Added tipHash marker in form template for different url encoding methods tipafriend_plus_0-1-7
authorNicole Cordes <cordes@cps-it.de>
Thu, 30 May 2013 19:24:16 +0000 (21:24 +0200)
committerNicole Cordes <cordes@cps-it.de>
Fri, 31 May 2013 13:19:48 +0000 (15:19 +0200)
ChangeLog
doc/manual.sxw
ext_emconf.php
pi1/class.tx_tipafriendplus_pi1.php
pi1/tipafriend_plus_css.tmpl

index e2fd4f5..a7b0202 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2013-05-30     Nicole Cordes <cordes@cps-it.de>
+
+       * Added tipHash marker in form template for different url encoding methods
+
 2013-05-21     Nicole Cordes <cordes@cps-it.de>
 
        * Added tipHash as security parameter to avoid XSS on links
index 433d859..9f4b0a7 100644 (file)
Binary files a/doc/manual.sxw and b/doc/manual.sxw differ
index b7de775..336d244 100644 (file)
@@ -3,7 +3,7 @@
 /***************************************************************
  * Extension Manager/Repository config file for ext "tipafriend_plus".
  *
- * Auto generated 13-05-2013 22:14
+ * Auto generated 31-05-2013 15:16
  *
  * Manual updates:
  * Only the data in the array - everything else is removed by next
@@ -15,7 +15,7 @@ $EM_CONF[$_EXTKEY] = array(
        'description' => 'Send a tip (link to typo3-page) to somebody. Based on Tip-A-Friend.',
        'category' => 'plugin',
        'shy' => 0,
-       'version' => '0.1.6',
+       'version' => '0.1.7',
        'dependencies' => '',
        'conflicts' => '',
        'priority' => '',
@@ -41,7 +41,9 @@ $EM_CONF[$_EXTKEY] = array(
                'suggests' => array(
                ),
        ),
-       '_md5_values_when_last_written' => 'a:21:{s:9:"ChangeLog";s:4:"7f67";s:12:"ext_icon.gif";s:4:"3b63";s:17:"ext_localconf.php";s:4:"92c0";s:14:"ext_tables.php";s:4:"7d2b";s:28:"ext_typoscript_constants.txt";s:4:"6d7b";s:24:"ext_typoscript_setup.txt";s:4:"3fd8";s:15:"flexform_ds.xml";s:4:"38e5";s:13:"locallang.xml";s:4:"6037";s:16:"locallang_db.xml";s:4:"67b5";s:17:"locallang_tca.xml";s:4:"0f54";s:10:"README.txt";s:4:"9fa9";s:14:"doc/manual.sxw";s:4:"eb20";s:19:"doc/wizard_form.dat";s:4:"9960";s:20:"doc/wizard_form.html";s:4:"b82d";s:14:"pi1/ce_wiz.gif";s:4:"02b6";s:35:"pi1/class.tx_tipafriendplus_pi1.php";s:4:"d1af";s:43:"pi1/class.tx_tipafriendplus_pi1_wizicon.php";s:4:"c8fe";s:13:"pi1/clear.gif";s:4:"cc11";s:17:"pi1/locallang.xml";s:4:"faf1";s:28:"pi1/tipafriend_plus_css.tmpl";s:4:"9aa6";s:23:"res/tipafriend_plus.css";s:4:"9608";}',
+       '_md5_values_when_last_written' => 'a:21:{s:9:"ChangeLog";s:4:"703a";s:12:"ext_icon.gif";s:4:"3b63";s:17:"ext_localconf.php";s:4:"92c0";s:14:"ext_tables.php";s:4:"7d2b";s:28:"ext_typoscript_constants.txt";s:4:"6d7b";s:24:"ext_typoscript_setup.txt";s:4:"3fd8";s:15:"flexform_ds.xml";s:4:"38e5";s:13:"locallang.xml";s:4:"6037";s:16:"locallang_db.xml";s:4:"67b5";s:17:"locallang_tca.xml";s:4:"0f54";s:10:"README.txt";s:4:"9fa9";s:14:"doc/manual.sxw";s:4:"63ac";s:19:"doc/wizard_form.dat";s:4:"9960";s:20:"doc/wizard_form.html";s:4:"b82d";s:14:"pi1/ce_wiz.gif";s:4:"02b6";s:35:"pi1/class.tx_tipafriendplus_pi1.php";s:4:"e7c4";s:43:"pi1/class.tx_tipafriendplus_pi1_wizicon.php";s:4:"c8fe";s:13:"pi1/clear.gif";s:4:"cc11";s:17:"pi1/locallang.xml";s:4:"8516";s:28:"pi1/tipafriend_plus_css.tmpl";s:4:"be94";s:23:"res/tipafriend_plus.css";s:4:"9608";}',
+       'suggests' => array(
+       ),
 );
 
 ?>
\ No newline at end of file
index 3ac24ec..e2debcb 100644 (file)
@@ -134,7 +134,7 @@ class tx_tipafriendplus_pi1 extends tslib_pibase {
                        $tipData = t3lib_div::_GP('TIPFORM');
                        $tipData['recipient'] = $this->getRecipients($tipData['recipient']);
                        list($tipData['email']) = explode(',',$this->getRecipients($tipData['email']));
-                       $url = htmlspecialchars(strip_tags($tipUrl));
+                       $url = strip_tags($tipUrl);
 
                                // Preparing markers
                        $wrappedSubpartArray=array();
@@ -147,6 +147,11 @@ class tx_tipafriendplus_pi1 extends tslib_pibase {
                        $markerArray['###URL_SPECIALCHARS###']=htmlspecialchars($url);
                        $markerArray['###URL_DISPLAY###']=htmlspecialchars(strlen($url)>70 ? t3lib_div::fixed_lgd($url,30).t3lib_div::fixed_lgd($url,-30) : $url);
 
+                       $markerArray['###HASH###']=t3lib_div::hmac($url, $this->hmacSalt);
+                       $markerArray['###HASH_ENCODED###']=t3lib_div::hmac(rawurlencode($url), $this->hmacSalt);
+                       // Because htmlspecialchared urls are resolved correctly (browsers convert the link themselves) we just need the normal hash
+                       $markerArray['###HASH_SPECIALCHARS###']=t3lib_div::hmac($url, $this->hmacSalt);
+
                $markerArray['###TAF_LABEL_ERROR###']=$this->pi_getLL('error');
                $markerArray['###TAF_ERROR_EXPL###']=$this->pi_getLL('error_expl');
                $markerArray['###TAF_LABEL_NAME###']=$this->pi_getLL('name');
index 7d9d38d..81b7a72 100644 (file)
@@ -113,6 +113,7 @@ GC4
 </div>
 
 <input type="hidden" name="tipUrl" value="###URL_SPECIALCHARS###">
+<input type="hidden" name="tipHash" value="###HASH_SPECIALCHARS###">
 <input type="hidden" name="sendTip" value="1">
 
 </form>