Fixed bug #15282: It is impossible to set links to files any more with the link wizard

[Packages/TYPO3.CMS.git] / typo3 / class.browse_links.php

diff --git a/typo3/class.browse_links.php b/typo3/class.browse_links.php
index 648f918..a0d75ef 100644 (file)
--- a/typo3/class.browse_links.php
+++ b/typo3/class.browse_links.php
@@ -916,7 +916,7 @@ class browse_links {
                ';
 
                if ($this->mode == 'wizard')    {       // Functions used, if the link selector is in wizard mode (= TCEforms fields)
-                       if (!$this->areFieldChangeFunctionsValid()) {
+                       if (!$this->areFieldChangeFunctionsValid() && !$this->areFieldChangeFunctionsValid(TRUE)) {
                                $this->P['fieldChangeFunc'] = array();
                        }
                        unset($this->P['fieldChangeFunc']['alert']);
@@ -930,6 +930,7 @@ class browse_links {
                        $P2['itemName']=$this->P['itemName'];
                        $P2['formName']=$this->P['formName'];
                        $P2['fieldChangeFunc']=$this->P['fieldChangeFunc'];
+                       $P2['fieldChangeFuncHash'] = t3lib_div::hmac(serialize($this->P['fieldChangeFunc']));
                        $P2['params']['allowedExtensions']=$this->P['params']['allowedExtensions'];
                        $P2['params']['blindLinkOptions']=$this->P['params']['blindLinkOptions'];
                        $addPassOnParams.=t3lib_div::implodeArrayForUrl('P',$P2);
@@ -2799,13 +2800,33 @@ class browse_links {
         * Determines whether submitted field change functions are valid
         * and are coming from the system and not from an external abuse.
         *
+        * @param boolean $allowFlexformSections Whether to handle flexform sections differently
         * @return boolean Whether the submitted field change functions are valid
         */
-       protected function areFieldChangeFunctionsValid() {
-               return (
-                       isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])
-                       && $this->P['fieldChangeFuncHash'] == t3lib_div::hmac(serialize($this->P['fieldChangeFunc']))
-               );
+       protected function areFieldChangeFunctionsValid($handleFlexformSections = FALSE) {
+               $result = FALSE;
+
+               if (isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])) {
+                       $matches = array();
+                       $pattern = '#\[el\]\[(([^]-]+-[^]-]+-)(idx\d+-)([^]]+))\]#i';
+
+                       $fieldChangeFunctions = $this->P['fieldChangeFunc'];
+
+                               // Special handling of flexform sections:
+                               // Field change functions are modified in JavaScript, thus the hash is always invalid
+                       if ($handleFlexformSections && preg_match($pattern, $this->P['itemName'], $matches)) {
+                               $originalName = $matches[1];
+                               $cleanedName = $matches[2] . $matches[4];
+
+                               foreach ($fieldChangeFunctions as &$value) {
+                                       $value = str_replace($originalName, $cleanedName, $value);
+                               }
+                       }
+
+                       $result = ($this->P['fieldChangeFuncHash'] === t3lib_div::hmac(serialize($fieldChangeFunctions)));
+               }
+
+               return $result;
        }
 }