[TASK] Protect methods in ElementBrowserController
[Packages/TYPO3.CMS.git] / typo3 / sysext / recordlist / Classes / Controller / ElementBrowserController.php
1 <?php
2 namespace TYPO3\CMS\Recordlist\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Routing\UriBuilder;
20 use TYPO3\CMS\Backend\Template\DocumentTemplate;
21 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
22 use TYPO3\CMS\Core\Compatibility\PublicMethodDeprecationTrait;
23 use TYPO3\CMS\Core\Http\HtmlResponse;
24 use TYPO3\CMS\Core\Http\RedirectResponse;
25 use TYPO3\CMS\Core\Localization\LanguageService;
26 use TYPO3\CMS\Core\Utility\GeneralUtility;
27 use TYPO3\CMS\Recordlist\Browser\ElementBrowserInterface;
28
29 /**
30 * Script class for the Element Browser window.
31 */
32 class ElementBrowserController
33 {
34 use PublicMethodDeprecationTrait;
35
36 /**
37 * @var array
38 */
39 private $deprecatedPublicMethods = [
40 'main' => 'Using ElementBrowserController::main() is deprecated and will not be possible anymore in TYPO3 v10.',
41 ];
42
43 /**
44 * The mode determines the main kind of output of the element browser.
45 *
46 * There are these options for values:
47 * - "db" will allow you to browse for pages or records in the page tree for FormEngine select fields
48 * - "file" will allow you to browse for files in the folder mounts for FormEngine file selections
49 * - "folder" will allow you to browse for folders in the folder mounts for FormEngine folder selections
50 * - Other options may be registered via extensions
51 *
52 * @var string
53 */
54 protected $mode;
55
56 /**
57 * Document template object
58 *
59 * @var DocumentTemplate
60 */
61 public $doc;
62
63 /**
64 * Constructor
65 */
66 public function __construct()
67 {
68 $GLOBALS['SOBE'] = $this;
69
70 // Creating backend template object:
71 // this might not be needed but some classes refer to $GLOBALS['SOBE']->doc, so ...
72 $this->doc = GeneralUtility::makeInstance(DocumentTemplate::class);
73
74 $this->init();
75 }
76
77 /**
78 * Initialize the controller
79 */
80 protected function init()
81 {
82 $this->getLanguageService()->includeLLFile('EXT:recordlist/Resources/Private/Language/locallang_browse_links.xlf');
83
84 $this->mode = GeneralUtility::_GP('mode');
85 }
86
87 /**
88 * Injects the request object for the current request or sub-request
89 * As this controller goes only through the main() method, it is rather simple for now
90 *
91 * @param ServerRequestInterface $request the current request
92 * @return ResponseInterface the response with the content
93 */
94 public function mainAction(ServerRequestInterface $request): ResponseInterface
95 {
96 // Fallback for old calls, which use mode "wizard" or "rte" for link selection
97 if ($this->mode === 'wizard' || $this->mode === 'rte') {
98 $uriBuilder = GeneralUtility::makeInstance(UriBuilder::class);
99 return new RedirectResponse((string)$uriBuilder->buildUriFromRoute('wizard_link', $_GET), 303);
100 }
101 return new HtmlResponse($this->main());
102 }
103
104 /**
105 * Main function, detecting the current mode of the element browser and branching out to internal methods.
106 *
107 * @return string HTML content
108 */
109 protected function main()
110 {
111 $content = '';
112
113 // Render type by user func
114 $browserRendered = false;
115 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['typo3/browse_links.php']['browserRendering'] ?? [] as $className) {
116 $browserRenderObj = GeneralUtility::makeInstance($className);
117 if (is_object($browserRenderObj) && method_exists($browserRenderObj, 'isValid') && method_exists($browserRenderObj, 'render')) {
118 if ($browserRenderObj->isValid($this->mode, $this)) {
119 $content = $browserRenderObj->render($this->mode, $this);
120 $browserRendered = true;
121 break;
122 }
123 }
124 }
125
126 // if type was not rendered use default rendering functions
127 if (!$browserRendered) {
128 $browser = $this->getElementBrowserInstance();
129
130 $backendUser = $this->getBackendUser();
131 $modData = $backendUser->getModuleData('browse_links.php', 'ses');
132 list($modData) = $browser->processSessionData($modData);
133 $backendUser->pushModuleData('browse_links.php', $modData);
134
135 $content = $browser->render();
136 }
137
138 return $content;
139 }
140
141 /**
142 * Get instance of the actual element browser
143 *
144 * This method shall be overwritten in subclasses
145 *
146 * @return ElementBrowserInterface
147 * @throws \UnexpectedValueException
148 */
149 protected function getElementBrowserInstance()
150 {
151 $className = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ElementBrowsers'][$this->mode];
152 $browser = GeneralUtility::makeInstance($className);
153 if (!$browser instanceof ElementBrowserInterface) {
154 throw new \UnexpectedValueException('The specified element browser "' . $className . '" does not implement the required ElementBrowserInterface', 1442763890);
155 }
156 return $browser;
157 }
158
159 /**
160 * @return LanguageService
161 */
162 protected function getLanguageService()
163 {
164 return $GLOBALS['LANG'];
165 }
166
167 /**
168 * @return BackendUserAuthentication
169 */
170 protected function getBackendUser()
171 {
172 return $GLOBALS['BE_USER'];
173 }
174 }