[TASK] version entry script cleanup 09/28209/2
authorNicole Cordes <typo3@cordes.co>
Mon, 10 Mar 2014 00:50:13 +0000 (01:50 +0100)
committerAnja Leichsenring <aleichsenring@ab-softlab.de>
Sat, 15 Mar 2014 21:37:45 +0000 (22:37 +0100)
The patch adds usage of module dispatcher to enable CSRF protection to
version click module.

Resolves: #55675
Releases: 6.2
Change-Id: Ib31e419fd2a880052e93f3eea95d51c75d442e23
Reviewed-on: https://review.typo3.org/28209
Reviewed-by: Wouter Wolters
Tested-by: Wouter Wolters
Reviewed-by: Stefan Neufeind
Reviewed-by: Anja Leichsenring
Tested-by: Anja Leichsenring
typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
typo3/sysext/version/Classes/ClickMenu/VersionClickMenu.php
typo3/sysext/version/Classes/Controller/VersionModuleController.php
typo3/sysext/version/Classes/View/VersionView.php
typo3/sysext/version/cm1/conf.php
typo3/sysext/version/cm1/index.php
typo3/sysext/version/ext_tables.php

index 8ab78a4..e8cef05 100644 (file)
@@ -1060,7 +1060,7 @@ class DatabaseRecordList extends \TYPO3\CMS\Recordlist\RecordList\AbstractDataba
                                                if (count($vers) > 1) {
                                                        $versionIcon = count($vers) - 1;
                                                }
-                                               $cells['version'] = '<a href="' . htmlspecialchars(($this->backPath . ExtensionManagementUtility::extRelPath('version') . 'cm1/index.php?table=' . rawurlencode($table) . '&uid=' . rawurlencode($row['uid']))) . '" title="' . $GLOBALS['LANG']->getLL('displayVersions', TRUE) . '">' . IconUtility::getSpriteIcon(('status-version-' . $versionIcon)) . '</a>';
+                                               $cells['version'] = '<a href="' . htmlspecialchars($this->backPath . BackendUtility::getModuleUrl('web_txversionM1', array('table' => $table, 'uid' => $row['uid']))) . '" title="' . $GLOBALS['LANG']->getLL('displayVersions', TRUE) . '">' . IconUtility::getSpriteIcon(('status-version-' . $versionIcon)) . '</a>';
                                        } elseif (!$this->table) {
                                                $cells['version'] = $this->spaceIcon;
                                        }
index 3f22f4d..62484f0 100644 (file)
@@ -50,7 +50,7 @@ class VersionClickMenu {
                        // Adds the regular item
                        $LL = $this->includeLL();
                        // "Versioning" element added:
-                       $url = \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extRelPath('version') . 'cm1/index.php?table=' . rawurlencode($table) . '&uid=' . $uid;
+                       $url = \TYPO3\CMS\Backend\Utility\BackendUtility::getModuleUrl('web_txversionM1', array('table' => $table, 'uid' => $uid));
                        $localItems[] = $backRef->linkItem($GLOBALS['LANG']->getLLL('title', $LL), $backRef->excludeIcon('<img src="' . $backRef->backPath . \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extRelPath('version') . 'cm1/cm_icon.gif" width="15" height="12" border="0" align="top" alt="" />'), $backRef->urlRefForCM($url), 1);
                        // Find position of "delete" element:
                        $c = 0;
index f4f9a79..d18afd8 100644 (file)
@@ -116,6 +116,13 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
         */
        public $recIndex = array();
 
+       /**
+        * Initialize language files
+        */
+       public function __construct() {
+               $GLOBALS['LANG']->includeLLFile('EXT:version/locallang.xlf');
+       }
+
        // Determines whether to show the dummy draft workspace
        /*********************************
         *
@@ -439,7 +446,9 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
                                                <tr>
                                                        <td>' . $this->adminLinks($tN, $subrow) . '</td>
                                                        <td>' . $subrow['uid'] . '</td>
-                                                       ' . ($ownVer > 1 ? '<td style="font-weight: bold; background-color: yellow;"><a href="index.php?table=' . rawurlencode($tN) . '&uid=' . $subrow['uid'] . '">' . ($ownVer - 1) . '</a></td>' : '<td></td>') . '
+                                                       ' . ($ownVer > 1 ? '<td style="font-weight: bold; background-color: yellow;"><a href="' .
+                                                       BackendUtility::getModuleUrl('web_txversionM1', array('table' => $tN, 'uid' => $subrow['uid'])) .
+                                                       '">' . ($ownVer - 1) . '</a></td>' : '<td></td>') . '
                                                        <td width="98%">' . BackendUtility::getRecordTitle($tN, $subrow, TRUE) . '</td>
                                                </tr>';
                                        if ($tN == 'pages' && $c < 100) {
index 3090078..c4d8610 100644 (file)
@@ -69,7 +69,7 @@ class VersionView {
                                        $opt[] = '<option value="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::linkThisScript(array('id' => $vRow['uid']))) . '"' . ($id == $vRow['uid'] ? ' selected="selected"' : '') . '>' . htmlspecialchars($label) . '</option>';
                                }
                                // Add management link:
-                               $management = '<input type="button" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.mgm', TRUE) . '" onclick="window.location.href=\'' . htmlspecialchars(($GLOBALS['BACK_PATH'] . \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extRelPath('version') . 'cm1/index.php?table=pages&uid=' . $onlineId)) . '\';" />';
+                               $management = '<input type="button" value="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:ver.mgm', TRUE) . '" onclick="window.location.href=\'' . htmlspecialchars($GLOBALS['BACK_PATH'] . \TYPO3\CMS\Backend\Utility\BackendUtility::getModuleUrl('web_txversionM1', array('table' => 'pages', 'uid' => $onlineId))) . '\';" />';
                                // Create onchange handler:
                                $onChange = 'window.location.href=this.options[this.selectedIndex].value;';
                                // Controls:
index ec847a6..ed19887 100644 (file)
@@ -1,9 +1,7 @@
 <?php
 // DO NOT REMOVE OR CHANGE THESE 3 LINES:
-define('TYPO3_MOD_PATH', 'sysext/version/cm1/');
-$BACK_PATH = '../../../';
 $MCONF['name'] = 'web_txversionM1';
 $MLANG['default']['tabs_images']['tab'] = 'cm_icon.gif';
 $MLANG['default']['ll_ref'] = 'LLL:EXT:version/locallang.xlf';
-$MCONF['script'] = 'index.php';
+$MCONF['script'] = '_DISPATCH';
 $MCONF['access'] = 'user,group';
index 514ea9f..76122ad 100644 (file)
  *  This copyright notice MUST APPEAR in all copies of the script!
  ***************************************************************/
 
-unset($MCONF);
-require __DIR__ . '/conf.php';
-require $BACK_PATH . 'init.php';
-$GLOBALS['LANG']->includeLLFile('EXT:version/locallang.xlf');
 $SOBE = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Version\\Controller\\VersionModuleController');
 $SOBE->init();
 $SOBE->main();
index 0ab3a13..a510dfb 100644 (file)
@@ -4,6 +4,12 @@ if (!defined('TYPO3_MODE')) {
 }
 if (TYPO3_MODE == 'BE') {
        if (!\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('workspaces')) {
+               // Register version_click_module
+               \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addModulePath(
+                       'web_txversionM1',
+                       \TYPO3\CMS\Core\Utility\ExtensionManagementUtility::extPath($_EXTKEY) . 'cm1/'
+               );
+
                $GLOBALS['TBE_MODULES_EXT']['xMOD_alt_clickmenu']['extendCMclasses'][] = array(
                        'name' => 'TYPO3\\CMS\\Version\\ClickMenu\\VersionClickMenu',
                );