Fixed bug #17184: Disable the CSRF protection in ExtDirect calls coming from the...
[Packages/TYPO3.CMS.git] / t3lib / class.t3lib_tceforms.php
index 7daa08a..c7ef2e2 100644 (file)
@@ -1773,7 +1773,12 @@ class t3lib_TCEforms {
         * @return      string          The HTML code for the item
         * @see getSingleField_typeSelect()
         */
-       function getSingleField_typeSelect_checkbox($table, $field, $row, &$PA, $config, $selItems, $nMV_label) {
+       function getSingleField_typeSelect_checkbox(
+               $table, $field, $row, &$PA, $config, $selItems, $nMV_label) {
+
+               if (empty($selItems)) {
+                       return '';
+               }
 
                        // Get values in an array (and make unique, which is fine because there can be no duplicates anyway):
                $itemArray = array_flip($this->extractValuesOnlyFromValueLabelList($PA['itemFormElValue']));
@@ -1793,22 +1798,6 @@ class t3lib_TCEforms {
                        foreach ($selItems as $p) {
                                        // Non-selectable element:
                                if (!strcmp($p[1], '--div--')) {
-                                       if (count($setAll)) {
-                                               $tRows[] = '
-                                                               <tr class="c-header-checkbox-controls">
-                                                                       <td colspan="3">' .
-                                                                  '<a href="#" onclick="' . htmlspecialchars(implode('', $setAll) . ' return false;') . '">' .
-                                                                  htmlspecialchars($this->getLL('l_checkAll')) .
-                                                                  '</a>
-                                                                               <a href="#" onclick="' . htmlspecialchars(implode('', $unSetAll) . ' return false;') . '">' .
-                                                                  htmlspecialchars($this->getLL('l_uncheckAll')) .
-                                                                  '</a>
-                                                                       </td>
-                                                               </tr>';
-                                               $setAll = array();
-                                               $unSetAll = array();
-                                       }
-
                                        $tRows[] = '
                                                <tr class="c-header">
                                                        <td colspan="3">' . htmlspecialchars($p[0]) . '</td>
@@ -1840,47 +1829,41 @@ class t3lib_TCEforms {
                                                                        '$(\'' . $rowId . '\').removeClassName(\'c-selectedItem\');$(\'' . $rowId . '\').removeClassName(\'c-unselectedItem\');' .
                                                                        '$(\'' . $rowId . '\').addClassName(\'c-' . ($sM ? '' : 'un') . 'selectedItem\');';
 
-                                       $hasHelp = ($p[3] != '');
+                                               // Check if some help text is available
+                                               // Since TYPO3 4.5 help text is expected to be an associative array
+                                               // with two key, "title" and "description"
+                                               // For the sake of backwards compatibility, we test if the help text
+                                               // is a string and use it as a description (this could happen if items
+                                               // are modified with an itemProcFunc)
+                                       $hasHelp = FALSE;
+                                       $help = '';
+                                       $helpArray = array();
+                                       if ((is_array($p[3]) && count($p[3]) > 0) || !empty($p[3])) {
+                                               $hasHelp = TRUE;
+                                               if (is_array($p[3])) {
+                                                       $helpArray = $p[3];
+                                               } else {
+                                                       $helpArray['description'] = $p[3];
+                                               }
+                                       }
 
                                        $label = t3lib_div::deHSCentities(htmlspecialchars($p[0]));
-                                       $help = $hasHelp ? '<span class="typo3-csh-inline show-right"><span class="header">' . $label . '</span>' .
-                                                                          '<span class="paragraph">' . $GLOBALS['LANG']->hscAndCharConv(nl2br(trim(htmlspecialchars($p[3]))), false) . '</span></span>' : '';
-
-                                       if ($hasHelp && $this->edit_showFieldHelp == 'icon') {
-                                               $helpIcon = '<a class="typo3-csh-link" href="#">';
-                                               $helpIcon .= t3lib_iconWorks::getSpriteIcon('actions-system-help-open');
-                                               $helpIcon .= $help;
-                                               $helpIcon .= '</a>';
-                                               $help = $helpIcon;
+                                       if ($hasHelp) {
+                                               $help = t3lib_BEfunc::wrapInHelp('', '', '', $helpArray);
                                        }
 
                                        $tRows[] = '
                                                <tr id="' . $rowId . '" class="' . ($sM ? 'c-selectedItem' : 'c-unselectedItem') . '" onclick="' . htmlspecialchars($onClick) . '" style="cursor: pointer;">
-                                                       <td width="12"><input type="checkbox"' . $this->insertDefStyle('check') . ' name="' . htmlspecialchars($PA['itemFormElName'] . '[' . $c . ']') . '" value="' . htmlspecialchars($p[1]) . '"' . $sM . ' onclick="' . htmlspecialchars($sOnChange) . '"' . $PA['onFocus'] . ' /></td>
+                                                       <td class="c-checkbox"><input type="checkbox"' . $this->insertDefStyle('check') . ' name="' . htmlspecialchars($PA['itemFormElName'] . '[' . $c . ']') . '" value="' . htmlspecialchars($p[1]) . '"' . $sM . ' onclick="' . htmlspecialchars($sOnChange) . '"' . $PA['onFocus'] . ' /></td>
                                                        <td class="c-labelCell" onclick="' . htmlspecialchars($onClickCell) . '">' .
                                                           $this->getIconHtml($selIcon) .
                                                           $label .
                                                           '</td>
-                                                               <td class="c-descr" onclick="' . htmlspecialchars($onClickCell) . '">' . (strcmp($p[3], '') ? $help : '') . '</td>
+                                                               <td class="c-descr" onclick="' . htmlspecialchars($onClickCell) . '">' . ((empty($help)) ? '' : $help) . '</td>
                                                </tr>';
                                        $c++;
                                }
                        }
-
-                               // Remaining checkboxes will get their set-all link:
-                       if (count($setAll)) {
-                               $tRows[] = '
-                                               <tr class="c-header-checkbox-controls">
-                                                       <td colspan="3">' .
-                                                  '<a href="#" onclick="' . htmlspecialchars(implode('', $setAll) . ' return false;') . '">' .
-                                                  htmlspecialchars($this->getLL('l_checkAll')) .
-                                                  '</a>
-                                                               <a href="#" onclick="' . htmlspecialchars(implode('', $unSetAll) . ' return false;') . '">' .
-                                                  htmlspecialchars($this->getLL('l_uncheckAll')) .
-                                                  '</a>
-                                                       </td>
-                                               </tr>';
-                       }
                }
 
                        // Remaining values (invalid):
@@ -1889,7 +1872,7 @@ class t3lib_TCEforms {
                                        // Compile <checkboxes> tag:
                                array_unshift($tRows, '
                                                <tr class="c-invalidItem">
-                                                       <td><input type="checkbox"' . $this->insertDefStyle('check') . ' name="' . htmlspecialchars($PA['itemFormElName'] . '[' . $c . ']') . '" value="' . htmlspecialchars($theNoMatchValue) . '" checked="checked" onclick="' . htmlspecialchars($sOnChange) . '"' . $PA['onFocus'] . $disabled . ' /></td>
+                                                       <td class="c-checkbox"><input type="checkbox"' . $this->insertDefStyle('check') . ' name="' . htmlspecialchars($PA['itemFormElName'] . '[' . $c . ']') . '" value="' . htmlspecialchars($theNoMatchValue) . '" checked="checked" onclick="' . htmlspecialchars($sOnChange) . '"' . $PA['onFocus'] . $disabled . ' /></td>
                                                        <td class="c-labelCell">' .
                                                                          t3lib_div::deHSCentities(htmlspecialchars(@sprintf($nMV_label, $theNoMatchValue))) .
                                                                          '</td><td>&nbsp;</td>
@@ -1901,18 +1884,31 @@ class t3lib_TCEforms {
                        // Add an empty hidden field which will send a blank value if all items are unselected.
                $item .= '<input type="hidden" name="' . htmlspecialchars($PA['itemFormElName']) . '" value="" />';
 
-                       // Add revert icon
-               if (is_array($restoreCmd)) {
-                       $item .= '<a href="#" onclick="' . implode('', $restoreCmd) . ' return false;' . '">' .
-                                        t3lib_iconWorks::getSpriteIcon('actions-edit-undo', array('title' => htmlspecialchars($this->getLL('l_revertSelection')))) . '</a>';
+                       // Remaining checkboxes will get their set-all link:
+               if (count($setAll)) {
+                       $tableHead = '<thead>
+                                       <tr class="c-header-checkbox-controls t3-row-header">
+                                               <td class="c-checkbox">
+                                               <input type="checkbox" class="checkbox" onclick="if (checked) {' . htmlspecialchars(implode('', $setAll) . '} else {' .  implode('', $unSetAll) . '}') . '">
+                                               </td>
+                                               <td colspan="2">
+                                               </td>
+                                       </tr></thead>';
                }
                        // Implode rows in table:
                $item .= '
                        <table border="0" cellpadding="0" cellspacing="0" class="typo3-TCEforms-select-checkbox">' .
-                                implode('', $tRows) . '
+                               $tableHead .
+                               '<tbody>' . implode('', $tRows) . '</tbody>
                        </table>
                        ';
 
+                       // Add revert icon
+               if (is_array($restoreCmd)) {
+                       $item .= '<a href="#" onclick="' . implode('', $restoreCmd) . ' return false;' . '">' .
+                                        t3lib_iconWorks::getSpriteIcon('actions-edit-undo', array('title' => htmlspecialchars($this->getLL('l_revertSelection')))) . '</a>';
+               }
+
                return $item;
        }
 
@@ -4657,11 +4653,12 @@ class t3lib_TCEforms {
                                                                // Icon:
                                                        $icon = t3lib_iconWorks::mapRecordTypeToSpriteIconName($theTableNames, array());
 
-                                                               // Add description texts:
-                                                       if ($this->edit_showFieldHelp) {
-                                                               $GLOBALS['LANG']->loadSingleTableDescription($theTableNames);
-                                                               $fDat = $GLOBALS['TCA_DESCR'][$theTableNames]['columns'][''];
-                                                               $descr = $fDat['description'];
+                                                               // Add help text
+                                                       $helpText = array();
+                                                       $GLOBALS['LANG']->loadSingleTableDescription($theTableNames);
+                                                       $helpTextArray = $GLOBALS['TCA_DESCR'][$theTableNames]['columns'][''];
+                                                       if (!empty($helpTextArray['description'])) {
+                                                               $helpText['description'] = $helpTextArray['description'];
                                                        }
 
                                                                // Item configuration:
@@ -4669,7 +4666,7 @@ class t3lib_TCEforms {
                                                                $this->sL($TCA[$theTableNames]['ctrl']['title']),
                                                                $theTableNames,
                                                                $icon,
-                                                               $descr
+                                                               $helpText
                                                        );
                                                }
                                        }
@@ -4696,11 +4693,12 @@ class t3lib_TCEforms {
                                        foreach ($theTypes as $theTypeArrays) {
                                                list($theTable, $theField) = explode(':', $theTypeArrays[1]);
 
-                                                       // Add description texts:
-                                               if ($this->edit_showFieldHelp) {
-                                                       $GLOBALS['LANG']->loadSingleTableDescription($theTable);
-                                                       $fDat = $GLOBALS['TCA_DESCR'][$theTable]['columns'][$theField];
-                                                       $descr = $fDat['description'];
+                                                       // Add help text
+                                               $helpText = array();
+                                               $GLOBALS['LANG']->loadSingleTableDescription($theTable);
+                                               $helpTextArray = $GLOBALS['TCA_DESCR'][$theTable]['columns'][$theField];
+                                               if (!empty($helpTextArray['description'])) {
+                                                       $helpText['description'] = $helpTextArray['description'];
                                                }
 
                                                        // Item configuration:
@@ -4708,7 +4706,7 @@ class t3lib_TCEforms {
                                                        rtrim($theTypeArrays[0], ':'),
                                                        $theTypeArrays[1],
                                                        'empty-empty',
-                                                       $descr
+                                                       $helpText
                                                );
                                        }
                                break;
@@ -4767,12 +4765,18 @@ class t3lib_TCEforms {
                                                                                $icon = 'empty-empty';
                                                                        }
 
+                                                                               // Add help text
+                                                                       $helpText = array();
+                                                                       if (!empty($itemCfg[2])) {
+                                                                               $helpText['description'] = $GLOBALS['LANG']->sl($itemCfg[2]);
+                                                                       }
+
                                                                                // Add item to be selected:
                                                                        $items[] = array(
                                                                                $GLOBALS['LANG']->sl($itemCfg[0]),
                                                                                $coKey . ':' . preg_replace('/[:|,]/', '', $itemKey),
                                                                                $icon,
-                                                                               $GLOBALS['LANG']->sl($itemCfg[2]),
+                                                                               $helpText,
                                                                        );
                                                                }
                                                        }
@@ -4796,19 +4800,18 @@ class t3lib_TCEforms {
                                                                $icon = '../' . substr($icon, strlen(PATH_site));
                                                        }
 
-                                                               // Description texts:
-                                                       if ($this->edit_showFieldHelp) {
-                                                               $descr = $GLOBALS['LANG']->moduleLabels['labels'][$theMod . '_tablabel'] .
-                                                                                LF .
-                                                                                $GLOBALS['LANG']->moduleLabels['labels'][$theMod . '_tabdescr'];
-                                                       }
+                                                               // Add help text
+                                                       $helpText = array(
+                                                               'title' => $GLOBALS['LANG']->moduleLabels['labels'][$theMod . '_tablabel'],
+                                                               'description' => $GLOBALS['LANG']->moduleLabels['labels'][$theMod . '_tabdescr']
+                                                       );
 
                                                                // Item configuration:
                                                        $items[] = array(
                                                                $this->addSelectOptionsToItemArray_makeModuleData($theMod),
                                                                $theMod,
                                                                $icon,
-                                                               $descr
+                                                               $helpText
                                                        );
                                                }
                                        }
@@ -4990,6 +4993,18 @@ class t3lib_TCEforms {
        }
 
        /**
+        * Generates a token and returns an input field with it
+        *
+        * @param string $formName Context of the token
+        * @param string $tokenName The name of the token GET/POST variable
+        * @return string a complete input field
+        */
+       public static function getHiddenTokenField($formName = 'securityToken', $tokenName = 'formToken') {
+               $formprotection = t3lib_formprotection_Factory::get('t3lib_formprotection_BackendFormProtection');
+               return '<input type="hidden" name="' .$tokenName . '" value="' . $formprotection->generateToken($formName) . '" />';
+       }
+
+       /**
         * This replaces markers in the total wrap
         *
         * @param       array           An array of template parts containing some markers.