From 139804ff32284bc1f5f69a7a22f8017ad1dfe228 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver.hader@typo3.org>
Date: Thu, 5 Aug 2010 18:46:44 +0000
Subject: [PATCH] Fixed bug #15282: It is impossible to set links to files any
 more with the link wizard

git-svn-id: https://svn.typo3.org/TYPO3v4/Core/trunk@8494 709f56b5-9817-0410-a4d7-c38de5d9e867
---
 ChangeLog                      |  1 +
 t3lib/class.t3lib_tceforms.php |  4 ++--
 typo3/class.browse_links.php   | 33 +++++++++++++++++++++++++++------
 3 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index c15789b64b7b..211e90d2d405 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 2010-08-05  Jeff Segars  <jeff@webempoweredchurch.org>
 
 	* Fixed bug #14805: Misleading descriptions for warning_* options in Install Tool (thanks to Markus Klein)
+	* Fixed bug #15282: It is impossible to set links to files any more with the link wizard
 
 2010-08-05  Oliver Hader  <oliver@typo3.org>
 
diff --git a/t3lib/class.t3lib_tceforms.php b/t3lib/class.t3lib_tceforms.php
index 6e62370a3d69..2bd17ea45fe5 100644
--- a/t3lib/class.t3lib_tceforms.php
+++ b/t3lib/class.t3lib_tceforms.php
@@ -2730,8 +2730,8 @@ class t3lib_TCEforms	{
 
 									// Makes a "Add new" link:
 								$var = uniqid('idvar');
-								$replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '"+' . $var . '+"-")';
-								$onClickInsert = 'var ' . $var . ' = "' . $idTagPrefix . '-idx"+(new Date()).getTime();';
+								$replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '-"+' . $var . '+"-")';
+								$onClickInsert = 'var ' . $var . ' = "' . 'idx"+(new Date()).getTime();';
 								// Do not replace $isTagPrefix in setActionStatus() because it needs section id!
 								$onClickInsert .= 'new Insertion.Bottom($("'.$idTagPrefix.'"), unescape("'.rawurlencode($newElementTemplate).'").' . $replace . '); setActionStatus("'.$idTagPrefix.'");';
 								$onClickInsert .= 'eval(unescape("' . rawurlencode(implode(';', $this->additionalJS_post)) . '").' . $replace . ');';
diff --git a/typo3/class.browse_links.php b/typo3/class.browse_links.php
index 648f9184c81d..a0d75ef108ef 100644
--- a/typo3/class.browse_links.php
+++ b/typo3/class.browse_links.php
@@ -916,7 +916,7 @@ class browse_links {
 		';
 
 		if ($this->mode == 'wizard')	{	// Functions used, if the link selector is in wizard mode (= TCEforms fields)
-			if (!$this->areFieldChangeFunctionsValid()) {
+			if (!$this->areFieldChangeFunctionsValid() && !$this->areFieldChangeFunctionsValid(TRUE)) {
 				$this->P['fieldChangeFunc'] = array();
 			}
 			unset($this->P['fieldChangeFunc']['alert']);
@@ -930,6 +930,7 @@ class browse_links {
 			$P2['itemName']=$this->P['itemName'];
 			$P2['formName']=$this->P['formName'];
 			$P2['fieldChangeFunc']=$this->P['fieldChangeFunc'];
+			$P2['fieldChangeFuncHash'] = t3lib_div::hmac(serialize($this->P['fieldChangeFunc']));
 			$P2['params']['allowedExtensions']=$this->P['params']['allowedExtensions'];
 			$P2['params']['blindLinkOptions']=$this->P['params']['blindLinkOptions'];
 			$addPassOnParams.=t3lib_div::implodeArrayForUrl('P',$P2);
@@ -2799,13 +2800,33 @@ class browse_links {
 	 * Determines whether submitted field change functions are valid
 	 * and are coming from the system and not from an external abuse.
 	 *
+	 * @param boolean $allowFlexformSections Whether to handle flexform sections differently
 	 * @return boolean Whether the submitted field change functions are valid
 	 */
-	protected function areFieldChangeFunctionsValid() {
-		return (
-			isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])
-			&& $this->P['fieldChangeFuncHash'] == t3lib_div::hmac(serialize($this->P['fieldChangeFunc']))
-		);
+	protected function areFieldChangeFunctionsValid($handleFlexformSections = FALSE) {
+		$result = FALSE;
+
+		if (isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])) {
+			$matches = array();
+			$pattern = '#\[el\]\[(([^]-]+-[^]-]+-)(idx\d+-)([^]]+))\]#i';
+
+			$fieldChangeFunctions = $this->P['fieldChangeFunc'];
+
+				// Special handling of flexform sections:
+				// Field change functions are modified in JavaScript, thus the hash is always invalid
+			if ($handleFlexformSections && preg_match($pattern, $this->P['itemName'], $matches)) {
+				$originalName = $matches[1];
+				$cleanedName = $matches[2] . $matches[4];
+
+				foreach ($fieldChangeFunctions as &$value) {
+					$value = str_replace($originalName, $cleanedName, $value);
+				}
+			}
+
+			$result = ($this->P['fieldChangeFuncHash'] === t3lib_div::hmac(serialize($fieldChangeFunctions)));
+		}
+
+		return $result;
 	}
 }
 
-- 
2.20.1