[SECURITY] XSS in (old) extension manager information function
[Packages/TYPO3.CMS.git] / typo3 / sysext / core / Classes / TypoScript / ConfigurationForm.php
1 <?php
2 namespace TYPO3\CMS\Core\TypoScript;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 1999-2013 Kasper Skårhøj (kasperYYYY@typo3.com)
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the text file GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29 /**
30 * Provides a simplified layer for making Constant Editor style configuration forms
31 *
32 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
33 */
34 class ConfigurationForm extends \TYPO3\CMS\Core\TypoScript\ExtendedTemplateService {
35
36 // Internal
37 /**
38 * @todo Define visibility
39 */
40 public $categories = array();
41
42 /**
43 * @todo Define visibility
44 */
45 public $ext_dontCheckIssetValues = 1;
46
47 /**
48 * @todo Define visibility
49 */
50 public $ext_CEformName = 'tsStyleConfigForm';
51
52 /**
53 * @todo Define visibility
54 */
55 public $ext_printAll = 1;
56
57 /**
58 * @todo Define visibility
59 */
60 public $ext_incomingValues = array();
61
62 /**
63 * @param string $configTemplate
64 * @param string $pathRel PathRel is the path relative to the typo3/ directory
65 * @param string $pathAbs PathAbs is the absolute path from root
66 * @param string $backPath BackPath is the backReference from current position to typo3/ dir
67 * @return [type] ...
68 * @todo Define visibility
69 */
70 public function ext_initTSstyleConfig($configTemplate, $pathRel, $pathAbs, $backPath) {
71 // Do not log time-performance information
72 $this->tt_track = 0;
73 $this->constants = array($configTemplate, '');
74 // The editable constants are returned in an array.
75 $theConstants = $this->generateConfig_constants();
76 $this->ext_localGfxPrefix = $pathAbs;
77 $this->ext_localWebGfxPrefix = $backPath . $pathRel;
78 $this->ext_backPath = $backPath;
79 return $theConstants;
80 }
81
82 /**
83 * [Describe function...]
84 *
85 * @param [type] $theConstants: ...
86 * @param [type] $valueArray: ...
87 * @return [type] ...
88 * @todo Define visibility
89 */
90 public function ext_setValueArray($theConstants, $valueArray) {
91 $temp = $this->flatSetup;
92 $this->flatSetup = array();
93 $this->flattenSetup($valueArray, '', '');
94 $this->objReg = ($this->ext_realValues = $this->flatSetup);
95 $this->flatSetup = $temp;
96 foreach ($theConstants as $k => $p) {
97 if (isset($this->objReg[$k])) {
98 $theConstants[$k]['value'] = $this->ext_realValues[$k];
99 }
100 }
101 // Reset the default pool of categories.
102 $this->categories = array();
103 // The returned constants are sorted in categories, that goes into the $this->categories array
104 $this->ext_categorizeEditableConstants($theConstants);
105 return $theConstants;
106 }
107
108 /**
109 * [Describe function...]
110 *
111 * @return [type] ...
112 * @todo Define visibility
113 */
114 public function ext_getCategoriesForModMenu() {
115 return $this->ext_getCategoryLabelArray();
116 }
117
118 /**
119 * [Describe function...]
120 *
121 * @param [type] $cat: ...
122 * @return [type] ...
123 * @todo Define visibility
124 */
125 public function ext_makeHelpInformationForCategory($cat) {
126 return $this->ext_getTSCE_config($cat);
127 }
128
129 /**
130 * Get the form for extension configuration
131 *
132 * @param string $cat
133 * @param array $theConstants
134 * @param string $script
135 * @param string $addFields
136 * @param string $extKey
137 * @param boolean Adds opening <form> tag to the ouput, if TRUE
138 * @return string The form
139 * @todo Define visibility
140 */
141 public function ext_getForm($cat, $theConstants, $script = '', $addFields = '', $extKey = '', $addFormTag = TRUE) {
142 $this->ext_makeHelpInformationForCategory($cat);
143 $printFields = trim($this->ext_printFields($theConstants, $cat));
144 $content = '';
145 $content .= \TYPO3\CMS\Core\Utility\GeneralUtility::wrapJS('
146 function uFormUrl(aname) {
147 document.' . $this->ext_CEformName . '.action = ' . \TYPO3\CMS\Core\Utility\GeneralUtility::quoteJSvalue(\TYPO3\CMS\Core\Utility\GeneralUtility::linkThisScript() . '#') . '+aname;
148 }
149 ');
150 if ($addFormTag) {
151 $content .= '<form action="' . htmlspecialchars(($script ?: \TYPO3\CMS\Core\Utility\GeneralUtility::linkThisScript())) . '" name="' . $this->ext_CEformName . '" method="post" enctype="' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['form_enctype'] . '">';
152 }
153 $content .= $addFields;
154 $content .= $printFields;
155 $content .= '<input type="submit" name="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_tsfe.xlf:update', TRUE) . '" id="configuration-submit-' . htmlspecialchars($extKey) . '" />';
156 $example = $this->ext_displayExample();
157 $content .= $example ? '<hr/>' . $example : '';
158 return $content;
159 }
160
161 /**
162 * [Describe function...]
163 *
164 * @return [type] ...
165 * @todo Define visibility
166 */
167 public function ext_displayExample() {
168 if ($this->helpConfig['imagetag'] || $this->helpConfig['description'] || $this->helpConfig['header']) {
169 $out = '<div align="center">' . $this->helpConfig['imagetag'] . '</div><BR>' . ($this->helpConfig['description'] ? implode(explode('//', $this->helpConfig['description']), '<BR>') . '<BR>' : '') . ($this->helpConfig['bulletlist'] ? '<ul><li>' . implode(explode('//', $this->helpConfig['bulletlist']), '<li>') . '</ul>' : '<BR>');
170 }
171 return $out;
172 }
173
174 /**
175 * [Describe function...]
176 *
177 * @param [type] $arr: ...
178 * @return [type] ...
179 * @todo Define visibility
180 */
181 public function ext_mergeIncomingWithExisting($arr) {
182 $parseObj = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\TypoScript\\Parser\\TypoScriptParser');
183 $parseObj->parse(implode(LF, $this->ext_incomingValues));
184 $arr2 = $parseObj->setup;
185 \TYPO3\CMS\Core\Utility\ArrayUtility::mergeRecursiveWithOverrule($arr, $arr2);
186 return $arr;
187 }
188
189 // Extends:
190 /**
191 * @todo Define visibility
192 */
193 public function ext_getKeyImage($key) {
194 return '<img' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($this->ext_backPath, ('gfx/rednumbers/' . $key . '.gif'), '') . ' hspace="2" align="top" alt="" />';
195 }
196
197 /**
198 * [Describe function...]
199 *
200 * @param [type] $imgConf: ...
201 * @return [type] ...
202 * @todo Define visibility
203 */
204 public function ext_getTSCE_config_image($imgConf) {
205 $iFile = $this->ext_localGfxPrefix . $imgConf;
206 $tFile = $this->ext_localWebGfxPrefix . $imgConf;
207 $imageInfo = @getImagesize($iFile);
208 return '<img src="' . $tFile . '" ' . $imageInfo[3] . '>';
209 }
210
211 /**
212 * [Describe function...]
213 *
214 * @param [type] $params: ...
215 * @return [type] ...
216 * @todo Define visibility
217 */
218 public function ext_fNandV($params) {
219 $fN = 'data[' . $params['name'] . ']';
220 $fV = ($params['value'] = isset($this->ext_realValues[$params['name']]) ? $this->ext_realValues[$params['name']] : $params['default_value']);
221 $reg = array();
222 // Values entered from the constantsedit cannot be constants!
223 if (preg_match('/^\\{[\\$][a-zA-Z0-9\\.]*\\}$/', trim($fV), $reg)) {
224 $fV = '';
225 }
226 $fV = htmlspecialchars($fV);
227 return array($fN, $fV, $params);
228 }
229
230 /**
231 * [Describe function...]
232 *
233 * @param [type] $key: ...
234 * @param [type] $var: ...
235 * @return [type] ...
236 * @todo Define visibility
237 */
238 public function ext_putValueInConf($key, $var) {
239 $this->ext_incomingValues[$key] = $key . '=' . $var;
240 }
241
242 /**
243 * [Describe function...]
244 *
245 * @param [type] $key: ...
246 * @return [type] ...
247 * @todo Define visibility
248 */
249 public function ext_removeValueInConf($key) {
250
251 }
252
253 }