* (minor) Fixed bug #6138: Prevent recursive inclusion of external TypoScript files...

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@2571 709f56b5-9817-0410-a4d7-c38de5d9e867

diff --git a/ChangeLog b/ChangeLog
index 5ee565b..b984103 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2007-10-16  Thorsten Kahler  <thorsten.kahler@dkd.de>
+
+       * (minor) Fixed bug #6138: Prevent recursive inclusion of external TypoScript files (patch by Martin Ficzel) - Fixed problems in patch from 2007-10-15
+
 2007-10-16  Stanislas Rolland  <stanislas.rolland@fructifor.ca>
 
        * Fixed bug 4183: Incorrect display in htmlArea RTE of utf-8 labels for colors, classes and fonts defined in PageTSConfig

diff --git a/t3lib/class.t3lib_tsparser.php b/t3lib/class.t3lib_tsparser.php
index d667740..9032bad 100755 (executable)
--- a/t3lib/class.t3lib_tsparser.php
+++ b/t3lib/class.t3lib_tsparser.php
@@ -96,7 +96,6 @@ class t3lib_TSparser {
        var $syntaxHighLight = 0;               // If set, then syntax highlight mode is on; Call the function syntaxHighlight() to use this function
        var $highLightData=array();             // Syntax highlight data is accumulated in this array. Used by syntaxHighlight_print() to construct the output.
        var $highLightData_bracelevel = array();        // Syntax highlight data keeping track of the curly brace level for each line
-       var $includedFiles = array();   // Keeps track of the TypoScript files that were included by e.g. <INCLUDE_TYPOSCRIPT: source="FILE:include.ts">
 
                // Debugging, analysis:
        var $regComments = 0;                   // DO NOT register the comments. This is default for the ordinary sitetemplate!
@@ -493,9 +492,15 @@ class t3lib_TSparser {
         * Use: t3lib_TSparser::checkIncludeLines()
         *
         * @param       string          Unparsed TypoScript
+        * @param       integer         Counter for detecting endless loops
         * @return      string          Complete TypoScript with includes added.
+        * @static
         */
-       function checkIncludeLines($string)     {
+       function checkIncludeLines($string, $cycle_counter=1)   {
+               if ($cycle_counter>100) {
+                       t3lib_div::sysLog('It appears like TypoScript code is looping over itself. Check your templates for "&lt;INCLUDE_TYPOSCRIPT: ..." tags','Core',2);
+                       return '';
+               }
                $splitStr='<INCLUDE_TYPOSCRIPT:';
                if (strstr($string,$splitStr))  {
                        $newString='';
@@ -515,17 +520,12 @@ class t3lib_TSparser {
                                                        switch(strtolower(trim($sourceParts[0])))       {
                                                                case 'file':
                                                                        $filename = t3lib_div::getFileAbsFileName(trim($sourceParts[1]));
-                                                                       if (!isset($this->includedFiles[$filename])) {
-                                                                               if (strcmp($filename,''))       {       // Must exist and must not contain '..' and must be relative
-                                                                                       if (@is_file($filename) && filesize($filename)<100000)  {       // Max. 100 KB include files!
-                                                                                               $this->includedFiles[$filename] = 1;
-                                                                                                       // check for includes in included text
-                                                                                               $included_text = t3lib_TSparser::checkIncludeLines(t3lib_div::getUrl($filename));
-                                                                                               $newString.= $included_text.chr(10);
-                                                                                       }
+                                                                       if (strcmp($filename,''))       {       // Must exist and must not contain '..' and must be relative
+                                                                               if (@is_file($filename) && filesize($filename)<100000)  {       // Max. 100 KB include files!
+                                                                                               // check for includes in included text
+                                                                                       $included_text = self::checkIncludeLines(t3lib_div::getUrl($filename),$cycle_counter+1);
+                                                                                       $newString.= $included_text.chr(10);
                                                                                }
-                                                                       } else {
-                                                                               t3lib_div::sysLog('It appears like TypoScript code is looping over itself. Check your templates for "'.htmlspecialchars('<INCLUDE_TYPOSCRIPT:'.$subparts[0].'>').'"','Core',2);
                                                                        }
                                                                break;
                                                        }