shortcut
229 $shortcutButton = $buttonBar->makeShortcutButton()
230 ->setModuleName($this->moduleName)
231 ->setDisplayName($this->MOD_MENU['function'][$this->MOD_SETTINGS['function']])
232 ->setSetVariables(['function']);
233 $buttonBar->addButton($shortcutButton);
234
235 $this->getModuleMenu();
236
237 $this->content = '<form action="" id="ConfigurationView" method="post">';
238 $this->content .= $this->view->render();
239 $this->content .= '</form>';
240 }
241
242
243 /**
244 * Injects the request object for the current request or subrequest
245 * Simply calls main() and init() and outputs the content
246 *
247 * @param ServerRequestInterface $request the current request
248 * @param ResponseInterface $response
249 * @return ResponseInterface the response with the content
250 */
251 public function mainAction(ServerRequestInterface $request, ResponseInterface $response)
252 {
253 $GLOBALS['SOBE'] = $this;
254 $this->init();
255 $this->main();
256
257 $this->moduleTemplate->setContent($this->content);
258 $response->getBody()->write($this->moduleTemplate->renderContent());
259 return $response;
260 }
261
262 /**
263 * Print output to browser
264 *
265 * @return void
266 * @deprecated since TYPO3 CMS 7, will be removed in TYPO3 CMS 8
267 */
268 public function printContent()
269 {
270 GeneralUtility::logDeprecatedFunction();
271 echo $this->content;
272 }
273
274 /**
275 * Generates the action menu
276 */
277 protected function getModuleMenu()
278 {
279 $menu = $this->moduleTemplate->getDocHeaderComponent()->getMenuRegistry()->makeMenu();
280 $menu->setIdentifier('ConfigurationJumpMenu');
281
282 foreach ($this->MOD_MENU['function'] as $controller => $title) {
283 $item = $menu
284 ->makeMenuItem()
285 ->setHref(
286 BackendUtility::getModuleUrl(
287 $this->moduleName,
288 [
289 'id' => $this->id,
290 'SET' => [
291 'function' => $controller
292 ]
293 ]
294 )
295 )
296 ->setTitle($title);
297 if ($controller === (int)$this->MOD_SETTINGS['function']) {
298 $item->setActive(true);
299 }
300 $menu->addMenuItem($item);
301 }
302 $this->moduleTemplate->getDocHeaderComponent()->getMenuRegistry()->addMenu($menu);
303 }
304 }