[SECURITY] Untrusted GP data is unserialized in old CSH handling
[Packages/TYPO3.CMS.git] / typo3 / wizard_list.php
old mode 100755 (executable)
new mode 100644 (file)
index 575e963..7a2dda5
@@ -1,22 +1,22 @@
 <?php
 /***************************************************************
 *  Copyright notice
-*  
-*  (c) 1999-2003 Kasper Skaarhoj (kasper@typo3.com)
+*
+*  (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
-*  This script is part of the TYPO3 project. The TYPO3 project is 
+*  This script is part of the TYPO3 project. The TYPO3 project is
 *  free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
-* 
+*
 *  The GNU General Public License can be found at
 *  http://www.gnu.org/copyleft/gpl.html.
-*  A copy is found in the textfile GPL.txt and important notices to the license 
+*  A copy is found in the textfile GPL.txt and important notices to the license
 *  from the author is found in LICENSE.txt distributed with these scripts.
 *
-* 
+*
 *  This script is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *
 *  This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/
-/** 
- * Wizard to list records
- * 
- * $Id$
- * 
- * @author     Kasper Skaarhoj <kasper@typo3.com>
- */
+
 /**
- * [CLASS/FUNCTION INDEX of SCRIPT]
- *
+ * Wizard to list records from a page id.
  *
+ * Revised for TYPO3 3.6 November/2003 by Kasper Skårhøj
+ * XHTML compliant
  *
- *   72: class SC_wizard_list 
- *   80:     function init()   
- *   89:     function main()   
- *
- * TOTAL FUNCTIONS: 2
- * (This index is automatically created/updated by the extension "extdeveval")
- *
+ * @author Kasper Skårhøj <kasperYYYY@typo3.com>
  */
 
-
-$BACK_PATH='';
-require ('init.php');
-require ('template.php');
-include ('sysext/lang/locallang_wizards.php');
-
-
-
-
-
-
-
-
-
-
+$BACK_PATH = '';
+require('init.php');
+$LANG->includeLLFile('EXT:lang/locallang_wizards.xml');
 
 /**
- * Script Class
- * 
- * @author     Kasper Skaarhoj <kasper@typo3.com>
+ * Script Class for redirecting the user to the Web > List module if a wizard-link has been clicked in TCEforms
+ *
+ * @author Kasper Skårhøj <kasperYYYY@typo3.com>
  * @package TYPO3
  * @subpackage core
  */
 class SC_wizard_list {
-       var $P;
+
+               // Internal, static:
+               // PID
        var $pid;
+
+               // Internal, static: GPvars
+               // Wizard parameters, coming from TCEforms linking to the wizard.
+       var $P;
+               // Table to show, if none, then all tables are listed in list module.
        var $table;
-       
+               // Page id to list.
+       var $id;
+
        /**
-        * @return      [type]          ...
+        * Initialization of the class, setting GPvars.
+        *
+        * @return      void
         */
-       function init() {
-               $this->P = t3lib_div::GPvar('P',1);
+       function init() {
+               $this->P = t3lib_div::_GP('P');
+               $this->table = t3lib_div::_GP('table');
+               $this->id = t3lib_div::_GP('id');
        }
 
        /**
-        * [Describe function...]
-        * 
-        * @return      [type]          ...
+        * Main function
+        * Will issue a location-header, redirecting either BACK or to a new alt_doc.php instance...
+        *
+        * @return void
         */
-       function main() {
-               global $BE_USER,$LANG,$BACK_PATH,$TCA_DESCR,$TCA,$HTTP_GET_VARS,$HTTP_POST_VARS,$CLIENT,$TYPO3_CONF_VARS;
-               
-               $this->table = t3lib_div::GPvar("table");
+       function main() {
 
-               // Get this record
-               $origRow = t3lib_BEfunc::getRecord($this->P["table"],$this->P["uid"]);
-               
-               // Get TSconfig for it.
-               $TSconfig = t3lib_BEfunc::getTCEFORM_TSconfig($this->table,is_array($origRow)?$origRow:array("pid"=>$this->P["pid"]));
-               // Set [params][pid]
-               if (substr($this->P["params"]["pid"],0,3)=="###" && substr($this->P["params"]["pid"],-3)=="###")        {
-                       $this->pid = intval($TSconfig["_".substr($this->P["params"]["pid"],3,-3)]);
-               } else $this->pid = intval($this->P["params"]["pid"]);
-               
-               if (!strcmp($this->pid,"") || strcmp(t3lib_div::GPvar("id"),""))        {
-                       header("Location: ".t3lib_div::locationHeaderUrl($this->P["returnUrl"]));
+                       // Get this record
+               $origRow = t3lib_BEfunc::getRecord($this->P['table'], $this->P['uid']);
+
+                       // Get TSconfig for it.
+               $TSconfig = t3lib_BEfunc::getTCEFORM_TSconfig($this->table, is_array($origRow)?$origRow:array('pid'=>$this->P['pid']));
+
+                       // Set [params][pid]
+               if (substr($this->P['params']['pid'], 0, 3) == '###' && substr($this->P['params']['pid'], -3) == '###') {
+                       $this->pid = intval($TSconfig['_'.substr($this->P['params']['pid'], 3, -3)]);
                } else {
-                       header("Location: ".t3lib_div::locationHeaderUrl("db_list.php?id=".$this->pid."&table=".$this->P["params"]["table"]."&returnUrl=".rawurlencode(t3lib_div::getIndpEnv("REQUEST_URI"))));
+                       $this->pid = intval($this->P['params']['pid']);
                }
-       }
-}
 
-// Include extension?
-if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/wizard_list.php'])  {
-       include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/wizard_list.php']);
+                       // Make redirect:
+                       // If pid is blank OR if id is set, then return...
+               if (!strcmp($this->pid, '') || strcmp($this->id, '')) {
+                       $redirectUrl = t3lib_div::sanitizeLocalUrl($this->P['returnUrl']);
+               } else {        // Otherwise, show the list:
+                       $urlParameters = array();
+                       $urlParameters['id'] = $this->pid;
+                       $urlParameters['table'] = $this->P['params']['table'];
+                       $urlParameters['returnUrl'] = t3lib_div::getIndpEnv('REQUEST_URI');
+                       $redirectUrl = t3lib_BEfunc::getModuleUrl('web_list', $urlParameters);
+               }
+               t3lib_utility_Http::redirect($redirectUrl);
+       }
 }
 
-
-
-
-
-
-
-
-
-
-
-
-// Make instance:
+       // Make instance:
 $SOBE = t3lib_div::makeInstance('SC_wizard_list');
 $SOBE->init();
 $SOBE->main();
-$SOBE->printContent();
+
 ?>
\ No newline at end of file