[TASK] Use GeneralUtility::quoteJSvalue() where needed part 2
[Packages/TYPO3.CMS.git] / typo3 / sysext / backend / Classes / Form / Element / AbstractFormElement.php
index cee05e7..447b421 100644 (file)
@@ -282,7 +282,7 @@ abstract class AbstractFormElement extends AbstractNode {
                                        if (isset($wizardConfiguration['popup_onlyOpenIfSelected']) && $wizardConfiguration['popup_onlyOpenIfSelected']) {
                                                $notSelectedText = $languageService->sL('LLL:EXT:lang/locallang_core.xlf:mess.noSelItemForEdit');
                                                $onlyIfSelectedJS =
-                                                       'if (!TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\')){' .
+                                                       'if (!TBE_EDITOR.curSelected(' . GeneralUtility::quoteJSvalue($itemName . $listFlag) . ')){' .
                                                                'alert(' . GeneralUtility::quoteJSvalue($notSelectedText) . ');' .
                                                                'return false;' .
                                                        '}';
@@ -290,13 +290,12 @@ abstract class AbstractFormElement extends AbstractNode {
                                        $aOnClick =
                                                'this.blur();' .
                                                $onlyIfSelectedJS .
-                                               'vHWin=window.open(' .
-                                                       '\'' . $url  . '\'+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' .
-                                                               'document.editform[\'' . $itemName . '\'].value,200' .
+                                               'vHWin=window.open(' . GeneralUtility::quoteJSvalue($url) . '+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' .
+                                                               'document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value,200' .
                                                        ')' .
-                                                       '+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\'),' .
-                                                       '\'popUp' . $md5ID . '\',' .
-                                                       '\'' . $wizardConfiguration['JSopenParams'] . '\'' .
+                                                       '+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(' . GeneralUtility::quoteJSvalue($itemName . $listFlag) . '),' .
+                                                       GeneralUtility::quoteJSvalue('popUp' . $md5ID) . ',' .
+                                                       GeneralUtility::quoteJSvalue($wizardConfiguration['JSopenParams']) .
                                                ');' .
                                                'vHWin.focus();' .
                                                'return false;';
@@ -336,13 +335,12 @@ abstract class AbstractFormElement extends AbstractNode {
 
                                        $aOnClick =
                                                'this.blur();' .
-                                               'vHWin=window.open(' .
-                                                       '\'' . $url  . '\'+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' .
+                                               'vHWin=window.open('. GeneralUtility::quoteJSvalue($url) . '+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' .
                                                        'document.editform[\'' . $itemName . '\'].value,200' .
                                                        ')' .
-                                                       '+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\'),' .
-                                                       '\'popUp' . $md5ID . '\',' .
-                                                       '\'' . $wizardConfiguration['JSopenParams'] . '\'' .
+                                                       '+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(' . GeneralUtility::quoteJSvalue($itemName . $listFlag) . '),' .
+                                                       GeneralUtility::quoteJSvalue('popUp' . $md5ID) . ',' .
+                                                       GeneralUtility::quoteJSvalue($wizardConfiguration['JSopenParams']) .
                                                ');' .
                                                'vHWin.focus();' .
                                                'return false;';
@@ -399,11 +397,11 @@ abstract class AbstractFormElement extends AbstractNode {
                                                $options[] = '<option value="' . htmlspecialchars($p[1]) . '">' . htmlspecialchars($p[0]) . '</option>';
                                        }
                                        if ($wizardConfiguration['mode'] == 'append') {
-                                               $assignValue = 'document.editform[\'' . $itemName . '\'].value=\'\'+this.options[this.selectedIndex].value+document.editform[\'' . $itemName . '\'].value';
+                                               $assignValue = 'document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value=\'\'+this.options[this.selectedIndex].value+document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value';
                                        } elseif ($wizardConfiguration['mode'] == 'prepend') {
-                                               $assignValue = 'document.editform[\'' . $itemName . '\'].value+=\'\'+this.options[this.selectedIndex].value';
+                                               $assignValue = 'document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value+=\'\'+this.options[this.selectedIndex].value';
                                        } else {
-                                               $assignValue = 'document.editform[\'' . $itemName . '\'].value=this.options[this.selectedIndex].value';
+                                               $assignValue = 'document.editform[' . GeneralUtility::quoteJSvalue($itemName) . '].value=this.options[this.selectedIndex].value';
                                        }
                                        $otherWizards[] =
                                                '<select' .
@@ -582,7 +580,7 @@ abstract class AbstractFormElement extends AbstractNode {
                                        if ($inlineParent['config']['foreign_table'] == $table && $inlineParent['config']['foreign_unique'] == $field) {
                                                $objectPrefix = $inlineStackProcessor->getCurrentStructureDomObjectIdPrefix($this->globalOptions['inlineFirstPid']) . '-' . $table;
                                                $aOnClickInline = $objectPrefix . '|inline.checkUniqueElement|inline.setUniqueElement';
-                                               $rOnClickInline = 'inline.revertUnique(\'' . $objectPrefix . '\',null,\'' . $uid . '\');';
+                                               $rOnClickInline = 'inline.revertUnique(' . GeneralUtility::quoteJSvalue($objectPrefix) . ',null,' . GeneralUtility::quoteJSvalue($uid) . ');';
                                        }
                                }
                                if (is_array($config['appearance']) && isset($config['appearance']['elementBrowserType'])) {
@@ -595,8 +593,8 @@ abstract class AbstractFormElement extends AbstractNode {
                                } else {
                                        $elementBrowserAllowed = $allowed;
                                }
-                               $aOnClick = 'setFormValueOpenBrowser(\'' . $elementBrowserType . '\',\''
-                                       . ($fName . '|||' . $elementBrowserAllowed . '|' . $aOnClickInline) . '\'); return false;';
+                               $aOnClick = 'setFormValueOpenBrowser(' . GeneralUtility::quoteJSvalue($elementBrowserType) . ','
+                                       . GeneralUtility::quoteJSvalue(($fName . '|||' . $elementBrowserAllowed . '|' . $aOnClickInline)) . '); return false;';
                                $icons['R'][] = '
                                        <a href="#"
                                                onclick="' . htmlspecialchars($aOnClick) . '"
@@ -651,10 +649,10 @@ abstract class AbstractFormElement extends AbstractNode {
                                                $elValue = $itemTable . '_' . $itemUid;
                                        } else {
                                                // 'file', 'file_reference' and 'folder' mode
-                                               $itemTitle = 'unescape(\'' . rawurlencode(basename($elValue)) . '\')';
+                                               $itemTitle = 'unescape(' . GeneralUtility::quoteJSvalue(rawurlencode(basename($elValue))) . ')';
                                        }
-                                       $aOnClick .= 'setFormValueFromBrowseWin(\'' . $fName . '\',unescape(\''
-                                               . rawurlencode(str_replace('%20', ' ', $elValue)) . '\'),' . $itemTitle . ',' . $itemTitle . ');';
+                                       $aOnClick .= 'setFormValueFromBrowseWin(' . GeneralUtility::quoteJSvalue($fName) . ',unescape('
+                                               . GeneralUtility::quoteJSvalue(rawurlencode(str_replace('%20', ' ', $elValue))) . '),' . $itemTitle . ',' . $itemTitle . ');';
                                }
                                $aOnClick .= 'return false;';
                                $icons['R'][] = '