Fixed bug #14144: Positioning of toolbar elements broken, especially in Safari (thank...
[Packages/TYPO3.CMS.git] / typo3 / alt_palette.php
old mode 100755 (executable)
new mode 100644 (file)
index ff17f87..60a9115
@@ -1,22 +1,22 @@
 <?php
 /***************************************************************
 *  Copyright notice
-*  
-*  (c) 1999-2004 Kasper Skaarhoj (kasper@typo3.com)
+*
+*  (c) 1999-2009 Kasper Skaarhoj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
-*  This script is part of the TYPO3 project. The TYPO3 project is 
+*  This script is part of the TYPO3 project. The TYPO3 project is
 *  free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
-* 
+*
 *  The GNU General Public License can be found at
 *  http://www.gnu.org/copyleft/gpl.html.
-*  A copy is found in the textfile GPL.txt and important notices to the license 
+*  A copy is found in the textfile GPL.txt and important notices to the license
 *  from the author is found in LICENSE.txt distributed with these scripts.
 *
-* 
+*
 *  This script is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *
 *  This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/
-/** 
+/**
  * Displays the secondary-options palette for the TCEFORMs wherever they are shown.
  *
  * $Id$
  * Revised for TYPO3 3.6 November/2003 by Kasper Skaarhoj
  * XHTML compliant
- * 
- * @author     Kasper Skaarhoj <kasper@typo3.com>
+ *
+ * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
  */
 /**
  * [CLASS/FUNCTION INDEX of SCRIPT]
  *
  *
  *
- *   81: class formRender extends t3lib_TCEforms 
- *   91:     function printPalette($palArr)    
+ *   81: class formRender extends t3lib_TCEforms
+ *   91:     function printPalette($palArr)
  *
  *
- *  154: class formRender_vert extends t3lib_TCEforms 
- *  163:     function printPalette($palArr)    
+ *  154: class formRender_vert extends t3lib_TCEforms
+ *  163:     function printPalette($palArr)
  *
  *
- *  223: class SC_alt_palette 
- *  247:     function init()   
- *  301:     function main()   
- *  341:     function printContent()   
+ *  223: class SC_alt_palette
+ *  247:     function init()
+ *  301:     function main()
+ *  341:     function printContent()
  *
  * TOTAL FUNCTIONS: 5
  * (This index is automatically created/updated by the extension "extdeveval")
 
 
 
-require ('init.php');
-require ('template.php');
-require_once (PATH_t3lib.'class.t3lib_tceforms.php');
-require_once (PATH_t3lib.'class.t3lib_transferdata.php');
-require_once (PATH_t3lib.'class.t3lib_loaddbgroup.php');
-include ('sysext/lang/locallang_alt_doc.php');
+require('init.php');
+require('template.php');
+$LANG->includeLLFile('EXT:lang/locallang_alt_doc.xml');
 
 
 
@@ -74,9 +71,10 @@ include ('sysext/lang/locallang_alt_doc.php');
  * Class for rendering the form fields.
  * Extending the TCEforms class
  *
- * @author     Kasper Skaarhoj <kasper@typo3.com>
+ * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
  * @package TYPO3
  * @subpackage core
+ * @deprecated since TYPO3 4.3, will be removed in TYPO3 4.5
  */
 class formRender extends t3lib_TCEforms {
 
@@ -90,7 +88,7 @@ class formRender extends t3lib_TCEforms {
         */
        function printPalette($palArr)  {
                $out='';
-               
+
                        // For each element on the palette, write a few table cells with the field name, content and control images:
                foreach($palArr as $content)    {
                        $iRow[]='
@@ -105,12 +103,12 @@ class formRender extends t3lib_TCEforms {
                                        $content['ITEM'].$content['HELP_ICON'].
                                '</td>';
                }
-               
+
                        // Finally, wrap it all in a table:
                $out='
-               
-               
-               
+
+
+
                        <!--
                                TCEforms palette, rendered in top frame.
                        -->
@@ -122,9 +120,9 @@ class formRender extends t3lib_TCEforms {
                                implode('',$iRow).'
                                </tr>
                        </table>
-                       
+
                        ';
-               
+
                        // Return the result:
                return $out;
        }
@@ -147,7 +145,7 @@ class formRender extends t3lib_TCEforms {
  * Child class for alternative rendering of form fields (when the secondary fields are shown in a little window rather than the top bar).
  * (Used if GET var "backRef" is not set, presuming a window is opened instead.)
  *
- * @author     Kasper Skaarhoj <kasper@typo3.com>
+ * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
  * @package TYPO3
  * @subpackage core
  */
@@ -179,7 +177,7 @@ class formRender_vert extends t3lib_TCEforms {
                                        <td nowrap="nowrap" valign="top">'.$content['ITEM'].$content['HELP_ICON'].'</td>
                                </tr>';
                }
-               
+
                        // Adding the close button:
                $iRow[]='
                        <tr>
@@ -190,13 +188,13 @@ class formRender_vert extends t3lib_TCEforms {
                                        <input type="submit" value="'.$GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.php:labels.close',1).'" onclick="closePal(); return false;" />
                                </td>
                        </tr>';
-               
+
                        // Finally, wrap it all in a table:
                $out='
                        <table border="0" cellpadding="0" cellspacing="0" id="typo3-TCEforms-palette-vert">
                                '.implode('',$iRow).'
                        </table>';
-               
+
                        // Return content:
                return $out;
        }
@@ -216,7 +214,7 @@ class formRender_vert extends t3lib_TCEforms {
  * Script Class for rendering the palette form for TCEforms in some other frame (in top frame, horizontally)
  * It can also be called in a pop-up window in which case a vertically oriented set of form fields are rendered instead.
  *
- * @author     Kasper Skaarhoj <kasper@typo3.com>
+ * @author     Kasper Skaarhoj <kasperYYYY@typo3.com>
  * @package TYPO3
  * @subpackage core
  */
@@ -228,7 +226,7 @@ class SC_alt_palette {
        var $formRef;           // String, which is the reference to the form.
        var $doc;                       // Template object.
 
-               // Internal, static: GPvar:     
+               // Internal, static: GPvar:
        var $formName;                  // Form name
        var $GPbackref;                 // The value of the original backRef GPvar (not necessarily the same as $this->backRef)
        var $inData;                    // Contains tablename, uid and palette number
@@ -247,15 +245,19 @@ class SC_alt_palette {
        function init() {
 
                        // Setting GPvars, etc.
-               $this->formName = t3lib_div::_GP('formName');
-               $this->GPbackref = t3lib_div::_GP('backRef');
+               $this->formName = $this->sanitizeHtmlName(t3lib_div::_GP('formName'));
+               $this->GPbackref = $this->sanitizeHtmlName(t3lib_div::_GP('backRef'));
                $this->inData = t3lib_div::_GP('inData');
-               $this->prependFormFieldNames = t3lib_div::_GP('prependFormFieldNames');
+                       // safeguards the input with whitelisting
+               if (!preg_match('/^[a-zA-Z0-9\-_\:]+$/', $this->inData)) {
+                       $this->inData = '';
+               }
+               $this->prependFormFieldNames =
+                       $this->sanitizeHtmlName(t3lib_div::_GP('prependFormFieldNames'));
                $this->rec = t3lib_div::_GP('rec');
-               
+
                        // Making references:
                $this->backRef = $this->GPbackref ? $this->GPbackref : 'window.opener';
-#              $this->backRef = 'top.content.list_frame.view_frame';
 
                $this->formRef = $this->backRef.'.document.'.$this->formName;
 
@@ -264,9 +266,8 @@ class SC_alt_palette {
                $this->doc->bodyTagMargins['x']=0;
                $this->doc->bodyTagMargins['y']=0;
                $this->doc->form='<form action="#" method="post" name="'.htmlspecialchars($this->formName).'" onsubmit="return false;">';
-               $this->doc->docType = 'xhtml_trans';
                $this->doc->backPath = '';
-               
+
                        // In case the palette is opened in a SEPARATE window (as the case is with frontend editing) then another body-tag id should be used (so we don't get the background image for the palette shown!)
                if (!$this->GPbackref)  $this->doc->bodyTagId.= '-vert';
 
@@ -286,11 +287,29 @@ class SC_alt_palette {
                                } else closePal();
                        }
                        function closePal()     {       //
-                               '.($this->GPbackref?'document.location="alt_topmenu_dummy.php";':'close();').'
+                               '.($this->GPbackref?'window.location.href="alt_topmenu_dummy.php";':'close();').'
                        }
                        timeout_func();
                        onBlur="alert();";
-               ');             
+               ');
+       }
+
+       /**
+        * Sanitizes HTML names, IDs, frame names etc.
+        *
+        * @param string $input the string to sanitize
+        *
+        * @return string the unchanged $input if $input is considered to be harmless,
+        *                an empty string otherwise
+        */
+       protected function sanitizeHtmlName($input) {
+               $result = $input;
+
+               if (!preg_match('/^[a-zA-Z][a-zA-Z0-9_\-\.]*$/', $result)) {
+                       $result = '';
+               }
+
+               return $result;
        }
 
        /**
@@ -301,36 +320,40 @@ class SC_alt_palette {
        function main() {
 
                $this->content='';
-               $this->content.=$this->doc->startPage('TYPO3 Edit Palette');
-               
+
                $inData = explode(':',$this->inData);
-               
+
                        // Begin edit:
                if (is_array($inData) && count($inData)==3)     {
-                       
+
                                // Create the TCEforms object:
                        $tceforms = $this->GPbackref ? new formRender() : new formRender_vert();
                        $tceforms->initDefaultBEMode();
                        $tceforms->palFieldTemplate='###FIELD_PALETTE###';
                        $tceforms->palettesCollapsed=0;
                        $tceforms->isPalettedoc=$this->backRef;
-               
+
                        $tceforms->formName = $this->formName;
                        $tceforms->prependFormFieldNames = $this->prependFormFieldNames;
-                       
+
                                // Initialize other data:
                        $table=$inData[0];
                        $theUid=$inData[1];
                        $thePalNum = $inData[2];
                        $this->rec['uid']=$theUid;
-                       
+
                                // Getting the palette fields rendered:
                        $panel.=$tceforms->getPaletteFields($table,$this->rec,$thePalNum,'',implode(',',array_keys($this->rec)));
                        $formContent=$panel;
-               
+
                                // Add all the content, including JavaScript as needed.
                        $this->content.=$tceforms->printNeededJSFunctions_top().$formContent.$tceforms->printNeededJSFunctions();
                }
+
+               // Assemble the page:
+               $tempContent = $this->content;
+               $this->content = $this->doc->startPage('TYPO3 Edit Palette');
+               $this->content.= $tempContent;
        }
 
        /**
@@ -339,29 +362,23 @@ class SC_alt_palette {
         * @return      void
         */
        function printContent() {
-               echo $this->content.$this->doc->endPage();
+               $this->content.= $this->doc->endPage();
+               $this->content = $this->doc->insertStylesAndJS($this->content);
+               echo $this->content;
        }
 }
 
-// Include extension?
+
 if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/alt_palette.php'])  {
        include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/alt_palette.php']);
 }
 
 
 
-
-
-
-
-
-
-
-
-
 // Make instance:
 $SOBE = t3lib_div::makeInstance('SC_alt_palette');
 $SOBE->init();
 $SOBE->main();
 $SOBE->printContent();
+
 ?>
\ No newline at end of file