[SECURITY] Untrusted GP data is unserialized in old CSH handling
[Packages/TYPO3.CMS.git] / typo3 / wizard_list.php
index b2d0b2b..7a2dda5 100644 (file)
@@ -2,7 +2,7 @@
 /***************************************************************
 *  Copyright notice
 *
 /***************************************************************
 *  Copyright notice
 *
-*  (c) 1999-2010 Kasper Skårhøj (kasperYYYY@typo3.com)
+*  (c) 1999-2011 Kasper Skårhøj (kasperYYYY@typo3.com)
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
 *  All rights reserved
 *
 *  This script is part of the TYPO3 project. The TYPO3 project is
 *
 *  This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/
 *
 *  This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/
+
 /**
  * Wizard to list records from a page id.
  *
 /**
  * Wizard to list records from a page id.
  *
- * $Id$
  * Revised for TYPO3 3.6 November/2003 by Kasper Skårhøj
  * XHTML compliant
  *
  * Revised for TYPO3 3.6 November/2003 by Kasper Skårhøj
  * XHTML compliant
  *
- * @author     Kasper Skårhøj <kasperYYYY@typo3.com>
- */
-/**
- * [CLASS/FUNCTION INDEX of SCRIPT]
- *
- *
- *
- *   74: class SC_wizard_list
- *   93:     function init()
- *  105:     function main()
- *
- * TOTAL FUNCTIONS: 2
- * (This index is automatically created/updated by the extension "extdeveval")
- *
+ * @author Kasper Skårhøj <kasperYYYY@typo3.com>
  */
 
  */
 
-
-
-$BACK_PATH='';
-require ('init.php');
-require ('template.php');
+$BACK_PATH = '';
+require('init.php');
 $LANG->includeLLFile('EXT:lang/locallang_wizards.xml');
 
 $LANG->includeLLFile('EXT:lang/locallang_wizards.xml');
 
-
-
-
-
-
-
-
-
-
-
 /**
  * Script Class for redirecting the user to the Web > List module if a wizard-link has been clicked in TCEforms
  *
 /**
  * Script Class for redirecting the user to the Web > List module if a wizard-link has been clicked in TCEforms
  *
- * @author     Kasper Skårhøj <kasperYYYY@typo3.com>
+ * @author Kasper Skårhøj <kasperYYYY@typo3.com>
  * @package TYPO3
  * @subpackage core
  */
 class SC_wizard_list {
 
                // Internal, static:
  * @package TYPO3
  * @subpackage core
  */
 class SC_wizard_list {
 
                // Internal, static:
-       var $pid;                                       // PID
+               // PID
+       var $pid;
 
                // Internal, static: GPvars
 
                // Internal, static: GPvars
-       var $P;                                         // Wizard parameters, coming from TCEforms linking to the wizard.
-       var $table;                                     // Table to show, if none, then all tables are listed in list module.
-       var $id;                                        // Page id to list.
-
-
-
-
+               // Wizard parameters, coming from TCEforms linking to the wizard.
+       var $P;
+               // Table to show, if none, then all tables are listed in list module.
+       var $table;
+               // Page id to list.
+       var $id;
 
        /**
         * Initialization of the class, setting GPvars.
         *
         * @return      void
         */
 
        /**
         * Initialization of the class, setting GPvars.
         *
         * @return      void
         */
-       function init() {
+       function init() {
                $this->P = t3lib_div::_GP('P');
                $this->table = t3lib_div::_GP('table');
                $this->id = t3lib_div::_GP('id');
                $this->P = t3lib_div::_GP('P');
                $this->table = t3lib_div::_GP('table');
                $this->id = t3lib_div::_GP('id');
@@ -100,45 +74,39 @@ class SC_wizard_list {
         * Main function
         * Will issue a location-header, redirecting either BACK or to a new alt_doc.php instance...
         *
         * Main function
         * Will issue a location-header, redirecting either BACK or to a new alt_doc.php instance...
         *
-        * @return      void
+        * @return void
         */
         */
-       function main() {
+       function main() {
 
                        // Get this record
 
                        // Get this record
-               $origRow = t3lib_BEfunc::getRecord($this->P['table'],$this->P['uid']);
+               $origRow = t3lib_BEfunc::getRecord($this->P['table'], $this->P['uid']);
 
                        // Get TSconfig for it.
 
                        // Get TSconfig for it.
-               $TSconfig = t3lib_BEfunc::getTCEFORM_TSconfig($this->table,is_array($origRow)?$origRow:array('pid'=>$this->P['pid']));
+               $TSconfig = t3lib_BEfunc::getTCEFORM_TSconfig($this->table, is_array($origRow)?$origRow:array('pid'=>$this->P['pid']));
 
                        // Set [params][pid]
 
                        // Set [params][pid]
-               if (substr($this->P['params']['pid'],0,3)=='###' && substr($this->P['params']['pid'],-3)=='###')        {
-                       $this->pid = intval($TSconfig['_'.substr($this->P['params']['pid'],3,-3)]);
-               } else $this->pid = intval($this->P['params']['pid']);
+               if (substr($this->P['params']['pid'], 0, 3) == '###' && substr($this->P['params']['pid'], -3) == '###') {
+                       $this->pid = intval($TSconfig['_'.substr($this->P['params']['pid'], 3, -3)]);
+               } else {
+                       $this->pid = intval($this->P['params']['pid']);
+               }
 
                        // Make redirect:
 
                        // Make redirect:
-               if (!strcmp($this->pid,'') || strcmp($this->id,''))     {       // If pid is blank OR if id is set, then return...
+                       // If pid is blank OR if id is set, then return...
+               if (!strcmp($this->pid, '') || strcmp($this->id, '')) {
                        $redirectUrl = t3lib_div::sanitizeLocalUrl($this->P['returnUrl']);
                } else {        // Otherwise, show the list:
                        $redirectUrl = t3lib_div::sanitizeLocalUrl($this->P['returnUrl']);
                } else {        // Otherwise, show the list:
-                       $redirectUrl = t3lib_extMgm::createListViewLink(
-                               $this->pid,
-                               '&table=' . $this->P['params']['table'] . '&returnUrl=' . rawurlencode(t3lib_div::getIndpEnv('REQUEST_URI')),
-                               '',
-                               '',
-                               TRUE
-                       );
+                       $urlParameters = array();
+                       $urlParameters['id'] = $this->pid;
+                       $urlParameters['table'] = $this->P['params']['table'];
+                       $urlParameters['returnUrl'] = t3lib_div::getIndpEnv('REQUEST_URI');
+                       $redirectUrl = t3lib_BEfunc::getModuleUrl('web_list', $urlParameters);
                }
                t3lib_utility_Http::redirect($redirectUrl);
        }
 }
 
                }
                t3lib_utility_Http::redirect($redirectUrl);
        }
 }
 
-
-if (defined('TYPO3_MODE') && $TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/wizard_list.php'])  {
-       include_once($TYPO3_CONF_VARS[TYPO3_MODE]['XCLASS']['typo3/wizard_list.php']);
-}
-
-
-
-// Make instance:
+       // Make instance:
 $SOBE = t3lib_div::makeInstance('SC_wizard_list');
 $SOBE->init();
 $SOBE->main();
 $SOBE = t3lib_div::makeInstance('SC_wizard_list');
 $SOBE->init();
 $SOBE->main();