Fixed bug #14387: Updating the CGLs [was: Remove the feature "Enable extensions witho...
authorSteffen Kamper <info@sk-typo3.de>
Sun, 23 May 2010 10:00:19 +0000 (10:00 +0000)
committerSteffen Kamper <info@sk-typo3.de>
Sun, 23 May 2010 10:00:19 +0000 (10:00 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@7663 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
typo3/mod/tools/em/class.em_index.php
typo3/mod/tools/em/class.em_xmlhandler.php
typo3/sysext/lang/locallang_mod_tools_em.xml

index a922dec..91dd97f 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2010-05-22  Steffen Kamper  <info@sk-typo3.de>
+
+       * Fixed bug #14387: Updating the CGLs [was: Remove the feature "Enable extensions without review (basic security check)" from EM] (thanks to Lars Houmark)
+
 2010-05-22  Oliver Hader  <oliver@typo3.org>
 
        * Added feature #13868: Integrate TYPO3 donate notice in the backend
index 8cb3ad6..750a595 100644 (file)
@@ -382,7 +382,8 @@ class SC_mod_tools_em_index extends t3lib_SCbase {
                );
 
                $this->privacyNotice = $GLOBALS['LANG']->getLL('privacy_notice');
-               $securityMessage = sprintf($GLOBALS['LANG']->getLL('security_descr'),
+               $securityMessage = $GLOBALS['LANG']->getLL('security_warning_extensions') .
+                       '<br /><br />' . sprintf($GLOBALS['LANG']->getLL('security_descr'),
                                '<a href="http://typo3.org/teams/security/" target="_blank">', '</a>'
                        );
                $flashMessage = t3lib_div::makeInstance(
@@ -419,7 +420,6 @@ class SC_mod_tools_em_index extends t3lib_SCbase {
                $this->terConnection->wsdlURL = $TYPO3_CONF_VARS['EXT']['em_wsdlURL'];
                $this->xmlhandler = t3lib_div::makeInstance('SC_mod_tools_em_xmlhandler');
                $this->xmlhandler->emObj = $this;
-               $this->xmlhandler->useUnchecked = $this->MOD_SETTINGS['display_unchecked'];
                $this->xmlhandler->useObsolete = $this->MOD_SETTINGS['display_obsolete'];
 
                        // Initialize Document Template object:
@@ -515,7 +515,6 @@ class SC_mod_tools_em_index extends t3lib_SCbase {
                        ),
                        'display_shy' => '',
                        'display_own' => '',
-                       'display_unchecked' => '',
                        'display_obsolete' => '',
                        'display_installed' => '',
                        'display_files' => '',
@@ -885,9 +884,9 @@ EXTENSION KEYS:
                        $offset = $this->listingLimit*$this->pointer;
 
                        if($this->MOD_SETTINGS['display_own'] && strlen($this->fe_user['username'])) {
-                               $this->xmlhandler->searchExtensionsXML($this->listRemote_search, $this->fe_user['username'], $this->MOD_SETTINGS['listOrder']);
+                               $this->xmlhandler->searchExtensionsXML($this->listRemote_search, $this->fe_user['username'], $this->MOD_SETTINGS['listOrder'], TRUE);
                        } else {
-                               $this->xmlhandler->searchExtensionsXML($this->listRemote_search, '', $this->MOD_SETTINGS['listOrder'], false, false, $offset, $this->listingLimit);
+                               $this->xmlhandler->searchExtensionsXML($this->listRemote_search, '', $this->MOD_SETTINGS['listOrder'], TRUE, FALSE, $offset, $this->listingLimit);
                        }
                        if (count($this->xmlhandler->extensionsXML))    {
                                list($list,$cat) = $this->prepareImportExtList(true);
@@ -947,14 +946,7 @@ EXTENSION KEYS:
                                        $content .= t3lib_BEfunc::cshItem('_MOD_tools_em', 'import_ter', $GLOBALS['BACK_PATH'], '|<br />');
                                        $onsubmit = "window.location.href='index.php?ter_connect=1&ter_search='+escape(this.elements['lookUp'].value);return false;";
                                        $content .= '<form action="index.php" method="post" onsubmit="' . htmlspecialchars($onsubmit) .
-                                                       '"><label for="lookUp">' .
-                                                       sprintf($GLOBALS['LANG']->getLL('list_or_look_up'),
-                                                               ($this->MOD_SETTINGS['display_unchecked'] ?
-                                                                       '<strong style="color:#900;">' . $GLOBALS['LANG']->getLL('list_or_look_up_all') . '</strong>'
-                                                                       : '<strong style="color:#090;">' . $GLOBALS['LANG']->getLL('list_or_look_up_reviewed') . '</strong>'
-                                                               )
-                                                       ) .
-                                                       '</label><br />
+                                                       '"><label for="lookUp">' . $GLOBALS['LANG']->getLL('list_or_look_up_extensions') . '</label><br />
                                                        <input type="text" id="lookUp" name="lookUp" value="' . htmlspecialchars($this->listRemote_search) .
                                                        '" /> <input type="submit" value="' . $GLOBALS['LANG']->getLL('look_up_button') . '" /></form><br /><br />';
 
@@ -1004,13 +996,7 @@ EXTENSION KEYS:
                                $onsubmit = "window.location.href='index.php?ter_connect=1&ter_search='+escape(this.elements['lookUp'].value);return false;";
                                $content .= '<form action="index.php" method="post" onsubmit="' . htmlspecialchars($onsubmit) .
                                        '"><label for="lookUp">' .
-                                       sprintf($GLOBALS['LANG']->getLL('list_or_look_up'),
-                                               ($this->MOD_SETTINGS['display_unchecked'] ?
-                                                       '<strong style="color:#900;">' . $GLOBALS['LANG']->getLL('list_or_look_up_all') . '</strong>'
-                                                       : '<strong style="color:#090;">' . $GLOBALS['LANG']->getLL('list_or_look_up_reviewed') . '</strong>'
-                                               )
-                                       ) .
-                                       '</label><br />
+                                       $GLOBALS['LANG']->getLL('list_or_look_up_extensions') . '</label><br />
                                        <input type="text" id="lookUp" name="lookUp" value="' . htmlspecialchars($this->listRemote_search) .
                                        '" /> <input type="submit" value="' . $GLOBALS['LANG']->getLL('look_up_button') . '" /></form><br /><br />';
 
@@ -1028,13 +1014,7 @@ EXTENSION KEYS:
                        $onsubmit = "window.location.href='index.php?ter_connect=1&ter_search='+escape(this.elements['lookUp'].value);return false;";
                        $content .= '<form action="index.php" method="post" onsubmit="' . htmlspecialchars($onsubmit) .
                                '"><label for="lookUp">' .
-                               sprintf($GLOBALS['LANG']->getLL('list_or_look_up'),
-                                       ($this->MOD_SETTINGS['display_unchecked'] ?
-                                               '<strong style="color:#900;">' . $GLOBALS['LANG']->getLL('list_or_look_up_all') . '</strong>'
-                                               : '<strong style="color:#090;">' . $GLOBALS['LANG']->getLL('list_or_look_up_reviewed') . '</strong>'
-                                       )
-                               ) .
-                               '</label><br />
+                               $GLOBALS['LANG']->getLL('list_or_look_up_extensions') . '</label><br />
                                <input type="text" id="lookUp" name="lookUp" value="" /> <input type="submit" value="' .
                                $GLOBALS['LANG']->getLL('look_up_button') . '" /><br /><br />';
 
@@ -1130,20 +1110,6 @@ EXTENSION KEYS:
                $content.= '
                        ' . t3lib_BEfunc::cshItem('_MOD_tools_em', 'settings', $GLOBALS['BACK_PATH'], '|<br />') . '
                        <form action="index.php" method="post" name="altersettings">
-                       <fieldset><legend>' . $GLOBALS['LANG']->getLL('security_settings') . '</legend>
-                       <table border="0" cellpadding="2" cellspacing="2">
-                               <tr class="bgColor4">
-                                       <td><label for="display_unchecked">' . $GLOBALS['LANG']->getLL('show_exts_without_security_check') . '</label></td>
-                                       <td>'.t3lib_BEfunc::getFuncCheck(0,'SET[display_unchecked]',$this->MOD_SETTINGS['display_unchecked'],'','','id="display_unchecked"').'</td>
-                               </tr>
-                       </table>
-                       <strong>' . $GLOBALS['LANG']->getLL('notice') . '</strong> ' .
-                               sprintf($GLOBALS['LANG']->getLL('security_notice'),
-                                       '<a href="http://typo3.org/extensions/what-are-reviews/" target="_blank">', '</a>'
-                               ) .
-                       '</fieldset>
-                       <br />
-                       <br />
                        <fieldset><legend>' . $GLOBALS['LANG']->getLL('user_settings') . '</legend>
                        <table border="0" cellpadding="2" cellspacing="2">
                                <tr class="bgColor4">
@@ -1868,7 +1834,7 @@ EXTENSION KEYS:
                if (!$this->xmlhandler->countExtensions())      {
                        $this->fetchMetaData('extensions');
                }
-               $this->xmlhandler->searchExtensionsXMLExact($extKey, '', '', true);
+               $this->xmlhandler->searchExtensionsXMLExact($extKey, '', '', TRUE, TRUE);
 
                        // check if extension can be fetched
                if(isset($this->xmlhandler->extensionsXML[$extKey])) {
@@ -6161,7 +6127,7 @@ $EM_CONF[$_EXTKEY] = '.$this->arrayToCode($EM_CONF, 0).';
                '</tr>';
 
                foreach ($extList[0] as $name => $data) {
-                       $this->xmlhandler->searchExtensionsXMLExact($name, '', '', false, true);
+                       $this->xmlhandler->searchExtensionsXMLExact($name, '', '', TRUE, TRUE);
                        if (!is_array($this->xmlhandler->extensionsXML[$name])) {
                                continue;
                        }
index 94db78e..4c53533 100644 (file)
@@ -53,7 +53,6 @@ class SC_mod_tools_em_xmlhandler {
        var $extXMLResult = array();
        var $extensionsXML = array();
        var $reviewStates = null;
-       var $useUnchecked = false;
        var $useObsolete = false;
 
        /**
@@ -84,15 +83,13 @@ class SC_mod_tools_em_xmlhandler {
                if ($owner)     {
                        $where.= ' AND ownerusername='.$GLOBALS['TYPO3_DB']->fullQuoteStr($owner, 'cache_extensions');
                }
-               if (strlen($owner) || $this->useUnchecked || $allExt)   {
-                               // show extensions without review or that have passed review
-                       $where.= ' AND reviewstate >= 0';
-               } else {
-                               // only display extensions that have passed review
-                       $where.= ' AND reviewstate > 0';
-               }
-               if (!$this->useObsolete && !$allExt)    {
-                       $where.= ' AND state!=5';               // 5 == obsolete
+
+                       // Show extensions without a review or that have passed a review, but not insecure extensions
+               $where .= ' AND reviewstate >= 0';
+
+               if (!$this->useObsolete)        {
+                               // 5 == obsolete
+                       $where.= ' AND state != 5';
                }
                switch ($order) {
                        case 'author_company':
@@ -108,11 +105,7 @@ class SC_mod_tools_em_xmlhandler {
                }
                $order = $forder.', title';
                if (!$allVer)   {
-                       if ($this->useUnchecked)        {
-                               $where .= ' AND lastversion>0';
-                       } else  {
-                               $where .= ' AND lastreviewedversion>0';
-                       }
+                       $where .= ' AND lastversion > 0';
                }
                $this->catArr = array();
                $idx = 0;
@@ -226,38 +219,6 @@ class SC_mod_tools_em_xmlhandler {
        }
 
        /**
-        * Removes all extension versions from $extensions that have a reviewstate<1, unless explicitly allowed
-        *
-        * @param       array           &$extensions    The "versions" subpart of the extension list
-        * @return      void
-        */
-       function checkReviewState(&$extensions) {
-               if ($this->useUnchecked) return;
-
-               foreach ($extensions as $version => $data) {
-                       if($data['reviewstate']<1)
-                               unset($extensions[$version]);
-               }
-       }
-
-       /**
-        * Removes all extension versions from the list of available extensions that have a reviewstate<1, unless explicitly allowed
-        *
-        * @return      void
-        */
-       function checkReviewStateGlobal() {
-               if($this->useUnchecked) return;
-
-               foreach ($this->extensionsXML as $extkey => $data) {
-                       foreach ($data['versions'] as $version => $vdata) {
-                               if($vdata['reviewstate']<1) unset($this->extensionsXML[$extkey]['versions'][$version]);
-                       }
-                       if(!count($this->extensionsXML[$extkey]['versions'])) unset($this->extensionsXML[$extkey]);
-               }
-       }
-
-
-       /**
         * ***************PARSING METHODS***********************
         */
        /**
index c164b95..15e94a2 100755 (executable)
@@ -33,6 +33,7 @@
                        <label index="descr_local">Local extension (typo3conf/ext/) - Local for this TYPO3 installation only (dynamic).</label>
                        <label index="privacy_notice">When you interact with the online repository, server information may be sent and stored in the repository for statistics.</label>
                        <label index="security_header">Found a security problem? Please get in touch with us!</label>
+                       <label index="security_warning_extensions">Please be aware that extensions are third-party software. Installing an extension is a security risk, as the high level of quality and security in the TYPO3 Core can not be assured in these extensions.</label>
                        <label index="security_descr">If you think you have found a security issue in TYPO3 or an extension, please contact the %sTYPO3 security team%s! Thank you!</label>
                        <label index="menu_loaded_extensions">Loaded extensions</label>
                        <label index="menu_install_extensions">Install extensions</label>
@@ -74,6 +75,7 @@
                        <label index="excluded_from_updates">The extension is excluded from updates! You can change this in the appropriate ext_emconf.php file.</label>
                        <label index="import_to_local_dir">Import this extension from online repository to the 'local' directory typo3conf/ext/.</label>
                        <label index="list_or_look_up">List or look up %s extensions</label>
+                       <label index="list_or_look_up_extensions">Look up extensions:</label>
                        <label index="list_or_look_up_all">all</label>
                        <label index="list_or_look_up_reviewed">reviewed</label>
                        <label index="look_up_button">Look up</label>