[SECURITY] XSS in BE file list
[Packages/TYPO3.CMS.git] / typo3 / file_rename.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * Web>File: Renaming files and folders
29 *
30 * Revised for TYPO3 3.6 November/2003 by Kasper Skårhøj
31 *
32 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
33 */
34
35
36
37 $BACK_PATH = '';
38 require('init.php');
39 require('template.php');
40
41
42
43 /**
44 * Script Class for the rename-file form.
45 *
46 * @author Kasper Skårhøj <kasperYYYY@typo3.com>
47 * @package TYPO3
48 * @subpackage core
49 */
50 class SC_file_rename {
51
52 // Internal, static:
53 /**
54 * Document template object
55 *
56 * @var smallDoc
57 */
58 var $doc;
59
60 /**
61 * File processing object
62 *
63 * @var t3lib_basicFileFunctions
64 */
65 var $basicff;
66 var $icon; // Will be set to the proper icon for the $target value.
67 var $shortPath; // Relative path to current found filemount
68 var $title; // Name of the filemount
69
70 // Internal, static (GPVar):
71 var $target; // Set with the target path inputted in &target
72 var $returnUrl; // Return URL of list module.
73
74 // Internal, dynamic:
75 var $content; // Accumulating content
76
77
78 /**
79 * Constructor function for class
80 *
81 * @return void
82 */
83 function init() {
84 // Initialize GPvars:
85 $this->target = t3lib_div::_GP('target');
86 $this->returnUrl = t3lib_div::sanitizeLocalUrl(t3lib_div::_GP('returnUrl'));
87
88 // Init basic-file-functions object:
89 $this->basicff = t3lib_div::makeInstance('t3lib_basicFileFunctions');
90 $this->basicff->init($GLOBALS['FILEMOUNTS'],$GLOBALS['TYPO3_CONF_VARS']['BE']['fileExtensions']);
91
92 // Cleaning and checking target
93 if (file_exists($this->target)) {
94 $this->target=$this->basicff->cleanDirectoryName($this->target); // Cleaning and checking target (file or dir)
95 } else {
96 $this->target='';
97 }
98 $key=$this->basicff->checkPathAgainstMounts($this->target.'/');
99 if (!$this->target || !$key) {
100 $title = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xml:paramError', TRUE);
101 $message = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_file_list.xml:targetNoDir', TRUE);
102 throw new RuntimeException($title . ': ' . $message, 1294586844);
103 }
104
105 // Finding the icon
106 switch($GLOBALS['FILEMOUNTS'][$key]['type']) {
107 case 'user':
108 $this->icon = 'gfx/i/_icon_ftp_user.gif';
109 break;
110 case 'group':
111 $this->icon = 'gfx/i/_icon_ftp_group.gif';
112 break;
113 default:
114 $this->icon = 'gfx/i/_icon_ftp.gif';
115 }
116
117 $this->icon = '<img'.t3lib_iconWorks::skinImg($this->backPath,$this->icon,'width="18" height="16"').' title="" alt="" />';
118
119 // Relative path to filemount, $key:
120 $this->shortPath = substr($this->target,strlen($GLOBALS['FILEMOUNTS'][$key]['path']));
121
122 // Setting title:
123 $this->title = $this->icon . htmlspecialchars($GLOBALS['FILEMOUNTS'][$key]['name']) . ': ' . htmlspecialchars($this->shortPath);
124
125 // Setting template object
126 $this->doc = t3lib_div::makeInstance('template');
127 $this->doc->setModuleTemplate('templates/file_rename.html');
128 $this->doc->backPath = $GLOBALS['BACK_PATH'];
129 $this->doc->JScode=$this->doc->wrapScriptTags('
130 function backToList() { //
131 top.goToModule("file_list");
132 }
133 ');
134 }
135
136 /**
137 * Main function, rendering the content of the rename form
138 *
139 * @return void
140 */
141 function main() {
142 //TODO: change locallang*.php to locallang*.xml
143
144 // Make page header:
145 $this->content = $this->doc->startPage($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:file_rename.php.pagetitle'));
146
147 $pageContent = $this->doc->header($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:file_rename.php.pagetitle'));
148 $pageContent .= $this->doc->spacer(5);
149 $pageContent .= $this->doc->divider(5);
150
151
152 $code = '<form action="tce_file.php" method="post" name="editform">';
153 // Making the formfields for renaming:
154 $code .= '
155
156 <div id="c-rename">
157 <input type="text" name="file[rename][0][data]" value="'.htmlspecialchars(basename($this->shortPath)).'"'.$GLOBALS['TBE_TEMPLATE']->formWidth(20).' />
158 <input type="hidden" name="file[rename][0][target]" value="'.htmlspecialchars($this->target).'" />
159 </div>
160 ';
161
162 // Making submit button:
163 $code.='
164 <div id="c-submit">
165 <input type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:file_rename.php.submit', 1) . '" />
166 <input type="submit" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:labels.cancel', 1) . '" onclick="backToList(); return false;" />
167 <input type="hidden" name="redirect" value="'.htmlspecialchars($this->returnUrl).'" />
168 </div>
169 ';
170
171 $code .= '</form>';
172
173 // Add the HTML as a section:
174 $pageContent .= $code;
175
176 $docHeaderButtons = array();
177 $docHeaderButtons['csh'] = t3lib_BEfunc::cshItem('xMOD_csh_corebe', 'file_rename', $GLOBALS['BACK_PATH']);
178
179 // Add the HTML as a section:
180 $markerArray = array(
181 'CSH' => $docHeaderButtons['csh'],
182 'FUNC_MENU' => t3lib_BEfunc::getFuncMenu($this->id, 'SET[function]', $this->MOD_SETTINGS['function'], $this->MOD_MENU['function']),
183 'CONTENT' => $pageContent,
184 'PATH' => $this->title,
185 );
186
187 $this->content.= $this->doc->moduleBody(array(), $docHeaderButtons, $markerArray);
188 $this->content.= $this->doc->endPage();
189 $this->content = $this->doc->insertStylesAndJS($this->content);
190 }
191
192 /**
193 * Outputting the accumulated content to screen
194 *
195 * @return void
196 */
197 function printContent() {
198 echo $this->content;
199 }
200 }
201
202
203 if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/file_rename.php'])) {
204 include_once($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/file_rename.php']);
205 }
206
207
208
209 // Make instance:
210 $SOBE = t3lib_div::makeInstance('SC_file_rename');
211 $SOBE->init();
212 $SOBE->main();
213 $SOBE->printContent();
214
215 ?>