[TASK] Use $x[n] instead of substr($x, n, 1)
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Controller / Wizard / TableController.php
index 48b4ccd..1e8be0e 100644 (file)
@@ -15,7 +15,7 @@ namespace TYPO3\CMS\Backend\Controller\Wizard;
  *
  *  The GNU General Public License can be found at
  *  http://www.gnu.org/copyleft/gpl.html.
- *  A copy is found in the textfile GPL.txt and important notices to the license
+ *  A copy is found in the text file GPL.txt and important notices to the license
  *  from the author is found in LICENSE.txt distributed with these scripts.
  *
  *
@@ -218,6 +218,9 @@ class TableController {
         * @todo Define visibility
         */
        public function tableWizard() {
+               if (!$this->checkEditAccess($this->P['table'], $this->P['uid'])) {
+                       throw new \RuntimeException('Wizard Error: No access', 1349692692);
+               }
                // First, check the references by selecting the record:
                $row = BackendUtility::getRecord($this->P['table'], $this->P['uid']);
                if (!is_array($row)) {
@@ -250,8 +253,8 @@ class TableController {
                // Get delimiter settings
                $flexForm = GeneralUtility::xml2array($row['pi_flexform']);
                if (is_array($flexForm)) {
-                       $this->tableParsing_quote = $flexForm['data']['s_parsing']['lDEF']['tableparsing_quote']['vDEF'] ? chr(intval($flexForm['data']['s_parsing']['lDEF']['tableparsing_quote']['vDEF'])) : '';
-                       $this->tableParsing_delimiter = $flexForm['data']['s_parsing']['lDEF']['tableparsing_delimiter']['vDEF'] ? chr(intval($flexForm['data']['s_parsing']['lDEF']['tableparsing_delimiter']['vDEF'])) : '|';
+                       $this->tableParsing_quote = $flexForm['data']['s_parsing']['lDEF']['tableparsing_quote']['vDEF'] ? chr((int)$flexForm['data']['s_parsing']['lDEF']['tableparsing_quote']['vDEF']) : '';
+                       $this->tableParsing_delimiter = $flexForm['data']['s_parsing']['lDEF']['tableparsing_delimiter']['vDEF'] ? chr((int)$flexForm['data']['s_parsing']['lDEF']['tableparsing_delimiter']['vDEF']) : '|';
                }
                // If some data has been submitted, then construct
                if (isset($this->TABLECFG['c'])) {
@@ -579,7 +582,7 @@ class TableController {
                if (!$cols && trim($tLines[0])) {
                        $cols = count(explode($this->tableParsing_delimiter, $tLines[0]));
                }
-               $cols = $cols ? $cols : 4;
+               $cols = $cols ?: 4;
                // Traverse the number of table elements:
                $cfgArr = array();
                foreach ($tLines as $k => $v) {
@@ -587,7 +590,7 @@ class TableController {
                        $vParts = explode($this->tableParsing_delimiter, $v);
                        // Traverse columns:
                        for ($a = 0; $a < $cols; $a++) {
-                               if ($this->tableParsing_quote && substr($vParts[$a], 0, 1) == $this->tableParsing_quote && substr($vParts[$a], -1, 1) == $this->tableParsing_quote) {
+                               if ($this->tableParsing_quote && $vParts[$a][0] === $this->tableParsing_quote && substr($vParts[$a], -1, 1) === $this->tableParsing_quote) {
                                        $vParts[$a] = substr(trim($vParts[$a]), 1, -1);
                                }
                                $cfgArr[$k][$a] = $vParts[$a];
@@ -597,4 +600,34 @@ class TableController {
                return $cfgArr;
        }
 
+       /**
+        * Checks access for element
+        *
+        * @param string $table Table name
+        * @param integer $uid Record uid
+        * @return boolean
+        * @todo: Refactor to remove duplicate code (see FormsController, RteController)
+        */
+       protected function checkEditAccess($table, $uid) {
+               $calcPRec = BackendUtility::getRecord($table, $uid);
+               BackendUtility::fixVersioningPid($table, $calcPRec);
+               if (is_array($calcPRec)) {
+                       // If pages:
+                       if ($table == 'pages') {
+                               $CALC_PERMS = $GLOBALS['BE_USER']->calcPerms($calcPRec);
+                               $hasAccess = $CALC_PERMS & 2 ? TRUE : FALSE;
+                       } else {
+                               // Fetching pid-record first.
+                               $CALC_PERMS = $GLOBALS['BE_USER']->calcPerms(BackendUtility::getRecord('pages', $calcPRec['pid']));
+                               $hasAccess = $CALC_PERMS & 16 ? TRUE : FALSE;
+                       }
+                       // Check internals regarding access:
+                       if ($hasAccess) {
+                               $hasAccess = $GLOBALS['BE_USER']->recordEditAccessInternals($table, $calcPRec);
+                       }
+               } else {
+                       $hasAccess = FALSE;
+               }
+               return $hasAccess;
+       }
 }