';
if ($this->mode == 'wizard') { // Functions used, if the link selector is in wizard mode (= TCEforms fields)
- if (!$this->areFieldChangeFunctionsValid()) {
+ if (!$this->areFieldChangeFunctionsValid() && !$this->areFieldChangeFunctionsValid(TRUE)) {
$this->P['fieldChangeFunc'] = array();
}
unset($this->P['fieldChangeFunc']['alert']);
$P2['itemName']=$this->P['itemName'];
$P2['formName']=$this->P['formName'];
$P2['fieldChangeFunc']=$this->P['fieldChangeFunc'];
+ $P2['fieldChangeFuncHash'] = t3lib_div::hmac(serialize($this->P['fieldChangeFunc']));
$P2['params']['allowedExtensions']=$this->P['params']['allowedExtensions'];
$P2['params']['blindLinkOptions']=$this->P['params']['blindLinkOptions'];
$addPassOnParams.=t3lib_div::implodeArrayForUrl('P',$P2);
* Determines whether submitted field change functions are valid
* and are coming from the system and not from an external abuse.
*
+ * @param boolean $allowFlexformSections Whether to handle flexform sections differently
* @return boolean Whether the submitted field change functions are valid
*/
- protected function areFieldChangeFunctionsValid() {
- return (
- isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])
- && $this->P['fieldChangeFuncHash'] == t3lib_div::hmac(serialize($this->P['fieldChangeFunc']))
- );
+ protected function areFieldChangeFunctionsValid($handleFlexformSections = FALSE) {
+ $result = FALSE;
+
+ if (isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])) {
+ $matches = array();
+ $pattern = '#\[el\]\[(([^]-]+-[^]-]+-)(idx\d+-)([^]]+))\]#i';
+
+ $fieldChangeFunctions = $this->P['fieldChangeFunc'];
+
+ // Special handling of flexform sections:
+ // Field change functions are modified in JavaScript, thus the hash is always invalid
+ if ($handleFlexformSections && preg_match($pattern, $this->P['itemName'], $matches)) {
+ $originalName = $matches[1];
+ $cleanedName = $matches[2] . $matches[4];
+
+ foreach ($fieldChangeFunctions as &$value) {
+ $value = str_replace($originalName, $cleanedName, $value);
+ }
+ }
+
+ $result = ($this->P['fieldChangeFuncHash'] === t3lib_div::hmac(serialize($fieldChangeFunctions)));
+ }
+
+ return $result;
}
}