[BUGFIX] Make context menus work with modules 38/32338/2
authorHelmut Hummel <helmut.hummel@typo3.org>
Mon, 4 Aug 2014 16:30:44 +0000 (18:30 +0200)
committerMarkus Klein <klein.t3@reelworx.at>
Sun, 24 Aug 2014 22:26:12 +0000 (00:26 +0200)
To make it possible to use the module dispatcher
with a click menu item, it is necessary to add
the CSRF token to the URL of the called click menu
functionality.

Resolves: #60635
Releases: 6.3, 6.2
Change-Id: I0b378c3ba4c22f25b10e39950d08568f608decdb
Reviewed-on: http://review.typo3.org/32338
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
typo3/sysext/backend/Classes/ContextMenu/AbstractContextMenuDataProvider.php

index e7d8079..232e2d4 100644 (file)
@@ -13,6 +13,7 @@ namespace TYPO3\CMS\Backend\ContextMenu;
  *
  * The TYPO3 project - inspiring people to share!
  */
+use TYPO3\CMS\Backend\Utility\BackendUtility;
 
 /**
  * Abstract Context Menu Data Provider
@@ -182,6 +183,9 @@ abstract class AbstractContextMenuDataProvider {
                                        $action->setType('action');
                                        $action->setCallbackAction($actionConfiguration['callbackAction']);
                                        if (is_array($actionConfiguration['customAttributes.'])) {
+                                               if (!empty($actionConfiguration['customAttributes.']['contentUrl'])) {
+                                                       $actionConfiguration['customAttributes.']['contentUrl'] = $this->replaceModuleTokenInContentUrl($actionConfiguration['customAttributes.']['contentUrl']);
+                                               }
                                                $action->setCustomAttributes($actionConfiguration['customAttributes.']);
                                        }
                                }
@@ -198,4 +202,20 @@ abstract class AbstractContextMenuDataProvider {
                return $actionCollection;
        }
 
+       /**
+        * Add the CSRF token to the module URL if a "M" parameter is found
+        *
+        * @param string $contentUrl
+        * @return string
+        */
+       protected function replaceModuleTokenInContentUrl($contentUrl) {
+               $parsedUrl = parse_url($contentUrl);
+               parse_str($parsedUrl['query'], $urlParameters);
+               if (isset($urlParameters['M'])) {
+                       $moduleName = $urlParameters['M'];
+                       unset($urlParameters['M']);
+                       $contentUrl = BackendUtility::getModuleUrl($moduleName, $urlParameters);
+               }
+               return $contentUrl;
+       }
 }