Fixed bug #15282: It is impossible to set links to files any more with the link wizard
authorOliver Hader <oliver.hader@typo3.org>
Thu, 5 Aug 2010 18:46:44 +0000 (18:46 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 5 Aug 2010 18:46:44 +0000 (18:46 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8494 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_tceforms.php
typo3/class.browse_links.php

index c15789b..211e90d 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 2010-08-05  Jeff Segars  <jeff@webempoweredchurch.org>
 
        * Fixed bug #14805: Misleading descriptions for warning_* options in Install Tool (thanks to Markus Klein)
+       * Fixed bug #15282: It is impossible to set links to files any more with the link wizard
 
 2010-08-05  Oliver Hader  <oliver@typo3.org>
 
index 6e62370..2bd17ea 100644 (file)
@@ -2730,8 +2730,8 @@ class t3lib_TCEforms      {
 
                                                                        // Makes a "Add new" link:
                                                                $var = uniqid('idvar');
-                                                               $replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '"+' . $var . '+"-")';
-                                                               $onClickInsert = 'var ' . $var . ' = "' . $idTagPrefix . '-idx"+(new Date()).getTime();';
+                                                               $replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '-"+' . $var . '+"-")';
+                                                               $onClickInsert = 'var ' . $var . ' = "' . 'idx"+(new Date()).getTime();';
                                                                // Do not replace $isTagPrefix in setActionStatus() because it needs section id!
                                                                $onClickInsert .= 'new Insertion.Bottom($("'.$idTagPrefix.'"), unescape("'.rawurlencode($newElementTemplate).'").' . $replace . '); setActionStatus("'.$idTagPrefix.'");';
                                                                $onClickInsert .= 'eval(unescape("' . rawurlencode(implode(';', $this->additionalJS_post)) . '").' . $replace . ');';
index 648f918..a0d75ef 100644 (file)
@@ -916,7 +916,7 @@ class browse_links {
                ';
 
                if ($this->mode == 'wizard')    {       // Functions used, if the link selector is in wizard mode (= TCEforms fields)
-                       if (!$this->areFieldChangeFunctionsValid()) {
+                       if (!$this->areFieldChangeFunctionsValid() && !$this->areFieldChangeFunctionsValid(TRUE)) {
                                $this->P['fieldChangeFunc'] = array();
                        }
                        unset($this->P['fieldChangeFunc']['alert']);
@@ -930,6 +930,7 @@ class browse_links {
                        $P2['itemName']=$this->P['itemName'];
                        $P2['formName']=$this->P['formName'];
                        $P2['fieldChangeFunc']=$this->P['fieldChangeFunc'];
+                       $P2['fieldChangeFuncHash'] = t3lib_div::hmac(serialize($this->P['fieldChangeFunc']));
                        $P2['params']['allowedExtensions']=$this->P['params']['allowedExtensions'];
                        $P2['params']['blindLinkOptions']=$this->P['params']['blindLinkOptions'];
                        $addPassOnParams.=t3lib_div::implodeArrayForUrl('P',$P2);
@@ -2799,13 +2800,33 @@ class browse_links {
         * Determines whether submitted field change functions are valid
         * and are coming from the system and not from an external abuse.
         *
+        * @param boolean $allowFlexformSections Whether to handle flexform sections differently
         * @return boolean Whether the submitted field change functions are valid
         */
-       protected function areFieldChangeFunctionsValid() {
-               return (
-                       isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])
-                       && $this->P['fieldChangeFuncHash'] == t3lib_div::hmac(serialize($this->P['fieldChangeFunc']))
-               );
+       protected function areFieldChangeFunctionsValid($handleFlexformSections = FALSE) {
+               $result = FALSE;
+
+               if (isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])) {
+                       $matches = array();
+                       $pattern = '#\[el\]\[(([^]-]+-[^]-]+-)(idx\d+-)([^]]+))\]#i';
+
+                       $fieldChangeFunctions = $this->P['fieldChangeFunc'];
+
+                               // Special handling of flexform sections:
+                               // Field change functions are modified in JavaScript, thus the hash is always invalid
+                       if ($handleFlexformSections && preg_match($pattern, $this->P['itemName'], $matches)) {
+                               $originalName = $matches[1];
+                               $cleanedName = $matches[2] . $matches[4];
+
+                               foreach ($fieldChangeFunctions as &$value) {
+                                       $value = str_replace($originalName, $cleanedName, $value);
+                               }
+                       }
+
+                       $result = ($this->P['fieldChangeFuncHash'] === t3lib_div::hmac(serialize($fieldChangeFunctions)));
+               }
+
+               return $result;
        }
 }