/** * @test */ public function tokenFromSessionDataIsAvailableForValidateToken() { $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd'; $formName = 'foo'; $action = 'edit'; $formInstanceName = '42'; $tokenId = \TYPO3\CMS\Core\Utility\GeneralUtility::hmac($formName . $action . $formInstanceName . $sessionToken); $_SESSION['installToolFormToken'] = $sessionToken; $this->fixture->_call('retrieveSessionToken'); $this->assertTrue($this->fixture->validateToken($tokenId, $formName, $action, $formInstanceName)); }
/** * Creating the form for editing the TYPO3_CONF_VARS options. * * @param string $type If get_form, display form, otherwise checks and store in localconf.php * @return void * @todo Define visibility */ public function generateConfigForm($type = '') { $default_config_content = \TYPO3\CMS\Core\Utility\GeneralUtility::getUrl(PATH_site . \TYPO3\CMS\Core\Configuration\ConfigurationManager::DEFAULT_CONFIGURATION_FILE); $commentArr = $this->getDefaultConfigArrayComments($default_config_content); switch ($type) { case 'get_form': // Get the template file $templateFile = @file_get_contents(PATH_site . $this->templateFilePath . 'GenerateConfigForm.html'); // Get the template part from the file $template = \TYPO3\CMS\Core\Html\HtmlParser::getSubpart($templateFile, '###TEMPLATE###'); foreach ($GLOBALS['TYPO3_CONF_VARS'] as $k => $va) { $ext = '[' . $k . ']'; $this->message($ext, '$TYPO3_CONF_VARS[\'' . $k . '\']', $commentArr[0][$k], 1); foreach ($va as $vk => $value) { if (isset($GLOBALS['TYPO3_CONF_VARS_extensionAdded'][$k][$vk])) { // Don't allow editing stuff which is added by extensions // Make sure we fix potentially duplicated entries from older setups $potentialValue = str_replace(array('\'.chr(10).\'', '\' . LF . \''), array(LF, LF), $value); while (preg_match('/' . preg_quote($GLOBALS['TYPO3_CONF_VARS_extensionAdded'][$k][$vk], '/') . '$/', '', $potentialValue)) { $potentialValue = preg_replace('/' . preg_quote($GLOBALS['TYPO3_CONF_VARS_extensionAdded'][$k][$vk], '/') . '$/', '', $potentialValue); } $value = $potentialValue; } $textAreaSubpart = ''; $booleanSubpart = ''; $textLineSubpart = ''; $description = trim($commentArr[1][$k][$vk]); $isTextarea = preg_match('/^(<.*?>)?string \\(textarea\\)/i', $description) ? TRUE : FALSE; $doNotRender = preg_match('/^(<.*?>)?string \\(exclude\\)/i', $description) ? TRUE : FALSE; if (!is_array($value) && !$doNotRender && ($this->checkForBadString($value) || $isTextarea)) { $k2 = '[' . $vk . ']'; if ($isTextarea) { // Get the subpart for a textarea $textAreaSubpart = \TYPO3\CMS\Core\Html\HtmlParser::getSubpart($template, '###TEXTAREA###'); // Define the markers content $textAreaMarkers = array('id' => $k . '-' . $vk, 'name' => 'TYPO3_INSTALL[extConfig][' . $k . '][' . $vk . ']', 'value' => htmlspecialchars(str_replace(array('\'.chr(10).\'', '\' . LF . \''), array(LF, LF), $value))); // Fill the markers in the subpart $textAreaSubpart = \TYPO3\CMS\Core\Html\HtmlParser::substituteMarkerArray($textAreaSubpart, $textAreaMarkers, '###|###', TRUE, FALSE); } elseif (preg_match('/^(<.*?>)?boolean/i', $description)) { // Get the subpart for a checkbox $booleanSubpart = \TYPO3\CMS\Core\Html\HtmlParser::getSubpart($template, '###BOOLEAN###'); // Define the markers content $booleanMarkers = array('id' => $k . '-' . $vk, 'name' => 'TYPO3_INSTALL[extConfig][' . $k . '][' . $vk . ']', 'value' => $value && strcmp($value, '0') ? $value : 1, 'checked' => $value ? 'checked="checked"' : ''); // Fill the markers in the subpart $booleanSubpart = \TYPO3\CMS\Core\Html\HtmlParser::substituteMarkerArray($booleanSubpart, $booleanMarkers, '###|###', TRUE, FALSE); } else { // Get the subpart for an input text field $textLineSubpart = \TYPO3\CMS\Core\Html\HtmlParser::getSubpart($template, '###TEXTLINE###'); // Define the markers content $textLineMarkers = array('id' => $k . '-' . $vk, 'name' => 'TYPO3_INSTALL[extConfig][' . $k . '][' . $vk . ']', 'value' => htmlspecialchars($value)); // Fill the markers in the subpart $textLineSubpart = \TYPO3\CMS\Core\Html\HtmlParser::substituteMarkerArray($textLineSubpart, $textLineMarkers, '###|###', TRUE, FALSE); } // Substitute the subpart for a textarea $content = \TYPO3\CMS\Core\Html\HtmlParser::substituteSubpart($template, '###TEXTAREA###', $textAreaSubpart); // Substitute the subpart for a checkbox $content = \TYPO3\CMS\Core\Html\HtmlParser::substituteSubpart($content, '###BOOLEAN###', $booleanSubpart); // Substitute the subpart for an input text field $content = \TYPO3\CMS\Core\Html\HtmlParser::substituteSubpart($content, '###TEXTLINE###', $textLineSubpart); // Define the markers content $markers = array('description' => $description, 'key' => '[' . $k . '][' . $vk . ']', 'label' => htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($value, 40))); // Fill the markers $content = \TYPO3\CMS\Core\Html\HtmlParser::substituteMarkerArray($content, $markers, '###|###', TRUE, FALSE); // Add the content to the message array $this->message($ext, $k2, $content); } } } break; default: if (is_array($this->INSTALL['extConfig'])) { $configurationPathValuePairs = array(); foreach ($this->INSTALL['extConfig'] as $k => $va) { if (is_array($GLOBALS['TYPO3_CONF_VARS'][$k])) { foreach ($va as $vk => $value) { if (isset($GLOBALS['TYPO3_CONF_VARS'][$k][$vk])) { $doit = 1; if ($k == 'BE' && $vk == 'installToolPassword') { if ($value) { if (isset($_POST['installToolPassword_check'])) { if (!$this->formProtection->validateToken((string) $_POST['formToken'], 'installToolPassword', 'change')) { $doit = FALSE; break; } if (!\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('installToolPassword_check') || strcmp(\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('installToolPassword_check'), $value)) { $doit = FALSE; $this->errorMessages[] = 'The two passwords did not ' . 'match! The password was not changed.'; } } if (\TYPO3\CMS\Core\Utility\GeneralUtility::_GP('installToolPassword_md5')) { $value = md5($value); } } else { $doit = 0; } } $description = trim($commentArr[1][$k][$vk]); if (preg_match('/^string \\(textarea\\)/i', $description)) { // Force Unix linebreaks in textareas $value = str_replace(CR, '', $value); // Preserve linebreaks $value = str_replace(LF, '\' . LF . \'', $value); } if (preg_match('/^boolean/i', $description)) { // When submitting settings in the Install Tool, values that default to "FALSE" or "TRUE" // in t3lib/stddb/DefaultConfiguration.php will be sent as "0" resp. "1". Therefore, reset the values // to their boolean equivalent. if ($GLOBALS['TYPO3_CONF_VARS'][$k][$vk] === FALSE && $value === '0') { $value = FALSE; } elseif ($GLOBALS['TYPO3_CONF_VARS'][$k][$vk] === TRUE && $value === '1') { $value = TRUE; } } if ($doit && strcmp($GLOBALS['TYPO3_CONF_VARS'][$k][$vk], $value)) { $configurationPathValuePairs['"' . $k . '"' . '/' . '"' . $vk . '"'] = $value; } } } } } $this->setLocalConfigurationValues($configurationPathValuePairs); } break; } }