Commit 006a2e1f authored by Michiel Roos's avatar Michiel Roos Committed by Stefan Neufeind
Browse files

[CLEANUP] $LANG->JScharCode() => quoteJSvalue()

Replace JscharCode() with GeneralUtility::quoteJSvalue()

Instead of making JavaScript use a String.fromCharCode, it will now use
a sanitized quoted string.

Change-Id: Idf81d5524d4bbb60b515670aa13648aa52064905
Resolves: #55009
Releases: 6.2
Reviewed-on: https://review.typo3.org/27380
Reviewed-by: Markus Klein
Tested-by: Markus Klein
Reviewed-by: Michiel Roos
Tested-by: Michiel Roos
Reviewed-by: Stefan Neufeind
Tested-by: Stefan Neufeind
parent bfe28304
......@@ -439,7 +439,7 @@ class ClickMenu {
$editOnClick = '';
$loc = 'top.content.list_frame';
if ($GLOBALS['BE_USER']->jsConfirmation(2)) {
$conf = $loc . ' && confirm(' . $GLOBALS['LANG']->JScharCode(sprintf($GLOBALS['LANG']->sL(('LLL:EXT:lang/locallang_core.xlf:mess.' . ($elInfo[2] == 'copy' ? 'copy' : 'move') . '_' . $type)), $elInfo[0], $elInfo[1])) . ')';
$conf = $loc . ' && confirm(' . GeneralUtility::quoteJSvalue(sprintf($GLOBALS['LANG']->sL(('LLL:EXT:lang/locallang_core.xlf:mess.' . ($elInfo[2] == 'copy' ? 'copy' : 'move') . '_' . $type)), $elInfo[0], $elInfo[1])) . ')';
} else {
$conf = $loc;
}
......@@ -635,7 +635,7 @@ class ClickMenu {
$editOnClick = '';
$loc = 'top.content.list_frame';
if ($GLOBALS['BE_USER']->jsConfirmation(4)) {
$conf = 'confirm(' . $GLOBALS['LANG']->JScharCode((sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.delete'), $elInfo[0]) . BackendUtility::referenceCount($table, $uid, ' (There are %s reference(s) to this record!)') . BackendUtility::translationCount($table, $uid, (' ' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.translationsOfRecord'))))) . ')';
$conf = 'confirm(' . GeneralUtility::quoteJSvalue((sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.delete'), $elInfo[0]) . BackendUtility::referenceCount($table, $uid, ' (There are %s reference(s) to this record!)') . BackendUtility::translationCount($table, $uid, (' ' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.translationsOfRecord'))))) . ')';
} else {
$conf = '1==1';
}
......@@ -930,7 +930,7 @@ class ClickMenu {
$editOnClick = '';
$loc = 'top.content.list_frame';
if ($GLOBALS['BE_USER']->jsConfirmation(4)) {
$conf = 'confirm(' . $GLOBALS['LANG']->JScharCode((sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.delete'), basename($path)) . BackendUtility::referenceCount('_FILE', $path, ' (There are %s reference(s) to this file!)'))) . ')';
$conf = 'confirm(' . GeneralUtility::quoteJSvalue((sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.delete'), basename($path)) . BackendUtility::referenceCount('_FILE', $path, ' (There are %s reference(s) to this file!)'))) . ')';
} else {
$conf = '1==1';
}
......@@ -952,7 +952,7 @@ class ClickMenu {
$editOnClick = '';
$loc = 'top.content.list_frame';
if ($GLOBALS['BE_USER']->jsConfirmation(2)) {
$conf = $loc . ' && confirm(' . $GLOBALS['LANG']->JScharCode(sprintf($GLOBALS['LANG']->sL(('LLL:EXT:lang/locallang_core.xlf:mess.' . ($elInfo[2] == 'copy' ? 'copy' : 'move') . '_into')), $elInfo[0], $elInfo[1])) . ')';
$conf = $loc . ' && confirm(' . GeneralUtility::quoteJSvalue(sprintf($GLOBALS['LANG']->sL(('LLL:EXT:lang/locallang_core.xlf:mess.' . ($elInfo[2] == 'copy' ? 'copy' : 'move') . '_into')), $elInfo[0], $elInfo[1])) . ')';
} else {
$conf = $loc;
}
......
......@@ -293,7 +293,7 @@ class Clipboard {
if ($elCount) {
if ($GLOBALS['BE_USER']->jsConfirmation(4)) {
$js = '
if (confirm(' . $GLOBALS['LANG']->JScharCode(sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.deleteClip'), $elCount)) . ')){
if (confirm(' . GeneralUtility::quoteJSvalue(sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.deleteClip'), $elCount)) . ')){
window.location.href=\'' . $this->deleteUrl(0, ($this->fileMode ? 1 : 0)) . '&redirect=\'+top.rawurlencode(window.location.href);
}
';
......@@ -652,7 +652,7 @@ class Clipboard {
}
// Message
$conf = 'confirm(' . $GLOBALS['LANG']->JScharCode(sprintf($msg, GeneralUtility::fixed_lgd_cs($selRecTitle, 30), GeneralUtility::fixed_lgd_cs($thisRecTitle, 30), GeneralUtility::fixed_lgd_cs($columnLabel, 30))) . ')';
$conf = 'confirm(' . GeneralUtility::quoteJSvalue(sprintf($msg, GeneralUtility::fixed_lgd_cs($selRecTitle, 30), GeneralUtility::fixed_lgd_cs($thisRecTitle, 30), GeneralUtility::fixed_lgd_cs($columnLabel, 30))) . ')';
} else {
$conf = '';
}
......
......@@ -575,7 +575,7 @@ class BackendController {
} else {
$this->js .= '
// Warning about page editing:
alert(' . $GLOBALS['LANG']->JScharCode(sprintf($GLOBALS['LANG']->getLL('noEditPage'), $editId)) . ');
alert(' . GeneralUtility::quoteJSvalue(sprintf($GLOBALS['LANG']->getLL('noEditPage'), $editId)) . ');
';
}
}
......
......@@ -633,7 +633,7 @@ class EditDocumentController {
}
function deleteRecord(table,id,url) { //
if (
' . ($GLOBALS['BE_USER']->jsConfirmation(4) ? 'confirm(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->getLL('deleteWarning')) . ')' : '1==1') . '
' . ($GLOBALS['BE_USER']->jsConfirmation(4) ? 'confirm(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->getLL('deleteWarning')) . ')' : '1==1') . '
) {
window.location.href = "tce_db.php?cmd["+table+"]["+id+"][delete]=1' . BackendUtility::getUrlToken('tceAction') . '&redirect="+escape(url)+"&vC=' . $GLOBALS['BE_USER']->veriCode() . '&prErr=1&uPT=1";
}
......
......@@ -135,7 +135,7 @@ class CreateFolderController {
var path = "' . $this->target . '";
function reload(a) { //
if (!changed || (changed && confirm(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.redraw')) . '))) {
if (!changed || (changed && confirm(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.redraw')) . '))) {
var params = "&target="+encodeURIComponent(path)+"&number="+a+"&returnUrl=' . rawurlencode($this->returnUrl) . '";
window.location.href = "file_newfolder.php?"+params;
}
......@@ -243,7 +243,7 @@ class CreateFolderController {
);
// Back
if ($this->returnUrl) {
$docHeaderButtons['back'] = '<a href="' . htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::linkThisUrl($this->returnUrl)) . '" class="typo3-goBack" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack', TRUE) . '">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-view-go-back') . '</a>';
$docHeaderButtons['back'] = '<a href="' . htmlspecialchars(GeneralUtility::linkThisUrl($this->returnUrl)) . '" class="typo3-goBack" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.goBack', TRUE) . '">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-view-go-back') . '</a>';
}
// Add the HTML as a section:
$markerArray = array(
......
......@@ -439,7 +439,7 @@ class PageLayoutController {
' . ($this->popView ? BackendUtility::viewOnClick($this->id, $GLOBALS['BACK_PATH'], BackendUtility::BEgetRootLine($this->id)) : '') . '
function deleteRecord(table,id,url) { //
if (confirm(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->getLL('deleteWarning')) . ')) {
if (confirm(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->getLL('deleteWarning')) . ')) {
window.location.href = "' . $GLOBALS['BACK_PATH'] . 'tce_db.php?cmd["+table+"]["+id+"][delete]=1&redirect="+escape(url)+"&vC=' . $GLOBALS['BE_USER']->veriCode() . BackendUtility::getUrlToken('tceAction') . '&prErr=1&uPT=1";
}
return false;
......
......@@ -698,7 +698,7 @@ class InlineElement {
// "Delete" link:
if ($enabledControls['delete'] && ($isPagesTable && $localCalcPerms & 4 || !$isPagesTable && $calcPerms & 16)) {
$onClick = 'inline.deleteRecord(\'' . $nameObjectFtId . '\');';
$cells['delete'] = '<a href="#" onclick="' . htmlspecialchars(('if (confirm(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->getLL('deleteWarning')) . ')) { ' . $onClick . ' } return false;')) . '">' . IconUtility::getSpriteIcon('actions-edit-delete', array('title' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:delete', TRUE))) . '</a>';
$cells['delete'] = '<a href="#" onclick="' . htmlspecialchars(('if (confirm(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->getLL('deleteWarning')) . ')) { ' . $onClick . ' } return false;')) . '">' . IconUtility::getSpriteIcon('actions-edit-delete', array('title' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:delete', TRUE))) . '</a>';
}
// "Hide/Unhide" links:
......@@ -729,7 +729,7 @@ class InlineElement {
}
// If the record is edit-locked by another user, we will show a little warning sign:
if ($lockInfo = BackendUtility::isRecordLocked($foreign_table, $rec['uid'])) {
$cells['locked'] = '<a href="#" onclick="' . htmlspecialchars(('alert(' . $GLOBALS['LANG']->JScharCode($lockInfo['msg']) . ');return false;')) . '">' . IconUtility::getSpriteIcon('status-warning-in-use', array('title' => htmlspecialchars($lockInfo['msg']))) . '</a>';
$cells['locked'] = '<a href="#" onclick="alert(' . GeneralUtility::quoteJSvalue($lockInfo['msg']) . ');return false;">' . IconUtility::getSpriteIcon('status-warning-in-use', array('title' => $lockInfo['msg'])) . '</a>';
}
// Hook: Post-processing of single controls for specific child records:
foreach ($this->hookObjects as $hookObj) {
......
......@@ -3915,7 +3915,7 @@ TBE_EDITOR.customEvalFunctions[\'' . $evalData . '\'] = function(value) {
foreach ($clipElements as $elValue) {
if ($mode == 'db') {
list($itemTable, $itemUid) = explode('|', $elValue);
$itemTitle = $GLOBALS['LANG']->JScharCode(BackendUtility::getRecordTitle($itemTable, BackendUtility::getRecordWSOL($itemTable, $itemUid)));
$itemTitle = GeneralUtility::quoteJSvalue(BackendUtility::getRecordTitle($itemTable, BackendUtility::getRecordWSOL($itemTable, $itemUid)));
$elValue = $itemTable . '_' . $itemUid;
} else {
// 'file', 'file_reference' and 'folder' mode
......@@ -4172,7 +4172,7 @@ TBE_EDITOR.customEvalFunctions[\'' . $evalData . '\'] = function(value) {
case 'colorbox':
// Current form value is passed as P[currentValue]!
$addJS = $wConf['popup_onlyOpenIfSelected'] ? 'if (!TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\')){alert(' . $GLOBALS['LANG']->JScharCode($this->getLL('m_noSelItemForEdit')) . '); return false;}' : '';
$addJS = $wConf['popup_onlyOpenIfSelected'] ? 'if (!TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\')){alert(' . GeneralUtility::quoteJSvalue($this->getLL('m_noSelItemForEdit')) . '); return false;}' : '';
$curSelectedValues = '+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\')';
$aOnClick = $this->blur() . $addJS . 'vHWin=window.open(\'' . $url . GeneralUtility::implodeArrayForUrl('', array('P' => $params)) . '\'+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' . $this->elName($itemName) . '.value,200)' . $curSelectedValues . ',\'popUp' . $md5ID . '\',\'' . $wConf['JSopenParams'] . '\');' . 'vHWin.focus();return false;';
// Setting "colorBoxLinks" - user LATER to wrap around the color box as well:
......@@ -5675,10 +5675,10 @@ TBE_EDITOR.customEvalFunctions[\'' . $evalData . '\'] = function(value) {
TBE_EDITOR.prependFormFieldNamesCnt = ' . substr_count($this->prependFormFieldNames, '[') . ';
TBE_EDITOR.isPalettedoc = ' . ($this->isPalettedoc ? addslashes($this->isPalettedoc) : 'null') . ';
TBE_EDITOR.doSaveFieldName = "' . ($this->doSaveFieldName ? addslashes($this->doSaveFieldName) : '') . '";
TBE_EDITOR.labels.fieldsChanged = ' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.fieldsChanged')) . ';
TBE_EDITOR.labels.fieldsMissing = ' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.fieldsMissing')) . ';
TBE_EDITOR.labels.refresh_login = ' . $GLOBALS['LANG']->JScharCode($this->getLL('m_refresh_login')) . ';
TBE_EDITOR.labels.onChangeAlert = ' . $GLOBALS['LANG']->JScharCode($this->getLL('m_onChangeAlert')) . ';
TBE_EDITOR.labels.fieldsChanged = ' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.fieldsChanged')) . ';
TBE_EDITOR.labels.fieldsMissing = ' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.fieldsMissing')) . ';
TBE_EDITOR.labels.refresh_login = ' . GeneralUtility::quoteJSvalue($this->getLL('m_refresh_login')) . ';
TBE_EDITOR.labels.onChangeAlert = ' . GeneralUtility::quoteJSvalue($this->getLL('m_onChangeAlert')) . ';
evalFunc.USmode = ' . ($GLOBALS['TYPO3_CONF_VARS']['SYS']['USdateFormat'] ? '1' : '0') . ';
TBE_EDITOR.backend_interface = "' . $GLOBALS['BE_USER']->uc['interfaceSetup'] . '";
......
......@@ -606,7 +606,7 @@ class DocumentTemplate {
} else {
$mMN = '';
}
$onClick = 'top.ShortcutManager.createShortcut(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark')) . ', ' . '\'' . $backPath . '\', ' . '\'' . rawurlencode($modName) . '\', ' . '\'' . rawurlencode(($pathInfo['path'] . '?' . $storeUrl)) . $mMN . '\'' . ');return false;';
$onClick = 'top.ShortcutManager.createShortcut(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark')) . ', ' . '\'' . $backPath . '\', ' . '\'' . rawurlencode($modName) . '\', ' . '\'' . rawurlencode(($pathInfo['path'] . '?' . $storeUrl)) . $mMN . '\'' . ');return false;';
$sIcon = '<a href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.makeBookmark', TRUE) . '">' . IconUtility::getSpriteIcon('actions-system-shortcut-new') . '</a>';
return $sIcon;
}
......
......@@ -1178,7 +1178,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
}
// Delete
$params = '&cmd[tt_content][' . $row['uid'] . '][delete]=1';
$confirm = $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->getLL('deleteWarning') . BackendUtility::translationCount('tt_content', $row['uid'], (' ' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.translationsOfRecord'))));
$confirm = GeneralUtility::quoteJSvalue($GLOBALS['LANG']->getLL('deleteWarning') . BackendUtility::translationCount('tt_content', $row['uid'], (' ' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.translationsOfRecord'))));
$out .= '<a href="' . htmlspecialchars($GLOBALS['SOBE']->doc->issueCommand($params)) . '" onclick="' . htmlspecialchars(('return confirm(' . $confirm . ');')) . '" title="' . $GLOBALS['LANG']->getLL('deleteItem', TRUE) . '">' . IconUtility::getSpriteIcon('actions-edit-delete') . '</a>';
if (!$disableMoveAndNewButtons) {
$moveButtonContent = '';
......@@ -1214,7 +1214,7 @@ class PageLayoutView extends \TYPO3\CMS\Recordlist\RecordList\AbstractDatabaseRe
$additionalIcons[] = $langMode ? $this->languageFlag($row['sys_language_uid'], FALSE) : '';
// Get record locking status:
if ($lockInfo = BackendUtility::isRecordLocked('tt_content', $row['uid'])) {
$additionalIcons[] = '<a href="#" onclick="' . htmlspecialchars(('alert(' . $GLOBALS['LANG']->JScharCode($lockInfo['msg']) . ');return false;')) . '" title="' . htmlspecialchars($lockInfo['msg']) . '">' . IconUtility::getSpriteIcon('status-warning-in-use') . '</a>';
$additionalIcons[] = '<a href="#" onclick="alert(' . GeneralUtility::quoteJSvalue($lockInfo['msg']) . ');return false;" title="' . htmlspecialchars($lockInfo['msg']) . '">' . IconUtility::getSpriteIcon('status-warning-in-use') . '</a>';
}
// Call stats information hook
if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['recStatInfoHooks'])) {
......
......@@ -84,8 +84,8 @@ class PageTreeView extends \TYPO3\CMS\Backend\Tree\View\BrowseTreeView {
public function wrapIcon($thePageIcon, &$row) {
// If the record is locked, present a warning sign.
if ($lockInfo = \TYPO3\CMS\Backend\Utility\BackendUtility::isRecordLocked('pages', $row['uid'])) {
$aOnClick = 'alert(' . $GLOBALS['LANG']->JScharCode($lockInfo['msg']) . ');return false;';
$lockIcon = '<a href="#" onclick="' . htmlspecialchars($aOnClick) . '">' . IconUtility::getSpriteIcon('status-warning-in-use', array('title' => htmlspecialchars($lockInfo['msg']))) . '</a>';
$aOnClick = 'alert(' . GeneralUtility::quoteJSvalue($lockInfo['msg']) . ');return false;';
$lockIcon = '<a href="#" onclick="' . htmlspecialchars($aOnClick) . '">' . IconUtility::getSpriteIcon('status-warning-in-use', array('title' => $lockInfo['msg'])) . '</a>';
} else {
$lockIcon = '';
}
......
......@@ -266,7 +266,7 @@ class FileList extends \TYPO3\CMS\Backend\RecordList\AbstractRecordList {
public function linkClipboardHeaderIcon($string, $table, $cmd, $warning = '') {
$onClickEvent = 'document.dblistForm.cmd.value=\'' . $cmd . '\';document.dblistForm.submit();';
if ($warning) {
$onClickEvent = 'if (confirm(' . $GLOBALS['LANG']->JScharCode($warning) . ')){' . $onClickEvent . '}';
$onClickEvent = 'if (confirm(' . GeneralUtility::quoteJSvalue($warning) . ')){' . $onClickEvent . '}';
}
return '<a href="#" onclick="' . htmlspecialchars($onClickEvent) . 'return false;">' . $string . '</a>';
}
......@@ -868,7 +868,7 @@ class FileList extends \TYPO3\CMS\Backend\RecordList\AbstractRecordList {
}
if ($GLOBALS['BE_USER']->jsConfirmation(4)) {
$confirmationCheck = 'confirm(' . $GLOBALS['LANG']->JScharCode(sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.delete'), basename($identifier)) . $referenceCountText) . ')';
$confirmationCheck = 'confirm(' . GeneralUtility::quoteJSvalue(sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:mess.delete'), basename($identifier)) . $referenceCountText) . ')';
} else {
$confirmationCheck = '1 == 1';
}
......
......@@ -26,6 +26,7 @@ namespace TYPO3\CMS\Lang;
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
use TYPO3\CMS\Core\Utility\GeneralUtility;
/**
* Contains the TYPO3 Backend Language class
......@@ -213,9 +214,12 @@ class LanguageService {
*
* @param string $str Input string, encoded with UTF-8
* @return string Output string, a JavaScript function: "String.fromCharCode(......)
* @depreacted since 6.2 - will be removed two versions later; use GeneralUtility::quoteJSvalue() instead
*/
public function JScharCode($str) {
// Convert the UTF-8 string into a array of char numbers:
GeneralUtility::logDeprecatedFunction();
// Convert the UTF-8 string into a array of char numbers:
$nArr = $this->csConvObj->utf8_to_numberarray($str);
return 'String.fromCharCode(' . implode(',', $nArr) . ')';
}
......
......@@ -1932,7 +1932,7 @@ class ElementBrowser {
}
if (strstr($folderPath, ',') || strstr($folderPath, '|')) {
// In case an invalid character is in the filepath, display error message:
$errorMessage = $GLOBALS['LANG']->JScharCode(sprintf($GLOBALS['LANG']->getLL('invalidChar'), ', |'));
$errorMessage = GeneralUtility::quoteJSvalue(sprintf($GLOBALS['LANG']->getLL('invalidChar'), ', |'));
$aTag = ($aTag_alt = '<a href="#" onclick="alert(' . $errorMessage . ');return false;">');
} else {
// If foldername is OK, just add it:
......
......@@ -638,7 +638,7 @@ class DatabaseRecordList extends \TYPO3\CMS\Recordlist\RecordList\AbstractDataba
$recTitle = BackendUtility::getRecordTitle($table, $row, FALSE, TRUE);
// If the record is edit-locked by another user, we will show a little warning sign:
if ($lockInfo = BackendUtility::isRecordLocked($table, $row['uid'])) {
$warning = '<a href="#" onclick="' . htmlspecialchars(('alert(' . $GLOBALS['LANG']->JScharCode($lockInfo['msg']) . '); return false;')) . '" title="' . htmlspecialchars($lockInfo['msg']) . '">' . IconUtility::getSpriteIcon('status-warning-in-use') . '</a>';
$warning = '<a href="#" onclick="alert(' . GeneralUtility::quoteJSvalue($lockInfo['msg']) . '); return false;" title="' . htmlspecialchars($lockInfo['msg']) . '">' . IconUtility::getSpriteIcon('status-warning-in-use') . '</a>';
}
$theData[$fCol] = $warning . $this->linkWrapItems($table, $row['uid'], $recTitle, $row);
// Render thumbnails, if:
......@@ -1128,7 +1128,7 @@ class DatabaseRecordList extends \TYPO3\CMS\Recordlist\RecordList\AbstractDataba
$titleOrig = BackendUtility::getRecordTitle($table, $row, FALSE, TRUE);
$title = GeneralUtility::slashJS(GeneralUtility::fixed_lgd_cs($titleOrig, $this->fixedL), 1);
$warningText = $GLOBALS['LANG']->JScharCode(
$warningText = GeneralUtility::quoteJSvalue(
$GLOBALS['LANG']->getLL($actionName . 'Warning') . ' "' . $title . '" ' . $refCountMsg
);
......@@ -1413,7 +1413,7 @@ class DatabaseRecordList extends \TYPO3\CMS\Recordlist\RecordList\AbstractDataba
public function linkClipboardHeaderIcon($string, $table, $cmd, $warning = '') {
$onClickEvent = 'document.dblistForm.cmd.value=\'' . $cmd . '\';document.dblistForm.cmd_table.value=\'' . $table . '\';document.dblistForm.submit();';
if ($warning) {
$onClickEvent = 'if (confirm(' . $GLOBALS['LANG']->JScharCode($warning) . ')){' . $onClickEvent . '}';
$onClickEvent = 'if (confirm(' . GeneralUtility::quoteJSvalue($warning) . ')){' . $onClickEvent . '}';
}
return '<a href="#" onclick="' . htmlspecialchars(($onClickEvent . 'return false;')) . '">' . $string . '</a>';
}
......
......@@ -970,7 +970,7 @@ class BrowseLinks extends \TYPO3\CMS\Recordlist\Browser\ElementBrowser {
$label = $GLOBALS['LANG']->sL(trim($string));
}
$label = str_replace('"', '\\"', str_replace('\\\'', '\'', $label));
$label = $JScharCode ? $GLOBALS['LANG']->JScharCode($label) : $label;
$label = $JScharCode ? GeneralUtility::quoteJSvalue($label) : $label;
return $label;
}
......
......@@ -1263,7 +1263,7 @@ class RteHtmlAreaBase extends \TYPO3\CMS\Backend\Rte\AbstractRte {
* @return string Localized string.
*/
public function getLLContent($string) {
return $this->contentLanguageService->JScharCode($this->contentLanguageService->sL($string));
return GeneralUtility::quoteJSvalue($this->contentLanguageService->sL($string));
}
public function getPageConfigLabel($string, $JScharCode = 1) {
......@@ -1284,7 +1284,7 @@ class RteHtmlAreaBase extends \TYPO3\CMS\Backend\Rte\AbstractRte {
$label = $LANG->sL(trim($string));
}
$label = str_replace('"', '\\"', str_replace('\\\'', '\'', $label));
$label = $JScharCode ? $LANG->JScharCode($label) : $label;
$label = $JScharCode ? GeneralUtility::quoteJSvalue($label) : $label;
}
return $label;
}
......@@ -1297,9 +1297,8 @@ class RteHtmlAreaBase extends \TYPO3\CMS\Backend\Rte\AbstractRte {
if ($this->OutputCharset != 'utf-8') {
$str = $GLOBALS['TSFE']->csConvObj->utf8_encode($str, $this->OutputCharset);
}
// Convert the UTF-8 string into a array of char numbers:
$nArr = $GLOBALS['TSFE']->csConvObj->utf8_to_numberarray($str);
return 'String.fromCharCode(' . implode(',', $nArr) . ')';
// Convert the UTF-8 string into a 'JavaScript-safe' encoded string:
return GeneralUtility::quoteJSvalue($str);
}
public function getFullFileName($filename) {
......
<?php
namespace TYPO3\CMS\Rtehtmlarea;
use TYPO3\CMS\Core\Utility\GeneralUtility;
/***************************************************************
* Copyright notice
*
......@@ -95,7 +97,7 @@ class User {
if(!editor.getSelection().isEmpty()) {
editor.getSelection().surroundHtml(wrap1,wrap2);
} else {
alert(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->getLL('noTextSelection')) . ');
alert(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->getLL('noTextSelection')) . ');
}
if(!noHide) plugin.close();
};
......@@ -239,7 +241,7 @@ class User {
switch ((string) $v[($k2i . '.')]['mode']) {
case 'wrap':
$wrap = explode('|', $v[$k2i . '.']['content']);
$onClickEvent = 'wrapHTML(' . $GLOBALS['LANG']->JScharCode($wrap[0]) . ',' . $GLOBALS['LANG']->JScharCode($wrap[1]) . ',false);';
$onClickEvent = 'wrapHTML(' . GeneralUtility::quoteJSvalue($wrap[0]) . ',' . GeneralUtility::quoteJSvalue($wrap[1]) . ',false);';
break;
case 'processor':
$script = trim($v[$k2i . '.']['submitToScript']);
......@@ -247,13 +249,13 @@ class User {
$script = $this->siteUrl . $script;
}
if ($script) {
$onClickEvent = 'processSelection(' . $GLOBALS['LANG']->JScharCode($script) . ');';
$onClickEvent = 'processSelection(' . GeneralUtility::quoteJSvalue($script) . ');';
}
break;
case 'insert':
default:
$onClickEvent = 'insertHTML(' . $GLOBALS['LANG']->JScharCode($v[($k2i . '.')]['content']) . ');';
$onClickEvent = 'insertHTML(' . GeneralUtility::quoteJSvalue($v[($k2i . '.')]['content']) . ');';
}
$A = array('<a href="#" onClick="' . $onClickEvent . 'return false;">', '</a>');
$subcats[$k2i] = '<tr>
......
......@@ -404,7 +404,7 @@ class ActionTask implements \TYPO3\CMS\Taskcenter\TaskInterface {
$href = 'mod.php?M=user_task&SET[function]=sys_action.tx_sysaction_task&show=' . (int)$sysActionUid . '&be_users_uid=' . (int)$userId;
$link = '<a href="' . htmlspecialchars($href) . '">' . htmlspecialchars($username) . '</a>';
// Link to delete the user record
$onClick = ' onClick="return confirm(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->getLL('lDelete_warning')) . ');"';
$onClick = ' onClick="return confirm(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->getLL('lDelete_warning')) . ');"';
$link .= '
<a href="' . htmlspecialchars(($href . '&delete=1')) . '" ' . $onClick . '>
<img' . \TYPO3\CMS\Backend\Utility\IconUtility::skinImg($GLOBALS['BACK_PATH'], 'gfx/delete_record.gif') . ' alt="" />
......
......@@ -141,7 +141,7 @@ class SortPagesWizardModuleFunction extends \TYPO3\CMS\Backend\Module\AbstractFu
* @todo Define visibility
*/
public function wiz_linkOrder($title, $order) {
return '<a class="t3-link" href="' . htmlspecialchars(('index.php?id=' . $GLOBALS['SOBE']->id . '&sortByField=' . $order)) . '" onclick="return confirm(' . $GLOBALS['LANG']->JScharCode($GLOBALS['LANG']->getLL('wiz_changeOrder_msg1')) . ')">' . htmlspecialchars($title) . '</a>';
return '<a class="t3-link" href="' . htmlspecialchars(('index.php?id=' . $GLOBALS['SOBE']->id . '&sortByField=' . $order)) . '" onclick="return confirm(' . GeneralUtility::quoteJSvalue($GLOBALS['LANG']->getLL('wiz_changeOrder_msg1')) . ')">' . htmlspecialchars($title) . '</a>';
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment