[TASK] Apply quoteJSvalue or htmlspecialchars to getModuleUrl
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / File / CreateFolderController.php
1 <?php
2 namespace TYPO3\CMS\Backend\Controller\File;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Backend\Utility\BackendUtility;
18 use TYPO3\CMS\Core\Utility\GeneralUtility;
19
20 /**
21 * Script Class for the create-new script; Displays a form for creating up to 10 folders or one new text file
22 *
23 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
24 */
25 class CreateFolderController {
26
27 /**
28 * @var int
29 */
30 public $folderNumber = 10;
31
32 /**
33 * document template object
34 *
35 * @var \TYPO3\CMS\Backend\Template\DocumentTemplate
36 */
37 public $doc;
38
39 /**
40 * Name of the filemount
41 *
42 * @var string
43 */
44 public $title;
45
46 /**
47 * @var int
48 */
49 public $number;
50
51 /**
52 * Set with the target path inputted in &target
53 *
54 * @var string
55 */
56 public $target;
57
58 /**
59 * The folder object which is the target directory
60 *
61 * @var \TYPO3\CMS\Core\Resource\Folder $folderObject
62 */
63 protected $folderObject;
64
65 /**
66 * Return URL of list module.
67 *
68 * @var string
69 */
70 public $returnUrl;
71
72 /**
73 * Accumulating content
74 *
75 * @var string
76 */
77 public $content;
78
79 /**
80 * Constructor
81 */
82 public function __construct() {
83 $GLOBALS['SOBE'] = $this;
84 $GLOBALS['BACK_PATH'] = '';
85
86 $this->init();
87 }
88
89 /**
90 * Initialize
91 *
92 * @return void
93 */
94 protected function init() {
95 // Initialize GPvars:
96 $this->number = GeneralUtility::_GP('number');
97 $this->target = ($combinedIdentifier = GeneralUtility::_GP('target'));
98 $this->returnUrl = GeneralUtility::sanitizeLocalUrl(GeneralUtility::_GP('returnUrl'));
99 // create the folder object
100 if ($combinedIdentifier) {
101 $this->folderObject = \TYPO3\CMS\Core\Resource\ResourceFactory::getInstance()->getFolderObjectFromCombinedIdentifier($combinedIdentifier);
102 }
103 // Cleaning and checking target directory
104 if (!$this->folderObject) {
105 $title = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:paramError', TRUE);
106 $message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xlf:targetNoDir', TRUE);
107 throw new \RuntimeException($title . ': ' . $message, 1294586845);
108 }
109 if ($this->folderObject->getStorage()->getUid() === 0) {
110 throw new \TYPO3\CMS\Core\Resource\Exception\InsufficientFolderAccessPermissionsException('You are not allowed to access folders outside your storages', 1375889838);
111 }
112
113 // Setting the title and the icon
114 $icon = \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('apps-filetree-root');
115 $this->title = $icon . htmlspecialchars($this->folderObject->getStorage()->getName()) . ': ' . htmlspecialchars($this->folderObject->getIdentifier());
116 // Setting template object
117 $this->doc = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Template\DocumentTemplate::class);
118 $this->doc->setModuleTemplate('EXT:backend/Resources/Private/Templates/file_newfolder.html');
119 $this->doc->backPath = $GLOBALS['BACK_PATH'];
120 $this->doc->JScode = $this->doc->wrapScriptTags('
121 var path = "' . $this->target . '";
122
123 function reload(a) { //
124 if (!changed || (changed && confirm(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.redraw')) . '))) {
125 var params = "&target="+encodeURIComponent(path)+"&number="+a+"&returnUrl=' . rawurlencode($this->returnUrl) . '";
126 window.location.href = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('file_newfolder')) . '+params;
127 }
128 }
129 function backToList() { //
130 top.goToModule("file_list");
131 }
132
133 var changed = 0;
134 ');
135 }
136
137 /**
138 * Main function, rendering the main module content
139 *
140 * @return void
141 */
142 public function main() {
143 // Start content compilation
144 $this->content .= $this->doc->startPage($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.pagetitle'));
145 // Make page header:
146 $pageContent = $this->doc->header($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.pagetitle'));
147
148 if ($this->folderObject->checkActionPermission('add')) {
149 $code = '<form role="form" action="' . htmlspecialchars(BackendUtility::getModuleUrl('tce_file')) . '" method="post" name="editform">';
150 // Making the selector box for the number of concurrent folder-creations
151 $this->number = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($this->number, 1, 10);
152 $code .= '
153 <div class="form-group">
154 <label for="number-of-new-folders">' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.number_of_folders') . '</label>
155 <select name="number" id="number-of-new-folders" onchange="reload(this.options[this.selectedIndex].value);">';
156 for ($a = 1; $a <= $this->folderNumber; $a++) {
157 $code .= '<option value="' . $a . '"' . ($this->number == $a ? ' selected="selected"' : '') . '>' . $a . '</option>';
158 }
159 $code .= '
160 </select>
161 </div>
162 ';
163 // Making the number of new-folder boxes needed:
164 for ($a = 0; $a < $this->number; $a++) {
165 $code .= '
166 <div class="form-group">
167 <input type="text" class="form-control" name="file[newfolder][' . $a . '][data]" onchange="changed=true;" />
168 <input type="hidden" name="file[newfolder][' . $a . '][target]" value="' . htmlspecialchars($this->target) . '" />
169 </div>';
170 }
171 // Making submit button for folder creation:
172 $code .= '
173 <div class="form-group">
174 <input class="btn btn-primary" type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.submit', TRUE) . '" />
175 <input class="btn btn-danger" type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel', TRUE) . '" onclick="backToList(); return false;" />
176 <input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
177 ' . \TYPO3\CMS\Backend\Form\FormEngine::getHiddenTokenField('tceAction') . '
178 ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newfolder') . '
179 </div>
180 ';
181 $pageContent .= $code;
182 // Switching form tags:
183 $pageContent .= $this->doc->sectionEnd() . '</form>';
184 }
185
186 if ($this->folderObject->getStorage()->checkUserActionPermission('add', 'File')) {
187 $pageContent .= '<form action="' . BackendUtility::getModuleUrl('tce_file') . '" method="post" name="editform2">';
188 // Create a list of allowed file extensions with the nice format "*.jpg, *.gif" etc.
189 $fileExtList = array();
190 $textfileExt = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_CONF_VARS']['SYS']['textfile_ext'], TRUE);
191 foreach ($textfileExt as $fileExt) {
192 if (!preg_match(('/' . $GLOBALS['TYPO3_CONF_VARS']['BE']['fileDenyPattern'] . '/i'), ('.' . $fileExt))) {
193 $fileExtList[] = '*.' . $fileExt;
194 }
195 }
196 // Add form fields for creation of a new, blank text file:
197 $code = '
198 <div class="form-group">
199 <label>[' . htmlspecialchars(implode(', ', $fileExtList)) . ']</label>
200 <input class="form-control" type="text" name="file[newfile][0][data]" onchange="changed=true;" />
201 <input type="hidden" name="file[newfile][0][target]" value="' . htmlspecialchars($this->target) . '" />
202 </div>
203 ';
204 // Submit button for creation of a new file:
205 $code .= '
206 <div class="form-group">
207 <input class="btn btn-primary" type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile_submit', TRUE) . '" />
208 <input class="btn btn-danger" type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.cancel', TRUE) . '" onclick="backToList(); return false;" />
209 <input type="hidden" name="redirect" value="' . htmlspecialchars($this->returnUrl) . '" />
210 ' . \TYPO3\CMS\Backend\Form\FormEngine::getHiddenTokenField('tceAction') . '
211 ' . BackendUtility::cshItem('xMOD_csh_corebe', 'file_newfile') . '
212 </div>
213 ';
214 $pageContent .= $this->doc->section($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:file_newfolder.php.newfile'), $code);
215 $pageContent .= $this->doc->sectionEnd();
216 $pageContent .= '</form>';
217 }
218
219 $docHeaderButtons = array(
220 'back' => ''
221 );
222 // Back
223 if ($this->returnUrl) {
224 $docHeaderButtons['back'] = '<a href="' . htmlspecialchars(GeneralUtility::linkThisUrl($this->returnUrl)) . '" class="typo3-goBack" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack', TRUE) . '">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-view-go-back') . '</a>';
225 }
226 // Add the HTML as a section:
227 $markerArray = array(
228 'CSH' => $docHeaderButtons['csh'],
229 'FUNC_MENU' => BackendUtility::getFuncMenu($this->id, 'SET[function]', $this->MOD_SETTINGS['function'], $this->MOD_MENU['function']),
230 'CONTENT' => $pageContent,
231 'PATH' => $this->title
232 );
233 $this->content .= $this->doc->moduleBody(array(), $docHeaderButtons, $markerArray);
234 $this->content .= $this->doc->endPage();
235 $this->content = $this->doc->insertStylesAndJS($this->content);
236 }
237
238 /**
239 * Outputting the accumulated content to screen
240 *
241 * @return void
242 */
243 public function printContent() {
244 echo $this->content;
245 }
246
247 }