[TASK] Properly escape all form attributes in SetupModuleController
[Packages/TYPO3.CMS.git] / typo3 / sysext / setup / Classes / Controller / SetupModuleController.php
1 <?php
2 namespace TYPO3\CMS\Setup\Controller;
3
4 /*
5 * This file is part of the TYPO3 CMS project.
6 *
7 * It is free software; you can redistribute it and/or modify it under
8 * the terms of the GNU General Public License, either version 2
9 * of the License, or any later version.
10 *
11 * For the full copyright and license information, please read the
12 * LICENSE.txt file that was distributed with this source code.
13 *
14 * The TYPO3 project - inspiring people to share!
15 */
16
17 use Psr\Http\Message\ResponseInterface;
18 use Psr\Http\Message\ServerRequestInterface;
19 use TYPO3\CMS\Backend\Backend\Avatar\DefaultAvatarProvider;
20 use TYPO3\CMS\Backend\Module\AbstractModule;
21 use TYPO3\CMS\Backend\Module\ModuleLoader;
22 use TYPO3\CMS\Backend\Utility\BackendUtility;
23 use TYPO3\CMS\Core\Authentication\BackendUserAuthentication;
24 use TYPO3\CMS\Core\Database\DatabaseConnection;
25 use TYPO3\CMS\Core\DataHandling\DataHandler;
26 use TYPO3\CMS\Core\FormProtection\FormProtectionFactory;
27 use TYPO3\CMS\Core\Imaging\Icon;
28 use TYPO3\CMS\Core\Messaging\FlashMessage;
29 use TYPO3\CMS\Core\Messaging\FlashMessageService;
30 use TYPO3\CMS\Core\Resource\Exception\FileDoesNotExistException;
31 use TYPO3\CMS\Core\Resource\ResourceFactory;
32 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
33 use TYPO3\CMS\Core\Utility\GeneralUtility;
34
35 /**
36 * Script class for the Setup module
37 */
38 class SetupModuleController extends AbstractModule
39 {
40 /**
41 * Flag if password has not been updated
42 */
43 const PASSWORD_NOT_UPDATED = 0;
44
45 /**
46 * Flag if password has been updated
47 */
48 const PASSWORD_UPDATED = 1;
49
50 /**
51 * Flag if both new passwords do not match
52 */
53 const PASSWORD_NOT_THE_SAME = 2;
54
55 /**
56 * Flag if the current password given was not identical to the real
57 * current password
58 */
59 const PASSWORD_OLD_WRONG = 3;
60
61 /**
62 * @var array
63 */
64 public $MOD_MENU = [];
65
66 /**
67 * @var array
68 */
69 public $MOD_SETTINGS = [];
70
71 /**
72 * @var \TYPO3\CMS\Backend\Template\DocumentTemplate
73 */
74 public $doc;
75
76 /**
77 * @var string
78 */
79 public $content;
80
81 /**
82 * @var array
83 */
84 public $overrideConf;
85
86 /**
87 * backend user object, set during simulate-user operation
88 *
89 * @var \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
90 */
91 public $OLD_BE_USER;
92
93 /**
94 * @var bool
95 */
96 public $languageUpdate;
97
98 /**
99 * @var bool
100 */
101 protected $pagetreeNeedsRefresh = false;
102
103 /**
104 * @var bool
105 */
106 protected $isAdmin;
107
108 /**
109 * @var array
110 */
111 protected $tsFieldConf;
112
113 /**
114 * @var bool
115 */
116 protected $saveData = false;
117
118 /**
119 * @var int
120 */
121 protected $passwordIsUpdated = self::PASSWORD_NOT_UPDATED;
122
123 /**
124 * @var bool
125 */
126 protected $passwordIsSubmitted = false;
127
128 /**
129 * @var bool
130 */
131 protected $setupIsUpdated = false;
132
133 /**
134 * @var bool
135 */
136 protected $settingsAreResetToDefault = false;
137
138 /**
139 * Form protection instance
140 *
141 * @var \TYPO3\CMS\Core\FormProtection\BackendFormProtection
142 */
143 protected $formProtection;
144
145 /**
146 * @var string
147 */
148 protected $simulateSelector = '';
149
150 /**
151 * @var int
152 */
153 protected $simUser;
154
155 /**
156 * The name of the module
157 *
158 * @var string
159 */
160 protected $moduleName = 'user_setup';
161
162 /**
163 * @var ModuleLoader
164 */
165 protected $loadModules;
166
167 /**
168 * Instantiate the form protection before a simulated user is initialized.
169 */
170 public function __construct()
171 {
172 parent::__construct();
173 $this->formProtection = FormProtectionFactory::get();
174 $this->moduleTemplate->getPageRenderer()->loadRequireJsModule('TYPO3/CMS/Backend/Modal');
175 }
176
177 /**
178 * Getter for the form protection instance.
179 *
180 * @return \TYPO3\CMS\Core\FormProtection\BackendFormProtection
181 */
182 public function getFormProtection()
183 {
184 return $this->formProtection;
185 }
186
187 /**
188 * If settings are submitted to _POST[DATA], store them
189 * NOTICE: This method is called before the \TYPO3\CMS\Backend\Template\DocumentTemplate
190 * is included. See bottom of document.
191 *
192 * @see \TYPO3\CMS\Backend\Template\DocumentTemplate
193 */
194 public function storeIncomingData()
195 {
196 // First check if something is submitted in the data-array from POST vars
197 $d = GeneralUtility::_POST('data');
198 $columns = $GLOBALS['TYPO3_USER_SETTINGS']['columns'];
199 $beUser = $this->getBackendUser();
200 $beUserId = $beUser->user['uid'];
201 $storeRec = [];
202 $fieldList = $this->getFieldsFromShowItem();
203 if (is_array($d) && $this->formProtection->validateToken((string)GeneralUtility::_POST('formToken'), 'BE user setup', 'edit')) {
204 // UC hashed before applying changes
205 $save_before = md5(serialize($beUser->uc));
206 // PUT SETTINGS into the ->uc array:
207 // Reload left frame when switching BE language
208 if (isset($d['lang']) && $d['lang'] != $beUser->uc['lang']) {
209 $this->languageUpdate = true;
210 }
211 // Reload pagetree if the title length is changed
212 if (isset($d['titleLen']) && $d['titleLen'] !== $beUser->uc['titleLen']) {
213 $this->pagetreeNeedsRefresh = true;
214 }
215 if ($d['setValuesToDefault']) {
216 // If every value should be default
217 $beUser->resetUC();
218 $this->settingsAreResetToDefault = true;
219 } elseif ($d['save']) {
220 // Save all submitted values if they are no array (arrays are with table=be_users) and exists in $GLOBALS['TYPO3_USER_SETTINGS'][columns]
221 foreach ($columns as $field => $config) {
222 if (!in_array($field, $fieldList)) {
223 continue;
224 }
225 if ($config['table']) {
226 if ($config['table'] === 'be_users' && !in_array($field, ['password', 'password2', 'passwordCurrent', 'email', 'realName', 'admin', 'avatar'])) {
227 if (!isset($config['access']) || $this->checkAccess($config) && $beUser->user[$field] !== $d['be_users'][$field]) {
228 if ($config['type'] === 'check') {
229 $fieldValue = isset($d['be_users'][$field]) ? 1 : 0;
230 } else {
231 $fieldValue = $d['be_users'][$field];
232 }
233 $storeRec['be_users'][$beUserId][$field] = $fieldValue;
234 $beUser->user[$field] = $fieldValue;
235 }
236 }
237 }
238 if ($config['type'] === 'check') {
239 $beUser->uc[$field] = isset($d[$field]) ? 1 : 0;
240 } else {
241 $beUser->uc[$field] = htmlspecialchars($d[$field]);
242 }
243 }
244 // Personal data for the users be_user-record (email, name, password...)
245 // If email and name is changed, set it in the users record:
246 $be_user_data = $d['be_users'];
247 // Possibility to modify the transmitted values. Useful to do transformations, like RSA password decryption
248 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'])) {
249 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['modifyUserDataBeforeSave'] as $function) {
250 $params = ['be_user_data' => &$be_user_data];
251 GeneralUtility::callUserFunction($function, $params, $this);
252 }
253 }
254 $this->passwordIsSubmitted = (string)$be_user_data['password'] !== '';
255 $passwordIsConfirmed = $this->passwordIsSubmitted && $be_user_data['password'] === $be_user_data['password2'];
256 // Update the real name:
257 if ($be_user_data['realName'] !== $beUser->user['realName']) {
258 $beUser->user['realName'] = ($storeRec['be_users'][$beUserId]['realName'] = substr($be_user_data['realName'], 0, 80));
259 }
260 // Update the email address:
261 if ($be_user_data['email'] !== $beUser->user['email']) {
262 $beUser->user['email'] = ($storeRec['be_users'][$beUserId]['email'] = substr($be_user_data['email'], 0, 80));
263 }
264 // Update the password:
265 if ($passwordIsConfirmed) {
266 $currentPasswordHashed = $GLOBALS['BE_USER']->user['password'];
267 $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($currentPasswordHashed);
268 if ($saltFactory->checkPassword($be_user_data['passwordCurrent'], $currentPasswordHashed)) {
269 $this->passwordIsUpdated = self::PASSWORD_UPDATED;
270 $storeRec['be_users'][$beUserId]['password'] = $be_user_data['password'];
271 } else {
272 $this->passwordIsUpdated = self::PASSWORD_OLD_WRONG;
273 }
274 } else {
275 $this->passwordIsUpdated = self::PASSWORD_NOT_THE_SAME;
276 }
277
278 $this->setAvatarFileUid($beUserId, $be_user_data['avatar'], $storeRec);
279
280 $this->saveData = true;
281 }
282 // Inserts the overriding values.
283 $beUser->overrideUC();
284 $save_after = md5(serialize($beUser->uc));
285 // If something in the uc-array of the user has changed, we save the array...
286 if ($save_before != $save_after) {
287 $beUser->writeUC($beUser->uc);
288 $beUser->writelog(254, 1, 0, 1, 'Personal settings changed', []);
289 $this->setupIsUpdated = true;
290 }
291 // Persist data if something has changed:
292 if (!empty($storeRec) && $this->saveData) {
293 // Make instance of TCE for storing the changes.
294 /** @var DataHandler $dataHandler */
295 $dataHandler = GeneralUtility::makeInstance(DataHandler::class);
296 $dataHandler->stripslashes_values = false;
297 // This is so the user can actually update his user record.
298 $isAdmin = $beUser->user['admin'];
299 $beUser->user['admin'] = 1;
300 $dataHandler->start($storeRec, [], $beUser);
301 // This is to make sure that the users record can be updated even if in another workspace. This is tolerated.
302 $dataHandler->bypassWorkspaceRestrictions = true;
303 $dataHandler->process_datamap();
304 unset($tce);
305 if ($this->passwordIsUpdated === self::PASSWORD_NOT_UPDATED || count($storeRec['be_users'][$beUserId]) > 1) {
306 $this->setupIsUpdated = true;
307 }
308 // Restore admin status after processing
309 $beUser->user['admin'] = $isAdmin;
310 }
311 }
312 }
313
314 /******************************
315 *
316 * Rendering module
317 *
318 ******************************/
319 /**
320 * Initializes the module for display of the settings form.
321 *
322 * @return void
323 */
324 public function init()
325 {
326 $this->getLanguageService()->includeLLFile('EXT:setup/Resources/Private/Language/locallang.xlf');
327
328 // Returns the script user - that is the REAL logged in user! ($GLOBALS[BE_USER] might be another user due to simulation!)
329 $scriptUser = $this->getRealScriptUserObj();
330
331 $this->isAdmin = $scriptUser->isAdmin();
332 // Getting the 'override' values as set might be set in User TSconfig
333 $this->overrideConf = $this->getBackendUser()->getTSConfigProp('setup.override');
334 // Getting the disabled fields might be set in User TSconfig (eg setup.fields.password.disabled=1)
335 $this->tsFieldConf = $this->getBackendUser()->getTSConfigProp('setup.fields');
336 // id password is disabled, disable repeat of password too (password2)
337 if (isset($this->tsFieldConf['password.']) && $this->tsFieldConf['password.']['disabled']) {
338 $this->tsFieldConf['password2.']['disabled'] = 1;
339 $this->tsFieldConf['passwordCurrent.']['disabled'] = 1;
340 }
341 // Create instance of object for output of data
342 $this->doc = GeneralUtility::makeInstance(\TYPO3\CMS\Backend\Template\DocumentTemplate::class);
343 }
344
345 /**
346 * Generate necessary JavaScript
347 *
348 * @return string
349 */
350 protected function getJavaScript()
351 {
352 $javaScript = '';
353 if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'])) {
354 foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/setup/mod/index.php']['setupScriptHook'] as $function) {
355 $params = [];
356 $javaScript .= GeneralUtility::callUserFunction($function, $params, $this);
357 }
358 }
359 return $javaScript;
360 }
361
362 /**
363 * Generate the main settings form:
364 *
365 * @return void
366 */
367 public function main()
368 {
369 $this->content .= '<form action="' . BackendUtility::getModuleUrl('user_setup') . '" method="post" id="SetupModuleController" name="usersetup" enctype="multipart/form-data">';
370 if ($this->languageUpdate) {
371 $this->moduleTemplate->addJavaScriptCode('languageUpdate', '
372 if (top && top.TYPO3.ModuleMenu.App) {
373 top.TYPO3.ModuleMenu.App.refreshMenu();
374 }
375 ');
376 }
377 if ($this->pagetreeNeedsRefresh) {
378 BackendUtility::setUpdateSignal('updatePageTree');
379 }
380 // Start page:
381 $this->moduleTemplate->loadJavascriptLib(ExtensionManagementUtility::extRelPath('backend') . 'Resources/Public/JavaScript/md5.js');
382 // Use a wrapper div
383 $this->content .= '<div id="user-setup-wrapper">';
384 // Load available backend modules
385 $this->loadModules = GeneralUtility::makeInstance(ModuleLoader::class);
386 $this->loadModules->observeWorkspaces = true;
387 $this->loadModules->load($GLOBALS['TBE_MODULES']);
388 $this->content .= $this->doc->header($this->getLanguageService()->getLL('UserSettings'));
389 $this->addFlashMessages();
390
391 // Render user switch
392 $this->content .= $this->renderSimulateUserSelectAndLabel();
393
394 // Render the menu items
395 $menuItems = $this->renderUserSetup();
396 $this->content .= $this->moduleTemplate->getDynamicTabMenu($menuItems, 'user-setup', 1, false, false);
397 $formToken = $this->formProtection->generateToken('BE user setup', 'edit');
398 $this->content .= '<div>';
399 $this->content .= '<input type="hidden" name="simUser" value="' . (int)$this->simUser . '" />
400 <input type="hidden" name="formToken" value="' . htmlspecialchars($formToken) . '" />
401 <input type="hidden" value="1" name="data[save]" />
402 <input type="hidden" name="data[setValuesToDefault]" value="0" id="setValuesToDefault" />';
403 $this->content .= '</div>';
404 // End of wrapper div
405 $this->content .= '</div>';
406 // Setting up the buttons and markers for docheader
407 $this->getButtons();
408 // Build the <body> for the module
409 // Renders the module page
410 $this->moduleTemplate->setContent($this->content);
411 $this->content .= '</form>';
412 }
413
414 /**
415 * Injects the request object for the current request or subrequest
416 * Simply calls main() and init() and writes the content to the response
417 *
418 * @param ServerRequestInterface $request the current request
419 * @param ResponseInterface $response
420 * @return ResponseInterface the response with the content
421 */
422 public function mainAction(ServerRequestInterface $request, ResponseInterface $response)
423 {
424 $GLOBALS['SOBE'] = $this;
425 $this->simulateUser();
426 $this->storeIncomingData();
427 $this->init();
428 $this->main();
429
430 $response->getBody()->write($this->moduleTemplate->renderContent());
431 return $response;
432 }
433
434 /**
435 * Prints the content / ends page
436 *
437 * @return void
438 * @deprecated since TYPO3 CMS 7, will be removed in TYPO3 CMS 8
439 */
440 public function printContent()
441 {
442 GeneralUtility::logDeprecatedFunction();
443 echo $this->content;
444 }
445
446 /**
447 * Create the panel of buttons for submitting the form or otherwise perform operations.
448 */
449 protected function getButtons()
450 {
451 $buttonBar = $this->moduleTemplate->getDocHeaderComponent()->getButtonBar();
452 $cshButton = $buttonBar->makeHelpButton()
453 ->setModuleName('_MOD_user_setup')
454 ->setFieldName('');
455 $buttonBar->addButton($cshButton);
456
457 $saveButton = $buttonBar->makeInputButton()
458 ->setName('data[save]')
459 ->setTitle($this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:rm.saveDoc'))
460 ->setValue('1')
461 ->setForm('SetupModuleController')
462 ->setShowLabelText(true)
463 ->setIcon($this->moduleTemplate->getIconFactory()->getIcon('actions-document-save', Icon::SIZE_SMALL));
464
465 $buttonBar->addButton($saveButton);
466 $shortcutButton = $buttonBar->makeShortcutButton()
467 ->setModuleName($this->moduleName);
468 $buttonBar->addButton($shortcutButton);
469 }
470
471 /******************************
472 *
473 * Render module
474 *
475 ******************************/
476
477 /**
478 * renders the data for all tabs in the user setup and returns
479 * everything that is needed with tabs and dyntab menu
480 *
481 * @return array Ready to use for the dyntabmenu itemarray
482 */
483 protected function renderUserSetup()
484 {
485 $html = '';
486 $result = [];
487 $firstTabLabel = '';
488 $code = [];
489 $fieldArray = $this->getFieldsFromShowItem();
490 $tabLabel = '';
491 foreach ($fieldArray as $fieldName) {
492 $config = $GLOBALS['TYPO3_USER_SETTINGS']['columns'][$fieldName];
493 if (isset($config['access']) && !$this->checkAccess($config)) {
494 continue;
495 }
496
497 if (substr($fieldName, 0, 8) === '--div--;') {
498 if ($firstTabLabel === '') {
499 // First tab
500 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
501 $firstTabLabel = $tabLabel;
502 } else {
503 $result[] = [
504 'label' => $tabLabel,
505 'content' => count($code) ? implode(LF, $code) : ''
506 ];
507 $tabLabel = $this->getLabel(substr($fieldName, 8), '', false);
508 $code = [];
509 }
510 continue;
511 }
512 $label = $this->getLabel($config['label'], $fieldName);
513 $label = $this->getCSH($config['csh'] ?: $fieldName, $label);
514 $type = $config['type'];
515 $class = $config['class'];
516 if ($type !== 'check') {
517 $class .= ' form-control';
518 }
519 $more = '';
520 if ($class) {
521 $more .= ' class="' . htmlspecialchars($class) . '"';
522 }
523 $style = $config['style'];
524 if ($style) {
525 $more .= ' style="' . htmlspecialchars($style) . '"';
526 }
527 if (isset($this->overrideConf[$fieldName])) {
528 $more .= ' disabled="disabled"';
529 }
530 $value = $config['table'] === 'be_users' ? $this->getBackendUser()->user[$fieldName] : $this->getBackendUser()->uc[$fieldName];
531 if (!$value && isset($config['default'])) {
532 $value = $config['default'];
533 }
534 $dataAdd = '';
535 if ($config['table'] === 'be_users') {
536 $dataAdd = '[be_users]';
537 }
538
539 switch ($type) {
540 case 'text':
541 case 'email':
542 case 'password':
543 $noAutocomplete = '';
544 if ($type === 'password') {
545 $value = '';
546 $noAutocomplete = 'autocomplete="off" ';
547 $more .= ' data-rsa-encryption=""';
548 }
549 $html = '<input id="field_' . htmlspecialchars($fieldName) . '"
550 type="' . htmlspecialchars($type) . '"
551 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']" ' .
552 $noAutocomplete .
553 'value="' . htmlspecialchars($value) . '" ' .
554 $more .
555 ' />';
556 break;
557 case 'check':
558 $html = $label . '<div class="checkbox"><label><input id="field_' . htmlspecialchars($fieldName) . '"
559 type="checkbox"
560 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
561 ($value ? ' checked="checked"' : '') .
562 $more .
563 ' /></label></div>';
564 $label = '';
565 break;
566 case 'select':
567 if ($config['itemsProcFunc']) {
568 $html = GeneralUtility::callUserFunction($config['itemsProcFunc'], $config, $this, '');
569 } else {
570 $html = '<select id="field_' . htmlspecialchars($fieldName) . '"
571 name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' .
572 $more . '>' . LF;
573 foreach ($config['items'] as $key => $optionLabel) {
574 $html .= '<option value="' . htmlspecialchars($key) . '"' . ($value == $key ? ' selected="selected"' : '') . '>' . $this->getLabel($optionLabel, '', false) . '</option>' . LF;
575 }
576 $html .= '</select>';
577 }
578 break;
579 case 'user':
580 $html = GeneralUtility::callUserFunction($config['userFunc'], $config, $this, '');
581 break;
582 case 'button':
583 if ($config['onClick']) {
584 $onClick = $config['onClick'];
585 if ($config['onClickLabels']) {
586 foreach ($config['onClickLabels'] as $key => $labelclick) {
587 $config['onClickLabels'][$key] = $this->getLabel($labelclick, '', false);
588 }
589 $onClick = vsprintf($onClick, $config['onClickLabels']);
590 }
591 $html = '<br><input class="btn btn-default" type="button"
592 value="' . $this->getLabel($config['buttonlabel'], '', false) . '"
593 onclick="' . $onClick . '" />';
594 }
595 if (!empty($config['confirm'])) {
596 $confirmData = $config['confirmData'];
597 $html = '<br><input class="btn btn-default t3js-modal-trigger" type="button"'
598 . ' value="' . $this->getLabel($config['buttonlabel'], '', false) . '"'
599 . ' data-href="javascript:' . htmlspecialchars($confirmData['jsCodeAfterOk']) . '"'
600 . ' data-severity="warning"'
601 . ' data-title="' . $this->getLabel($config['label'], '', false) . '"'
602 . ' data-content="' . $this->getLabel($confirmData['message'], '', false) . '" />';
603 }
604 break;
605 case 'avatar':
606 // Get current avatar image
607 $html = '<br>';
608 $avatarFileUid = $this->getAvatarFileUid($this->getBackendUser()->user['uid']);
609
610 if ($avatarFileUid) {
611 $defaultAvatarProvider = GeneralUtility::makeInstance(DefaultAvatarProvider::class);
612 $avatarImage = $defaultAvatarProvider->getImage($this->getBackendUser()->user, 32);
613 if ($avatarImage) {
614 $icon = '<span class="avatar"><span class="avatar-image">' .
615 '<img src="' . htmlspecialchars($avatarImage->getUrl(true)) . '"' .
616 ' width="' . (int)$avatarImage->getWidth() . '" ' .
617 'height="' . (int)$avatarImage->getHeight() . '" />' .
618 '</span></span>';
619 $html .= '<span class="pull-left" style="padding-right: 10px" id="image_' . htmlspecialchars($fieldName) . '">' . $icon . ' </span>';
620 }
621 }
622 $html .= '<input id="field_' . htmlspecialchars($fieldName) . '" type="hidden" ' .
623 'name="data' . $dataAdd . '[' . htmlspecialchars($fieldName) . ']"' . $more .
624 ' value="' . (int)$avatarFileUid . '" />';
625
626 $html .= '<div class="btn-group">';
627 if ($avatarFileUid) {
628 $html .= '<a id="clear_button_' . htmlspecialchars($fieldName) . '" onclick="clearExistingImage(); return false;" class="btn btn-default"><span class="t3-icon fa t3-icon fa fa-remove"> </span></a>';
629 }
630 $html .= '<a id="add_button_' . htmlspecialchars($fieldName) . '" class="btn btn-default btn-add-avatar" onclick="openFileBrowser();return false;"><span class="t3-icon t3-icon-actions t3-icon-actions-insert t3-icon-insert-record"> </span></a>' .
631 '</div>';
632
633 $this->addAvatarButtonJs($fieldName);
634 break;
635 default:
636 $html = '';
637 }
638
639 $code[] = '<div class="form-section"><div class="form-group">' .
640 $label .
641 $html .
642 '</div></div>';
643 }
644
645 $result[] = [
646 'label' => $tabLabel,
647 'content' => count($code) ? implode(LF, $code) : ''
648 ];
649 return $result;
650 }
651
652 /******************************
653 *
654 * Helper functions
655 *
656 ******************************/
657 /**
658 * Returns the backend user object, either the global OR the $this->OLD_BE_USER which is set during simulate-user operation.
659 * Anyway: The REAL user is returned - the one logged in.
660 *
661 * @return BackendUserAuthentication The REAL user is returned - the one logged in.
662 */
663 protected function getRealScriptUserObj()
664 {
665 return is_object($this->OLD_BE_USER) ? $this->OLD_BE_USER : $this->getBackendUser();
666 }
667
668 /**
669 * Return a select with available languages
670 *
671 * @return string Complete select as HTML string or warning box if something went wrong.
672 */
673 public function renderLanguageSelect()
674 {
675 $languageOptions = [];
676 // Compile the languages dropdown
677 $langDefault = $this->getLanguageService()->getLL('lang_default', true);
678 $languageOptions[$langDefault] = '<option value=""' . ($this->getBackendUser()->uc['lang'] === '' ? ' selected="selected"' : '') . '>' . $langDefault . '</option>';
679 // Traverse the number of languages
680 /** @var $locales \TYPO3\CMS\Core\Localization\Locales */
681 $locales = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Localization\Locales::class);
682 $languages = $locales->getLanguages();
683 foreach ($languages as $locale => $name) {
684 if ($locale !== 'default') {
685 $defaultName = isset($GLOBALS['LOCAL_LANG']['default']['lang_' . $locale]) ? $GLOBALS['LOCAL_LANG']['default']['lang_' . $locale][0]['source'] : $name;
686 $localizedName = $this->getLanguageService()->getLL('lang_' . $locale, true);
687 if ($localizedName === '') {
688 $localizedName = htmlspecialchars($name);
689 }
690 $localLabel = ' - [' . htmlspecialchars($defaultName) . ']';
691 $available = is_dir(PATH_typo3conf . 'l10n/' . $locale);
692 if ($available) {
693 $languageOptions[$defaultName] = '<option value="' . $locale . '"' . ($this->getBackendUser()->uc['lang'] === $locale ? ' selected="selected"' : '') . '>' . $localizedName . $localLabel . '</option>';
694 }
695 }
696 }
697 ksort($languageOptions);
698 $languageCode = '
699 <select id="field_lang" name="data[lang]" class="form-control">' . implode('', $languageOptions) . '
700 </select>';
701 if ($this->getBackendUser()->uc['lang'] && !@is_dir((PATH_typo3conf . 'l10n/' . $this->getBackendUser()->uc['lang']))) {
702 // TODO: The text constants have to be moved into language files
703 $languageUnavailableWarning = 'The selected language "' . $this->getLanguageService()->getLL(('lang_' . $this->getBackendUser()->uc['lang']), true) . '" is not available before the language files are installed.&nbsp;&nbsp;<br />&nbsp;&nbsp;' . ($this->getBackendUser()->isAdmin() ? 'You can use the Language module to easily download new language files.' : 'Please ask your system administrator to do this.');
704 $languageCode = '<br /><span class="label label-danger">' . $languageUnavailableWarning . '</span><br /><br />' . $languageCode;
705 }
706 return $languageCode;
707 }
708
709 /**
710 * Returns a select with all modules for startup
711 *
712 * @param array $params
713 * @param SetupModuleController $pObj
714 *
715 * @return string Complete select as HTML string
716 */
717 public function renderStartModuleSelect($params, $pObj)
718 {
719 $startModuleSelect = '<option value="">' . $this->getLanguageService()->getLL('startModule.firstInMenu', true) . '</option>';
720 foreach ($pObj->loadModules->modules as $mainMod => $modData) {
721 if (!empty($modData['sub']) && is_array($modData['sub'])) {
722 $modules = '';
723 foreach ($modData['sub'] as $subData) {
724 $modName = $subData['name'];
725 $modules .= '<option value="' . htmlspecialchars($modName) . '"';
726 $modules .= $this->getBackendUser()->uc['startModule'] === $modName ? ' selected="selected"' : '';
727 $modules .= '>' . $this->getLanguageService()->moduleLabels['tabs'][$modName . '_tab'] . '</option>';
728 }
729 $groupLabel = $this->getLanguageService()->moduleLabels['tabs'][$mainMod . '_tab'];
730 $startModuleSelect .= '<optgroup label="' . htmlspecialchars($groupLabel) . '">' . $modules . '</optgroup>';
731 }
732 }
733 return '<select id="field_startModule" name="data[startModule]" class="form-control">' . $startModuleSelect . '</select>';
734 }
735
736 /**
737 * Will make the simulate-user selector if the logged in user is administrator.
738 * It will also set the GLOBAL(!) BE_USER to the simulated user selected if any (and set $this->OLD_BE_USER to logged in user)
739 *
740 * @return void
741 */
742 public function simulateUser()
743 {
744 // If admin, allow simulation of another user
745 $this->simUser = 0;
746 $this->simulateSelector = '';
747 unset($this->OLD_BE_USER);
748 if ($this->getBackendUser()->isAdmin()) {
749 $this->simUser = (int)GeneralUtility::_GP('simUser');
750 // Make user-selector:
751 $db = $this->getDatabaseConnection();
752 $where = 'AND username NOT LIKE ' . $db->fullQuoteStr($db->escapeStrForLike('_cli_', 'be_users') . '%', 'be_users');
753 $where .= ' AND uid <> ' . (int)$this->getBackendUser()->user['uid'] . BackendUtility::BEenableFields('be_users');
754 $users = BackendUtility::getUserNames('username,usergroup,usergroup_cached_list,uid,realName', $where);
755 $opt = [];
756 foreach ($users as $rr) {
757 $label = $rr['username'] . ($rr['realName'] ? ' (' . $rr['realName'] . ')' : '');
758 $opt[] = '<option value="' . (int)$rr['uid'] . '"' . ($this->simUser === (int)$rr['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
759 }
760 if (!empty($opt)) {
761 $this->simulateSelector = '<select id="field_simulate" class="form-control" name="simulateUser" onchange="window.location.href=' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('user_setup') . '&simUser=') . '+this.options[this.selectedIndex].value;"><option></option>' . implode('', $opt) . '</select>';
762 }
763 }
764 // This can only be set if the previous code was executed.
765 if ($this->simUser > 0) {
766 // Save old user...
767 $this->OLD_BE_USER = $this->getBackendUser();
768 unset($GLOBALS['BE_USER']);
769 // Unset current
770 // New backend user object
771 $BE_USER = GeneralUtility::makeInstance(BackendUserAuthentication::class);
772 $BE_USER->setBeUserByUid($this->simUser);
773 $BE_USER->fetchGroupData();
774 $BE_USER->backendSetUC();
775 // Must do this, because unsetting $BE_USER before apparently unsets the reference to the global variable by this name!
776 $GLOBALS['BE_USER'] = $BE_USER;
777 }
778 }
779
780 /**
781 * Render simulate user select and label
782 *
783 * @return string
784 */
785 protected function renderSimulateUserSelectAndLabel()
786 {
787 if ($this->simulateSelector === '') {
788 return '';
789 }
790
791 return '<div class="form-inline"><div class="form-group"><p>'
792 . '<label for="field_simulate" style="margin-right: 20px;">'
793 . htmlspecialchars($this->getLanguageService()->sL('LLL:EXT:setup/Resources/Private/Language/locallang.xlf:simulate'))
794 . '</label>'
795 . $this->simulateSelector
796 . '</p></div></div>';
797 }
798
799 /**
800 * Returns access check (currently only "admin" is supported)
801 *
802 * @param array $config Configuration of the field, access mode is defined in key 'access'
803 * @return bool Whether it is allowed to modify the given field
804 */
805 protected function checkAccess(array $config)
806 {
807 $access = $config['access'];
808
809 if (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['setup']['accessLevelCheck'][$access])) {
810 if (class_exists($access)) {
811 $accessObject = GeneralUtility::makeInstance($access);
812 if (method_exists($accessObject, 'accessLevelCheck')) {
813 // Initialize vars. If method fails, $set will be set to FALSE
814 return $accessObject->accessLevelCheck($config);
815 }
816 }
817 } elseif ($access == 'admin') {
818 return $this->isAdmin;
819 }
820
821 return false;
822 }
823
824 /**
825 * Returns the label $str from getLL() and grays out the value if the $str/$key is found in $this->overrideConf array
826 *
827 * @param string $str Locallang key
828 * @param string $key Alternative override-config key
829 * @param bool $addLabelTag Defines whether the string should be wrapped in a <label> tag.
830 * @return string HTML output.
831 */
832 protected function getLabel($str, $key = '', $addLabelTag = true)
833 {
834 if (substr($str, 0, 4) === 'LLL:') {
835 $out = htmlspecialchars($this->getLanguageService()->sL($str));
836 } else {
837 $out = htmlspecialchars($str);
838 }
839 if (isset($this->overrideConf[$key ?: $str])) {
840 $out = '<span style="color:#999999">' . $out . '</span>';
841 }
842 if ($addLabelTag) {
843 $out = '<label for="' . ($altLabelTagId ?: 'field_' . htmlspecialchars($key)) . '">' . $out . '</label>';
844 }
845 return $out;
846 }
847
848 /**
849 * Returns the CSH Icon for given string
850 *
851 * @param string $str Locallang key
852 * @param string $label The label to be used, that should be wrapped in help
853 * @return string HTML output.
854 */
855 protected function getCSH($str, $label)
856 {
857 $context = '_MOD_user_setup';
858 $field = $str;
859 $strParts = explode(':', $str);
860 if (count($strParts) > 1) {
861 // Setting comes from another extension
862 $context = $strParts[0];
863 $field = $strParts[1];
864 } elseif ($str !== 'language' && $str !== 'simuser' && $str !== 'reset') {
865 $field = 'option_' . $str;
866 }
867 return BackendUtility::wrapInHelp($context, $field, $label);
868 }
869
870 /**
871 * Returns array with fields defined in $GLOBALS['TYPO3_USER_SETTINGS']['showitem']
872 * Remove fields which are disabled by user TSconfig
873 *
874 * @return string[] Array with field names visible in form
875 */
876 protected function getFieldsFromShowItem()
877 {
878 $allowedFields = GeneralUtility::trimExplode(',', $GLOBALS['TYPO3_USER_SETTINGS']['showitem'], true);
879 if (!is_array($this->tsFieldConf)) {
880 return $allowedFields;
881 }
882 foreach ($this->tsFieldConf as $fieldName => $userTsFieldConfig) {
883 if (!empty($userTsFieldConfig['disabled'])) {
884 $fieldName = rtrim($fieldName, '.');
885 $key = array_search($fieldName, $allowedFields);
886 if ($key !== false) {
887 unset($allowedFields[$key]);
888 }
889 }
890 }
891 return $allowedFields;
892 }
893
894 /**
895 * Get Avatar fileUid
896 *
897 * @param int $beUserId
898 * @return int
899 */
900 protected function getAvatarFileUid($beUserId)
901 {
902 $file = $this->getDatabaseConnection()->exec_SELECTgetSingleRow(
903 'uid_local',
904 'sys_file_reference',
905 'tablenames = \'be_users\' AND fieldname = \'avatar\' AND ' .
906 'table_local = \'sys_file\' AND uid_foreign = ' . (int)$beUserId .
907 BackendUtility::BEenableFields('sys_file_reference') . BackendUtility::deleteClause('sys_file_reference')
908 );
909 return $file ? $file['uid_local'] : 0;
910 }
911
912 /**
913 * Set avatar fileUid for backend user
914 *
915 * @param int $beUserId
916 * @param int $fileUid
917 * @param array $storeRec
918 */
919 protected function setAvatarFileUid($beUserId, $fileUid, array &$storeRec)
920 {
921
922 // Update is only needed when new fileUid is set
923 if ((int)$fileUid === $this->getAvatarFileUid($beUserId)) {
924 return;
925 }
926
927 // Delete old file reference
928 $this->getDatabaseConnection()->exec_DELETEquery(
929 'sys_file_reference',
930 'tablenames = \'be_users\' AND fieldname = \'avatar\' AND ' .
931 'table_local = \'sys_file\' AND uid_foreign = ' . (int)$beUserId
932 );
933
934 // Create new reference
935 if ($fileUid) {
936
937 // Get file object
938 try {
939 $file = ResourceFactory::getInstance()->getFileObject($fileUid);
940 } catch (FileDoesNotExistException $e) {
941 $file = false;
942 }
943
944 // Check if user is allowed to use the image (only when not in simulation mode)
945 if ($file && $this->simUser === 0 && !$file->getStorage()->checkFileActionPermission('read', $file)) {
946 $file = false;
947 }
948
949 // Check if extension is allowed
950 if ($file && GeneralUtility::inList($GLOBALS['TYPO3_CONF_VARS']['GFX']['imagefile_ext'], $file->getExtension())) {
951
952 // Create new file reference
953 $storeRec['sys_file_reference']['NEW1234'] = [
954 'uid_local' => (int)$fileUid,
955 'uid_foreign' => (int)$beUserId,
956 'tablenames' => 'be_users',
957 'fieldname' => 'avatar',
958 'pid' => 0,
959 'table_local' => 'sys_file',
960 ];
961 $storeRec['be_users'][(int)$beUserId]['avatar'] = 'NEW1234';
962 }
963 }
964 }
965
966 /**
967 * Add JavaScript to for browse files button
968 *
969 * @param string $fieldName
970 */
971 protected function addAvatarButtonJs($fieldName)
972 {
973 $this->moduleTemplate->addJavaScriptCode('avatar-button', '
974 var browserWin="";
975
976 function openFileBrowser() {
977 var url = ' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('wizard_element_browser', ['mode' => 'file', 'bparams' => '||||dummy|setFileUid'])) . ';
978 browserWin = window.open(url,"Typo3WinBrowser","height=650,width=800,status=0,menubar=0,resizable=1,scrollbars=1");
979 browserWin.focus();
980 }
981
982 function clearExistingImage() {
983 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#image_' . htmlspecialchars($fieldName)) . ').hide();
984 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#clear_button_' . htmlspecialchars($fieldName)) . ').hide();
985 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(\'\');
986 }
987
988 function setFileUid(field, value, fileUid) {
989 clearExistingImage();
990 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(fileUid);
991 TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#add_button_' . htmlspecialchars($fieldName)) . ').removeClass(\'btn-default\').addClass(\'btn-info\');
992
993 browserWin.close();
994 }
995 ');
996 }
997
998 /**
999 * Returns the current BE user.
1000 *
1001 * @return \TYPO3\CMS\Core\Authentication\BackendUserAuthentication
1002 */
1003 protected function getBackendUser()
1004 {
1005 return $GLOBALS['BE_USER'];
1006 }
1007
1008 /**
1009 * Returns LanguageService
1010 *
1011 * @return \TYPO3\CMS\Lang\LanguageService
1012 */
1013 protected function getLanguageService()
1014 {
1015 return $GLOBALS['LANG'];
1016 }
1017
1018 /**
1019 * @return DatabaseConnection
1020 */
1021 protected function getDatabaseConnection()
1022 {
1023 return $GLOBALS['TYPO3_DB'];
1024 }
1025
1026 /**
1027 * Add FlashMessages for various actions
1028 *
1029 * @return void
1030 */
1031 protected function addFlashMessages()
1032 {
1033 $flashMessages = [];
1034
1035 // Show if setup was saved
1036 if ($this->setupIsUpdated && !$this->settingsAreResetToDefault) {
1037 $flashMessages[] = $this->getFlashMessage('setupWasUpdated', 'UserSettings');
1038 }
1039
1040 // Show if temporary data was cleared
1041 if ($this->settingsAreResetToDefault) {
1042 $flashMessages[] = $this->getFlashMessage('settingsAreReset', 'resetConfiguration');
1043 }
1044
1045 // Notice
1046 if ($this->setupIsUpdated || $this->settingsAreResetToDefault) {
1047 $flashMessages[] = $this->getFlashMessage('activateChanges', '', FlashMessage::INFO);
1048 }
1049
1050 // If password is updated, output whether it failed or was OK.
1051 if ($this->passwordIsSubmitted) {
1052 $flashMessage = null;
1053 switch ($this->passwordIsUpdated) {
1054 case self::PASSWORD_OLD_WRONG:
1055 $flashMessages[] = $this->getFlashMessage('oldPassword_failed', 'newPassword', FlashMessage::ERROR);
1056 break;
1057 case self::PASSWORD_NOT_THE_SAME:
1058 $flashMessages[] = $this->getFlashMessage('newPassword_failed', 'newPassword', FlashMessage::ERROR);
1059 break;
1060 case self::PASSWORD_UPDATED:
1061 $flashMessages[] = $this->getFlashMessage('newPassword_ok', 'newPassword');
1062 break;
1063 }
1064 }
1065 if (!empty($flashMessages)) {
1066 $this->enqueueFlashMessages($flashMessages);
1067 }
1068 }
1069
1070 /**
1071 * @param array $flashMessages
1072 * @throws \TYPO3\CMS\Core\Exception
1073 * @return void
1074 */
1075 protected function enqueueFlashMessages(array $flashMessages)
1076 {
1077 $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
1078 $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
1079 foreach ($flashMessages as $flashMessage) {
1080 $defaultFlashMessageQueue->enqueue($flashMessage);
1081 }
1082 }
1083
1084 /**
1085 * @param string $message
1086 * @param string $title
1087 * @param int $severity
1088 * @return FlashMessage
1089 */
1090 protected function getFlashMessage($message, $title, $severity = FlashMessage::OK)
1091 {
1092 $title = !empty($title) ? $this->getLanguageService()->getLL($title) : ' ';
1093 return GeneralUtility::makeInstance(
1094 FlashMessage::class,
1095 $this->getLanguageService()->getLL($message),
1096 $title,
1097 $severity
1098 );
1099 }
1100 }