* Changed the layout of the security warning box which is displayed in alt_intro.php
authorMichael Stucki <michael.stucki@typo3.org>
Sat, 30 Apr 2005 17:54:43 +0000 (17:54 +0000)
committerMichael Stucki <michael.stucki@typo3.org>
Sat, 30 Apr 2005 17:54:43 +0000 (17:54 +0000)
* Added a hook for extending the device recognition capabilities in class.t3lib_matchcondition.php (requested by Michael Perkhofer for his "wurfl" extension)
* Fixed bug #0000762: If the word "include_once" is followed by a whitespace, the extension manager issued an error
* New feature #0000634: Add the CURIFSUB state to menu objects (thanks to Wolfgang Klinger)
* Changed the spamProtectEmailAddresses range again. Allowed values are between -5 and 1 (higher values could break the output, thus the range needed to be changed)

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@698 709f56b5-9817-0410-a4d7-c38de5d9e867

12 files changed:
ChangeLog
t3lib/class.t3lib_befunc.php
t3lib/class.t3lib_exec.php
t3lib/class.t3lib_install.php
t3lib/class.t3lib_matchcondition.php
t3lib/thumbs.php
typo3/class.file_list.inc
typo3/mod/tools/em/index.php
typo3/sysext/cms/tslib/class.tslib_content.php
typo3/sysext/cms/tslib/class.tslib_fe.php
typo3/sysext/cms/tslib/class.tslib_menu.php
typo3/sysext/cms/tslib/class.tslib_pagegen.php

index 4c746e6..059cf45 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2005-04-30  Michael Stucki  <michael@typo3.org>
+
+       * Changed the layout of the security warning box which is displayed in alt_intro.php
+       * Added a hook for extending the device recognition capabilities in class.t3lib_matchcondition.php (requested by Michael Perkhofer for his "wurfl" extension)
+       * Fixed bug #0000762: If the word "include_once" is followed by a whitespace, the extension manager issued an error
+       * New feature #0000634: Add the CURIFSUB state to menu objects (thanks to Wolfgang Klinger)
+       * Changed the spamProtectEmailAddresses range again. Allowed values are between -5 and 1 (higher values could break the output, thus the range needed to be changed)
+
 2005-04-29  Kasper Skårhøj,,,  <kasper@typo3.com>
 
        * Added default limit (10kb) on frontend user session data (set by TYPO3_CONF_VARS[FE][maxSessionDataSize]) and added a check that session data is saved only if a cookie is actually set. This closes a quite obvious hole for DoS attacks where requesting a TYPO3 URL something like "...index.php?id=1&recs[foo][bar]=[up to 2000 chars]" would fill 2kb of data into fe_session_data no questions asked. It is not a security problem but thousand such request (with eg. "ab") would mean 2 megabyte of junk in the database... Spamming that table is now considerably more complicated. However this setting might break applications storing large amounts of user session data, but for the average shopping plugin it should be unaffected.
 
 2005-04-28  Rupert Germann  <rupi@gmx.li>
 
-       * fix for bug 416: now the wrong default values in autoincrement lines will be removed from .sql files before they are written to the database.
-       This fixes the problem where tables were not created under MySQL 4.1.x
-       * removed a double strcmp in class.t3lib_install (resolves bug 955)
-       * removed the mysql-version ckeck from the install tool and from class.tx_install. With current MySQL versions this is not needed anymore.
+       * Fixed bug #0000416: now the wrong default values in autoincrement lines will be removed from .sql files before they are written to the database. This fixes the problem that tables were not created under MySQL 4.1.x
+       * Fixed bug #0000955: Removed a double strcmp in class.t3lib_install
+       * Removed the mysql-version ckeck from class.tx_install.php. With current MySQL versions this is not needed anymore.
        * New features for the pi_base pagebrowser: first and last links, "floating" of the displayed pages, all wraps are now configurable, all hardcoded HTML can be substituted with own wraps, and many more.
-       The behaviour of the pagebrowser doesn't change if the additional "internal"-array-elements don't exist.
-       This array has to be set from an extension which passes its TS-config to the pagebrowser function. See comments in function for details.
-       Thank goes to Michael H.E. Roth for developing most of the changes.
-       * fixed bug 911: setting ['BE']['lockIP'] to a value < 4 does not log out the BEuser anymore.
-       * fixed bug 570: now it is prevented that umlauts or other special characters are inserted as "accessKey".
+         The behaviour of the pagebrowser doesn't change if the additional "internal"-array-elements don't exist.
+         This array has to be set from an extension which passes its TS-config to the pagebrowser function. See comments in function for details.
+         Thank goes to Michael H.E. Roth for developing most of the changes.
+       * Fixed bug #0000911: setting ['BE']['lockIP'] to a value < 4 does not log out the BEuser anymore.
+       * Fixed bug #0000570: now it is prevented that umlauts or other special characters are inserted as "accessKey".
 
 2005-04-28  Christian Jul Jensen  <julle(at)typo3(dot)org>
 
@@ -37,7 +44,7 @@
 
 2005-04-27  Rupert Germann  <rupi@gmx.li>
 
-       * fix for bug 536: removed a hardcoded tt_news reference which inserted the admin name as news author.
+       * Fixed bug #0000536: removed a hardcoded tt_news reference which inserted the admin name as news author.
 
 2005-04-27  Michael Scharkow  <mscharkow@gmx.net>
 
index fd78f4e..32c4925 100755 (executable)
@@ -3091,10 +3091,11 @@ class t3lib_BEfunc      {
                        }
 
                        if(count($warnings))    {
-                               $content = '<br />'.
-                                       '<p class="typo3-red" style="font-weight: bold;">Security warning:<br />'.
+                               $content = '<table border="0" cellpadding="0" cellspacing="0" class="warningbox"><tr><td>'.
+                                       $GLOBALS['TBE_TEMPLATE']->icons(3).'Security warning!<br />'.
                                        '- '.implode('<br />- ', $warnings).'<br /><br />'.
-                                       'It is highly recommended that you change this immediately.<br />&nbsp;</p>';
+                                       'It is highly recommended that you change this immediately.'.
+                                       '</td></tr></table>';
 
                                unset($warnings);
                                return $content;
index e289f42..03c8711 100755 (executable)
@@ -22,7 +22,7 @@
 *  This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/
 /**
- * t3lib_exec find executables (programs) on unix and windows without knowing where they are
+ * t3lib_exec finds executables (programs) on Unix and Windows without knowing where they are
  *
  * $Id$
  *
index 9742e22..bee5a1c 100755 (executable)
@@ -435,7 +435,7 @@ class t3lib_install {
                                                                foreach($info[$theKey] as $fieldN => $fieldC) {
                                                                        if (!isset($FDcomp[$table][$theKey][$fieldN]))  {
                                                                                $extraArr[$table][$theKey][$fieldN] = $fieldC;
-                                                                       } elseif (strcmp($FDcomp[$table][$theKey][$fieldN], $fieldC)){
+                                                                       } elseif (strcmp($FDcomp[$table][$theKey][$fieldN], $fieldC))   {
                                                                                $diffArr[$table][$theKey][$fieldN] = $fieldC;
                                                                                $diffArr_cur[$table][$theKey][$fieldN] = $FDcomp[$table][$theKey][$fieldN];
                                                                        }
index a43ec66..09881e0 100644 (file)
@@ -399,6 +399,15 @@ class t3lib_matchCondition {
                        strstr($agent, 'diibot'))       {
                        return 'robot';
                }
+
+                       // Hook for extending device recognition capabilities:
+               if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_matchcondition.php']['devices_class']))       {
+                       foreach($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_matchcondition.php']['devices_class'] as $_classRef)       {
+                               $_procObj = &t3lib_div::getUserObj($_classRef);
+                               return $_procObj->whichDevice_ext($useragent);
+                       }
+               }
+
        }
 
        /**
index c12f62e..f597cab 100755 (executable)
@@ -227,7 +227,7 @@ class SC_t3lib_thumbs {
                                if($fd = @fopen($this->output,'rb'))    {
                                        Header('Content-type: image/'.$outext);
                                        while (!feof($fd))      {
-                                               echo fread( $fd, 10000 );
+                                               echo fread($fd, 10000);
                                        }
                                        fclose( $fd );
                                } else {
index 17f54d3..f2a7aa2 100755 (executable)
@@ -368,6 +368,7 @@ class fileList extends t3lib_recordList {
        function linkWrapDir($code,$path)       {
                $href = $this->script.'?id='.rawurlencode($path);
 
+                       // Sometimes $code contains plain HTML tags. In such a case the string should not be modified!
                if(!strcmp($code,strip_tags($code)))    {
                        return '<a href="'.htmlspecialchars($href).'" title="'.htmlspecialchars($code).'">'.t3lib_div::fixed_lgd($code,$this->fixedL).'</a>';
                } else  {
index 78190ea..1387faa 100755 (executable)
@@ -293,7 +293,7 @@ class SC_mod_tools_em_index extends t3lib_SCbase {
                );
 
        var $privacyNotice = 'When ever you interact with the online repository, server information is sent and stored in the repository for statistics. No personal information is sent, only identification of this TYPO3 install. If you want know exactly what is sent, look in typo3/mod/tools/em/index.php, function repTransferParams()';
-       var $editTextExtensions = 'html,htm,txt,css,tmpl,inc,php,sql,conf,cnf,pl,pm,sh';
+       var $editTextExtensions = 'html,htm,txt,css,tmpl,inc,php,sql,conf,cnf,pl,pm,sh,ChangeLog';
        var $nameSpaceExceptions = 'beuser_tracking,design_components,impexp,static_file_edit,cms,freesite,quickhelp,classic_welcome,indexed_search,sys_action,sys_workflows,sys_todos,sys_messages,direct_mail,sys_stat,tt_address,tt_board,tt_calender,tt_guest,tt_links,tt_news,tt_poll,tt_rating,tt_products,setup,taskcenter,tsconfig_help,context_help,sys_note,tstemplate,lowlevel,install,belog,beuser,phpmyadmin,aboutmodules,imagelist,setup,taskcenter,sys_notepad,viewpage';
 
 
@@ -1310,7 +1310,7 @@ EXTENSION KEYS:
                                if (t3lib_div::isFirstPartOfStr($editFile,PATH_site) && t3lib_div::isFirstPartOfStr($editFile,$absPath))        {       // Paranoia...
 
                                        $fI = t3lib_div::split_fileref($editFile);
-                                       if (@is_file($editFile) && t3lib_div::inList($this->editTextExtensions,$fI['fileext'])) {
+                                       if (@is_file($editFile) && t3lib_div::inList($this->editTextExtensions,($fI['fileext']?$fI['fileext']:$fI['filebody'])))        {
                                                if (filesize($editFile)<($this->kbMax*1024))    {
                                                        $outCode = '';
                                                        $info = '';
@@ -1608,7 +1608,7 @@ EXTENSION KEYS:
                                <tr class="bgColor4">
                                        <td><a href="'.htmlspecialchars('index.php?CMD[showExt]='.$extKey.'&CMD[downloadFile]='.rawurlencode($file)).'" title="Download...">'.substr($file,strlen($extPath)).'</a></td>
                                        <td>'.t3lib_div::formatSize(filesize($file)).'</td>
-                                       <td>'.(!in_array($extKey,$this->requiredExt)&&t3lib_div::inList($this->editTextExtensions,$fI['fileext'])?'<a href="'.htmlspecialchars('index.php?CMD[showExt]='.$extKey.'&CMD[editFile]='.rawurlencode($file)).'">Edit file</a>':'').'</td>
+                                       <td>'.(!in_array($extKey,$this->requiredExt)&&t3lib_div::inList($this->editTextExtensions,($fI['fileext']?$fI['fileext']:$fI['filebody']))?'<a href="'.htmlspecialchars('index.php?CMD[showExt]='.$extKey.'&CMD[editFile]='.rawurlencode($file)).'">Edit file</a>':'').'</td>
                                </tr>';
                                $totalSize+=filesize($file);
                        }
@@ -2701,7 +2701,7 @@ EXTENSION KEYS:
                                                                if ($reg[1]) {
                                                                        $cmpF = 'ext/'.$extKey.'/'.$fileName;
                                                                        if (!strcmp($reg[1],$cmpF))     {
-                                                                               if (ereg('_once\(\$TYPO3_CONF_VARS\[TYPO3_MODE\]\[[\'"]XCLASS[\'"]\]\[[\'"]'.$cmpF.'[\'"]\]\);', $XclassParts[1]))      {
+                                                                               if (ereg('_once[[:space:]]*\(\$TYPO3_CONF_VARS\[TYPO3_MODE\]\[[\'"]XCLASS[\'"]\]\[[\'"]'.$cmpF.'[\'"]\]\);', $XclassParts[1]))  {
                                                                                         $out['msg'][] = 'XCLASS OK in '.$fileName;
                                                                                } else $out['errors'][] = 'Couldn\'t find the include_once statement for XCLASS!';
                                                                        } else $out['errors'][] = 'The XCLASS filename-key "'.$reg[1].'" was different from "'.$cmpF.'" which it should have been!';
index 908241b..5979e50 100755 (executable)
@@ -1749,7 +1749,7 @@ class tslib_cObj {
                                        case 'hidden':
                                                $value = trim($parts[2]);
                                                if(strlen($value) && t3lib_div::inList('recipient_copy,recipient',$confData['fieldname']) && $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
-                                                 break;
+                                                       break;
                                                }
                                                if (strlen($value) && t3lib_div::inList('recipient_copy,recipient',$confData['fieldname']))     {
                                                        $value = $GLOBALS['TSFE']->codeString($value);
@@ -1920,9 +1920,9 @@ class tslib_cObj {
                                if (substr($hF_key,-1)!='.')    {
                                        $hF_value = $this->cObjGetSingle($hF_conf,$conf['hiddenFields.'][$hF_key.'.'],'hiddenfields');
                                        if (strlen($hF_value) && t3lib_div::inList('recipient_copy,recipient',$hF_key)) {
-                                         if($GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
-                                           continue;
-                                         }
+                                               if($GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
+                                                       continue;
+                                               }
                                                $hF_value = $GLOBALS['TSFE']->codeString($hF_value);
                                        }
                                        $hiddenfields.='<input type="hidden" name="'.$hF_key.'" value="'.htmlspecialchars($hF_value).'" />';
@@ -4731,7 +4731,7 @@ class tslib_cObj {
         * Example: $var = "HTTP_SERVER_VARS | something" will return the value $GLOBALS['HTTP_SERVER_VARS']['something'] value
         *
         * @param       string          Key, see description of functon
-        * @param       array           If you want another array that $GLOBALS used, then just put it in here!
+        * @param       array           If you want another array than $GLOBALS used, then just put it in here!
         * @return      mixed           Value from $GLOBALS
         * @access private
         * @see getData()
index 4bfe923..3adc256 100755 (executable)
                $integrityCheck = $this->TYPO3_CONF_VARS['FE']['strictFormmail'];
 
                if(!$this->TYPO3_CONF_VARS['FE']['secureFormmail']) {
-                       // Check recipient field:
+                               // Check recipient field:
                        $encodedFields = explode(',','recipient,recipient_copy');       // These two fields are the ones which contain recipient addresses that can be misused to send mail from foreign servers.
                        foreach($encodedFields as $fieldKey)    {
                                if (strlen($EMAIL_VARS[$fieldKey]))     {
                                        }
                                }
                        }
-               } else {
-                 $locData = explode(':',$locationData);
-                 $record = $this->sys_page->checkRecord($locData[1],$locData[2],1);
-                 $EMAIL_VARS['recipient'] = $record['subheader'];
-                 $EMAIL_VARS['recipient_copy'] = $this->extractRecipientCopy($record['bodytext']);
+               } else  {
+                       $locData = explode(':',$locationData);
+                       $record = $this->sys_page->checkRecord($locData[1],$locData[2],1);
+                       $EMAIL_VARS['recipient'] = $record['subheader'];
+                       $EMAIL_VARS['recipient_copy'] = $this->extractRecipientCopy($record['bodytext']);
                }
 
                        // Hook for preprocessing of the content for formmails:
index d5e9045..2f4ad6d 100755 (executable)
@@ -945,7 +945,7 @@ class tslib_menu {
                        reset($NOconf);
                        while (list($key,$val)=each($NOconf))   {       // Find active
                                if ($this->isItemState('ACT',$key))     {
-                                       if (!$ACTinit)  {       // if this is the first active, we must generate ACT.
+                                       if (!$ACTinit)  {       // if this is the first 'active', we must generate ACT.
                                                $ACTconf = $this->tmpl->splitConfArray($this->mconf['ACT.'],$splitCount);
                                                        // Prepare active rollOver settings, overriding normal active settings
                                                if ($this->mconf['ACTRO'])      {
@@ -960,14 +960,14 @@ class tslib_menu {
                                }
                        }
                }
-                       // Prepare active/IFSUB settings, overriding normal settings
+                       // Prepare ACT (active)/IFSUB settings, overriding normal settings
                        // ACTIFSUB is true if there exist submenu items to the current item and the current item is active
                if ($this->mconf['ACTIFSUB'])   {
                        $ACTIFSUBinit = 0;      // Flag: If $ACTIFSUB is generated
                        reset($NOconf);
                        while (list($key,$val)=each($NOconf))   {       // Find active
                                if ($this->isItemState('ACTIFSUB',$key))        {
-                                       if (!$ACTIFSUBinit)     {       // if this is the first active, we must generate ACTIFSUB.
+                                       if (!$ACTIFSUBinit)     {       // if this is the first 'active', we must generate ACTIFSUB.
                                                $ACTIFSUBconf = $this->tmpl->splitConfArray($this->mconf['ACTIFSUB.'],$splitCount);
                                                        // Prepare active rollOver settings, overriding normal active settings
                                                if ($this->mconf['ACTIFSUBRO']) {
@@ -1003,6 +1003,28 @@ class tslib_menu {
                                }
                        }
                }
+                       // Prepare CUR (current)/IFSUB settings, overriding normal settings
+                       // CURIFSUB is true if there exist submenu items to the current item and the current page equals the item here!
+               if ($this->mconf['CURIFSUB'])   {
+                       $CURIFSUBinit = 0;      // Flag: If $CURIFSUB is generated
+                       reset($NOconf);
+                       while (list($key,$val)=each($NOconf))   {
+                               if ($this->isItemState('CURIFSUB',$key))        {
+                                       if (!$CURIFSUBinit)     {       // if this is the first 'current', we must generate CURIFSUB.
+                                               $CURIFSUBconf = $this->tmpl->splitConfArray($this->mconf['CURIFSUB.'],$splitCount);
+                                                       // Prepare current rollOver settings, overriding normal current settings
+                                               if ($this->mconf['CURIFSUBRO']) {
+                                                       $CURIFSUBROconf = $this->tmpl->splitConfArray($this->mconf['CURIFSUBRO.'],$splitCount);
+                                               }
+                                               $CURIFSUBinit = 1;
+                                       }
+                                       $NOconf[$key] = $CURIFSUBconf[$key];            // Substitute normal with active
+                                       if ($ROconf)    {       // If rollOver on normal, we must apply a state for rollOver on the current
+                                               $ROconf[$key] = $CURIFSUBROconf[$key] ? $CURIFSUBROconf[$key] : $CURIFSUBconf[$key];            // If RollOver on current then apply this
+                                       }
+                               }
+                       }
+               }
                        // Prepare active settings, overriding normal settings
                if ($this->mconf['USR'])        {
                        $USRinit = 0;   // Flag: If $USR is generated
@@ -1272,7 +1294,7 @@ class tslib_menu {
 
        /**
         * Returns true if there is a submenu with items for the page id, $uid
-        * Used by the item states "IFSUB" and "ACTIFSUB" to check if there is a submenu
+        * Used by the item states "IFSUB", "ACTIFSUB" and "CURIFSUB" to check if there is a submenu
         *
         * @param       integer         Page uid for which to search for a submenu
         * @return      boolean         Returns true if there was a submenu with items found
@@ -1324,6 +1346,9 @@ class tslib_menu {
                                case 'CUR':
                                        $natVal = $this->isCurrent($this->menuArr[$key]['uid'], $this->getMPvar($key));
                                break;
+                               case 'CURIFSUB':
+                                       $natVal = $this->isCurrent($this->menuArr[$key]['uid'], $this->getMPvar($key)) && $this->isSubMenu($this->menuArr[$key]['uid']);
+                               break;
                                case 'USR':
                                        $natVal = $this->menuArr[$key]['fe_group'];
                                break;
@@ -2711,10 +2736,10 @@ class tslib_jsmenu extends tslib_menu {
                }
                if ($this->mconf['firstLabelGeneral'] && !$levelConf['firstLabel'])     {
                        $levelConf['firstLabel'] = $this->mconf['firstLabelGeneral'];
-       }
+               }
                if ($levelConf['firstLabel'] && $codeLines)     {
                        $codeLines.="\n".$menuName.".defTopTitle[".$count."] = unescape('".rawurlencode($levelConf['firstLabel'])."');";
-}
+               }
                return $codeLines;
        }
 }
index 9d091dc..1ee1a34 100755 (executable)
@@ -136,7 +136,7 @@ class TSpagegen {
                if ($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses'] === 'ascii') {
                        $GLOBALS['TSFE']->spamProtectEmailAddresses = 'ascii';
                } else {
-                       $GLOBALS['TSFE']->spamProtectEmailAddresses = t3lib_div::intInRange($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses'],-5,5,0);
+                       $GLOBALS['TSFE']->spamProtectEmailAddresses = t3lib_div::intInRange($GLOBALS['TSFE']->config['config']['spamProtectEmailAddresses'],-5,1,0);
                        if ($GLOBALS['TSFE']->spamProtectEmailAddresses)        {
                                $GLOBALS['TSFE']->additionalJavaScript['UnCryptMailto()']='
   // JS function for uncrypting spam-protected emails: