Fixed bug #15282: It is impossible to set links to files any more with the link wizard
authorOliver Hader <oliver.hader@typo3.org>
Thu, 5 Aug 2010 18:43:58 +0000 (18:43 +0000)
committerOliver Hader <oliver.hader@typo3.org>
Thu, 5 Aug 2010 18:43:58 +0000 (18:43 +0000)
git-svn-id: https://svn.typo3.org/TYPO3v4/Core/branches/TYPO3_4-2@8491 709f56b5-9817-0410-a4d7-c38de5d9e867

ChangeLog
t3lib/class.t3lib_tceforms.php
typo3/class.browse_links.php

index f372435..8e015ca 100755 (executable)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 2010-08-05  Oliver Hader  <oliver@typo3.org>
 
        * Fixed bug #15280: felogin redirect doesn't work anymore after update to latest releases (4.2x - 4.4.x) (thanks to Helmut Hummel)
+       * Fixed bug #15282: It is impossible to set links to files any more with the link wizard
 
 2010-08-03  Oliver Hader  <oliver@typo3.org>
 
index 0f001d7..d104879 100755 (executable)
@@ -2549,8 +2549,8 @@ class t3lib_TCEforms      {
 
                                                                        // Makes a "Add new" link:
                                                                $var = uniqid('idvar');
-                                                               $replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '"+' . $var . '+"-")';
-                                                               $onClickInsert = 'var ' . $var . ' = "' . $idTagPrefix . '-idx"+(new Date()).getTime();';
+                                                               $replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '-"+' . $var . '+"-")';
+                                                               $onClickInsert = 'var ' . $var . ' = "' . 'idx"+(new Date()).getTime();';
                                                                        // Do not replace $isTagPrefix in setActionStatus() because it needs section id!
                                                                $onClickInsert .= 'new Insertion.Bottom($("'.$idTagPrefix.'"), unescape("'.rawurlencode($newElementTemplate).'").' . $replace . '); setActionStatus("'.$idTagPrefix.'");';
                                                                $onClickInsert .= 'eval(unescape("' . rawurlencode(implode(';', $this->additionalJS_post)) . '").' . $replace . ');';
index f2e1463..9f3ed19 100755 (executable)
@@ -926,7 +926,7 @@ class browse_links {
                ';
 
                if ($this->mode == 'wizard')    {       // Functions used, if the link selector is in wizard mode (= TCEforms fields)
-                       if (!$this->areFieldChangeFunctionsValid()) {
+                       if (!$this->areFieldChangeFunctionsValid() && !$this->areFieldChangeFunctionsValid(TRUE)) {
                                $this->P['fieldChangeFunc'] = array();
                        }
                        unset($this->P['fieldChangeFunc']['alert']);
@@ -941,6 +941,7 @@ class browse_links {
                        $P2['itemName']=$this->P['itemName'];
                        $P2['formName']=$this->P['formName'];
                        $P2['fieldChangeFunc']=$this->P['fieldChangeFunc'];
+                       $P2['fieldChangeFuncHash'] = t3lib_div::hmac(serialize($this->P['fieldChangeFunc']));
                        $P2['params']['allowedExtensions']=$this->P['params']['allowedExtensions'];
                        $P2['params']['blindLinkOptions']=$this->P['params']['blindLinkOptions'];
                        $addPassOnParams.=t3lib_div::implodeArrayForUrl('P',$P2);
@@ -2767,13 +2768,33 @@ class browse_links {
         * Determines whether submitted field change functions are valid
         * and are coming from the system and not from an external abuse.
         *
+        * @param boolean $allowFlexformSections Whether to handle flexform sections differently
         * @return boolean Whether the submitted field change functions are valid
         */
-       protected function areFieldChangeFunctionsValid() {
-               return (
-                       isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])
-                       && $this->P['fieldChangeFuncHash'] == t3lib_div::hmac(serialize($this->P['fieldChangeFunc']))
-               );
+       protected function areFieldChangeFunctionsValid($handleFlexformSections = FALSE) {
+               $result = FALSE;
+
+               if (isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])) {
+                       $matches = array();
+                       $pattern = '#\[el\]\[(([^]-]+-[^]-]+-)(idx\d+-)([^]]+))\]#i';
+
+                       $fieldChangeFunctions = $this->P['fieldChangeFunc'];
+
+                               // Special handling of flexform sections:
+                               // Field change functions are modified in JavaScript, thus the hash is always invalid
+                       if ($handleFlexformSections && preg_match($pattern, $this->P['itemName'], $matches)) {
+                               $originalName = $matches[1];
+                               $cleanedName = $matches[2] . $matches[4];
+
+                               foreach ($fieldChangeFunctions as &$value) {
+                                       $value = str_replace($originalName, $cleanedName, $value);
+                               }
+                       }
+
+                       $result = ($this->P['fieldChangeFuncHash'] === t3lib_div::hmac(serialize($fieldChangeFunctions)));
+               }
+
+               return $result;
        }
 }