[SECURITY] Filter disallowed properties in form editor
[Packages/TYPO3.CMS.git] / typo3 / sysext / form / Classes / Domain / Configuration / FrameworkConfiguration / Extractors / FormElement / PropertyPathsExtractor.php
1 <?php
2 declare(strict_types = 1);
3 namespace TYPO3\CMS\Form\Domain\Configuration\FrameworkConfiguration\Extractors\FormElement;
4
5 /*
6 * This file is part of the TYPO3 CMS project.
7 *
8 * It is free software; you can redistribute it and/or modify it under
9 * the terms of the GNU General Public License, either version 2
10 * of the License, or any later version.
11 *
12 * For the full copyright and license information, please read the
13 * LICENSE.txt file that was distributed with this source code.
14 *
15 * The TYPO3 project - inspiring people to share!
16 */
17
18 use TYPO3\CMS\Core\Utility\ArrayUtility;
19 use TYPO3\CMS\Form\Domain\Configuration\FrameworkConfiguration\Extractors\AbstractExtractor;
20
21 /**
22 * @internal
23 */
24 class PropertyPathsExtractor extends AbstractExtractor
25 {
26
27 /**
28 * @param string $_
29 * @param mixed $value
30 * @param array $matches
31 */
32 public function __invoke(string $_, $value, array $matches)
33 {
34 $formElementPropertyPaths = $this->getPropertyPaths($value, $matches);
35
36 $result = $this->extractorDto->getResult();
37 $result = array_merge_recursive($result, ['formElements' => $formElementPropertyPaths]);
38 $this->extractorDto->setResult($result);
39 }
40
41 /**
42 * @param string $value
43 * @param array $matches
44 * @return array
45 */
46 protected function getPropertyPaths(string $value, array $matches): array
47 {
48 [, $formElementType, $formEditorIndex] = $matches;
49
50 $paths[$formElementType]['propertyPaths'] = [];
51 $templateNamePath = implode(
52 '.',
53 [
54 'formElementsDefinition',
55 $formElementType,
56 'formEditor',
57 'editors',
58 $formEditorIndex,
59 'templateName',
60 ]
61 );
62 $templateName = ArrayUtility::getValueByPath(
63 $this->extractorDto->getPrototypeConfiguration(),
64 $templateNamePath,
65 '.'
66 );
67
68 // Special processing of "Inspector-GridColumnViewPortConfigurationEditor" inspector editors.
69 // Expand the property path which contains a "{@viewPortIdentifier}" placeholder
70 // to X property paths which contain all available placeholder replacements.
71 if ($templateName === 'Inspector-GridColumnViewPortConfigurationEditor') {
72 $viewPortsPath = implode(
73 '.',
74 [
75 'formElementsDefinition',
76 $formElementType,
77 'formEditor',
78 'editors',
79 $formEditorIndex,
80 'configurationOptions',
81 'viewPorts',
82 ]
83 );
84 $viewPorts = ArrayUtility::getValueByPath($this->extractorDto->getPrototypeConfiguration(), $viewPortsPath, '.');
85 foreach ($viewPorts as $viewPort) {
86 $viewPortIdentifier = $viewPort['viewPortIdentifier'];
87 $propertyPath = str_replace('{@viewPortIdentifier}', $viewPortIdentifier, $value);
88 $paths[$formElementType]['propertyPaths'][] = $propertyPath;
89 }
90 } else {
91 $paths[$formElementType]['propertyPaths'][] = $value;
92 }
93 return $paths;
94 }
95 }