[BUGFIX] Reset FormViewHelper on execution 04/49104/10
authorHelmut Hummel <info@helhum.io>
Tue, 19 Jul 2016 14:23:36 +0000 (16:23 +0200)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Fri, 2 Dec 2016 10:34:02 +0000 (11:34 +0100)
This commit ensures that the FormViewHelper is in a clean state and
can render the required hidden fields (again).

Resolves: #77097
Releases: master, 7.6, 6.2
Change-Id: I82f90ee7c0aaf44cd48a9abde6dbb012f536543e
Reviewed-on: https://review.typo3.org/49104
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Markus Sommer <markussom@posteo.de>
Tested-by: Markus Sommer <markussom@posteo.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php

index 6c905a0..f574686 100644 (file)
@@ -72,11 +72,6 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
     protected $formActionUriArguments;
 
     /**
-     * @var bool
-     */
-    private $securedReferrerFieldRendered = false;
-
-    /**
      * @param \TYPO3\CMS\Extbase\Security\Cryptography\HashService $hashService
      */
     public function injectHashService(\TYPO3\CMS\Extbase\Security\Cryptography\HashService $hashService)
@@ -176,6 +171,7 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
         $this->removeFormObjectNameFromViewHelperVariableContainer();
         $this->removeFormFieldNamesFromViewHelperVariableContainer();
         $this->removeCheckboxFieldNamesFromViewHelperVariableContainer();
+        $this->removeSecuredHiddenFieldsRenderedFromViewHelperVariableContainer();
         return $this->tag->render();
     }
 
@@ -269,7 +265,7 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
      */
     protected function renderHiddenSecuredReferrerField()
     {
-        if ($this->securedReferrerFieldRendered) {
+        if ($this->hasSecuredHiddenFieldsRendered()) {
             return '';
         }
         $request = $this->renderingContext->getControllerContext()->getRequest();
@@ -286,7 +282,7 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
             $actionRequest['@vendor'] = $vendorName;
         }
         $result = '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@request]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(serialize($actionRequest))) . '" />' . LF;
-        $this->securedReferrerFieldRendered = true;
+        $this->addSecuredHiddenFieldsRenderedToViewHelperVariableContainer();
         return $result;
     }
 
@@ -400,6 +396,32 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
     }
 
     /**
+     * Adds flag to indicate the secured hidden fields have been rendered to the ViewHelperVariableContainer
+     */
+    protected function addSecuredHiddenFieldsRenderedToViewHelperVariableContainer()
+    {
+        $this->viewHelperVariableContainer->add(\TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'securedHiddenFieldsRendered', true);
+    }
+
+    /**
+     * Checks whether the secured hidden fields have been rendered
+     *
+     * @return bool
+     */
+    protected function hasSecuredHiddenFieldsRendered()
+    {
+        return $this->viewHelperVariableContainer->exists(\TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'securedHiddenFieldsRendered');
+    }
+
+    /**
+     * Removes flag to indicate the secured hidden fields have been rendered from the ViewHelperVariableContainer
+     */
+    protected function removeSecuredHiddenFieldsRenderedFromViewHelperVariableContainer()
+    {
+        $this->viewHelperVariableContainer->remove(\TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'securedHiddenFieldsRendered');
+    }
+
+    /**
      * Render the request hash field
      *
      * @return string the hmac field