git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@2471 709f56b5-9817-0410-a4d7...
[Packages/TYPO3.CMS.git] / typo3 / sysext / cms / tslib / class.tslib_fe.php
index 1b4e23a..eb39175 100755 (executable)
        var $rootLine='';                                       // The rootLine (all the way to tree root, not only the current site!) (array)
        var $page='';                                           // The pagerecord (array)
        var $contentPid=0;                                      // This will normally point to the same value as id, but can be changed to point to another page from which content will then be displayed instead.
-       var $sys_page='';                                       // The object with pagefunctions (object)
+
+       /**
+        * sys_page-object, pagefunctions
+        *
+        * @var t3lib_pageSelect
+        */
+       var $sys_page='';
        var $jumpurl='';
        var $pageNotFound=0;                            // Is set to 1 if a pageNotFound handler could have been called.
        var $domainStartPage=0;                         // Domain start page
        var $siteScript='';                                     // Contains the value of the current script path that activated the frontend. Typically "index.php" but by rewrite rules it could be something else! Used for Speaking Urls / Simulate Static Documents.
 
                // USER
-       var $fe_user='';                                        // The user (object)
+
+       /**
+        * The FE user
+        *
+        * @var tslib_feUserAuth
+        */
+       var $fe_user='';
        var $loginUser='';                                      // Global flag indicating that a front-end user is logged in. This is set only if a user really IS logged in. The group-list may show other groups (like added by IP filter or so) even though there is no user.
        var $gr_list='';                                        // (RO=readonly) The group list, sorted numerically. Group '0,-1' is the default group, but other groups may be added by other means than a user being logged in though...
        var $beUserLogin='';                            // Flag that indicates if a Backend user is logged in!
        var $TCAcachedExtras=array();           // Array of cached information from TCA. This is NOT TCA itself!
 
                // TEMPLATE / CACHE
-       var $tmpl='';                                           // The TypoScript template object. Used to parse the TypoScript template
+
+       /**
+        * The TypoScript template object. Used to parse the TypoScript template
+        *
+        * @var t3lib_TStemplate
+        */
+       var $tmpl='';
        var $cacheTimeOutDefault='';            // Is set to the time-to-live time of cached pages. If false, default is 60*60*24, which is 24 hours.
        var $cacheContentFlag='';                       // Set internally if cached content is fetched from the database
        var $cacheExpires=0;                            // Set to the expire time of cached content
        var $baseUrl='';                                        // The base URL set for the page header.
        var $anchorPrefix='';                           // The proper anchor prefix needed when using speaking urls. (only set if baseUrl is set)
 
-               // Page content render object
-       var $cObj ='';                                          // is instantiated object of tslib_cObj
+       /**
+        * Page content render object
+        *
+        * @var tslib_cObj
+        */
+       var $cObj ='';
 
                // CONTENT accumulation
        var $content='';                                        // All page content is accumulated in this variable. See pagegen.php
        var $TCAloaded = 0;                                     // Set ONLY if the full TCA is loaded
 
                // Character set (charset) conversion object:
-       var $csConvObj;                                         // An instance of the "t3lib_cs" class. May be used by any application.
+
+       /**
+        * charset conversion class. May be used by any application.
+        *
+        * @var t3lib_cs
+        */
+       var $csConvObj;
        var $defaultCharSet = 'iso-8859-1';     // The default charset used in the frontend if nothing else is set.
        var $renderCharset='';                          // Internal charset of the frontend during rendering: Defaults to "forceCharset" and if that is not set, to ->defaultCharSet
        var $metaCharset='';                            // Output charset of the websites content. This is the charset found in the header, meta tag etc. If different from $renderCharset a conversion happens before output to browser. Defaults to ->renderCharset if not set.
         */
        function ADMCMD_preview(){
                $inputCode = t3lib_div::_GP('ADMCMD_prev');
+               $cookieTTL = 60*60;
+
+                       // If cookie is set, see what to do:
+               if ($_COOKIE['ADMCMD_prev'])    {
+                       
+                               // If no input code is given by GET method, lets look it up in a cookie (for workspace previews not only tied to the page) and update the cookie time:
+                       if (!$inputCode)        {
+                               $inputCode = $_COOKIE['ADMCMD_prev'];
+                               SetCookie('ADMCMD_prev', $inputCode, time()+$cookieTTL);
+                       } else {        // Otherwise "log out":
+                               SetCookie('ADMCMD_prev', '', 0);
+                               die("You logged out from Workspace preview mode. Reload the browser to log in again.");
+                       }
+               }
 
+                       // If inputcode now, look up the settings:
                if ($inputCode) {
 
                                // Look for keyword configuration record:
                                // - Make sure to remove fe/be cookies (temporarily); BE already done in ADMCMD_preview_postInit()
                        if (is_array($previewData))     {
                                if (!count(t3lib_div::_POST())) {
-                                       if (t3lib_div::getIndpEnv('TYPO3_SITE_URL').'index.php?ADMCMD_prev='.$inputCode === t3lib_div::getIndpEnv('TYPO3_REQUEST_URL')) {
-
-                                                       // Unserialize configuration:
-                                               $previewConfig = unserialize($previewData['config']);
+                                               // Unserialize configuration:
+                                       $previewConfig = unserialize($previewData['config']);
+
+                                       if ($previewConfig['fullWorkspace']) {  // For full workspace preview we only ADD a get variable to set the preview of the workspace - so all other Get vars are accepted. Hope this is not a security problem. Still posting is not allowed and even if a backend user get initialized it shouldn't lead to situations where users can use those credentials.
+                                       
+                                                       // Set the workspace preview value:
+                                               t3lib_div::_GETset($previewConfig['fullWorkspace'],'ADMCMD_previewWS');
+                                               
+                                                       // If ADMCMD_prev is set the $inputCode value cannot come from a cookie and we set that cookie here. Next time it will be found from the cookie if ADMCMD_prev is not set again...
+                                               if (t3lib_div::_GP('ADMCMD_prev'))      {
+                                                       SetCookie('ADMCMD_prev', t3lib_div::_GP('ADMCMD_prev'), time()+$cookieTTL);     // Lifetime is 1 hour, does it matter much? Requires the user to click the link from their email again if it expires.
+                                               }
+                                               return $previewConfig;
+                                       } elseif (t3lib_div::getIndpEnv('TYPO3_SITE_URL').'index.php?ADMCMD_prev='.$inputCode === t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'))   {
 
                                                        // Set GET variables:
                                                $GET_VARS = '';
@@ -3231,7 +3284,7 @@ if (version == "n3") {
                                $stdMsg = '
                                <br />
                                <div align="center">
-                                       <table border="3" bordercolor="black" cellpadding="2" bgcolor="red">
+                                       <table border="3" bordercolor="black" cellpadding="2" bgcolor="red" summary="">
                                                <tr>
                                                        <td>&nbsp;&nbsp;<font face="Verdana" size="1"><b>'.htmlspecialchars($text).'</b></font>&nbsp;&nbsp;</td>
                                                </tr>