[!!!][SECURITY] Add CSRF Protection for tce_file.php
[Packages/TYPO3.CMS.git] / typo3 / sysext / recordlist / Classes / RecordList.php
1 <?php
2 namespace TYPO3\CMS\Recordlist;
3
4 /***************************************************************
5 * Copyright notice
6 *
7 * (c) 1999-2013 Kasper Skårhøj (kasperYYYY@typo3.com)
8 * All rights reserved
9 *
10 * This script is part of the TYPO3 project. The TYPO3 project is
11 * free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
15 *
16 * The GNU General Public License can be found at
17 * http://www.gnu.org/copyleft/gpl.html.
18 * A copy is found in the text file GPL.txt and important notices to the license
19 * from the author is found in LICENSE.txt distributed with these scripts.
20 *
21 *
22 * This script is distributed in the hope that it will be useful,
23 * but WITHOUT ANY WARRANTY; without even the implied warranty of
24 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 * GNU General Public License for more details.
26 *
27 * This copyright notice MUST APPEAR in all copies of the script!
28 ***************************************************************/
29
30 use TYPO3\CMS\Core\Utility\GeneralUtility;
31 use TYPO3\CMS\Backend\Utility\BackendUtility;
32
33 /**
34 * Script Class for the Web > List module; rendering the listing of records on a page
35 *
36 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
37 */
38 class RecordList {
39
40 // Internal, GPvars:
41 // Page Id for which to make the listing
42 /**
43 * @var integer
44 * @todo Define visibility
45 */
46 public $id;
47
48 // Pointer - for browsing list of records.
49 /**
50 * @todo Define visibility
51 */
52 public $pointer;
53
54 // Thumbnails or not
55 /**
56 * @todo Define visibility
57 */
58 public $imagemode;
59
60 // Which table to make extended listing for
61 /**
62 * @todo Define visibility
63 */
64 public $table;
65
66 // Search-fields
67 /**
68 * @todo Define visibility
69 */
70 public $search_field;
71
72 // Search-levels
73 /**
74 * @todo Define visibility
75 */
76 public $search_levels;
77
78 // Show-limit
79 /**
80 * @todo Define visibility
81 */
82 public $showLimit;
83
84 // Return URL
85 /**
86 * @todo Define visibility
87 */
88 public $returnUrl;
89
90 // Clear-cache flag - if set, clears page cache for current id.
91 /**
92 * @todo Define visibility
93 */
94 public $clear_cache;
95
96 // Command: Eg. "delete" or "setCB" (for TCEmain / clipboard operations)
97 /**
98 * @todo Define visibility
99 */
100 public $cmd;
101
102 // Table on which the cmd-action is performed.
103 /**
104 * @todo Define visibility
105 */
106 public $cmd_table;
107
108 // Internal, static:
109 // Page select perms clause
110 /**
111 * @todo Define visibility
112 */
113 public $perms_clause;
114
115 // Module TSconfig
116 /**
117 * @todo Define visibility
118 */
119 public $modTSconfig;
120
121 // Current ids page record
122 /**
123 * @todo Define visibility
124 */
125 public $pageinfo;
126
127 /**
128 * Document template object
129 *
130 * @var \TYPO3\CMS\Backend\Template\DocumentTemplate
131 * @todo Define visibility
132 */
133 public $doc;
134
135 // Module configuration
136 /**
137 * @todo Define visibility
138 */
139 public $MCONF = array();
140
141 // Menu configuration
142 /**
143 * @todo Define visibility
144 */
145 public $MOD_MENU = array();
146
147 // Module settings (session variable)
148 /**
149 * @todo Define visibility
150 */
151 public $MOD_SETTINGS = array();
152
153 // Array, where files to include is accumulated in the init() function
154 /**
155 * @todo Define visibility
156 */
157 public $include_once = array();
158
159 // Internal, dynamic:
160 // Module output accumulation
161 /**
162 * @todo Define visibility
163 */
164 public $content;
165
166 /**
167 * Constructor
168 */
169 public function __construct() {
170 $GLOBALS['LANG']->includeLLFile('EXT:lang/locallang_mod_web_list.xlf');
171 $GLOBALS['BE_USER']->modAccess($GLOBALS['MCONF'], 1);
172 }
173
174 /**
175 * Initializing the module
176 *
177 * @return void
178 * @todo Define visibility
179 */
180 public function init() {
181 // Setting module configuration / page select clause
182 $this->MCONF = $GLOBALS['MCONF'];
183 $this->perms_clause = $GLOBALS['BE_USER']->getPagePermsClause(1);
184 // GPvars:
185 $this->id = (int)GeneralUtility::_GP('id');
186 $this->pointer = GeneralUtility::_GP('pointer');
187 $this->imagemode = GeneralUtility::_GP('imagemode');
188 $this->table = GeneralUtility::_GP('table');
189 $this->search_field = GeneralUtility::_GP('search_field');
190 $this->search_levels = (int)GeneralUtility::_GP('search_levels');
191 $this->showLimit = GeneralUtility::_GP('showLimit');
192 $this->returnUrl = GeneralUtility::sanitizeLocalUrl(GeneralUtility::_GP('returnUrl'));
193 $this->clear_cache = GeneralUtility::_GP('clear_cache');
194 $this->cmd = GeneralUtility::_GP('cmd');
195 $this->cmd_table = GeneralUtility::_GP('cmd_table');
196 // Initialize menu
197 $this->menuConfig();
198 }
199
200 /**
201 * Initialize function menu array
202 *
203 * @return void
204 * @todo Define visibility
205 */
206 public function menuConfig() {
207 // MENU-ITEMS:
208 $this->MOD_MENU = array(
209 'bigControlPanel' => '',
210 'clipBoard' => '',
211 'localization' => ''
212 );
213 // Loading module configuration:
214 $this->modTSconfig = BackendUtility::getModTSconfig($this->id, 'mod.' . $this->MCONF['name']);
215 // Clean up settings:
216 $this->MOD_SETTINGS = BackendUtility::getModuleData($this->MOD_MENU, GeneralUtility::_GP('SET'), $this->MCONF['name']);
217 }
218
219 /**
220 * Clears page cache for the current id, $this->id
221 *
222 * @return void
223 * @todo Define visibility
224 */
225 public function clearCache() {
226 if ($this->clear_cache) {
227 $tce = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
228 $tce->stripslashes_values = 0;
229 $tce->start(array(), array());
230 $tce->clear_cacheCmd($this->id);
231 }
232 }
233
234 /**
235 * Main function, starting the rendering of the list.
236 *
237 * @return void
238 * @todo Define visibility
239 */
240 public function main() {
241 // Start document template object:
242 $this->doc = GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\Template\\DocumentTemplate');
243 $this->doc->backPath = $GLOBALS['BACK_PATH'];
244 $this->doc->setModuleTemplate('EXT:recordlist/Resources/Private/Templates/db_list.html');
245 // Loading current page record and checking access:
246 $this->pageinfo = BackendUtility::readPageAccess($this->id, $this->perms_clause);
247 $access = is_array($this->pageinfo) ? 1 : 0;
248 // Apply predefined values for hidden checkboxes
249 // Set predefined value for DisplayBigControlPanel:
250 if ($this->modTSconfig['properties']['enableDisplayBigControlPanel'] === 'activated') {
251 $this->MOD_SETTINGS['bigControlPanel'] = TRUE;
252 } elseif ($this->modTSconfig['properties']['enableDisplayBigControlPanel'] === 'deactivated') {
253 $this->MOD_SETTINGS['bigControlPanel'] = FALSE;
254 }
255 // Set predefined value for Clipboard:
256 if ($this->modTSconfig['properties']['enableClipBoard'] === 'activated') {
257 $this->MOD_SETTINGS['clipBoard'] = TRUE;
258 } elseif ($this->modTSconfig['properties']['enableClipBoard'] === 'deactivated') {
259 $this->MOD_SETTINGS['clipBoard'] = FALSE;
260 }
261 // Set predefined value for LocalizationView:
262 if ($this->modTSconfig['properties']['enableLocalizationView'] === 'activated') {
263 $this->MOD_SETTINGS['localization'] = TRUE;
264 } elseif ($this->modTSconfig['properties']['enableLocalizationView'] === 'deactivated') {
265 $this->MOD_SETTINGS['localization'] = FALSE;
266 }
267 // Initialize the dblist object:
268 /** @var $dblist \TYPO3\CMS\Recordlist\RecordList\DatabaseRecordList */
269 $dblist = GeneralUtility::makeInstance('TYPO3\\CMS\\Recordlist\\RecordList\\DatabaseRecordList');
270 $dblist->backPath = $GLOBALS['BACK_PATH'];
271 $dblist->script = BackendUtility::getModuleUrl('web_list', array(), '');
272 $dblist->calcPerms = $GLOBALS['BE_USER']->calcPerms($this->pageinfo);
273 $dblist->thumbs = $GLOBALS['BE_USER']->uc['thumbnailsByDefault'];
274 $dblist->returnUrl = $this->returnUrl;
275 $dblist->allFields = $this->MOD_SETTINGS['bigControlPanel'] || $this->table ? 1 : 0;
276 $dblist->localizationView = $this->MOD_SETTINGS['localization'];
277 $dblist->showClipboard = 1;
278 $dblist->disableSingleTableView = $this->modTSconfig['properties']['disableSingleTableView'];
279 $dblist->listOnlyInSingleTableMode = $this->modTSconfig['properties']['listOnlyInSingleTableView'];
280 $dblist->hideTables = $this->modTSconfig['properties']['hideTables'];
281 $dblist->hideTranslations = $this->modTSconfig['properties']['hideTranslations'];
282 $dblist->tableTSconfigOverTCA = $this->modTSconfig['properties']['table.'];
283 $dblist->alternateBgColors = $this->modTSconfig['properties']['alternateBgColors'] ? 1 : 0;
284 $dblist->allowedNewTables = GeneralUtility::trimExplode(',', $this->modTSconfig['properties']['allowedNewTables'], TRUE);
285 $dblist->deniedNewTables = GeneralUtility::trimExplode(',', $this->modTSconfig['properties']['deniedNewTables'], TRUE);
286 $dblist->newWizards = $this->modTSconfig['properties']['newWizards'] ? 1 : 0;
287 $dblist->pageRow = $this->pageinfo;
288 $dblist->counter++;
289 $dblist->MOD_MENU = array('bigControlPanel' => '', 'clipBoard' => '', 'localization' => '');
290 $dblist->modTSconfig = $this->modTSconfig;
291 $clickTitleMode = trim($this->modTSconfig['properties']['clickTitleMode']);
292 $dblist->clickTitleMode = $clickTitleMode === '' ? 'edit' : $clickTitleMode;
293 // Clipboard is initialized:
294 // Start clipboard
295 $dblist->clipObj = GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\Clipboard\\Clipboard');
296 // Initialize - reads the clipboard content from the user session
297 $dblist->clipObj->initializeClipboard();
298 // Clipboard actions are handled:
299 // CB is the clipboard command array
300 $CB = GeneralUtility::_GET('CB');
301 if ($this->cmd == 'setCB') {
302 // CBH is all the fields selected for the clipboard, CBC is the checkbox fields which were checked.
303 // By merging we get a full array of checked/unchecked elements
304 // This is set to the 'el' array of the CB after being parsed so only the table in question is registered.
305 $CB['el'] = $dblist->clipObj->cleanUpCBC(array_merge((array) GeneralUtility::_POST('CBH'), (array) GeneralUtility::_POST('CBC')), $this->cmd_table);
306 }
307 if (!$this->MOD_SETTINGS['clipBoard']) {
308 // If the clipboard is NOT shown, set the pad to 'normal'.
309 $CB['setP'] = 'normal';
310 }
311 // Execute commands.
312 $dblist->clipObj->setCmd($CB);
313 // Clean up pad
314 $dblist->clipObj->cleanCurrent();
315 // Save the clipboard content
316 $dblist->clipObj->endClipboard();
317 // This flag will prevent the clipboard panel in being shown.
318 // It is set, if the clickmenu-layer is active AND the extended view is not enabled.
319 $dblist->dontShowClipControlPanels = $GLOBALS['CLIENT']['FORMSTYLE'] && !$this->MOD_SETTINGS['bigControlPanel'] && $dblist->clipObj->current == 'normal' && !$this->modTSconfig['properties']['showClipControlPanelsDespiteOfCMlayers'];
320 // If there is access to the page or root page is used for searching, then render the list contents and set up the document template object:
321 if ($access || ($this->id === 0 && $this->search_levels > 0 && strlen($this->search_field) > 0)) {
322 // Deleting records...:
323 // Has not to do with the clipboard but is simply the delete action. The clipboard object is used to clean up the submitted entries to only the selected table.
324 if ($this->cmd == 'delete') {
325 $items = $dblist->clipObj->cleanUpCBC(GeneralUtility::_POST('CBC'), $this->cmd_table, 1);
326 if (count($items)) {
327 $cmd = array();
328 foreach ($items as $iK => $value) {
329 $iKParts = explode('|', $iK);
330 $cmd[$iKParts[0]][$iKParts[1]]['delete'] = 1;
331 }
332 $tce = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\DataHandling\\DataHandler');
333 $tce->stripslashes_values = 0;
334 $tce->start(array(), $cmd);
335 $tce->process_cmdmap();
336 if (isset($cmd['pages'])) {
337 BackendUtility::setUpdateSignal('updatePageTree');
338 }
339 $tce->printLogErrorMessages(GeneralUtility::getIndpEnv('REQUEST_URI'));
340 }
341 }
342 // Initialize the listing object, dblist, for rendering the list:
343 $this->pointer = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($this->pointer, 0, 100000);
344 $dblist->start($this->id, $this->table, $this->pointer, $this->search_field, $this->search_levels, $this->showLimit);
345 $dblist->setDispFields();
346 // Render versioning selector:
347 if (\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('version')) {
348 $dblist->HTMLcode .= $this->doc->getVersionSelector($this->id);
349 }
350 // Render the list of tables:
351 $dblist->generateList();
352 $listUrl = substr($dblist->listURL(), strlen($GLOBALS['BACK_PATH']));
353 // Add JavaScript functions to the page:
354 $this->doc->JScode = $this->doc->wrapScriptTags('
355 function jumpToUrl(URL) { //
356 window.location.href = URL;
357 return false;
358 }
359 function jumpExt(URL,anchor) { //
360 var anc = anchor?anchor:"";
361 window.location.href = URL+(T3_THIS_LOCATION?"&returnUrl="+T3_THIS_LOCATION:"")+anc;
362 return false;
363 }
364 function jumpSelf(URL) { //
365 window.location.href = URL+(T3_RETURN_URL?"&returnUrl="+T3_RETURN_URL:"");
366 return false;
367 }
368
369 function setHighlight(id) { //
370 top.fsMod.recentIds["web"]=id;
371 top.fsMod.navFrameHighlightedID["web"]="pages"+id+"_"+top.fsMod.currentBank; // For highlighting
372
373 if (top.content && top.content.nav_frame && top.content.nav_frame.refresh_nav) {
374 top.content.nav_frame.refresh_nav();
375 }
376 }
377 ' . $this->doc->redirectUrls($listUrl) . '
378 ' . $dblist->CBfunctions() . '
379 function editRecords(table,idList,addParams,CBflag) { //
380 window.location.href="' . $GLOBALS['BACK_PATH'] . 'alt_doc.php?returnUrl=' . rawurlencode(GeneralUtility::getIndpEnv('REQUEST_URI')) . '&edit["+table+"]["+idList+"]=edit"+addParams;
381 }
382 function editList(table,idList) { //
383 var list="";
384
385 // Checking how many is checked, how many is not
386 var pointer=0;
387 var pos = idList.indexOf(",");
388 while (pos!=-1) {
389 if (cbValue(table+"|"+idList.substr(pointer,pos-pointer))) {
390 list+=idList.substr(pointer,pos-pointer)+",";
391 }
392 pointer=pos+1;
393 pos = idList.indexOf(",",pointer);
394 }
395 if (cbValue(table+"|"+idList.substr(pointer))) {
396 list+=idList.substr(pointer)+",";
397 }
398
399 return list ? list : idList;
400 }
401
402 if (top.fsMod) top.fsMod.recentIds["web"] = ' . (int)$this->id . ';
403 ');
404 // Setting up the context sensitive menu:
405 $this->doc->getContextMenuCode();
406 }
407 // access
408 // Begin to compile the whole page, starting out with page header:
409 $this->body = $this->doc->header($this->pageinfo['title']);
410 $this->body .= '<form action="' . htmlspecialchars($dblist->listURL()) . '" method="post" name="dblistForm">';
411 $this->body .= $dblist->HTMLcode;
412 $this->body .= '<input type="hidden" name="cmd_table" /><input type="hidden" name="cmd" /></form>';
413 // If a listing was produced, create the page footer with search form etc:
414 if ($dblist->HTMLcode) {
415 // Making field select box (when extended view for a single table is enabled):
416 if ($dblist->table) {
417 $this->body .= $dblist->fieldSelectBox($dblist->table);
418 }
419 // Adding checkbox options for extended listing and clipboard display:
420 $this->body .= '
421
422 <!--
423 Listing options for extended view, clipboard and localization view
424 -->
425 <div id="typo3-listOptions">
426 <form action="" method="post">';
427 // Add "display bigControlPanel" checkbox:
428 if ($this->modTSconfig['properties']['enableDisplayBigControlPanel'] === 'selectable') {
429 $this->body .= BackendUtility::getFuncCheck($this->id, 'SET[bigControlPanel]', $this->MOD_SETTINGS['bigControlPanel'], '', $this->table ? '&table=' . $this->table : '', 'id="checkLargeControl"');
430 $this->body .= '<label for="checkLargeControl">' . BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_options', $GLOBALS['LANG']->getLL('largeControl', TRUE)) . '</label><br />';
431 }
432 // Add "clipboard" checkbox:
433 if ($this->modTSconfig['properties']['enableClipBoard'] === 'selectable') {
434 if ($dblist->showClipboard) {
435 $this->body .= BackendUtility::getFuncCheck($this->id, 'SET[clipBoard]', $this->MOD_SETTINGS['clipBoard'], '', $this->table ? '&table=' . $this->table : '', 'id="checkShowClipBoard"');
436 $this->body .= '<label for="checkShowClipBoard">' . BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_options', $GLOBALS['LANG']->getLL('showClipBoard', TRUE)) . '</label><br />';
437 }
438 }
439 // Add "localization view" checkbox:
440 if ($this->modTSconfig['properties']['enableLocalizationView'] === 'selectable') {
441 $this->body .= BackendUtility::getFuncCheck($this->id, 'SET[localization]', $this->MOD_SETTINGS['localization'], '', $this->table ? '&table=' . $this->table : '', 'id="checkLocalization"');
442 $this->body .= '<label for="checkLocalization">' . BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_options', $GLOBALS['LANG']->getLL('localization', TRUE)) . '</label><br />';
443 }
444 $this->body .= '
445 </form>
446 </div>';
447 // Printing clipboard if enabled:
448 if ($this->MOD_SETTINGS['clipBoard'] && $dblist->showClipboard) {
449 $this->body .= '<div class="db_list-dashboard">' . $dblist->clipObj->printClipboard() . '</div>';
450 }
451 // Search box:
452 if (!$this->modTSconfig['properties']['disableSearchBox']) {
453 $sectionTitle = BackendUtility::wrapInHelp('xMOD_csh_corebe', 'list_searchbox', $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.search', TRUE));
454 $this->body .= '<div class="db_list-searchbox">' . $this->doc->section($sectionTitle, $dblist->getSearchBox(), FALSE, TRUE, FALSE, TRUE) . '</div>';
455 }
456 // Additional footer content
457 $footerContentHook = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['recordlist/mod1/index.php']['drawFooterHook'];
458 if (is_array($footerContentHook)) {
459 foreach ($footerContentHook as $hook) {
460 $params = array();
461 $this->body .= GeneralUtility::callUserFunction($hook, $params, $this);
462 }
463 }
464 }
465 // Setting up the buttons and markers for docheader
466 $docHeaderButtons = $dblist->getButtons();
467 $markers = array(
468 'CSH' => $docHeaderButtons['csh'],
469 'CONTENT' => $this->body,
470 'EXTRACONTAINERCLASS' => $this->table ? 'singletable' : ''
471 );
472 // Build the <body> for the module
473 $this->content = $this->doc->moduleBody($this->pageinfo, $docHeaderButtons, $markers);
474 // Renders the module page
475 $this->content = $this->doc->render('DB list', $this->content);
476 }
477
478 /**
479 * Outputting the accumulated content to screen
480 *
481 * @return void
482 * @todo Define visibility
483 */
484 public function printContent() {
485 echo $this->content;
486 }
487
488 }