[BUGFIX] Unlock Install Tool only after acknowledgement
authorSteffen Gebert <steffen.gebert@typo3.org>
Mon, 5 Sep 2011 19:51:12 +0000 (21:51 +0200)
committerJigal van Hemert <jigal@xs4all.nl>
Sun, 11 Sep 2011 21:04:26 +0000 (23:04 +0200)
Since #28621, the Install Tool gets automatically unlocked, if an admin
user opens it from the Backend.

This reduces the admin's awareness of the Install Tool being
explicitly protected by the ENABLE_INSTALL_TOOL file. This change
introduces an additional step, in which the user is explicitly asked for
confirmation to unlock the Install Tool.

Change-Id: I289959f7cdc8ff05221005d4431f2e27b3f5cf95
Fixes: #28689
Related: #28621
Releases: 4.6
Reviewed-on: http://review.typo3.org/4777
Reviewed-by: Helmut Hummel
Tested-by: Helmut Hummel
Reviewed-by: Jigal van Hemert
Tested-by: Jigal van Hemert
typo3/install/index.php
typo3/sysext/install/mod/index.php
typo3/sysext/install/mod/locallang_mod.xlf
typo3/sysext/install/mod/mod_styles.css [new file with mode: 0644]
typo3/sysext/install/mod/mod_template.html [new file with mode: 0644]

index 32a81de..9217408 100755 (executable)
@@ -98,9 +98,10 @@ if (1==2 || !is_file($enableInstallToolFile)) {
                                        case sensitive, but the file itself can simply be an empty file.
                                </li>
                                <li class="t3-install-locked-user-settings">
-                                       Alternatively, in the Backend, go to <a href="javascript:top.goToModule(\'user_setup\',1);">User tools &gt; User settings</a>
-                                       and let TYPO3 create this file for you. When you\'re finished, you can also visit
-                                       <a href="javascript:top.goToModule(\'user_setup\',1);">User tools &gt; User settings</a> and delete the file from there.
+                                       Alternatively, in the Backend, go to <a href="javascript:top.goToModule(\'tools_install\',1);">Admin tools &gt; Install</a>
+                                       and let TYPO3 create this file for you.<br />
+                                       You are recommended to log out from the Install Tool after finishing your work.
+                                       The file will then automatically be deleted.
                                </li>
                        </ul>
                        <p>
index 8875a0a..3d38a19 100755 (executable)
@@ -23,7 +23,7 @@
 ***************************************************************/
 
        // This checks permissions and exits if the users has no permission for entry.
-$BE_USER->modAccess($MCONF, 1);
+$BE_USER->modAccess($MCONF, TRUE);
 
 
 /**
@@ -39,18 +39,89 @@ class tx_install_mod1 extends t3lib_SCbase {
        /**
         * Entry point for the backend module
         *
-        * @throws t3lib_error_Exception
         * @return void
         */
        public function main() {
-               if (!$GLOBALS['BE_USER']->user['admin']) {
-                       throw new t3lib_error_Exception('Access denied', 1306866845);
-               }
+               /** @var $installToolService Tx_Install_Service_BasicService */
+               $installToolService = t3lib_div::makeInstance('Tx_Install_Service_BasicService');
 
-               if (!Tx_Install_Service_BasicService::checkInstallToolEnableFile()) {
-                       Tx_Install_Service_BasicService::createInstallToolEnableFile();
+               if ($installToolService->checkInstallToolEnableFile()) {
+                               // Install Tool is already enabled
+                       t3lib_utility_Http::redirect('install/');
+               } elseif ($this->isValidEnableRequest()) {
+                               // Install Tool should be enabled
+                       $installToolService->createInstallToolEnableFile();
+                       t3lib_utility_Http::redirect('install/');
+               } else {
+                               // ask the user to enable the Install Tool
+                       $this->showInstallToolEnableRequest();
                }
-               t3lib_utility_Http::redirect('install/');
+       }
+
+
+       /**
+        * Checks if enabling install tool is requested and form token is correct
+        *
+        * @return bool
+        */
+       protected function isValidEnableRequest() {
+               return t3lib_div::_POST('enableInstallTool') &&
+                         t3lib_formprotection_Factory::get()
+                               ->validateToken(t3lib_div::_POST('formToken'), 'installToolEnableToken');
+       }
+
+       /**
+        * Shows warning message about ENABLE_INSTALL_TOOL file and a button to create this file
+        *
+        * @return void
+        */
+       protected function showInstallToolEnableRequest() {
+                       // Create instance of object for output of data
+               $this->doc = t3lib_div::makeInstance('template');
+               $this->doc->setModuleTemplate(
+                       t3lib_extMgm::extPath('install') . 'mod/mod_template.html'
+               );
+               $this->doc->form = '<form method="post" id="t3-install-form-unlock" action="">';
+               $this->doc->addStyleSheet(
+                       'install',
+                       'stylesheets/install/install.css'
+               );
+               $this->doc->addStyleSheet(
+                       'mod-install',
+                       t3lib_extMgm::extRelPath('install') . 'mod/mod_styles.css'
+               );
+
+               $markers = $buttons = array();
+               $markers['CONTENT'] = $this->renderMessage();
+               $content = $this->doc->moduleBody('', $buttons, $markers);
+               $this->doc->postCode = '<input type="hidden" name="enableInstallTool" value="1" />' .
+                                                          t3lib_TCEforms::getHiddenTokenField('installToolEnableToken');
+               echo $this->doc->render('', $content);
+       }
+
+       /**
+        * Renders the message and the activation button
+        *
+        * @return string
+        */
+       protected function renderMessage() {
+               /** @var $message t3lib_message_ErrorpageMessage */
+               $message = t3lib_div::makeInstance('t3lib_message_ErrorPageMessage');
+
+               $message->setTitle($GLOBALS['LANG']->sL('LLL:EXT:install/mod/locallang_mod.xlf:confirmUnlockInstallToolTitle'));
+               $message->setSeverity(t3lib_message_ErrorPageMessage::WARNING);
+               $message->setHtmlTemplate('/typo3/templates/install.html');
+
+               $content = $GLOBALS['LANG']->sL('LLL:EXT:install/mod/locallang_mod.xlf:confirmUnlockInstallToolMessage') .
+                       '<button type="submit">' .
+                       $GLOBALS['LANG']->sL('LLL:EXT:install/mod/locallang_mod.xlf:confirmUnlockInstallToolButton') .
+                       '<span class="t3-install-form-button-icon-positive">&nbsp;</span></button>';
+
+               $messageMarkers = array();
+               $messageMarkers['###CONTENT###'] = $content;
+               $message->setMarkers($messageMarkers);
+
+               return $message->render();
        }
 }
 
index f2d2584..1252bf4 100644 (file)
@@ -4,17 +4,39 @@
                <header/>
                <body>
                        <trans-unit id="mlang_labels_tablabel" approved="yes">
-                               <source>Install Tool</source>
-                               <target>Install Tool</target>
+                               <source>Install&amp;nbsp;Tool</source>
+                               <target>Install&amp;nbsp;Tool</target>
                        </trans-unit>
                        <trans-unit id="mlang_labels_tabdescr" approved="yes">
-                               <source>Provides a simple link to the Install Tool. Notice the Install Tool (in typo3/install/) must be enabled.&lt;br /&gt;&lt;em&gt;Access for 'admin' users only!&lt;/em&gt;</source>
-                               <target>Provides a simple link to the Install Tool. Notice the Install Tool (in typo3/install/) must be enabled.&lt;br /&gt;&lt;em&gt;Access for 'admin' users only!&lt;/em&gt;</target>
+                               <source>Provides a simple link to the Install&amp;nbsp;Tool. Notice the Install&amp;nbsp;Tool (in typo3/install/) must be enabled.&lt;br /&gt;&lt;em&gt;Access for 'admin' users only!&lt;/em&gt;</source>
+                               <target>Provides a simple link to the Install&amp;nbsp;Tool. Notice the Install&amp;nbsp;Tool (in typo3/install/) must be enabled.&lt;br /&gt;&lt;em&gt;Access for 'admin' users only!&lt;/em&gt;</target>
                        </trans-unit>
                        <trans-unit id="mlang_tabs_tab" approved="yes">
                                <source>Install</source>
                                <target>Install</target>
                        </trans-unit>
+                       <trans-unit id="confirmUnlockInstallToolTitle" approved="yes">
+                               <source>The Install&amp;nbsp;Tool is locked</source>
+                               <target>The Install&amp;nbsp;Tool is locked</target>
+                       </trans-unit>
+                       <trans-unit id="confirmUnlockInstallToolMessage" approved="yes">
+                               <source>&lt;p&gt;For security reasons the Install&amp;nbsp;Tool is locked by default.&lt;/p&gt;
+                                       &lt;p&gt;To unlock the Install&amp;nbsp;Tool, an empty file with the name ENABLE_INSTALL_TOOL must be created in typo3conf/.&lt;/p&gt;
+                                       &lt;p&gt;By hitting the button below, this file is created for you and the Install&amp;nbsp;Tool will be unlocked.&lt;/p&gt;
+                                       &lt;p&gt;You are recommended to log out from the Install&amp;nbsp;Tool after finishing your work. Otherwise
+                                       TYPO3 will automatically lock the Install&amp;nbsp;Tool after one hour.&lt;/p&gt;
+                               </source>
+                               <target>&lt;p&gt;For security reasons the Install&amp;nbsp;Tool is locked by default.&lt;/p&gt;
+                                       &lt;p&gt;To unlock the Install&amp;nbsp;Tool, an empty file with the name ENABLE_INSTALL_TOOL must be created in typo3conf/.&lt;/p&gt;
+                                       &lt;p&gt;By hitting the button below, this file is created for you and the Install&amp;nbsp;Tool will be unlocked.&lt;/p&gt;
+                                       &lt;p&gt;You are recommended to log out from the Install&amp;nbsp;Tool after finishing your work. Otherwise
+                                       TYPO3 will automatically lock the Install&amp;nbsp;Tool after one hour.&lt;/p&gt;
+                               </target>
+                       </trans-unit>
+                       <trans-unit id="confirmUnlockInstallToolButton" approved="yes">
+                               <source>Unlock the Install&amp;nbsp;Tool</source>
+                               <target>Unlock the Install&amp;nbsp;Tool</target>
+                       </trans-unit>
                </body>
        </file>
 </xliff>
diff --git a/typo3/sysext/install/mod/mod_styles.css b/typo3/sysext/install/mod/mod_styles.css
new file mode 100644 (file)
index 0000000..198f9ee
--- /dev/null
@@ -0,0 +1,42 @@
+body#ext-install-mod-index-php {
+       margin: 0;
+       padding: 0;
+}
+
+#typo3-inner-docbody p.help {
+       font-size: 12px;
+       margin-bottom: 10px;
+}
+
+#ext-install-mod-index-php #container {
+       margin-top: 11em;
+}
+
+.typo3-message h2 {
+       color: #9E7D4A;
+       font-size: 16px;
+}
+
+span.t3-install-form-button-icon-positive {
+    background: url("../../../gfx/ok.png") no-repeat scroll 0 0 transparent;
+    display: inline-block;
+    float: none;
+    height: 16px;
+    margin-left: 0.6em;
+    width: 16px;
+}
+
+form#t3-install-form-unlock button {
+    background: url("../../../sysext/install/Resources/Public/Images/button-background.jpg") repeat-x scroll left bottom #F6F6F6;
+    border: 1px solid #7C7C7C;
+    color: #606060;
+    cursor: pointer;
+    font-size: 1.1em;
+    padding: 0.3em 0.6em;
+       margin-top: 1em;
+}
+
+form#t3-install-form-unlock button:hover {
+    background-image: url("../../../sysext/install/Resources/Public/Images/button-background-hover.jpg");
+    background-color: #EDEDED;
+}
\ No newline at end of file
diff --git a/typo3/sysext/install/mod/mod_template.html b/typo3/sysext/install/mod/mod_template.html
new file mode 100644 (file)
index 0000000..33fe014
--- /dev/null
@@ -0,0 +1,31 @@
+<!-- ###FULLDOC### begin -->
+<div class="typo3-fullDoc">
+       <!-- Empty docheader -->
+       <div id="typo3-docheader">
+               <div id="typo3-docheader-row1">
+                       <div class="buttonsleft"></div>
+                       <div class="buttonsright"></div>
+               </div>
+       </div>
+       <!-- Content of module, for instance listing, info or editing -->
+       <div id="typo3-docbody">
+               <div id="typo3-inner-docbody">
+                       ###CONTENT###
+               </div>
+       </div>
+</div>
+<!-- ###FULLDOC### end -->
+
+<!-- Grouping the icons on top -->
+
+<!-- ###BUTTON_GROUP_WRAP### -->
+       <div class="buttongroup">###BUTTONS###</div>
+<!-- ###BUTTON_GROUP_WRAP### -->
+
+<!-- ###BUTTON_GROUPS_LEFT### -->
+
+<!-- ###BUTTON_GROUPS_LEFT### -->
+
+<!-- ###BUTTON_GROUPS_RIGHT### -->
+<!-- ###BUTTON_GROUP1### -->###SHORTCUT###<!-- ###BUTTON_GROUP1### -->
+<!-- ###BUTTON_GROUPS_RIGHT### -->
\ No newline at end of file