Fixed issue #17284: Formprotection persistToken method is called too often, causing...
[Packages/TYPO3.CMS.git] / typo3 / wizard_rte.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Wizard to display the RTE in "full screen" mode
29 *
30 * $Id$
31 * Revised for TYPO3 3.6 November/2003 by Kasper Skårhøj
32 * XHTML compliant
33 *
34 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
35 */
36 /**
37 * [CLASS/FUNCTION INDEX of SCRIPT]
38 *
39 *
40 *
41 * 81: class SC_wizard_rte
42 * 99: function init()
43 * 123: function main()
44 * 285: function printContent()
45 * 298: function checkEditAccess($table,$uid)
46 *
47 * TOTAL FUNCTIONS: 4
48 * (This index is automatically created/updated by the extension "extdeveval")
49 *
50 */
51
52
53
54 $BACK_PATH='';
55 require ('init.php');
56 require ('template.php');
57 $LANG->includeLLFile('EXT:lang/locallang_wizards.xml');
58
59 t3lib_BEfunc::lockRecords();
60
61
62
63
64
65
66
67
68
69
70
71 /**
72 * Script Class for rendering the full screen RTE display
73 *
74 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
75 * @package TYPO3
76 * @subpackage core
77 */
78 class SC_wizard_rte {
79
80 // Internal, dynamic:
81 /**
82 * document template object
83 *
84 * @var mediumDoc
85 */
86 var $doc;
87 var $content; // Content accumulation for the module.
88
89 // Internal, static: GPvars
90 var $P; // Wizard parameters, coming from TCEforms linking to the wizard.
91 var $popView; // If set, launch a new window with the current records pid.
92 var $R_URI; // Set to the URL of this script including variables which is needed to re-display the form. See main()
93
94
95
96
97 /**
98 * Initialization of the class
99 *
100 * @return void
101 */
102 function init() {
103 // Setting GPvars:
104 $this->P = t3lib_div::_GP('P');
105 $this->popView = t3lib_div::_GP('popView');
106 $this->R_URI = t3lib_div::linkThisScript(array('popView' => ''));
107
108 // "Module name":
109 $this->MCONF['name']='xMOD_wizard_rte.php';
110
111 // Starting the document template object:
112 $this->doc = t3lib_div::makeInstance('template');
113 $this->doc->backPath = $GLOBALS['BACK_PATH'];
114 $this->doc->setModuleTemplate('templates/wizard_rte.html');
115 $this->doc->divClass = ''; // Need to NOT have the page wrapped in DIV since if we do that we destroy the feature that the RTE spans the whole height of the page!!!
116 $this->doc->form='<form action="tce_db.php" method="post" enctype="'.$GLOBALS['TYPO3_CONF_VARS']['SYS']['form_enctype'].'" name="editform" onsubmit="return TBE_EDITOR.checkSubmit(1);">';
117 }
118
119 /**
120 * Main function, rendering the document with the iframe with the RTE in.
121 *
122 * @return void
123 */
124 function main() {
125 global $BE_USER,$LANG;
126
127 // translate id to the workspace version:
128 if ($versionRec = t3lib_BEfunc::getWorkspaceVersionOfRecord($GLOBALS['BE_USER']->workspace, $this->P['table'], $this->P['uid'], 'uid')) {
129 $this->P['uid'] = $versionRec['uid'];
130 }
131
132 // If all parameters are available:
133 if ($this->P['table'] && $this->P['field'] && $this->P['uid'] && $this->checkEditAccess($this->P['table'],$this->P['uid'])) {
134
135 // Getting the raw record (we need only the pid-value from here...)
136 $rawRec = t3lib_BEfunc::getRecord($this->P['table'],$this->P['uid']);
137 t3lib_BEfunc::fixVersioningPid($this->P['table'], $rawRec);
138
139 // Setting JavaScript, including the pid value for viewing:
140 $this->doc->JScode = $this->doc->wrapScriptTags('
141 function jumpToUrl(URL,formEl) { //
142 if (document.editform) {
143 if (!TBE_EDITOR.isFormChanged()) {
144 window.location.href = URL;
145 } else if (formEl) {
146 if (formEl.type=="checkbox") formEl.checked = formEl.checked ? 0 : 1;
147 }
148 } else window.location.href = URL;
149 }
150 '.($this->popView ? t3lib_BEfunc::viewOnClick($rawRec['pid'],'',t3lib_BEfunc::BEgetRootLine($rawRec['pid'])) : '').'
151 ');
152
153 // Initialize TCeforms - for rendering the field:
154 $tceforms = t3lib_div::makeInstance('t3lib_TCEforms');
155 $tceforms->initDefaultBEMode(); // Init...
156 $tceforms->disableWizards = 1; // SPECIAL: Disables all wizards - we are NOT going to need them.
157 $tceforms->colorScheme[0]=$this->doc->bgColor; // SPECIAL: Setting background color of the RTE to ordinary background
158
159 // Initialize style for RTE object:
160 $RTEobj = t3lib_BEfunc::RTEgetObj(); // Getting reference to the RTE object used to render the field!
161 if ($RTEobj->ID == 'rte') {
162 $RTEobj->RTEdivStyle = 'position:relative; left:0px; top:0px; height:100%; width:100%; border:solid 0px;'; // SPECIAL: Setting style for the RTE <DIV> layer containing the IFRAME
163 }
164
165 // Fetching content of record:
166 $trData = t3lib_div::makeInstance('t3lib_transferData');
167 $trData->lockRecords=1;
168 $trData->fetchRecord($this->P['table'],$this->P['uid'],'');
169
170 // Getting the processed record content out:
171 reset($trData->regTableItems_data);
172 $rec = current($trData->regTableItems_data);
173 $rec['uid'] = $this->P['uid'];
174 $rec['pid'] = $rawRec['pid'];
175
176 // TSconfig, setting width:
177 $fieldTSConfig = $tceforms->setTSconfig($this->P['table'],$rec,$this->P['field']);
178 if (strcmp($fieldTSConfig['RTEfullScreenWidth'],'')) {
179 $width=$fieldTSConfig['RTEfullScreenWidth'];
180 } else {
181 $width='100%';
182 }
183
184 // Get the form field and wrap it in the table with the buttons:
185 $formContent = $tceforms->getSoloField($this->P['table'],$rec,$this->P['field']);
186 $formContent = '
187
188
189 <!--
190 RTE wizard:
191 -->
192 <table border="0" cellpadding="0" cellspacing="0" width="'.$width.'" id="typo3-rtewizard">
193 <tr>
194 <td width="'.$width.'" colspan="2" id="c-formContent">'.$formContent.'</td>
195 <td></td>
196 </tr>
197 </table>';
198
199 // Adding hidden fields:
200 $formContent.= '<input type="hidden" name="redirect" value="'.htmlspecialchars($this->R_URI).'" />
201 <input type="hidden" name="_serialNumber" value="'.md5(microtime()).'" />' .
202 t3lib_TCEforms::getHiddenTokenField('tceAction');
203
204
205 // Finally, add the whole setup:
206 $this->content.=
207 $tceforms->printNeededJSFunctions_top().
208 $formContent.
209 $tceforms->printNeededJSFunctions();
210 } else {
211 // ERROR:
212 $this->content.=$this->doc->section($LANG->getLL('forms_title'),'<span class="typo3-red">'.$LANG->getLL('table_noData',1).'</span>',0,1);
213 }
214
215 // Setting up the buttons and markers for docheader
216 $docHeaderButtons = $this->getButtons();
217 $markers['CONTENT'] = $this->content;
218
219 // Build the <body> for the module
220 $this->content = $this->doc->startPage('');
221 $this->content.= $this->doc->moduleBody($this->pageinfo, $docHeaderButtons, $markers);
222 $this->content.= $this->doc->endPage();
223 $this->content = $this->doc->insertStylesAndJS($this->content);
224
225 }
226
227 /**
228 * Outputting the accumulated content to screen
229 *
230 * @return void
231 */
232 function printContent() {
233 $this->content.= $this->doc->endPage();
234 $this->content = $this->doc->insertStylesAndJS($this->content);
235 echo $this->content;
236 }
237
238 /**
239 * Create the panel of buttons for submitting the form or otherwise perform operations.
240 *
241 * @return array all available buttons as an assoc. array
242 */
243 protected function getButtons() {
244 $buttons = array(
245 'close' => '',
246 'save' => '',
247 'save_view' => '',
248 'save_close' => '',
249 'shortcut' => '',
250 'undo' => '',
251 );
252
253 if ($this->P['table'] && $this->P['field'] && $this->P['uid'] && $this->checkEditAccess($this->P['table'],$this->P['uid'])) {
254 $closeUrl = t3lib_div::sanitizeLocalUrl($this->P['returnUrl']);
255
256 // Getting settings for the undo button:
257 $undoButton = 0;
258 $undoRes = $GLOBALS['TYPO3_DB']->exec_SELECTquery('tstamp', 'sys_history', 'tablename=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($this->P['table'], 'sys_history') . ' AND recuid=' . intval($this->P['uid']), '', 'tstamp DESC', '1');
259 if ($undoButtonR = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($undoRes)) {
260 $undoButton = 1;
261 }
262
263 // Close
264 $buttons['close'] = '<a href="#" onclick="' . htmlspecialchars('jumpToUrl(unescape(\'' . rawurlencode($closeUrl) . '\')); return false;') . '">' .
265 '<img' . t3lib_iconWorks::skinImg($this->doc->backPath, 'gfx/closedok.gif') . ' class="c-inputButton" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:rm.closeDoc', 1) . '" alt="" />' .
266 '</a>';
267
268 // Save
269 $buttons['save'] = '<a href="#" onclick="TBE_EDITOR.checkAndDoSubmit(1); return false;">' .
270 '<img' . t3lib_iconWorks::skinImg($this->doc->backPath, 'gfx/savedok.gif') . ' class="c-inputButton" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:rm.saveDoc', 1) . '" alt="" />' .
271 '</a>';
272
273 // Save & View
274 if (t3lib_extMgm::isLoaded('cms')) {
275 $buttons['save_view'] = '<a href="#" onclick="' . htmlspecialchars('document.editform.redirect.value+=\'&popView=1\'; TBE_EDITOR.checkAndDoSubmit(1); return false;') . '">' .
276 '<img' . t3lib_iconWorks::skinImg($this->doc->backPath, 'gfx/savedokshow.gif') . ' class="c-inputButton" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:rm.saveDocShow', 1) . '" alt="" />' .
277 '</a>';
278 }
279
280 // Save & Close
281 $buttons['save_close'] = '<input type="image" class="c-inputButton" onclick="' . htmlspecialchars('document.editform.redirect.value=\'' . $closeUrl . '\'; TBE_EDITOR.checkAndDoSubmit(1); return false;') . '" name="_saveandclosedok"' . t3lib_iconWorks::skinImg($this->doc->backPath, 'gfx/saveandclosedok.gif', '') . ' title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:rm.saveCloseDoc', 1) . '" />';
282
283 // Undo/Revert:
284 if ($undoButton) {
285 $buttons['undo'] = '<a href="#" onclick="' . htmlspecialchars('window.location.href=\'show_rechis.php?element=' . rawurlencode($this->P['table'] . ':' . $this->P['uid']) . '&revert=' . rawurlencode('field:' . $this->P['field']) . '&sumUp=-1&returnUrl=' . rawurlencode($this->R_URI) . '\'; return false;') . '">' .
286 '<img' . t3lib_iconWorks::skinImg($this->doc->backPath, 'gfx/undo.gif') . ' class="c-inputButton" title="' . htmlspecialchars(sprintf($GLOBALS['LANG']->getLL('rte_undoLastChange'), t3lib_BEfunc::calcAge($GLOBALS['EXEC_TIME'] - $undoButtonR['tstamp'], $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:labels.minutesHoursDaysYears')))) . '" alt="" />' .
287 '</a>';
288 }
289
290 // Shortcut
291 if ($GLOBALS['BE_USER']->mayMakeShortcut()) {
292 $buttons['shortcut'] = $this->doc->makeShortcutIcon('P', '', $this->MCONF['name'], 1);
293 }
294 }
295
296 return $buttons;
297 }
298
299 /**
300 * Checks access for element
301 *
302 * @param string Table name
303 * @param integer Record uid
304 * @return void
305 */
306 function checkEditAccess($table,$uid) {
307 global $BE_USER;
308
309 $calcPRec = t3lib_BEfunc::getRecord($table,$uid);
310 t3lib_BEfunc::fixVersioningPid($table,$calcPRec);
311 if (is_array($calcPRec)) {
312 if ($table=='pages') { // If pages:
313 $CALC_PERMS = $BE_USER->calcPerms($calcPRec);
314 $hasAccess = $CALC_PERMS&2 ? TRUE : FALSE;
315 } else {
316 $CALC_PERMS = $BE_USER->calcPerms(t3lib_BEfunc::getRecord('pages',$calcPRec['pid'])); // Fetching pid-record first.
317 $hasAccess = $CALC_PERMS&16 ? TRUE : FALSE;
318 }
319
320 // Check internals regarding access:
321 if ($hasAccess) {
322 $hasAccess = $BE_USER->recordEditAccessInternals($table, $calcPRec);
323 }
324 } else $hasAccess = FALSE;
325
326 return $hasAccess;
327 }
328 }
329
330
331 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/wizard_rte.php'])) {
332 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/wizard_rte.php']);
333 }
334
335
336
337 // Make instance:
338 $SOBE = t3lib_div::makeInstance('SC_wizard_rte');
339 $SOBE->init();
340 $SOBE->main();
341 $SOBE->printContent();
342
343 ?>