[BUGFIX] Fix return URL in OpenID wizard 15/38415/4
authorJigal van Hemert <jigal.van.hemert@typo3.org>
Wed, 1 Apr 2015 17:59:06 +0000 (19:59 +0200)
committerJigal van Hemert <jigal.van.hemert@typo3.org>
Thu, 2 Apr 2015 13:32:17 +0000 (15:32 +0200)
The URL must be absolute and the parameters are cleaned up.
The returnURL sent to the OpenID provider must match the trusted
domain so it must be an absolute URL.

The code of the wizard is cleaned as well and also the closing curly
brace of a fluid translate viewhelper call is added.

Resolves: #66227
Releases: master
Change-Id: Ic745d5ea9ba6b1d949a65509ec8d0983c19b31f8
Reviewed-on: http://review.typo3.org/38415
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Tested-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
typo3/sysext/openid/Classes/OpenidModuleSetup.php
typo3/sysext/openid/Classes/Wizard.php
typo3/sysext/openid/Configuration/TCA/Overrides/be_users.php
typo3/sysext/openid/Configuration/TCA/Overrides/fe_users.php
typo3/sysext/openid/Resources/Private/Templates/Wizard/Content.html

index 6968bcc..623ed14 100644 (file)
@@ -59,7 +59,7 @@ class OpenidModuleSetup {
                        '<div class="input-group-addon">' .
                                '<a href="#" onclick="' .
                                'vHWin=window.open(' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('wizard_openid') . '&P[itemName]=data%5Bbe_users%5D%5Btx_openid_openid%5D') .
-                               ',null,\'width=800,height=400,status=0,menubar=0,scrollbars=0\');' .
+                               ',null,\'width=600,height=400,status=0,menubar=0,scrollbars=0\');' .
                                'vHWin.focus();return false;' .
                                '">' .
                                        '<img src="../typo3/sysext/openid/ext_icon_small.png" alt="' . $add . '" title="' . $add . '"/>' .
index 780ae0a..1ddff3e 100644 (file)
@@ -16,7 +16,11 @@ namespace TYPO3\CMS\Openid;
 
 use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Core\Messaging\FlashMessage;
+use TYPO3\CMS\Core\Messaging\FlashMessageService;
+use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Fluid\View\StandaloneView;
+use TYPO3\CMS\Lang\LanguageService;
 
 /**
  * OpenID selection wizard for the backend
@@ -60,30 +64,26 @@ class Wizard extends OpenidService {
                        $this->parentFormFieldChangeFunc = $p['fieldChangeFunc']['TBE_EDITOR_fieldChanged'];
                }
 
-               if (\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('tx_openid_mode') === 'finish'
-                       && $this->openIDResponse === NULL
-               ) {
+               if (GeneralUtility::_GP('tx_openid_mode') === 'finish' && $this->openIDResponse === NULL) {
                        $this->includePHPOpenIDLibrary();
                        $openIdConsumer = $this->getOpenIDConsumer();
                        $this->openIDResponse = $openIdConsumer->complete($this->getReturnUrl());
                        $this->handleResponse();
-                       $this->renderHtml();
-                       return;
                } elseif (GeneralUtility::_POST('openid_url') != '') {
                        $openIDIdentifier = GeneralUtility::_POST('openid_url');
                        $this->sendOpenIDRequest($openIDIdentifier);
 
                        // When sendOpenIDRequest() returns, there was an error
                        $flashMessageService = GeneralUtility::makeInstance(
-                               \TYPO3\CMS\Core\Messaging\FlashMessageService::class
+                               FlashMessageService::class
                        );
                        $flashMessage = GeneralUtility::makeInstance(
                                FlashMessage::class,
                                sprintf(
-                                       $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:error.setup'),
+                                       $this->getLanguageService()->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:error.setup'),
                                        htmlspecialchars($openIDIdentifier)
                                ),
-                               $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.error'),
+                               $this->getLanguageService()->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.error'),
                                FlashMessage::ERROR
                        );
                        $flashMessageService->getMessageQueueByIdentifier()->enqueue($flashMessage);
@@ -92,43 +92,35 @@ class Wizard extends OpenidService {
        }
 
        /**
-        * Return URL to this wizard
-        *
-        * @return string Full URL with protocol and hostname
-        */
-       protected function getSelfUrl() {
-               return BackendUtility::getModuleUrl('wizard_openid');
-       }
-
-       /**
         * Return URL that shall be called by the OpenID server
         *
         * @return string Full URL with protocol and hostname
         */
        protected function getReturnUrl() {
-               return $this->getSelfURL() .
-                       '&tx_openid_mode=finish' .
-                       '&P[itemName]=' . urlencode($this->parentFormItemName) .
-                       '&P[fieldChangeFunc][TBE_EDITOR_fieldChanged]]=' . urlencode($this->parentFormFieldChangeFunc);
+               $parameters = [
+                       'tx_openid_mode' => 'finish',
+                       'P[itemName]' => $this->parentFormItemName,
+                       'P[fieldChangeFunc][TBE_EDITOR_fieldChanged]' => $this->parentFormFieldChangeFunc
+               ];
+               return BackendUtility::getModuleUrl('wizard_openid', $parameters, FALSE, TRUE);
        }
 
        /**
         * Check OpenID response and set flash messages depending on its state
         *
         * @return void
-        *
-        * @uses $openIDResponse
         */
        protected function handleResponse() {
-               /** @var $flashMessageService \TYPO3\CMS\Core\Messaging\FlashMessageService */
-               $flashMessageService = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Messaging\FlashMessageService::class);
+               /** @var $flashMessageService FlashMessageService */
+               $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
                $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
 
+               $lang = $this->getLanguageService();
                if (!$this->openIDResponse instanceof \Auth_OpenID_ConsumerResponse) {
                        $flashMessage = GeneralUtility::makeInstance(
                                FlashMessage::class,
-                               $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:error.no-response'),
-                               $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.error'),
+                               $lang->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:error.no-response'),
+                               $lang->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.error'),
                                FlashMessage::ERROR
                        );
                } elseif ($this->openIDResponse->status == Auth_OpenID_SUCCESS) {
@@ -137,17 +129,17 @@ class Wizard extends OpenidService {
                        $flashMessage = GeneralUtility::makeInstance(
                                FlashMessage::class,
                                sprintf(
-                                       $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:youropenid'),
+                                       $lang->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:youropenid'),
                                        htmlspecialchars($this->claimedId)
                                ),
-                               $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.success'),
+                               $lang->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.success'),
                                FlashMessage::OK
                        );
                } elseif ($this->openIDResponse->status == Auth_OpenID_CANCEL) {
                        $flashMessage = GeneralUtility::makeInstance(
                                FlashMessage::class,
-                               $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:error.cancelled'),
-                               $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.error'),
+                               $lang->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:error.cancelled'),
+                               $lang->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.error'),
                                FlashMessage::ERROR
                        );
                } else {
@@ -155,11 +147,11 @@ class Wizard extends OpenidService {
                        $flashMessage = GeneralUtility::makeInstance(
                                FlashMessage::class,
                                sprintf(
-                                       $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:error.general'),
+                                       $lang->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:error.general'),
                                        htmlspecialchars($this->openIDResponse->status),
-                                       htmlspecialchars($this->openIDResponse->message)
+                                       ''
                                ),
-                               $GLOBALS['LANG']->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.error'),
+                               $lang->sL('LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:title.error'),
                                FlashMessage::ERROR
                        );
                }
@@ -168,20 +160,20 @@ class Wizard extends OpenidService {
        }
 
        /**
-        * Render HTML with messagse and OpenID form and output it
+        * Render HTML with message and OpenID form and output it
         *
         * @return void
         */
        protected function renderHtml() {
                // use FLUID standalone view for wizard content
-               $view = GeneralUtility::makeInstance(\TYPO3\CMS\Fluid\View\StandaloneView::class);
+               $view = GeneralUtility::makeInstance(StandaloneView::class);
                $view->setTemplatePathAndFilename(
-                       \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath('openid') .
+                       ExtensionManagementUtility::extPath('openid') .
                        'Resources/Private/Templates/Wizard/Content.html'
                );
 
-               /** @var $flashMessageService \TYPO3\CMS\Core\Messaging\FlashMessageService */
-               $flashMessageService = GeneralUtility::makeInstance(\TYPO3\CMS\Core\Messaging\FlashMessageService::class);
+               /** @var $flashMessageService FlashMessageService */
+               $flashMessageService = GeneralUtility::makeInstance(FlashMessageService::class);
                $defaultFlashMessageQueue = $flashMessageService->getMessageQueueByIdentifier();
 
                $messages = array();
@@ -189,7 +181,7 @@ class Wizard extends OpenidService {
                        $messages[] = $message->render();
                }
                $view->assign('messages', $messages);
-               $view->assign('formAction', $this->getSelfURL());
+               $view->assign('formAction', BackendUtility::getModuleUrl('wizard_openid', [], FALSE, TRUE));
                $view->assign('claimedId', $this->claimedId);
                $view->assign('parentFormItemName', $this->parentFormItemName);
                $view->assign('parentFormItemNameNoHr', strtr($this->parentFormItemName, array('_hr' => '')));
@@ -203,4 +195,11 @@ class Wizard extends OpenidService {
                echo $view->render();
        }
 
+       /**
+        * @return LanguageService
+        */
+       protected function getLanguageService() {
+               return $GLOBALS['LANG'];
+       }
+
 }
index 1a6a9fb..eb663e3 100644 (file)
@@ -19,7 +19,7 @@ $tempColumns = array(
                                                'name' => 'wizard_openid'
                                        ),
                                        'icon' => 'EXT:openid/ext_icon_small.png',
-                                       'JSopenParams' => ',width=800,height=200,status=0,menubar=0,scrollbars=0',
+                                       'JSopenParams' => ',width=600,height=400,status=0,menubar=0,scrollbars=0',
                                )
                        ),
                )
index b3923cf..83c5df9 100644 (file)
@@ -18,7 +18,7 @@ $tempColumns = array(
                                        'module' => array(
                                                'name' => 'wizard_openid'
                                        ),
-                                       'icon' => 'EXT:openid/ext_icon.png',
+                                       'icon' => 'EXT:openid/ext_icon_small.png',
                                        'JSopenParams' => ',width=600,height=400,status=0,menubar=0,scrollbars=0',
                                )
                        ),
index 021ad2c..76fab58 100644 (file)
@@ -43,7 +43,7 @@
                                <input type="text" name="openid_url" class="form-control" id="openid_url" value="{openid_url}"/>
 
                        </div>
-                       <button type="submit" class="btn btn-default" name="search" title="{f:translate(key:'LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:html.search')">
+                       <button type="submit" class="btn btn-default" name="search" title="{f:translate(key:'LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:html.search')}">
                                <i class="fa fa-openid"></i> {f:translate(key:'LLL:EXT:openid/Resources/Private/Language/Wizard.xlf:html.submit')}
                        </button>
                </form>