[SECURITY] Information Disclosure in the Configuration Module
[Packages/TYPO3.CMS.git] / typo3 / sysext / lowlevel / config / index.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Module: Config
29 *
30 * This module lets you view the config variables around TYPO3.
31 *
32 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
33 */
34
35 $GLOBALS['LANG']->includeLLFile('EXT:lowlevel/config/locallang.xml');
36
37 $BE_USER->modAccess($MCONF, 1);
38
39 /**
40 * Script class for the Config module
41 *
42 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
43 * @package TYPO3
44 * @subpackage tx_lowlevel
45 */
46 class SC_mod_tools_config_index {
47
48 var $MCONF = array();
49 var $MOD_MENU = array();
50 var $MOD_SETTINGS = array();
51
52 /**
53 * Document template object
54 *
55 * @var noDoc
56 */
57 var $doc;
58
59 var $include_once = array();
60 var $content;
61
62 /**
63 * Initialization
64 *
65 * @return void
66 */
67 function init() {
68 global $BACK_PATH;
69
70 $this->MCONF = $GLOBALS['MCONF'];
71
72 $this->menuConfig();
73
74 $this->doc = t3lib_div::makeInstance('template');
75 $this->doc->backPath = $BACK_PATH;
76 $this->doc->setModuleTemplate('templates/config.html');
77
78 // JavaScript
79 $this->doc->JScode = '
80 <script language="javascript" type="text/javascript">
81 script_ended = 0;
82 function jumpToUrl(URL) {
83 window.location.href = URL;
84 }
85 </script>
86 ';
87
88 $this->doc->form = '<form action="" method="post">';
89 }
90
91 /**
92 * Menu Configuration
93 *
94 * @return void
95 */
96 function menuConfig() {
97 global $TYPO3_CONF_VARS;
98
99 // MENU-ITEMS:
100 // If array, then it's a selector box menu
101 // If empty string it's just a variable, that'll be saved.
102 // Values NOT in this array will not be saved in the settings-array for the module.
103 $this->MOD_MENU = array(
104 'function' => array(
105 0 => $GLOBALS['LANG']->getLL('typo3ConfVars', TRUE),
106 1 => $GLOBALS['LANG']->getLL('tca', TRUE),
107 2 => $GLOBALS['LANG']->getLL('tcaDescr', TRUE),
108 3 => $GLOBALS['LANG']->getLL('loadedExt', TRUE),
109 4 => $GLOBALS['LANG']->getLL('t3services', TRUE),
110 5 => $GLOBALS['LANG']->getLL('tbemodules', TRUE),
111 6 => $GLOBALS['LANG']->getLL('tbemodulesext', TRUE),
112 7 => $GLOBALS['LANG']->getLL('tbeStyles', TRUE),
113 8 => $GLOBALS['LANG']->getLL('beUser', TRUE),
114 9 => $GLOBALS['LANG']->getLL('usersettings', TRUE),
115 ),
116 'regexsearch' => '',
117 'fixedLgd' => ''
118 );
119
120 // CLEANSE SETTINGS
121 $this->MOD_SETTINGS = t3lib_BEfunc::getModuleData($this->MOD_MENU, t3lib_div::_GP('SET'), $this->MCONF['name']);
122 }
123
124 /**
125 * [Describe function...]
126 *
127 * @return void
128 */
129 function main() {
130
131 $arrayBrowser = t3lib_div::makeInstance('t3lib_arrayBrowser');
132
133 $this->content= $this->doc->header($GLOBALS['LANG']->getLL('configuration', TRUE));
134
135 $this->content .= '<div id="lowlevel-config">
136 <label for="search_field">' . $GLOBALS['LANG']->getLL('enterSearchPhrase', TRUE) . '</label>
137 <input type="text" id="search_field" name="search_field" value="' . htmlspecialchars($search_field) . '"' . $GLOBALS['TBE_TEMPLATE']->formWidth(20) . ' />
138 <input type="submit" name="search" id="search" value="' . $GLOBALS['LANG']->getLL('search', TRUE) . '" />';
139 $this->content .= t3lib_BEfunc::getFuncCheck(0, 'SET[regexsearch]', $this->MOD_SETTINGS['regexsearch'], '', '', 'id="checkRegexsearch"') .
140 '<label for="checkRegexsearch">' . $GLOBALS['LANG']->getLL('useRegExp', TRUE) . '</label>';
141
142 $this->content .= t3lib_BEfunc::getFuncCheck(0, 'SET[fixedLgd]', $this->MOD_SETTINGS['fixedLgd'], '', '', 'id="checkFixedLgd"') .
143 '<label for="checkFixedLgd">' . $GLOBALS['LANG']->getLL('cropLines', TRUE) . '</label>
144 </div>';
145
146 $this->content .= $this->doc->spacer(5);
147
148 switch ($this->MOD_SETTINGS['function']) {
149 case 0:
150 $theVar = $GLOBALS['TYPO3_CONF_VARS'];
151 t3lib_div::naturalKeySortRecursive($theVar);
152 $arrayBrowser->varName = '$TYPO3_CONF_VARS';
153 break;
154 case 1:
155 foreach ($GLOBALS['TCA'] as $table => $config) {
156 t3lib_div::loadTCA($table);
157 }
158 $theVar = $GLOBALS['TCA'];
159 t3lib_div::naturalKeySortRecursive($theVar);
160 $arrayBrowser->varName = '$TCA';
161 break;
162 case 2:
163 $theVar = $GLOBALS['TCA_DESCR'];
164 t3lib_div::naturalKeySortRecursive($theVar);
165 $arrayBrowser->varName = '$TCA_DESCR';
166 break;
167 case 3:
168 $theVar = $GLOBALS['TYPO3_LOADED_EXT'];
169 t3lib_div::naturalKeySortRecursive($theVar);
170 $arrayBrowser->varName = '$TYPO3_LOADED_EXT';
171 break;
172 case 4:
173 $theVar = $GLOBALS['T3_SERVICES'];
174 t3lib_div::naturalKeySortRecursive($theVar);
175 $arrayBrowser->varName = '$T3_SERVICES';
176 break;
177 case 5:
178 $theVar = $GLOBALS['TBE_MODULES'];
179 t3lib_div::naturalKeySortRecursive($theVar);
180 $arrayBrowser->varName = '$TBE_MODULES';
181 break;
182 case 6:
183 $theVar = $GLOBALS['TBE_MODULES_EXT'];
184 t3lib_div::naturalKeySortRecursive($theVar);
185 $arrayBrowser->varName = '$TBE_MODULES_EXT';
186 break;
187 case 7:
188 $theVar = $GLOBALS['TBE_STYLES'];
189 t3lib_div::naturalKeySortRecursive($theVar);
190 $arrayBrowser->varName = '$TBE_STYLES';
191 break;
192 case 8:
193 $theVar = $GLOBALS['BE_USER']->uc;
194 t3lib_div::naturalKeySortRecursive($theVar);
195 $arrayBrowser->varName = '$BE_USER->uc';
196 break;
197 case 9:
198 $theVar = $GLOBALS['TYPO3_USER_SETTINGS'];
199 t3lib_div::naturalKeySortRecursive($theVar);
200 $arrayBrowser->varName = '$TYPO3_USER_SETTINGS';
201 break;
202 default:
203 $theVar = array();
204 break;
205 }
206
207 // Update node:
208 $update = 0;
209 $node = t3lib_div::_GET('node');
210 // If any plus-signs were clicked, it's registred.
211 if (is_array($node)) {
212 $this->MOD_SETTINGS['node_'.$this->MOD_SETTINGS['function']] = $arrayBrowser->depthKeys($node, $this->MOD_SETTINGS['node_'.$this->MOD_SETTINGS['function']]);
213 $update = 1;
214 }
215 if ($update) {
216 $GLOBALS['BE_USER']->pushModuleData($this->MCONF['name'], $this->MOD_SETTINGS);
217 }
218
219 $arrayBrowser->depthKeys = $this->MOD_SETTINGS['node_'.$this->MOD_SETTINGS['function']];
220 $arrayBrowser->regexMode = $this->MOD_SETTINGS['regexsearch'];
221 $arrayBrowser->fixedLgd = $this->MOD_SETTINGS['fixedLgd'];
222 $arrayBrowser->searchKeysToo = TRUE;
223
224 $search_field = t3lib_div::_GP('search_field');
225 // If any POST-vars are send, update the condition array
226 if (t3lib_div::_POST('search') && trim($search_field)) {
227 $arrayBrowser->depthKeys=$arrayBrowser->getSearchKeys($theVar, '', $search_field, array());
228 }
229
230 // mask the encryption key to not show it as plaintext in the configuration module
231 if ($theVar == $GLOBALS['TYPO3_CONF_VARS']) {
232 $theVar['SYS']['encryptionKey'] = '***** (length: ' .
233 strlen($GLOBALS['TYPO3_CONF_VARS']['SYS']['encryptionKey']) . ' characters)';
234 }
235
236 $tree = $arrayBrowser->tree($theVar, '', '');
237
238 $label = $this->MOD_MENU['function'][$this->MOD_SETTINGS['function']];
239 $this->content.= $this->doc->sectionEnd();
240
241 // Variable name:
242 if (t3lib_div::_GP('varname')) {
243 $line = t3lib_div::_GP('_') ? t3lib_div::_GP('_') : t3lib_div::_GP('varname');
244 // Write the line to extTables.php
245 if (t3lib_div::_GP('writetoexttables')) {
246 // change value to $GLOBALS
247 $length = strpos($line, '[');
248 $var = substr($line, 0, $length);
249 $changedLine = '$GLOBALS[\'' . substr($line, 1, $length - 1) . '\']' . substr($line, $length);
250 // load current extTables.php
251 $extTables = t3lib_div::getUrl(PATH_typo3conf . TYPO3_extTableDef_script);
252 if ($var === '$TCA') {
253 // check if we are editing the TCA
254 preg_match_all('/\[\'([^\']+)\'\]/', $line, $parts);
255 if ($parts[1][1] !== 'ctrl') {
256 // anything else than ctrl section requires to load TCA
257 $loadTCA = 't3lib_div::loadTCA(\'' . $parts[1][0] . '\');';
258 if (strpos($extTables, $loadTCA) === FALSE) {
259 // check if the loadTCA statement is not already present in the file
260 $changedLine = $loadTCA . LF . $changedLine;
261 }
262 }
263 }
264
265 // insert line in extTables.php
266 $extTables = preg_replace('/<\?php|\?>/is', '', $extTables);
267 $extTables = '<?php' . (empty($extTables) ? LF : '') . $extTables . $changedLine . LF . '?>';
268 $success = t3lib_div::writeFile(PATH_typo3conf . TYPO3_extTableDef_script, $extTables);
269 if ($success) {
270 // show flash message
271 $flashMessage = t3lib_div::makeInstance(
272 't3lib_FlashMessage',
273 '',
274 sprintf($GLOBALS['LANG']->getLL('writeMessage', TRUE), TYPO3_extTableDef_script, '<br />', '<strong>' . nl2br($changedLine) . '</strong>'),
275 t3lib_FlashMessage::OK
276 );
277 } else {
278 // Error: show flash message
279 $flashMessage = t3lib_div::makeInstance(
280 't3lib_FlashMessage',
281 '',
282 sprintf($GLOBALS['LANG']->getLL('writeMessageFailed', TRUE), TYPO3_extTableDef_script),
283 t3lib_FlashMessage::ERROR
284 );
285 }
286 $this->content .= $flashMessage->render();
287 }
288 $this->content .= '<div id="lowlevel-config-var">
289 <strong>' . $GLOBALS['LANG']->getLL('variable', TRUE) . '</strong><br />
290 <input type="text" name="_" value="'.trim(htmlspecialchars($line)).'" size="120" /><br/>';
291
292 if (TYPO3_extTableDef_script !== '' && ($this->MOD_SETTINGS['function'] === '1' || $this->MOD_SETTINGS['function'] === '4')) {
293 // write only for $TCA and TBE_STYLES if TYPO3_extTableDef_script is defined
294 $this->content .= '<br /><input type="submit" name="writetoexttables" value="' .
295 $GLOBALS['LANG']->getLL('writeValue', TRUE) . '" /></div>';
296 } else {
297 $this->content .= $GLOBALS['LANG']->getLL('copyPaste', TRUE) . LF . '</div>';
298 }
299 }
300
301 $this->content .= '<br /><table border="0" cellpadding="0" cellspacing="0" class="t3-tree t3-tree-config">';
302 $this->content .= '<tr>
303 <th class="t3-row-header t3-tree-config-header">' . $label . '</th>
304 </tr>
305 <tr>
306 <td>' . $tree . '</td>
307 </tr>
308 </table>
309 ';
310
311 // Setting up the buttons and markers for docheader
312 $docHeaderButtons = $this->getButtons();
313 $markers = array(
314 'CSH' => $docHeaderButtons['csh'],
315 'FUNC_MENU' => $this->getFuncMenu(),
316 'CONTENT' => $this->content
317 );
318
319 // Build the <body> for the module
320 $this->content = $this->doc->moduleBody($this->pageinfo, $docHeaderButtons, $markers);
321 // Renders the module page
322 $this->content = $this->doc->render(
323 'Configuration',
324 $this->content
325 );
326 }
327
328 /**
329 * Print output to browser
330 *
331 * @return void
332 */
333 function printContent() {
334 echo $this->content;
335 }
336
337 /**
338 * Create the panel of buttons for submitting the form or otherwise perform operations.
339 *
340 * @return array All available buttons as an assoc. array
341 */
342 protected function getButtons() {
343
344 $buttons = array(
345 'csh' => '',
346 'shortcut' => ''
347 );
348
349 // Shortcut
350 if ($GLOBALS['BE_USER']->mayMakeShortcut()) {
351 $buttons['shortcut'] = $this->doc->makeShortcutIcon('', 'function', $this->MCONF['name']);
352 }
353 return $buttons;
354 }
355
356 /**
357 * Create the function menu
358 *
359 * @return string HTML of the function menu
360 */
361 protected function getFuncMenu() {
362 $funcMenu = t3lib_BEfunc::getFuncMenu(0, 'SET[function]', $this->MOD_SETTINGS['function'], $this->MOD_MENU['function']);
363 return $funcMenu;
364 }
365 }
366
367 // Make instance:
368 $SOBE = t3lib_div::makeInstance('SC_mod_tools_config_index');
369 $SOBE->init();
370 $SOBE->main();
371 $SOBE->printContent();
372 ?>