734f32f5d71dc7276f818cace61e03f9153bc3ed
[Packages/TYPO3.CMS.git] / typo3 / sysext / form / Classes / Hooks / ContentObjectHook.php
1 <?php
2 namespace TYPO3\CMS\Form\Hooks;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use TYPO3\CMS\Core\TypoScript\Parser\TypoScriptParser;
18 use TYPO3\CMS\Core\Utility\ArrayUtility;
19 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
20 use TYPO3\CMS\Core\Utility\GeneralUtility;
21 use TYPO3\CMS\Extbase\Core\Bootstrap;
22 use TYPO3\CMS\Form\Domain\Model\Configuration;
23 use TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer;
24
25 /**
26 * Hook cObjGetSingleExt
27 */
28 class ContentObjectHook
29 {
30 /**
31 * Renders the application defined cObject FORM
32 * which overrides the TYPO3 default cObject FORM
33 *
34 * If FORM is dedected by the ContentObjectRenderer,
35 * the Extbase plugin "Form" is initialized. At this time, the
36 * controller "Frontend" action "execute" does the rest.
37 *
38 * @param string $typoScriptObjectName Name of the object
39 * @param array $typoScript TS configuration for this cObject
40 * @param string $typoScriptKey A string label used for the internal debugging tracking.
41 * @param ContentObjectRenderer $contentObject reference
42 * @return string HTML output
43 */
44 public function cObjGetSingleExt($typoScriptObjectName, array $typoScript, $typoScriptKey, ContentObjectRenderer $contentObject)
45 {
46 $content = '';
47 // render the FORM CE from TYPO3 < 4.6
48 if ($typoScriptObjectName === 'FORM'
49 && !empty($typoScript['useDefaultContentObject'])
50 && ExtensionManagementUtility::isLoaded('compatibility6')
51 ) {
52 $content = $contentObject->getContentObject($typoScriptObjectName)->render($typoScript);
53 } elseif ($typoScriptObjectName === 'FORM') {
54 $mergedTypoScript = null;
55 // If the FORM configuration comes from the database
56 // all TypoScript interpretation will be disabled for security.
57 if ($contentObject->data['CType'] === 'mailform') {
58 // If the FORM configuration comes from the database
59 // and a predefined form is selected than the TypoScript
60 // interpretation is allowed.
61 $renderPredefinedForm = false;
62 if (isset($contentObject->data['tx_form_predefinedform'])
63 && !empty($contentObject->data['tx_form_predefinedform'])
64 ) {
65 $predefinedFormIdentifier = $contentObject->data['tx_form_predefinedform'];
66 if (isset($GLOBALS['TSFE']->tmpl->setup['plugin.']['tx_form.']['predefinedForms.'][$predefinedFormIdentifier . '.'])) {
67 $renderPredefinedForm = true;
68 } else {
69 throw new \InvalidArgumentException('No FORM configuration for identifier "' . $predefinedFormIdentifier . '" available.', 1457097250);
70 }
71 }
72
73 if ($renderPredefinedForm) {
74 $mergedTypoScript = $GLOBALS['TSFE']->tmpl->setup['plugin.']['tx_form.']['predefinedForms.'][$predefinedFormIdentifier . '.'];
75 ArrayUtility::mergeRecursiveWithOverrule($mergedTypoScript, $typoScript);
76 } else {
77 $bodytext = $contentObject->data['bodytext'];
78 /** @var $typoScriptParser TypoScriptParser */
79 $typoScriptParser = GeneralUtility::makeInstance(TypoScriptParser::class);
80 $typoScriptParser->parse($bodytext);
81 $mergedTypoScript = (array)$typoScriptParser->setup;
82 ArrayUtility::mergeRecursiveWithOverrule($mergedTypoScript, $typoScript);
83 // Disables TypoScript interpretation since TypoScript is handled that could contain insecure settings:
84 $mergedTypoScript[Configuration::DISABLE_CONTENT_ELEMENT_RENDERING] = true;
85 }
86 }
87 $newTypoScript = (is_array($mergedTypoScript) ? $mergedTypoScript : $typoScript);
88
89 $extbase = GeneralUtility::makeInstance(Bootstrap::class);
90 $content = $extbase->run('', array(
91 'pluginName' => 'Form',
92 'extensionName' => 'Form',
93 'vendorName' => 'TYPO3\\CMS',
94 'controller' => 'Frontend',
95 'action' => 'show',
96 'settings' => array('typoscript' => $newTypoScript),
97 'persistence' => array(),
98 'view' => array(),
99 ));
100
101 // Only apply stdWrap to TypoScript that was NOT created by the wizard:
102 if (isset($typoScript['stdWrap.'])) {
103 $content = $contentObject->stdWrap($content, $typoScript['stdWrap.']);
104 }
105 }
106 return $content;
107 }
108 }