[BUGFIX] Fix CSRF protection token in localization overview 78/41978/3
authorNicole Cordes <typo3@cordes.co>
Mon, 27 Jul 2015 13:38:18 +0000 (15:38 +0200)
committerWouter Wolters <typo3@wouterwolters.nl>
Mon, 27 Jul 2015 18:08:35 +0000 (20:08 +0200)
This patch fixes the links for creating new translations inside the
localization overview module. These are broken since all parameters are
handled with GeneralUtility::quoteJSvalue because the module tries to
attach additional paramaters with an own Javascript function to the
links.

Resolves: #67866
Releases: master
Change-Id: I97b630bf164d64ebc98040c4f612b9c0734cd7ee
Reviewed-on: http://review.typo3.org/41978
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
typo3/sysext/frontend/Classes/Controller/TranslationStatusController.php

index be361d5..cf51a40 100644 (file)
@@ -223,7 +223,7 @@ class TranslationStatusController extends \TYPO3\CMS\Backend\Module\AbstractFunc
                        $editIco = '<a href="#" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params))
                                . '" title="' . $lang->sL(
                                        'LLL:EXT:frontend/Resources/Private/Language/locallang_webinfo.xlf:lang_renderl10n_editPageProperties'
-                               ) . '">' . IconUtility::getSpriteIcon('actions-document-new') . '</a>';
+                               ) . '">' . IconUtility::getSpriteIcon('actions-document-open') . '</a>';
                } else {
                        $editIco = '';
                }
@@ -247,11 +247,15 @@ class TranslationStatusController extends \TYPO3\CMS\Backend\Module\AbstractFunc
                                        $tCells[] = '<td>&nbsp;</td>';
                                }
                                // Create new overlay records:
-                               $params = '\'' .
-                                       $newOL_js[$langRow['uid']] .
-                                       '+\'&columnsOnly=title,hidden,sys_language_uid&defVals[pages_language_overlay][sys_language_uid]=' .
-                                       $langRow['uid'];
-                               $tCells[] = '<td><a href="#" onclick="' . htmlspecialchars(BackendUtility::editOnClick($params))
+                               $params = '&columnsOnly=title,hidden,sys_language_uid&overrideVals[pages_language_overlay][sys_language_uid]=' . $langRow['uid'];
+                               $onClick = BackendUtility::editOnClick($params);
+                               if (!empty($newOL_js[$langRow['uid']])) {
+                                       $onClickArray = explode('\'', $onClick);
+                                       $lastElement = array_pop($onClickArray);
+                                       array_push($onClickArray, $newOL_js[$langRow['uid']] . $lastElement);
+                                       $onClick = implode('\'', $onClickArray);
+                               }
+                               $tCells[] = '<td><a href="#" onclick="' . htmlspecialchars($onClick)
                                        . '" title="' . $lang->sL(
                                                'LLL:EXT:frontend/Resources/Private/Language/locallang_webinfo.xlf:lang_getlangsta_createNewTranslationHeaders'
                                        ) . '">' . IconUtility::getSpriteIcon('actions-document-new') . '</a></td>';