/** * constructor * * @param TYPO3backend TYPO3 backend object reference */ public function __construct(TYPO3backend &$backendReference = null) { $this->backendReference = $backendReference; $this->cacheActions = array(); $this->optionValues = array('all', 'pages'); // Clear cache for ALL tables! if ($GLOBALS['BE_USER']->isAdmin() || $GLOBALS['BE_USER']->getTSConfigVal('options.clearCache.all')) { $title = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:rm.clearCacheMenu_all', true); $this->cacheActions[] = array('id' => 'all', 'title' => $title, 'href' => $this->backPath . 'tce_db.php?vC=' . $GLOBALS['BE_USER']->veriCode() . '&cacheCmd=all&ajaxCall=1' . t3lib_BEfunc::getUrlToken('tceAction'), 'icon' => t3lib_iconWorks::getSpriteIcon('actions-system-cache-clear-impact-high')); } // Clear cache for either ALL pages if ($GLOBALS['BE_USER']->isAdmin() || $GLOBALS['BE_USER']->getTSConfigVal('options.clearCache.pages')) { $title = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:rm.clearCacheMenu_pages', true); $this->cacheActions[] = array('id' => 'pages', 'title' => $title, 'href' => $this->backPath . 'tce_db.php?vC=' . $GLOBALS['BE_USER']->veriCode() . '&cacheCmd=pages&ajaxCall=1' . t3lib_BEfunc::getUrlToken('tceAction'), 'icon' => t3lib_iconWorks::getSpriteIcon('actions-system-cache-clear-impact-medium')); } // Clearing of cache-files in typo3conf/ + menu if ($GLOBALS['BE_USER']->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['EXT']['extCache']) { $title = $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:rm.clearCacheMenu_allTypo3Conf', true); $this->cacheActions[] = array('id' => 'temp_CACHED', 'title' => $title, 'href' => $this->backPath . 'tce_db.php?vC=' . $GLOBALS['BE_USER']->veriCode() . '&cacheCmd=temp_CACHED&ajaxCall=1' . t3lib_BEfunc::getUrlToken('tceAction'), 'icon' => t3lib_iconWorks::getSpriteIcon('actions-system-cache-clear-impact-low')); } // hook for manipulate cacheActions if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['additionalBackendItems']['cacheActions'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['additionalBackendItems']['cacheActions'] as $cacheAction) { $hookObject = t3lib_div::getUserObj($cacheAction); if (!$hookObject instanceof backend_cacheActionsHook) { throw new UnexpectedValueException('$hookObject must implement interface backend_cacheActionsHook', 1228262000); } $hookObject->manipulateCacheActions($this->cacheActions, $this->optionValues); } } t3lib_formprotection_Factory::get()->persistTokens(); }
/** * Adds the ExtDirect code * * @param array $filterNamespaces limit the output to defined namespaces. If empty, all namespaces are generated * @return void */ public function addExtDirectCode(array $filterNamespaces = array()) { if ($this->extDirectCodeAdded) { return; } $this->extDirectCodeAdded = TRUE; if (count($filterNamespaces) === 0) { $filterNamespaces = array('TYPO3'); } // for ExtDirect we need flash message support $this->addJsFile(t3lib_div::resolveBackPath($this->backPath . '../t3lib/js/extjs/ux/flashmessages.js')); // add language labels for ExtDirect if (TYPO3_MODE === 'FE') { $this->addInlineLanguageLabelArray(array('extDirect_timeoutHeader' => $GLOBALS['TSFE']->sL('LLL:EXT:lang/locallang_misc.xml:extDirect_timeoutHeader'), 'extDirect_timeoutMessage' => $GLOBALS['TSFE']->sL('LLL:EXT:lang/locallang_misc.xml:extDirect_timeoutMessage'))); } else { $this->addInlineLanguageLabelArray(array('extDirect_timeoutHeader' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_misc.xml:extDirect_timeoutHeader'), 'extDirect_timeoutMessage' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_misc.xml:extDirect_timeoutMessage'))); } $token = $api = ''; if (TYPO3_MODE === 'BE') { $formprotection = t3lib_formprotection_Factory::get(); $token = $formprotection->generateToken('extDirect'); } /** @var $extDirect t3lib_extjs_ExtDirectApi */ $extDirect = t3lib_div::makeInstance('t3lib_extjs_ExtDirectApi'); $api = $extDirect->getApiPhp($filterNamespaces); if ($api) { $this->addJsInlineCode('TYPO3ExtDirectAPI', $api); } // Note: we need to iterate thru the object, because the addProvider method // does this only with multiple arguments $this->addExtOnReadyCode(' (function() { TYPO3.ExtDirectToken = "' . $token . '-extDirect"; for (var api in Ext.app.ExtDirectAPI) { var provider = Ext.Direct.addProvider(Ext.app.ExtDirectAPI[api]); provider.on("beforecall", function(provider, transaction, meta) { if (transaction.data) { transaction.data[transaction.data.length] = TYPO3.ExtDirectToken; } else { transaction.data = [TYPO3.ExtDirectToken]; } }); provider.on("call", function(provider, transaction, meta) { if (transaction.isForm) { transaction.params.securityToken = TYPO3.ExtDirectToken; } }); } })(); var extDirectDebug = function(message, header, group) { var TYPO3ViewportInstance = null; if (top && top.TYPO3 && typeof top.TYPO3.Backend === "object") { TYPO3ViewportInstance = top.TYPO3.Backend; } else if (typeof TYPO3 === "object" && typeof TYPO3.Backend === "object") { TYPO3ViewportInstance = TYPO3.Backend; } if (TYPO3ViewportInstance !== null) { TYPO3ViewportInstance.DebugConsole.addTab(message, header, group); } else if (typeof console === "object") { console.log(message); } else { document.write(message); } }; Ext.Direct.on("exception", function(event) { if (event.code === Ext.Direct.exceptions.TRANSPORT && !event.where) { TYPO3.Flashmessage.display( TYPO3.Severity.error, TYPO3.lang.extDirect_timeoutHeader, TYPO3.lang.extDirect_timeoutMessage, 30 ); } else { var backtrace = ""; if (event.code === "parse") { extDirectDebug( "<p>" + event.xhr.responseText + "<\\/p>", event.type, "ExtDirect - Exception" ); } else if (event.code === "router") { TYPO3.Flashmessage.display( TYPO3.Severity.error, event.code, event.message, 30 ); } else if (event.where) { backtrace = "<p style=\\"margin-top: 20px;\\">" + "<strong>Backtrace:<\\/strong><br \\/>" + event.where.replace(/#/g, "<br \\/>#") + "<\\/p>"; extDirectDebug( "<p>" + event.message + "<\\/p>" + backtrace, event.method, "ExtDirect - Exception" ); } } }); Ext.Direct.on("event", function(event, provider) { if (typeof event.debug !== "undefined" && event.debug !== "") { extDirectDebug(event.debug, event.method, "ExtDirect - Debug"); } }); ', TRUE); }
$setupArr = $this->docHandler[$currentDocFromHandlerMD5]; } else { reset($this->docHandler); $setupArr = current($this->docHandler); } if ($setupArr[2]) { $sParts = parse_url(t3lib_div::getIndpEnv('REQUEST_URI')); $retUrl = $sParts['path'] . '?' . $setupArr[2] . '&returnUrl=' . rawurlencode($retUrl); } } t3lib_utility_Http::redirect($retUrl); } } if (defined('TYPO3_MODE') && isset($GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/alt_doc.php'])) { include_once $GLOBALS['TYPO3_CONF_VARS'][TYPO3_MODE]['XCLASS']['typo3/alt_doc.php']; } // Make instance: $SOBE = t3lib_div::makeInstance('SC_alt_doc'); // Preprocessing, storing data if submitted to $SOBE->preInit(); $formprotection = t3lib_formprotection_Factory::get(); if ($SOBE->doProcessData()) { // Checks, if a save button has been clicked (or the doSave variable is sent) if ($formprotection->validateToken(t3lib_div::_GP('formToken'), 'editRecord')) { $SOBE->processData(); } } // Main: $SOBE->init(); $SOBE->main(); $SOBE->printContent();
/** * Generate new token. * * @param string $oldToken * @return string regenerated Token */ protected function generateNewToken($oldToken) { list($tokenId, $formName) = explode('-', $oldToken); return t3lib_formprotection_Factory::get()->generateToken($formName) . '-' . $formName; }
/** * Main function of the module. Writes the content to $this->content. * * No return value; output is directly written to the page. * * @return void */ public function main() { global $LANG, $BACK_PATH, $BE_USER; $this->doc = t3lib_div::makeInstance('bigDoc'); $this->doc->backPath = $BACK_PATH; $this->doc->docType = 'xhtml_strict'; $this->doc->getPageRenderer()->addCssFile('BackEnd.css', 'stylesheet', 'all', '', FALSE); $this->doc->getPageRenderer()->addCssFile('../Resources/Public/CSS/BackEnd/Print.css', 'stylesheet', 'print', '', FALSE); // draw the header $this->content = $this->doc->startPage($LANG->getLL('title')); $this->content .= $this->doc->header($LANG->getLL('title')); $this->content .= $this->doc->spacer(5); if ($this->id <= 0) { /** @var t3lib_FlashMessage $message */ $message = t3lib_div::makeInstance('t3lib_FlashMessage', $GLOBALS['LANG']->getLL('message_noPageTypeSelected'), '', t3lib_FlashMessage::INFO); $this->addFlashMessage($message); echo $this->content . $this->getRenderedFlashMessages() . $this->doc->endPage(); return; } $pageAccess = t3lib_BEfunc::readPageAccess($this->id, $this->perms_clause); if (!is_array($pageAccess) && !$BE_USER->user['admin']) { echo $this->content . $this->getRenderedFlashMessages() . $this->doc->endPage(); return; } if (!$this->hasStaticTemplate()) { /** @var t3lib_FlashMessage $message */ $message = t3lib_div::makeInstance('t3lib_FlashMessage', $GLOBALS['LANG']->getLL('message_noStaticTemplateFound'), '', t3lib_FlashMessage::WARNING); $this->addFlashMessage($message); echo $this->content . $this->getRenderedFlashMessages() . $this->doc->endPage(); return; } $this->setPageData($pageAccess); // JavaScript function called within getDeleteIcon() $this->doc->JScode = '<script type="text/javascript">function jumpToUrl(URL) {document.location = URL;}</script>'; // define the sub modules that should be available in the tab menu $this->availableSubModules = array(); // only show the tabs if the back-end user has access to the // corresponding tables if ($BE_USER->check('tables_select', 'tx_seminars_seminars')) { $this->availableSubModules[1] = $LANG->getLL('subModuleTitle_events'); } if ($BE_USER->check('tables_select', 'tx_seminars_attendances')) { $this->availableSubModules[2] = $LANG->getLL('subModuleTitle_registrations'); } if ($BE_USER->check('tables_select', 'tx_seminars_speakers')) { $this->availableSubModules[3] = $LANG->getLL('subModuleTitle_speakers'); } if ($BE_USER->check('tables_select', 'tx_seminars_organizers')) { $this->availableSubModules[4] = $LANG->getLL('subModuleTitle_organizers'); } // Read the selected sub module (from the tab menu) and make it available within this class. $this->subModule = (int) t3lib_div::_GET('subModule'); // If $this->subModule is not a key of $this->availableSubModules, // set it to the key of the first element in $this->availableSubModules // so the first tab is activated. if (!array_key_exists($this->subModule, $this->availableSubModules)) { reset($this->availableSubModules); $this->subModule = key($this->availableSubModules); } // Only generate the tab menu if the current back-end user has the // rights to show any of the tabs. if ($this->subModule) { $moduleToken = t3lib_formprotection_Factory::get()->generateToken('moduleCall', self::MODULE_NAME); $this->content .= $this->doc->getTabMenu(array('M' => self::MODULE_NAME, 'moduleToken' => $moduleToken, 'id' => $this->id), 'subModule', $this->subModule, $this->availableSubModules); $this->content .= $this->doc->spacer(5); } // Select which sub module to display. // If no sub module is specified, an empty page will be displayed. switch ($this->subModule) { case 2: /** @var tx_seminars_BackEnd_RegistrationsList $registrationsList */ $registrationsList = t3lib_div::makeInstance('tx_seminars_BackEnd_RegistrationsList', $this); $this->content .= $registrationsList->show(); break; case 3: /** @var tx_seminars_BackEnd_SpeakersList $speakersList */ $speakersList = t3lib_div::makeInstance('tx_seminars_BackEnd_SpeakersList', $this); $this->content .= $speakersList->show(); break; case 4: /** @var tx_seminars_BackEnd_OrganizersList $organizersList */ $organizersList = t3lib_div::makeInstance('tx_seminars_BackEnd_OrganizersList', $this); $this->content .= $organizersList->show(); break; case 1: if ($this->isGeneralEmailFormRequested()) { $this->content .= $this->getGeneralMailForm(); } elseif ($this->isConfirmEventFormRequested()) { $this->content .= $this->getConfirmEventMailForm(); } elseif ($this->isCancelEventFormRequested()) { $this->content .= $this->getCancelEventMailForm(); } else { /** @var tx_seminars_BackEnd_EventsList $eventsList */ $eventsList = t3lib_div::makeInstance('tx_seminars_BackEnd_EventsList', $this); $this->content .= $eventsList->show(); } default: } echo $this->content . $this->doc->endPage(); }
/** * Generates a token and returns a parameter for the URL * * @param string $formName Context of the token * @param string $tokenName The name of the token GET variable * @return string a URL GET variable including ampersand */ public static function getUrlToken($formName = 'securityToken', $tokenName = 'formToken') { $formprotection = t3lib_formprotection_Factory::get(); return '&' . $tokenName . '=' . $formprotection->generateToken($formName) . '-' . $formName; }
/** * Returns page end; This includes finishing form, div, body and html tags. * * @return string The HTML end of a page * @see startPage() */ function endPage() { $str = $this->sectionEnd() . $this->postCode . $this->endPageJS() . $this->wrapScriptTags(t3lib_BEfunc::getUpdateSignalCode()) . $this->parseTime() . ($this->form ? ' </form>' : ''); // if something is in buffer like debug, put it to end of page if (ob_get_contents()) { $str .= ob_get_clean(); header('Content-Encoding: None'); } if ($this->docType !== 'xhtml_frames') { $str .= ($this->divClass ? ' <!-- Wrapping DIV-section for whole page END --> </div>' : '') . $this->endOfPageJsBlock; t3lib_formprotection_Factory::get()->persistTokens(); } // Logging: Can't find better place to put it: if (TYPO3_DLOG) { t3lib_div::devLog('END of BACKEND session', 'template', 0, array('_FLUSH' => true)); } return $str; }
/** * Generates a token and returns an input field with it * * @param string $formName Context of the token * @param string $tokenName The name of the token GET/POST variable * @return string a complete input field */ public static function getHiddenTokenField($formName = 'securityToken', $tokenName = 'formToken') { $formprotection = t3lib_formprotection_Factory::get(); return '<input type="hidden" name="' . $tokenName . '" value="' . $formprotection->generateToken($formName) . '-' . $formName . '" />'; }
/** * End page and output content. * * @return void */ function printContent() { if (!$this->ajax) { $this->content .= $this->doc->endPage(); $this->content = $this->doc->insertStylesAndJS($this->content); echo $this->content; } else { t3lib_formprotection_Factory::get()->persistTokens(); $this->content = $GLOBALS['LANG']->csConvObj->utf8_encode($this->content, $GLOBALS['LANG']->charSet); t3lib_ajax::outputXMLreply($this->content); } }
/** * Checking, if we should perform some sort of redirection OR closing of windows. * * @return void */ function checkRedirect() { global $BE_USER, $TBE_TEMPLATE; // Do redirect: // If a user is logged in AND a) if either the login is just done (commandLI) or b) a loginRefresh is done or c) the interface-selector is NOT enabled (If it is on the other hand, it should not just load an interface, because people has to choose then...) if ($BE_USER->user['uid'] && ($this->commandLI || $this->loginRefresh || !$this->interfaceSelector)) { // If no cookie has been set previously we tell people that this is a problem. This assumes that a cookie-setting script (like this one) has been hit at least once prior to this instance. if (!$_COOKIE[$BE_USER->name]) { if ($this->commandLI == 'setCookie') { // we tried it a second time but still no cookie // 26/4 2005: This does not work anymore, because the saving of challenge values in $_SESSION means the system will act as if the password was wrong. throw new RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3.<br /><br />Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.'); } else { // try it once again - that might be needed for auto login $this->redirectToURL = 'index.php?commandLI=setCookie'; } } if ($redirectToURL = (string) $BE_USER->getTSConfigVal('auth.BE.redirectToURL')) { $this->redirectToURL = $redirectToURL; $this->GPinterface = ''; } // store interface $BE_USER->uc['interfaceSetup'] = $this->GPinterface; $BE_USER->writeUC(); // Based on specific setting of interface we set the redirect script: switch ($this->GPinterface) { case 'backend': case 'backend_old': $this->redirectToURL = 'backend.php'; break; case 'frontend': $this->redirectToURL = '../'; break; } // If there is a redirect URL AND if loginRefresh is not set... if (!$this->loginRefresh) { t3lib_utility_Http::redirect($this->redirectToURL); } else { $formprotection = t3lib_formprotection_Factory::get(); $accessToken = $formprotection->generateToken('refreshTokens'); $formprotection->persistTokens(); $TBE_TEMPLATE->JScode .= $TBE_TEMPLATE->wrapScriptTags(' if (parent.opener && (parent.opener.busy || parent.opener.TYPO3.loginRefresh)) { if (parent.opener.TYPO3.loginRefresh) { parent.opener.TYPO3.loginRefresh.startTimer(); } else { parent.opener.busy.loginRefreshed(); } parent.opener.TYPO3.loginRefresh.refreshTokens("' . $accessToken . '"); parent.close(); } '); } } elseif (!$BE_USER->user['uid'] && $this->commandLI) { sleep(5); // Wrong password, wait for 5 seconds } }
/** * Dispatches the incoming calls to methods about the ExtDirect API. * * @param aray $ajaxParams ajax parameters * @param TYPO3AJAX $ajaxObj typo3ajax instance * @return void */ public function route($ajaxParams, TYPO3AJAX $ajaxObj) { $GLOBALS['error'] = t3lib_div::makeInstance('t3lib_extjs_ExtDirectDebug'); $isForm = FALSE; $isUpload = FALSE; $rawPostData = file_get_contents('php://input'); $postParameters = t3lib_div::_POST(); $namespace = t3lib_div::_GET('namespace'); $response = array(); $request = NULL; $isValidRequest = TRUE; if (!empty($postParameters['extAction'])) { $isForm = TRUE; $isUpload = $postParameters['extUpload'] === 'true'; $request = new stdClass(); $request->action = $postParameters['extAction']; $request->method = $postParameters['extMethod']; $request->tid = $postParameters['extTID']; unset($_POST['securityToken']); $request->data = array($_POST + $_FILES); $request->data[] = $postParameters['securityToken']; } elseif (!empty($rawPostData)) { $request = json_decode($rawPostData); } else { $response[] = array('type' => 'exception', 'message' => 'Something went wrong with an ExtDirect call!', 'code' => 'router'); $isValidRequest = FALSE; } if (!is_array($request)) { $request = array($request); } if ($isValidRequest) { $validToken = FALSE; $firstCall = TRUE; foreach ($request as $index => $singleRequest) { $response[$index] = array('tid' => $singleRequest->tid, 'action' => $singleRequest->action, 'method' => $singleRequest->method); $token = array_pop($singleRequest->data); if ($firstCall) { $firstCall = FALSE; $formprotection = t3lib_formprotection_Factory::get(); $validToken = $formprotection->validateToken($token, 'extDirect'); } try { if (!$validToken) { throw new t3lib_formprotection_InvalidTokenException('ExtDirect: Invalid Security Token!'); } $response[$index]['type'] = 'rpc'; $response[$index]['result'] = $this->processRpc($singleRequest, $namespace); $response[$index]['debug'] = $GLOBALS['error']->toString(); } catch (Exception $exception) { $response[$index]['type'] = 'exception'; $response[$index]['message'] = $exception->getMessage(); $response[$index]['code'] = 'router'; } } } if ($isForm && $isUpload) { $ajaxObj->setContentFormat('plain'); $response = json_encode($response); $response = preg_replace('/"/', '\\"', $response); $response = array('<html><body><textarea>' . $response . '</textarea></body></html>'); } else { $ajaxObj->setContentFormat('jsonbody'); } $ajaxObj->setContent($response); }