Fixed bug #13957: XSS in template analyzer (thanks to Georg Ringer)
[Packages/TYPO3.CMS.git] / typo3 / sysext / tstemplate_analyzer / class.tx_tstemplateanalyzer.php
1 <?php
2 /***************************************************************
3 * Copyright notice
4 *
5 * (c) 1999-2008 Kasper Skaarhoj (kasperYYYY@typo3.com)
6 * All rights reserved
7 *
8 * This script is part of the TYPO3 project. The TYPO3 project is
9 * free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * The GNU General Public License can be found at
15 * http://www.gnu.org/copyleft/gpl.html.
16 * A copy is found in the textfile GPL.txt and important notices to the license
17 * from the author is found in LICENSE.txt distributed with these scripts.
18 *
19 *
20 * This script is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * This copyright notice MUST APPEAR in all copies of the script!
26 ***************************************************************/
27 /**
28 * @author Kasper Skaarhoj <kasperYYYY@typo3.com>
29 */
30
31 require_once(PATH_t3lib."class.t3lib_extobjbase.php");
32
33 class tx_tstemplateanalyzer extends t3lib_extobjbase {
34 function init(&$pObj,$conf) {
35 parent::init($pObj,$conf);
36
37 $this->pObj->modMenu_setDefaultList.= ',ts_analyzer_checkLinenum,ts_analyzer_checkSyntax,ts_analyzer_checkSyntaxBlockmode';
38 }
39
40 function modMenu() {
41 global $LANG;
42
43 return array (
44 'ts_analyzer_checkSetup' => '1',
45 'ts_analyzer_checkConst' => '1',
46 'ts_analyzer_checkLinenum' => '1',
47 'ts_analyzer_checkComments' => '1',
48 'ts_analyzer_checkCrop' => '1',
49 'ts_analyzer_checkSyntax' => '1',
50 'ts_analyzer_checkSyntaxBlockmode' => '1',
51 );
52 }
53
54 function initialize_editor($pageId,$template_uid=0) {
55 // Initializes the module. Done in this function because we may need to re-initialize if data is submitted!
56 global $tmpl,$tplRow,$theConstants,$rootLine;
57
58 $tmpl = t3lib_div::makeInstance("t3lib_tsparser_ext"); // Defined global here!
59 $tmpl->tt_track = 0; // Do not log time-performance information
60 $tmpl->init();
61
62 // Gets the rootLine
63 $sys_page = t3lib_div::makeInstance("t3lib_pageSelect");
64 $rootLine = $sys_page->getRootLine($pageId);
65 $tmpl->runThroughTemplates($rootLine,$template_uid); // This generates the constants/config + hierarchy info for the template.
66
67 $tplRow = $tmpl->ext_getFirstTemplate($pageId,$template_uid); // Get the row of the first VISIBLE template of the page. whereclause like the frontend.
68 if (is_array($tplRow)) { // IF there was a template...
69 return 1;
70 }
71 }
72 function main() {
73 // Initializes the module. Done in this function because we may need to re-initialize if data is submitted!
74 global $SOBE,$BE_USER,$LANG,$BACK_PATH,$TCA_DESCR,$TCA,$CLIENT,$TYPO3_CONF_VARS;
75 global $tmpl,$tplRow,$theConstants,$rootLine;
76
77 // **************************
78 // Checking for more than one template an if, set a menu...
79 // **************************
80 $manyTemplatesMenu = $this->pObj->templateMenu();
81 $template_uid = 0;
82 if ($manyTemplatesMenu) {
83 $template_uid = $this->pObj->MOD_SETTINGS["templatesOnPage"];
84 }
85
86 // **************************
87 // Main
88 // **************************
89
90 // BUGBUG: Should we check if the uset may at all read and write template-records???
91 $existTemplate = $this->initialize_editor($this->pObj->id,$template_uid); // initialize
92 if ($existTemplate) {
93 $theOutput.=$this->pObj->doc->divider(5);
94 $theOutput.=$this->pObj->doc->section("Current template:",'<img '.t3lib_iconWorks::skinImg($BACK_PATH, t3lib_iconWorks::getIcon('sys_template', $tplRow)).' align="top" /> <b>'.$this->pObj->linkWrapTemplateTitle($tplRow["title"]).'</b>'.htmlspecialchars(trim($tplRow["sitetitle"])?' - ('.$tplRow["sitetitle"].')':''));
95 }
96 if ($manyTemplatesMenu) {
97 $theOutput.=$this->pObj->doc->section("",$manyTemplatesMenu);
98 }
99
100 // debug($tmpl->hierarchyInfo);
101
102 $tmpl->clearList_const_temp = array_flip($tmpl->clearList_const);
103 $tmpl->clearList_setup_temp = array_flip($tmpl->clearList_setup);
104
105 $pointer = count($tmpl->hierarchyInfo);
106 $tmpl->hierarchyInfoArr = $tmpl->ext_process_hierarchyInfo(array(), $pointer);
107 $tmpl->procesIncludes();
108
109 $hierarArr = array();
110 $head= '<tr>';
111 $head.= '<td class="bgColor2"><b>Title&nbsp;&nbsp;</b></td>';
112 $head.= '<td class="bgColor2"><b>Rootlevel&nbsp;&nbsp;</b></td>';
113 $head.= '<td class="bgColor2"><b>C. Setup&nbsp;&nbsp;</b></td>';
114 $head.= '<td class="bgColor2"><b>C. Const&nbsp;&nbsp;</b></td>';
115 $head.= '<td class="bgColor2"><b>PID/RL&nbsp;&nbsp;</b></td>';
116 $head.= '<td class="bgColor2"><b>NL&nbsp;&nbsp;</b></td>';
117 $head.= '</tr>';
118 $hierar = implode(array_reverse($tmpl->ext_getTemplateHierarchyArr($tmpl->hierarchyInfoArr, "",array(),1)),"");
119 $hierar= '<table border=0 cellpadding=0 cellspacing=0>'.$head.$hierar.'</table>';
120
121 $theOutput.=$this->pObj->doc->spacer(5);
122 $theOutput.=$this->pObj->doc->section("Template hierarchy:",$hierar,0,1);
123
124
125 // Output constants
126 $theOutput.=$this->pObj->doc->spacer(25);
127 $theOutput.=$this->pObj->doc->divider(0);
128 $theOutput.=$this->pObj->doc->section("",
129 '<label for="checkTs_analyzer_checkLinenum">Linenumbers</label> '.t3lib_BEfunc::getFuncCheck($this->pObj->id,"SET[ts_analyzer_checkLinenum]",$this->pObj->MOD_SETTINGS["ts_analyzer_checkLinenum"],'','','id="checkTs_analyzer_checkLinenum"').
130 '&nbsp;&nbsp;&nbsp;<label for="checkTs_analyzer_checkSyntax">Syntax HL</label> '.t3lib_BEfunc::getFuncCheck($this->pObj->id,"SET[ts_analyzer_checkSyntax]",$this->pObj->MOD_SETTINGS["ts_analyzer_checkSyntax"],'','','id="checkTs_analyzer_checkSyntax"').
131 (!$this->pObj->MOD_SETTINGS["ts_analyzer_checkSyntax"] ?
132 '&nbsp;&nbsp;&nbsp;<label for="checkTs_analyzer_checkComments">Comments</label> '.t3lib_BEfunc::getFuncCheck($this->pObj->id,"SET[ts_analyzer_checkComments]",$this->pObj->MOD_SETTINGS["ts_analyzer_checkComments"],'','','id="checkTs_analyzer_checkComments"').
133 '&nbsp;&nbsp;&nbsp;<label for="checkTs_analyzer_checkCrop">Crop lines</label> '.t3lib_BEfunc::getFuncCheck($this->pObj->id,"SET[ts_analyzer_checkCrop]",$this->pObj->MOD_SETTINGS["ts_analyzer_checkCrop"],'','','id="checkTs_analyzer_checkCrop"')
134 :
135 '&nbsp;&nbsp;&nbsp;<label for="checkTs_analyzer_checkSyntaxBlockmode">Block mode</label> '.t3lib_BEfunc::getFuncCheck($this->pObj->id,"SET[ts_analyzer_checkSyntaxBlockmode]",$this->pObj->MOD_SETTINGS["ts_analyzer_checkSyntaxBlockmode"],'','','id="checkTs_analyzer_checkSyntaxBlockmode"')
136 )
137 );
138 $theOutput.=$this->pObj->doc->divider(2);
139 //$theOutput.=$this->pObj->doc->section("Constants:",t3lib_BEfunc::getFuncCheck($this->pObj->id,"SET[ts_analyzer_checkConst]",$this->pObj->MOD_SETTINGS["ts_analyzer_checkConst"]).fw("Enable"));
140 $theOutput.=$this->pObj->doc->section("Constants:","",0,1);
141 $theOutput.=$this->pObj->doc->sectionEnd();
142 if (1==1 || $this->pObj->MOD_SETTINGS["ts_analyzer_checkConst"]) {
143 $theOutput.='
144 <table border=0 cellpadding=1 cellspacing=0>
145 ';
146 $tmpl->ext_lineNumberOffset=-2; // Don't know why -2 and not 0... :-) But works.
147 $tmpl->ext_lineNumberOffset_mode="const";
148 $tmpl->ext_lineNumberOffset+=count(explode(chr(10),t3lib_TSparser::checkIncludeLines("".$GLOBALS["TYPO3_CONF_VARS"]["FE"]["defaultTypoScript_constants"])))+1;
149
150 reset($tmpl->constants);
151 reset($tmpl->clearList_const);
152 while(list($key,$val)=each($tmpl->constants)) {
153 $cVal = current($tmpl->clearList_const);
154 if ($cVal == t3lib_div::_GET('template') || t3lib_div::_GET('template') == 'all') {
155 $theOutput .= '
156 <tr>
157 <td><img src="clear.gif" width="3" height="1"></td><td class="bgColor2"><b>' . htmlspecialchars($tmpl->templateTitles[$cVal]) . '</b></td></tr>
158 <tr>
159 <td><img src="clear.gif" width="3" height="1"></td>
160 <td class="bgColor2"><table border="0" cellpadding="0" cellspacing="0" class="bgColor4" width="100%"><tr><td nowrap="nowrap">' . $tmpl->ext_outputTS(array($val), $this->pObj->MOD_SETTINGS['ts_analyzer_checkLinenum'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkComments'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkCrop'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkSyntax'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkSyntaxBlockmode']) . '</td></tr></table>
161 </td>
162 </tr>
163 ';
164 if (t3lib_div::_GET('template')!="all") break;
165 }
166 $tmpl->ext_lineNumberOffset+=count(explode(chr(10),$val))+1;
167 next($tmpl->clearList_const);
168 }
169 $theOutput.='
170 </table>
171 ';
172 }
173
174 // Output setup
175 $theOutput.=$this->pObj->doc->spacer(15);
176 //$theOutput.=$this->pObj->doc->section("SETUP:",t3lib_BEfunc::getFuncCheck($this->pObj->id,"SET[ts_analyzer_checkSetup]",$this->pObj->MOD_SETTINGS["ts_analyzer_checkSetup"]).fw("Enable"));
177 $theOutput.=$this->pObj->doc->section("SETUP:","",0,1);
178 $theOutput.=$this->pObj->doc->sectionEnd();
179 if (1==1 || $this->pObj->MOD_SETTINGS["ts_analyzer_checkSetup"]) {
180 $theOutput.='
181 <table border=0 cellpadding=1 cellspacing=0>
182 ';
183 $tmpl->ext_lineNumberOffset=0;
184 $tmpl->ext_lineNumberOffset_mode="setup";
185 $tmpl->ext_lineNumberOffset+=count(explode(chr(10),t3lib_TSparser::checkIncludeLines("".$GLOBALS["TYPO3_CONF_VARS"]["FE"]["defaultTypoScript_setup"])))+1;
186
187 reset($tmpl->config);
188 reset($tmpl->clearList_setup);
189 while(list($key,$val)=each($tmpl->config)) {
190 if (current($tmpl->clearList_setup) == t3lib_div::_GET('template') || t3lib_div::_GET('template') == 'all') {
191 $theOutput.='
192 <tr>
193 <td><img src="clear.gif" width="3" height="1"></td><td class="bgColor2"><b>' . htmlspecialchars($tmpl->templateTitles[current($tmpl->clearList_setup)]) . '</b></td></tr>
194 <tr>
195 <td><img src=clear.gif width=3 height=1></td>
196 <td class="bgColor2"><table border=0 cellpadding=0 cellspacing=0 class="bgColor4" width="100%"><tr><td nowrap="nowrap">' . $tmpl->ext_outputTS(array($val), $this->pObj->MOD_SETTINGS['ts_analyzer_checkLinenum'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkComments'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkCrop'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkSyntax'], $this->pObj->MOD_SETTINGS['ts_analyzer_checkSyntaxBlockmode']) . '</td></tr></table>
197 </td>
198 </tr>
199 ';
200 if (t3lib_div::_GET('template')!="all") break;
201 }
202 $tmpl->ext_lineNumberOffset+=count(explode(chr(10),$val))+1;
203 next($tmpl->clearList_setup);
204 }
205 $theOutput.='
206 </table>
207 ';
208 }
209 return $theOutput;
210 }
211 }
212
213 if (defined("TYPO3_MODE") && $TYPO3_CONF_VARS[TYPO3_MODE]["XCLASS"]["ext/tstemplate_analyzer/class.tx_tstemplateanalyzer.php"]) {
214 include_once($TYPO3_CONF_VARS[TYPO3_MODE]["XCLASS"]["ext/tstemplate_analyzer/class.tx_tstemplateanalyzer.php"]);
215 }
216 ?>