Fixed bug #17133: Pagetree - qtip can be used to execute custom javascript (XSS)...
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_flashmessagequeue.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 2009-2011 Rupert Germann <rupi@gmx.li>
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27
28
29 /**
30 * A class which collects and renders flash messages.
31 *
32 * @author Rupert Germann <rupi@gmx.li>
33 * @package TYPO3
34 * @subpackage t3lib
35 */
36 class t3lib_FlashMessageQueue {
37
38 static $messages = array();
39
40 /**
41 * Static class, no instances allowed.
42 */
43 protected function __construct() {
44 }
45
46
47 /**
48 * Adds a message either to the BE_USER session (if the $message has the storeInSession flag set)
49 * or it adds the message to self::$messages.
50 *
51 * @param object instance of t3lib_FlashMessage, representing a message
52 * @return void
53 */
54 public static function addMessage(t3lib_FlashMessage $message) {
55 if ($message->isSessionMessage()) {
56 $queuedFlashMessages = self::getFlashMessagesFromSession();
57 $queuedFlashMessages[] = $message;
58 self::storeFlashMessagesInSession($queuedFlashMessages);
59 } else {
60 self::$messages[] = $message;
61 }
62 }
63
64 /**
65 * Returns all messages from the current PHP session and from the current request.
66 *
67 * @return array array of t3lib_FlashMessage objects
68 */
69 public static function getAllMessages() {
70 // get messages from user session
71 $queuedFlashMessagesFromSession = self::getFlashMessagesFromSession();
72 $queuedFlashMessages = array_merge($queuedFlashMessagesFromSession, self::$messages);
73
74 return $queuedFlashMessages;
75 }
76
77 /**
78 * Returns all messages from the current PHP session and from the current request.
79 * After fetching the messages the internal queue and the message queue in the session
80 * will be emptied.
81 *
82 * @return array array of t3lib_FlashMessage objects
83 */
84 public static function getAllMessagesAndFlush() {
85 $queuedFlashMessages = self::getAllMessages();
86
87 // reset messages in user session
88 self::removeAllFlashMessagesFromSession();
89 // reset internal messages
90 self::$messages = array();
91
92 return $queuedFlashMessages;
93 }
94
95 /**
96 * Stores given flash messages in the session
97 *
98 * @param array array of t3lib_FlashMessage
99 * @return void
100 */
101 protected static function storeFlashMessagesInSession(array $flashMessages) {
102 self::getUserByContext()->setAndSaveSessionData('core.template.flashMessages', $flashMessages);
103
104 }
105
106 /**
107 * Removes all flash messages from the session
108 *
109 * @return void
110 */
111 protected static function removeAllFlashMessagesFromSession() {
112 self::getUserByContext()->setAndSaveSessionData('core.template.flashMessages', NULL);
113 }
114
115 /**
116 * Returns current flash messages from the session, making sure to always
117 * return an array.
118 *
119 * @return array An array of t3lib_FlashMessage flash messages.
120 */
121 protected static function getFlashMessagesFromSession() {
122 $flashMessages = self::getUserByContext()->getSessionData('core.template.flashMessages');
123
124 return is_array($flashMessages) ? $flashMessages : array();
125 }
126
127 /**
128 * Gets user object by context
129 *
130 * @return object user object
131 */
132 protected static function getUserByContext() {
133 return TYPO3_MODE === 'BE' ? $GLOBALS['BE_USER'] : $GLOBALS['TSFE']->fe_user;
134 }
135
136 /**
137 * Fetches and renders all available flash messages from the queue.
138 *
139 * @return string All flash messages in the queue rendered as HTML.
140 */
141 public static function renderFlashMessages() {
142 $content = '';
143 $flashMessages = self::getAllMessagesAndFlush();
144
145 if (count($flashMessages)) {
146 foreach ($flashMessages as $flashMessage) {
147 $content .= $flashMessage->render();
148 }
149 }
150 return $content;
151 }
152
153
154 }
155
156
157 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_flashmessagequeue.php'])) {
158 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_flashmessagequeue.php']);
159 }
160 ?>