Fixed bug #17133: Pagetree - qtip can be used to execute custom javascript (XSS)...
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_tceforms_fe.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * [CLASS/FUNCTION INDEX of SCRIPT]
29 *
30 *
31 *
32 * 60: class t3lib_TCEforms_FE extends t3lib_TCEforms
33 * 68: public function wrapLabels($str)
34 * 78: public function printPalette(array $paletteArray)
35 * 102: public function setFancyDesign()
36 * 131: public function loadJavascriptLib($lib)
37 * 146: public function addStyleSheet($key, $href, $title='', $relation='stylesheet')
38 *
39 * TOTAL FUNCTIONS: 5
40 * (This index is automatically created/updated by the extension "extdeveval")
41 *
42 */
43
44 /**
45 * Contains a frontend version of the TYPO3 Core Form generator - AKA "TCEforms"
46 *
47 * $Id$
48 *
49 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
50 */
51
52
53 /**
54 * Extension class for the rendering of TCEforms in the frontend
55 *
56 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
57 */
58 class t3lib_TCEforms_FE extends t3lib_TCEforms {
59
60 /**
61 * Constructs this object.
62 */
63 public function __construct() {
64 $this->initializeTemplateContainer();
65 parent::__construct();
66 }
67
68 /**
69 * Function for wrapping labels.
70 *
71 * @param string The string to wrap
72 * @return string
73 */
74 public function wrapLabels($str) {
75 return '<font face="verdana" size="1" color="black">' . $str . '</font>';
76 }
77
78 /**
79 * Prints the palette in the frontend editing (forms-on-page?)
80 *
81 * @param array The palette array to print
82 * @return string HTML output
83 */
84 public function printPalette(array $paletteArray) {
85 $out = '';
86 $bgColor = ' bgcolor="#D6DAD0"';
87 foreach ($paletteArray as $content) {
88 $hRow[] = '<td' . $bgColor . '><font face="verdana" size="1">&nbsp;</font></td><td nowrap="nowrap"' . $bgColor . '><font color="#666666" face="verdana" size="1">' . $content['NAME'] . '</font></td>';
89 $iRow[] = '<td valign="top">' .
90 '<img name="req_' . $content['TABLE'] . '_' . $content['ID'] . '_' . $content['FIELD'] . '" src="clear.gif" width="10" height="10" alt="" />' .
91 '<img name="cm_' . $content['TABLE'] . '_' . $content['ID'] . '_' . $content['FIELD'] . '" src="clear.gif" width="7" height="10" alt="" />' .
92 '</td><td nowrap="nowrap" valign="top">' . $content['ITEM'] . $content['HELP_ICON'] . '</td>';
93 }
94 $out = '<table border="0" cellpadding="0" cellspacing="0">
95 <tr><td><img src="clear.gif" width="' . intval($this->paletteMargin) . '" height="1" alt="" /></td>' . implode('', $hRow) . '</tr>
96 <tr><td></td>' . implode('', $iRow) . '</tr>
97 </table>';
98
99 return $out;
100 }
101
102 /**
103 * Sets the fancy front-end design of the editor.
104 * Frontend
105 *
106 * @return void
107 */
108 public function setFancyDesign() {
109 $this->fieldTemplate = '
110 <tr>
111 <td nowrap="nowrap" bgcolor="#F6F2E6">###FIELD_HELP_ICON###<font face="verdana" size="1" color="black"><strong>###FIELD_NAME###</strong></font>###FIELD_HELP_TEXT###</td>
112 </tr>
113 <tr>
114 <td nowrap="nowrap" bgcolor="#ABBBB4"><img name="req_###FIELD_TABLE###_###FIELD_ID###_###FIELD_FIELD###" src="clear.gif" width="10" height="10" alt="" /><img name="cm_###FIELD_TABLE###_###FIELD_ID###_###FIELD_FIELD###" src="clear.gif" width="7" height="10" alt="" /><font face="verdana" size="1" color="black">###FIELD_ITEM###</font>###FIELD_PAL_LINK_ICON###</td>
115 </tr> ';
116
117 $this->totalWrap = '<table border="0" cellpadding="1" cellspacing="0" bgcolor="black"><tr><td><table border="0" cellpadding="2" cellspacing="0">|</table></td></tr></table>';
118
119 $this->palFieldTemplate = '
120 <tr>
121 <td nowrap="nowrap" bgcolor="#ABBBB4"><font face="verdana" size="1" color="black">###FIELD_PALETTE###</font></td>
122 </tr> ';
123 $this->palFieldTemplateHeader = '
124 <tr>
125 <td nowrap="nowrap" bgcolor="#F6F2E6"><font face="verdana" size="1" color="black"><strong>###FIELD_HEADER###</strong></font></td>
126 </tr> ';
127 }
128
129 /**
130 * Includes a javascript library that exists in the core /typo3/ directory. The
131 * backpath is automatically applied.
132 * This method adds the library to $GLOBALS['TSFE']->additionalHeaderData[$lib].
133 *
134 * @param string $lib: Library name. Call it with the full path like "contrib/prototype/prototype.js" to load it
135 * @return void
136 */
137 public function loadJavascriptLib($lib) {
138 /** @var $pageRenderer t3lib_PageRenderer */
139 $pageRenderer = $GLOBALS['TSFE']->getPageRenderer();
140 $pageRenderer->addJsLibrary($lib, $this->prependBackPath($lib));
141
142 }
143
144 /**
145 * Insert additional style sheet link
146 *
147 * @param string $key: some key identifying the style sheet
148 * @param string $href: uri to the style sheet file
149 * @param string $title: value for the title attribute of the link element
150 * @return string $relation: value for the rel attribute of the link element
151 * @return void
152 */
153 public function addStyleSheet($key, $href, $title = '', $relation = 'stylesheet') {
154 /** @var $pageRenderer t3lib_PageRenderer */
155 $pageRenderer = $GLOBALS['TSFE']->getPageRenderer();
156 $pageRenderer->addCssFile($this->prependBackPath($href), $relation, 'screen', $title);
157 }
158
159 /**
160 * Initializes an anonymous template container.
161 * The created container can be compared to alt_doc.php in backend-only disposal.
162 *
163 * @return void
164 */
165 public function initializeTemplateContainer() {
166 t3lib_div::requireOnce(PATH_typo3 . 'template.php');
167 $GLOBALS['TBE_TEMPLATE'] = t3lib_div::makeInstance('frontendDoc');
168 $GLOBALS['TBE_TEMPLATE']->getPageRenderer()->addInlineSetting(
169 '', 'PATH_typo3', t3lib_div::dirname(t3lib_div::getIndpEnv('SCRIPT_NAME')) . '/' . TYPO3_mainDir
170 );
171
172 $GLOBALS['SOBE'] = new stdClass();
173 $GLOBALS['SOBE']->doc = $GLOBALS['TBE_TEMPLATE'];
174 }
175
176 /**
177 * Prepends backPath to given URL if it's not an absolute URL
178 *
179 * @param string $url
180 * @return string
181 */
182 private function prependBackPath($url) {
183 if (strpos($url, '://') !== FALSE || substr($url, 0, 1) === '/') {
184 return $url;
185 } else {
186 return $this->backPath . $url;
187 }
188
189 }
190 }
191
192 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_tceforms_fe.php'])) {
193 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['t3lib/class.t3lib_tceforms_fe.php']);
194 }
195
196 ?>