/**
* Return filtered value
* Removes potential XSS code from the input string.
*
* Using an external class by Travis Puderbaugh <*****@*****.**>
*
* @param string $value Unfiltered value
* @return string The filtered value
*/
public function filter($value)
{
$value = stripslashes($value);
$value = html_entity_decode($value, ENT_QUOTES);
$filteredValue = \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS($value);
return $filteredValue;
}
/**
* Removes XSS code and strips tags from an array recursivly.
*
* @param string $input Array of elements or other
*
* @return bool|array is an array, otherwise false
*/
public static function removeXSSStripTagsArray($input)
{
/*
* In Some cases this function is called with an empty variable, there
* for check the Value and the type
*/
if (!isset($input)) {
return null;
}
if (is_bool($input)) {
return $input;
}
if (is_string($input)) {
return (string) CoreGeneralUtility::removeXSS(strip_tags($input));
}
if (is_array($input)) {
$returnValue = array();
foreach ($input as $key => $value) {
if (is_array($value)) {
$returnValue[$key] = self::removeXSSStripTagsArray($value);
} else {
$returnValue[$key] = CoreGeneralUtility::removeXSS(strip_tags($value));
}
}
return $returnValue;
}
return false;
}
/**
* Removes XSS from string
*
* @param string $string
* @return string
*/
public function render($string = NULL)
{
if (NULL === $string) {
$string = $this->renderChildren();
}
return GeneralUtility::removeXSS($string);
}
/**
* Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
*
* @param string $url
* @return string cleaned referer or empty string if not valid
*/
public function validateReturnUrl($url)
{
$url = strval($url);
if ($url === '') {
return '';
}
$decodedUrl = rawurldecode($url);
$sanitizedUrl = \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS($decodedUrl);
if ($decodedUrl !== $sanitizedUrl || preg_match('#["<>\\\\]+#', $url)) {
\TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('service-URLValidator-xssAttackDetected', 'cicregister'), $url), 'cicregister', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
return '';
}
// Validate the URL:
if ($this->canRedirectToUrl($url)) {
return $url;
}
// URL is not allowed
\TYPO3\CMS\Core\Utility\GeneralUtility::sysLog(sprintf(\TYPO3\CMS\Extbase\Utility\LocalizationUtility::translate('service-URLValidator-noValidRedirectUrl', 'cicregister'), $url), 'felogin', \TYPO3\CMS\Core\Utility\GeneralUtility::SYSLOG_SEVERITY_WARNING);
return '';
}
/**
* Save an order in the given folder
* Order-ID has to be calculated beforehand!
*
* @param int $orderId Uid of the order
* @param int $pid Uid of the folder to save the order in
* @param Tx_Commerce_Domain_Model_Basket $basket Basket object of the user
* @param Tx_Commerce_Payment_Interface_Payment $paymentObj Payment Object
* @param bool $doHook Flag if the hooks should be executed
* @param bool $doStock Flag if stock reduce should be executed
*
* @return array $orderData Array with all the order data
*/
public function saveOrder($orderId, $pid, Tx_Commerce_Domain_Model_Basket $basket, Tx_Commerce_Payment_Interface_Payment $paymentObj, $doHook = TRUE, $doStock = TRUE)
{
$database = $this->getDatabaseConnection();
// Save addresses with reference to the pObj - which is an instance of pi3
$uids = array();
$types = $database->exec_SELECTgetRows('name', 'tx_commerce_address_types', '1');
foreach ($types as $type) {
$uids[$type['name']] = $this->handleAddress($type['name']);
}
// Generate an order id on the fly if none was passed
if (empty($orderId)) {
$orderId = uniqid('', TRUE);
}
// create backend user for inserting the order data
$orderData = array();
$orderData['cust_deliveryaddress'] = isset($uids['delivery']) && !empty($uids['delivery']) ? $uids['delivery'] : $uids['billing'];
$orderData['cust_invoice'] = $uids['billing'];
$orderData['paymenttype'] = $this->getPaymentType(TRUE);
$orderData['sum_price_net'] = $basket->getSumNet();
$orderData['sum_price_gross'] = $basket->getSumGross();
$orderData['order_sys_language_uid'] = $this->getFrontendController()->config['config']['sys_language_uid'];
$orderData['pid'] = $pid;
$orderData['order_id'] = $orderId;
$orderData['crdate'] = $GLOBALS['EXEC_TIME'];
$orderData['tstamp'] = $GLOBALS['EXEC_TIME'];
$orderData['cu_iso_3_uid'] = $this->conf['currencyId'];
$orderData['comment'] = GeneralUtility::removeXSS(strip_tags($this->piVars['comment']));
if (is_array($GLOBALS['TSFE']->fe_user->user)) {
$orderData['cust_fe_user'] = $GLOBALS['TSFE']->fe_user->user['uid'];
}
// Get hook objects
$hookObjectsArr = array();
if ($doHook) {
$hookObjectsArr = $this->getHookObjectArray('finishIt');
// Insert order
foreach ($hookObjectsArr as $hookObj) {
if (method_exists($hookObj, 'preinsert')) {
$hookObj->preinsert($orderData, $this);
}
}
}
$this->debug($orderData, '$orderData', __FILE__ . ' ' . __LINE__);
$tceMain = $this->getInstanceOfTceMain($pid);
$data = array();
if (isset($this->conf['lockOrderIdInGenerateOrderId']) && $this->conf['lockOrderIdInGenerateOrderId'] == 1) {
$data['tx_commerce_orders'][(int) $this->orderUid] = $orderData;
$tceMain->start($data, array());
$tceMain->process_datamap();
} else {
$newUid = uniqid('NEW');
$data['tx_commerce_orders'][$newUid] = $orderData;
$tceMain->start($data, array());
$tceMain->process_datamap();
$this->orderUid = $tceMain->substNEWwithIDs[$newUid];
}
// make orderUid avaible in hookObjects
$orderUid = $this->orderUid;
// Call update method from the payment class
$paymentObj->updateOrder($orderUid, $this->sessionData);
// Insert order
foreach ($hookObjectsArr as $hookObj) {
if (method_exists($hookObj, 'modifyBasketPreSave')) {
$hookObj->modifyBasketPreSave($basket, $this);
}
}
// Save order articles
if (is_array($basket->getBasketItems())) {
/**
* Basket item
*
* @var $basketItem Tx_Commerce_Domain_Model_BasketItem
*/
foreach ($basket->getBasketItems() as $artUid => $basketItem) {
/**
* Article
*
* @var $article Tx_Commerce_Domain_Model_Article
*/
$article = $basketItem->article;
$this->debug($article, '$article', __FILE__ . ' ' . __LINE__);
$orderArticleData = array();
$orderArticleData['pid'] = $orderData['pid'];
$orderArticleData['crdate'] = $GLOBALS['EXEC_TIME'];
$orderArticleData['tstamp'] = $GLOBALS['EXEC_TIME'];
$orderArticleData['article_uid'] = $artUid;
$orderArticleData['article_type_uid'] = $article->getArticleTypeUid();
$orderArticleData['article_number'] = $article->getOrdernumber();
$orderArticleData['title'] = $basketItem->getTitle();
$orderArticleData['subtitle'] = $article->getSubtitle();
$orderArticleData['price_net'] = $basketItem->getPriceNet();
$orderArticleData['price_gross'] = $basketItem->getPriceGross();
$orderArticleData['tax'] = $basketItem->getTax();
$orderArticleData['amount'] = $basketItem->getQuantity();
$orderArticleData['order_uid'] = $orderUid;
$orderArticleData['order_id'] = $orderId;
$this->debug($orderArticleData, '$orderArticleData', __FILE__ . ' ' . __LINE__);
$newUid = 0;
foreach ($hookObjectsArr as $hookObj) {
if (method_exists($hookObj, 'modifyOrderArticlePreSave')) {
$hookObj->modifyOrderArticlePreSave($newUid, $orderArticleData, $this, $basketItem);
}
}
if ($this->conf['useStockHandling'] == 1 && $doStock == TRUE) {
$article->reduceStock($basketItem->getQuantity());
}
if (!$newUid) {
$newUid = uniqid('NEW');
}
$data = array();
$data['tx_commerce_order_articles'][$newUid] = $orderArticleData;
$tceMain->start($data, array());
$tceMain->process_datamap();
$newUid = $tceMain->substNEWwithIDs[$newUid];
foreach ($hookObjectsArr as $hookObj) {
if (method_exists($hookObj, 'modifyOrderArticlePostSave')) {
$hookObj->modifyOrderArticlePostSave($newUid, $orderArticleData, $this);
}
}
}
}
unset($backendUser);
return $orderData;
}
/**
* Sanitizes a string
*
* @param $string String to sanitize
* @return string Sanitized string
*/
protected function sanitizeString($string)
{
$string = GeneralUtility::removeXSS($string);
$string = htmlentities($string, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
return $string;
}
/**
* Main function
* Will issue a location-header, redirecting either BACK or to a new FormEngine instance...
*
* @return void
*/
public function main()
{
if ($this->returnEditConf) {
if ($this->processDataFlag) {
// This data processing is done here to basically just get the current record. It can be discussed
// if this isn't overkill here. In case this construct does not work out well, it would be less
// overhead to just BackendUtility::fetchRecord the current parent here.
/** @var OnTheFly $formDataGroup */
$formDataGroup = GeneralUtility::makeInstance(OnTheFly::class);
$formDataGroup->setProviderList([DatabaseEditRow::class]);
/** @var FormDataCompiler $formDataCompiler */
$formDataCompiler = GeneralUtility::makeInstance(FormDataCompiler::class, $formDataGroup);
$input = ['tableName' => $this->P['table'], 'vanillaUid' => (int) $this->P['uid'], 'command' => 'edit'];
$result = $formDataCompiler->compile($input);
$currentParentRow = $result['databaseRow'];
// If that record was found (should absolutely be...), then init DataHandler and set, prepend or append
// the record
if (is_array($currentParentRow)) {
/** @var DataHandler $dataHandler */
$dataHandler = GeneralUtility::makeInstance(DataHandler::class);
$dataHandler->stripslashes_values = false;
$data = array();
$recordId = $this->table . '_' . $this->id;
// Setting the new field data:
// If the field is a flexForm field, work with the XML structure instead:
if ($this->P['flexFormPath']) {
// Current value of flexForm path:
$currentFlexFormData = GeneralUtility::xml2array($currentParentRow[$this->P['field']]);
/** @var FlexFormTools $flexFormTools */
$flexFormTools = GeneralUtility::makeInstance(FlexFormTools::class);
$currentFlexFormValue = $flexFormTools->getArrayValueByPath($this->P['flexFormPath'], $currentFlexFormData);
$insertValue = '';
switch ((string) $this->P['params']['setValue']) {
case 'set':
$insertValue = $recordId;
break;
case 'prepend':
$insertValue = $currentFlexFormValue . ',' . $recordId;
break;
case 'append':
$insertValue = $recordId . ',' . $currentFlexFormValue;
break;
}
$insertValue = implode(',', GeneralUtility::trimExplode(',', $insertValue, true));
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = array();
$flexFormTools->setArrayValueByPath($this->P['flexFormPath'], $data[$this->P['table']][$this->P['uid']][$this->P['field']], $insertValue);
} else {
switch ((string) $this->P['params']['setValue']) {
case 'set':
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = $recordId;
break;
case 'prepend':
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = $currentParentRow[$this->P['field']] . ',' . $recordId;
break;
case 'append':
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = $recordId . ',' . $currentParentRow[$this->P['field']];
break;
}
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = implode(',', GeneralUtility::trimExplode(',', $data[$this->P['table']][$this->P['uid']][$this->P['field']], true));
}
// Submit the data:
$dataHandler->start($data, array());
$dataHandler->process_datamap();
}
}
// Return to the parent FormEngine record editing session:
HttpUtility::redirect(GeneralUtility::sanitizeLocalUrl($this->P['returnUrl']));
} else {
// Redirecting to FormEngine with instructions to create a new record
// AND when closing to return back with information about that records ID etc.
$redirectUrl = BackendUtility::getModuleUrl('record_edit', array('returnEditConf' => 1, 'edit[' . $this->P['params']['table'] . '][' . $this->pid . ']' => 'new', 'returnUrl' => GeneralUtility::removeXSS(GeneralUtility::getIndpEnv('REQUEST_URI'))));
HttpUtility::redirect($redirectUrl);
}
}
/**
* Cleans a form value that needs to be carried over to the next request
* from potential XSS.
*
* @param string $value Possibly malicious form field value
* @return string Cleaned value
*/
private function cleanFormValue($value)
{
$value = urldecode($value);
$value = filter_var(strip_tags($value), FILTER_SANITIZE_STRING);
$value = GeneralUtility::removeXSS($value);
return urlencode($value);
}
/**
* Save some data from piVars as address into database.
*
* @param bool $new If this is TRUE, a new address will be created,
* otherwise it searches for an existing dataset and updates it
* @param int $addressType Type of address delivered by piVars
*
* @return void
*/
protected function saveAddressData($new = FALSE, $addressType = 0)
{
$database = $this->getDatabaseConnection();
$newData = array();
// Set basic data
if (empty($addressType)) {
$addressType = 0;
}
if ($this->piVars['ismainaddress'] == 'on') {
$newData['tx_commerce_is_main_address'] = 1;
// Remove all "is main address" flags from addresses that
// are assigned to this user
$database->exec_UPDATEquery('tt_address', 'pid = ' . $this->conf['addressPid'] . ' AND tx_commerce_fe_user_id=' . $this->user['uid'] . ' AND tx_commerce_address_type_id=' . $addressType, array('tx_commerce_is_main_address' => 0));
} else {
$newData['tx_commerce_is_main_address'] = 0;
}
$newData['tstamp'] = time();
foreach ($this->fieldList as $name) {
$newData[$name] = \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS(strip_tags($this->piVars[$name]));
if (!$new) {
$this->addresses[(int) $this->piVars['addressid']][$name] = $newData[$name];
}
}
// Hook to process new/changed address
$hookObjectsArr = array();
if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['commerce/pi4/class.tx_commerce_pi4.php']['saveAddress'])) {
\TYPO3\CMS\Core\Utility\GeneralUtility::deprecationLog('
hook
$GLOBALS[\'TYPO3_CONF_VARS\'][\'EXTCONF\'][\'commerce/pi4/class.tx_commerce_pi4.php\'][\'saveAddress\']
is deprecated since commerce 1.0.0, it will be removed in commerce 1.4.0, please use instead
$GLOBALS[\'TYPO3_CONF_VARS\'][\'EXTCONF\'][\'commerce/Classes/Controller/AddressesController.php\'][\'saveAddress\']
');
foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['commerce/pi4/class.tx_commerce_pi4.php']['saveAddress'] as $classRef) {
$hookObjectsArr[] = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($classRef);
}
}
if (is_array($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['commerce/Classes/Controller/AddressesController.php']['saveAddress'])) {
foreach ($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['commerce/Classes/Controller/AddressesController.php']['saveAddress'] as $classRef) {
$hookObjectsArr[] = \TYPO3\CMS\Core\Utility\GeneralUtility::getUserObj($classRef);
}
}
if ($new) {
$newData['tx_commerce_fe_user_id'] = $this->user['uid'];
$newData['tx_commerce_address_type_id'] = $addressType;
$newData['pid'] = $this->conf['addressPid'];
foreach ($hookObjectsArr as $hookObj) {
if (method_exists($hookObj, 'beforeAddressSave')) {
$hookObj->beforeAddressSave($newData, $this);
}
}
$database->exec_INSERTquery('tt_address', $newData);
$newUid = $database->sql_insert_id();
foreach ($hookObjectsArr as $hookObj) {
if (method_exists($hookObj, 'afterAddressSave')) {
$hookObj->afterAddressSave($newUid, $newData, $this);
}
}
$this->addresses = $this->getAddresses((int) $this->user['uid']);
} else {
foreach ($hookObjectsArr as $hookObj) {
if (method_exists($hookObj, 'beforeAddressEdit')) {
$hookObj->beforeAddressEdit((int) $this->piVars['addressid'], $newData, $this);
}
}
$sWhere = 'uid = ' . (int) $this->piVars['addressid'] . ' AND tx_commerce_fe_user_id = ' . $GLOBALS['TSFE']->fe_user->user['uid'];
$database->exec_UPDATEquery('tt_address', $sWhere, $newData);
foreach ($hookObjectsArr as $hookObj) {
if (method_exists($hookObj, 'afterAddressEdit')) {
$hookObj->afterAddressEdit((int) $this->piVars['addressid'], $newData, $this);
}
}
}
}
/**
* ViewHelper combines Raw and RemoveXss Methods
*
* @return string
*/
public function render()
{
$string = $this->renderChildren();
$string = GeneralUtility::removeXSS($string);
return $string;
}
/**
* Rendering the cObject, FORM
*
* Note on $formData:
* In the optional $formData array each entry represents a line in the ordinary setup.
* In those entries each entry (0,1,2...) represents a space normally divided by the '|' line.
*
* $formData [] = array('Name:', 'name=input, 25 ', 'Default value....');
* $formData [] = array('Email:', 'email=input, 25 ', 'Default value for email....');
*
* - corresponds to the $conf['data'] value being :
* Name:|name=input, 25 |Default value....||Email:|email=input, 25 |Default value for email....
*
* If $formData is an array the value of $conf['data'] is ignored.
*
* @param array $conf Array of TypoScript properties
* @param array $formData Alternative formdata overriding whatever comes from TypoScript
* @return string Output
*/
public function render($conf = array(), $formData = '')
{
$content = '';
if (is_array($formData)) {
$dataArray = $formData;
} else {
$data = isset($conf['data.']) ? $this->cObj->stdWrap($conf['data'], $conf['data.']) : $conf['data'];
// Clearing dataArr
$dataArray = array();
// Getting the original config
if (trim($data)) {
$data = str_replace(LF, '||', $data);
$dataArray = explode('||', $data);
}
// Adding the new dataArray config form:
if (is_array($conf['dataArray.'])) {
// dataArray is supplied
$sortedKeyArray = \TYPO3\CMS\Core\TypoScript\TemplateService::sortedKeyList($conf['dataArray.'], true);
foreach ($sortedKeyArray as $theKey) {
$singleKeyArray = $conf['dataArray.'][$theKey . '.'];
if (is_array($singleKeyArray)) {
$temp = array();
$label = isset($singleKeyArray['label.']) ? $this->cObj->stdWrap($singleKeyArray['label'], $singleKeyArray['label.']) : $singleKeyArray['label'];
list($temp[0]) = explode('|', $label);
$type = isset($singleKeyArray['type.']) ? $this->cObj->stdWrap($singleKeyArray['type'], $singleKeyArray['type.']) : $singleKeyArray['type'];
list($temp[1]) = explode('|', $type);
$required = isset($singleKeyArray['required.']) ? $this->cObj->stdWrap($singleKeyArray['required'], $singleKeyArray['required.']) : $singleKeyArray['required'];
if ($required) {
$temp[1] = '*' . $temp[1];
}
$singleValue = isset($singleKeyArray['value.']) ? $this->cObj->stdWrap($singleKeyArray['value'], $singleKeyArray['value.']) : $singleKeyArray['value'];
list($temp[2]) = explode('|', $singleValue);
// If value array is set, then implode those values.
if (is_array($singleKeyArray['valueArray.'])) {
$temp_accumulated = array();
foreach ($singleKeyArray['valueArray.'] as $singleKey => $singleKey_valueArray) {
if (is_array($singleKey_valueArray) && (int) $singleKey . '.' === (string) $singleKey) {
$temp_valueArray = array();
$valueArrayLabel = isset($singleKey_valueArray['label.']) ? $this->cObj->stdWrap($singleKey_valueArray['label'], $singleKey_valueArray['label.']) : $singleKey_valueArray['label'];
list($temp_valueArray[0]) = explode('=', $valueArrayLabel);
$selected = isset($singleKey_valueArray['selected.']) ? $this->cObj->stdWrap($singleKey_valueArray['selected'], $singleKey_valueArray['selected.']) : $singleKey_valueArray['selected'];
if ($selected) {
$temp_valueArray[0] = '*' . $temp_valueArray[0];
}
$singleKeyValue = isset($singleKey_valueArray['value.']) ? $this->cObj->stdWrap($singleKey_valueArray['value'], $singleKey_valueArray['value.']) : $singleKey_valueArray['value'];
list($temp_valueArray[1]) = explode(',', $singleKeyValue);
}
$temp_accumulated[] = implode('=', $temp_valueArray);
}
$temp[2] = implode(',', $temp_accumulated);
}
$specialEval = isset($singleKeyArray['specialEval.']) ? $this->cObj->stdWrap($singleKeyArray['specialEval'], $singleKeyArray['specialEval.']) : $singleKeyArray['specialEval'];
list($temp[3]) = explode('|', $specialEval);
// Adding the form entry to the dataArray
$dataArray[] = implode('|', $temp);
}
}
}
}
$attachmentCounter = '';
$hiddenfields = '';
$fieldlist = array();
$propertyOverride = array();
$fieldname_hashArray = array();
$counter = 0;
$xhtmlStrict = GeneralUtility::inList('xhtml_strict,xhtml_11,xhtml_2', $GLOBALS['TSFE']->xhtmlDoctype);
// Formname
$formName = isset($conf['formName.']) ? $this->cObj->stdWrap($conf['formName'], $conf['formName.']) : $conf['formName'];
$formName = $this->cleanFormName($formName);
$formName = $GLOBALS['TSFE']->getUniqueId($formName);
$fieldPrefix = isset($conf['fieldPrefix.']) ? $this->cObj->stdWrap($conf['fieldPrefix'], $conf['fieldPrefix.']) : $conf['fieldPrefix'];
if (isset($conf['fieldPrefix']) || isset($conf['fieldPrefix.'])) {
if ($fieldPrefix) {
$prefix = $this->cleanFormName($fieldPrefix);
} else {
$prefix = '';
}
} else {
$prefix = $formName;
}
foreach ($dataArray as $dataValue) {
$counter++;
$confData = array();
if (is_array($formData)) {
$parts = $dataValue;
// TRUE...
$dataValue = 1;
} else {
$dataValue = trim($dataValue);
$parts = explode('|', $dataValue);
}
if ($dataValue && strcspn($dataValue, '#/')) {
// label:
$confData['label'] = GeneralUtility::removeXSS(trim($parts[0]));
// field:
$fParts = explode(',', $parts[1]);
$fParts[0] = trim($fParts[0]);
if ($fParts[0][0] === '*') {
$confData['required'] = 1;
$fParts[0] = substr($fParts[0], 1);
}
$typeParts = explode('=', $fParts[0]);
$confData['type'] = trim(strtolower(end($typeParts)));
if (count($typeParts) === 1) {
$confData['fieldname'] = $this->cleanFormName($parts[0]);
if (strtolower(preg_replace('/[^[:alnum:]]/', '', $confData['fieldname'])) == 'email') {
$confData['fieldname'] = 'email';
}
// Duplicate fieldnames resolved
if (isset($fieldname_hashArray[md5($confData['fieldname'])])) {
$confData['fieldname'] .= '_' . $counter;
}
$fieldname_hashArray[md5($confData['fieldname'])] = $confData['fieldname'];
// Attachment names...
if ($confData['type'] == 'file') {
$confData['fieldname'] = 'attachment' . $attachmentCounter;
$attachmentCounter = (int) $attachmentCounter + 1;
}
} else {
$confData['fieldname'] = str_replace(' ', '_', trim($typeParts[0]));
}
$confData['fieldname'] = htmlspecialchars($confData['fieldname']);
$fieldCode = '';
$wrapFieldName = isset($conf['wrapFieldName']) ? $this->cObj->stdWrap($conf['wrapFieldName'], $conf['wrapFieldName.']) : $conf['wrapFieldName'];
if ($wrapFieldName) {
$confData['fieldname'] = $this->cObj->wrap($confData['fieldname'], $wrapFieldName);
}
// Set field name as current:
$this->cObj->setCurrentVal($confData['fieldname']);
// Additional parameters
if (trim($confData['type'])) {
if (isset($conf['params.'][$confData['type']])) {
$addParams = isset($conf['params.'][$confData['type'] . '.']) ? trim($this->cObj->stdWrap($conf['params.'][$confData['type']], $conf['params.'][$confData['type'] . '.'])) : trim($conf['params.'][$confData['type']]);
} else {
$addParams = isset($conf['params.']) ? trim($this->cObj->stdWrap($conf['params'], $conf['params.'])) : trim($conf['params']);
}
if ((string) $addParams !== '') {
$addParams = ' ' . $addParams;
}
} else {
$addParams = '';
}
$dontMd5FieldNames = isset($conf['dontMd5FieldNames.']) ? $this->cObj->stdWrap($conf['dontMd5FieldNames'], $conf['dontMd5FieldNames.']) : $conf['dontMd5FieldNames'];
if ($dontMd5FieldNames) {
$fName = $confData['fieldname'];
} else {
$fName = md5($confData['fieldname']);
}
// Accessibility: Set id = fieldname attribute:
$accessibility = isset($conf['accessibility.']) ? $this->cObj->stdWrap($conf['accessibility'], $conf['accessibility.']) : $conf['accessibility'];
if ($accessibility || $xhtmlStrict) {
$elementIdAttribute = ' id="' . $prefix . $fName . '"';
} else {
$elementIdAttribute = '';
}
// Create form field based on configuration/type:
switch ($confData['type']) {
case 'textarea':
$cols = trim($fParts[1]) ? (int) $fParts[1] : 20;
$compensateFieldWidth = isset($conf['compensateFieldWidth.']) ? $this->cObj->stdWrap($conf['compensateFieldWidth'], $conf['compensateFieldWidth.']) : $conf['compensateFieldWidth'];
$compWidth = doubleval($compensateFieldWidth ? $compensateFieldWidth : $GLOBALS['TSFE']->compensateFieldWidth);
$compWidth = $compWidth ? $compWidth : 1;
$cols = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($cols * $compWidth, 1, 120);
$rows = trim($fParts[2]) ? \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($fParts[2], 1, 30) : 5;
$wrap = trim($fParts[3]);
$noWrapAttr = isset($conf['noWrapAttr.']) ? $this->cObj->stdWrap($conf['noWrapAttr'], $conf['noWrapAttr.']) : $conf['noWrapAttr'];
if ($noWrapAttr || $wrap === 'disabled') {
$wrap = '';
} else {
$wrap = $wrap ? ' wrap="' . $wrap . '"' : ' wrap="virtual"';
}
$noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
$default = $this->getFieldDefaultValue($noValueInsert, $confData['fieldname'], str_replace('\\n', LF, trim($parts[2])));
$fieldCode = sprintf('<textarea name="%s"%s cols="%s" rows="%s"%s%s>%s</textarea>', $confData['fieldname'], $elementIdAttribute, $cols, $rows, $wrap, $addParams, htmlspecialchars($default));
break;
case 'input':
case 'password':
$size = trim($fParts[1]) ? (int) $fParts[1] : 20;
$compensateFieldWidth = isset($conf['compensateFieldWidth.']) ? $this->cObj->stdWrap($conf['compensateFieldWidth'], $conf['compensateFieldWidth.']) : $conf['compensateFieldWidth'];
$compWidth = doubleval($compensateFieldWidth ? $compensateFieldWidth : $GLOBALS['TSFE']->compensateFieldWidth);
$compWidth = $compWidth ? $compWidth : 1;
$size = \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($size * $compWidth, 1, 120);
$noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
$default = $this->getFieldDefaultValue($noValueInsert, $confData['fieldname'], trim($parts[2]));
if ($confData['type'] == 'password') {
$default = '';
}
$max = trim($fParts[2]) ? ' maxlength="' . \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($fParts[2], 1, 1000) . '"' : '';
$theType = $confData['type'] == 'input' ? 'text' : 'password';
$fieldCode = sprintf('<input type="%s" name="%s"%s size="%s"%s value="%s"%s />', $theType, $confData['fieldname'], $elementIdAttribute, $size, $max, htmlspecialchars($default), $addParams);
break;
case 'file':
$size = trim($fParts[1]) ? \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($fParts[1], 1, 60) : 20;
$fieldCode = sprintf('<input type="file" name="%s"%s size="%s"%s />', $confData['fieldname'], $elementIdAttribute, $size, $addParams);
break;
case 'check':
// alternative default value:
$noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
$default = $this->getFieldDefaultValue($noValueInsert, $confData['fieldname'], trim($parts[2]));
$checked = $default ? ' checked="checked"' : '';
$fieldCode = sprintf('<input type="checkbox" value="%s" name="%s"%s%s%s />', 1, $confData['fieldname'], $elementIdAttribute, $checked, $addParams);
break;
case 'select':
$option = '';
$valueParts = explode(',', $parts[2]);
// size
if (strtolower(trim($fParts[1])) == 'auto') {
$fParts[1] = count($valueParts);
}
// Auto size set here. Max 20
$size = trim($fParts[1]) ? \TYPO3\CMS\Core\Utility\MathUtility::forceIntegerInRange($fParts[1], 1, 20) : 1;
// multiple
$multiple = strtolower(trim($fParts[2])) == 'm' ? ' multiple="multiple"' : '';
// Where the items will be
$items = array();
//RTF
$defaults = array();
$pCount = count($valueParts);
for ($a = 0; $a < $pCount; $a++) {
$valueParts[$a] = trim($valueParts[$a]);
// Finding default value
if ($valueParts[$a][0] === '*') {
$sel = 'selected';
$valueParts[$a] = substr($valueParts[$a], 1);
} else {
$sel = '';
}
// Get value/label
$subParts = explode('=', $valueParts[$a]);
// Sets the value
$subParts[1] = isset($subParts[1]) ? trim($subParts[1]) : trim($subParts[0]);
// Adds the value/label pair to the items-array
$items[] = $subParts;
if ($sel) {
$defaults[] = $subParts[1];
}
}
// alternative default value:
$noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
$default = $this->getFieldDefaultValue($noValueInsert, $confData['fieldname'], $defaults);
if (!is_array($default)) {
$defaults = array();
$defaults[] = $default;
} else {
$defaults = $default;
}
// Create the select-box:
$iCount = count($items);
for ($a = 0; $a < $iCount; $a++) {
$option .= '<option value="' . $items[$a][1] . '"' . (in_array($items[$a][1], $defaults) ? ' selected="selected"' : '') . '>' . trim($items[$a][0]) . '</option>';
}
if ($multiple) {
// The fieldname must be prepended '[]' if multiple select. And the reason why it's prepended is, because the required-field list later must also have [] prepended.
$confData['fieldname'] .= '[]';
}
$fieldCode = sprintf('<select name="%s"%s size="%s"%s%s>%s</select>', $confData['fieldname'], $elementIdAttribute, $size, $multiple, $addParams, $option);
//RTF
break;
case 'radio':
$option = '';
$valueParts = explode(',', $parts[2]);
// Where the items will be
$items = array();
$default = '';
$pCount = count($valueParts);
for ($a = 0; $a < $pCount; $a++) {
$valueParts[$a] = trim($valueParts[$a]);
if ($valueParts[$a][0] === '*') {
$sel = 'checked';
$valueParts[$a] = substr($valueParts[$a], 1);
} else {
$sel = '';
}
// Get value/label
$subParts = explode('=', $valueParts[$a]);
// Sets the value
$subParts[1] = isset($subParts[1]) ? trim($subParts[1]) : trim($subParts[0]);
// Adds the value/label pair to the items-array
$items[] = $subParts;
if ($sel) {
$default = $subParts[1];
}
}
// alternative default value:
$noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
$default = $this->getFieldDefaultValue($noValueInsert, $confData['fieldname'], $default);
// Create the select-box:
$iCount = count($items);
for ($a = 0; $a < $iCount; $a++) {
$optionParts = '';
$radioId = $prefix . $fName . $this->cleanFormName($items[$a][0]);
if ($accessibility) {
$radioLabelIdAttribute = ' id="' . $radioId . '"';
} else {
$radioLabelIdAttribute = '';
}
$optionParts .= '<input type="radio" name="' . $confData['fieldname'] . '"' . $radioLabelIdAttribute . ' value="' . $items[$a][1] . '"' . ((string) $items[$a][1] === (string) $default ? ' checked="checked"' : '') . $addParams . ' />';
if ($accessibility) {
$label = isset($conf['radioWrap.']) ? $this->cObj->stdWrap(trim($items[$a][0]), $conf['radioWrap.']) : trim($items[$a][0]);
$optionParts .= '<label for="' . $radioId . '">' . $label . '</label>';
} else {
$optionParts .= isset($conf['radioWrap.']) ? $this->cObj->stdWrap(trim($items[$a][0]), $conf['radioWrap.']) : trim($items[$a][0]);
}
$option .= isset($conf['radioInputWrap.']) ? $this->cObj->stdWrap($optionParts, $conf['radioInputWrap.']) : $optionParts;
}
if ($accessibility) {
$accessibilityWrap = isset($conf['radioWrap.']['accessibilityWrap.']) ? $this->cObj->stdWrap($conf['radioWrap.']['accessibilityWrap'], $conf['radioWrap.']['accessibilityWrap.']) : $conf['radioWrap.']['accessibilityWrap'];
if ($accessibilityWrap) {
$search = array('###RADIO_FIELD_ID###', '###RADIO_GROUP_LABEL###');
$replace = array($elementIdAttribute, $confData['label']);
$accessibilityWrap = str_replace($search, $replace, $accessibilityWrap);
$option = $this->cObj->wrap($option, $accessibilityWrap);
}
}
$fieldCode = $option;
break;
case 'hidden':
$value = trim($parts[2]);
// If this form includes an auto responder message, include a HMAC checksum field
// in order to verify potential abuse of this feature.
if ($value !== '') {
if (GeneralUtility::inList($confData['fieldname'], 'auto_respond_msg')) {
$hmacChecksum = GeneralUtility::hmac($value, 'content_form');
$hiddenfields .= sprintf('<input type="hidden" name="auto_respond_checksum" id="%sauto_respond_checksum" value="%s" />', $prefix, $hmacChecksum);
}
if (GeneralUtility::inList('recipient_copy,recipient', $confData['fieldname']) && $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
break;
}
if (GeneralUtility::inList('recipient_copy,recipient', $confData['fieldname'])) {
$value = \TYPO3\CMS\Compatibility6\Utility\FormUtility::codeString($value);
}
}
$hiddenfields .= sprintf('<input type="hidden" name="%s"%s value="%s" />', $confData['fieldname'], $elementIdAttribute, htmlspecialchars($value));
break;
case 'property':
if (GeneralUtility::inList('type,locationData,goodMess,badMess,emailMess', $confData['fieldname'])) {
$value = trim($parts[2]);
$propertyOverride[$confData['fieldname']] = $value;
$conf[$confData['fieldname']] = $value;
}
break;
case 'submit':
$value = trim($parts[2]);
if ($conf['image.']) {
$this->cObj->data[$this->cObj->currentValKey] = $value;
$image = $this->cObj->cObjGetSingle('IMG_RESOURCE', $conf['image.']);
$params = $conf['image.']['params'] ? ' ' . $conf['image.']['params'] : '';
$params .= $this->cObj->getAltParam($conf['image.'], false);
$params .= $addParams;
} else {
$image = '';
}
if ($image) {
$fieldCode = sprintf('<input type="image" name="%s"%s src="%s"%s />', $confData['fieldname'], $elementIdAttribute, $image, $params);
} else {
$fieldCode = sprintf('<input type="submit" name="%s"%s value="%s"%s />', $confData['fieldname'], $elementIdAttribute, htmlspecialchars($value, ENT_COMPAT, 'UTF-8', false), $addParams);
}
break;
case 'reset':
$value = trim($parts[2]);
$fieldCode = sprintf('<input type="reset" name="%s"%s value="%s"%s />', $confData['fieldname'], $elementIdAttribute, htmlspecialchars($value, ENT_COMPAT, 'UTF-8', false), $addParams);
break;
case 'label':
$fieldCode = nl2br(htmlspecialchars(trim($parts[2])));
break;
default:
$confData['type'] = 'comment';
$fieldCode = trim($parts[2]) . ' ';
}
if ($fieldCode) {
// Checking for special evaluation modes:
if (trim($parts[3]) !== '' && GeneralUtility::inList('textarea,input,password', $confData['type'])) {
$modeParameters = GeneralUtility::trimExplode(':', $parts[3]);
} else {
$modeParameters = array();
}
// Adding evaluation based on settings:
switch ((string) $modeParameters[0]) {
case 'EREG':
$fieldlist[] = '_EREG';
$fieldlist[] = $modeParameters[1];
$fieldlist[] = $modeParameters[2];
$fieldlist[] = $confData['fieldname'];
$fieldlist[] = $confData['label'];
// Setting this so "required" layout is used.
$confData['required'] = 1;
break;
case 'EMAIL':
$fieldlist[] = '_EMAIL';
$fieldlist[] = $confData['fieldname'];
$fieldlist[] = $confData['label'];
// Setting this so "required" layout is used.
$confData['required'] = 1;
break;
default:
if ($confData['required']) {
$fieldlist[] = $confData['fieldname'];
$fieldlist[] = $confData['label'];
}
}
// Field:
$fieldLabel = $confData['label'];
if ($accessibility && trim($fieldLabel) && !preg_match('/^(label|hidden|comment)$/', $confData['type'])) {
$fieldLabel = '<label for="' . $prefix . $fName . '">' . $fieldLabel . '</label>';
}
// Getting template code:
if (isset($conf['fieldWrap.'])) {
$fieldCode = $this->cObj->stdWrap($fieldCode, $conf['fieldWrap.']);
}
$labelCode = isset($conf['labelWrap.']) ? $this->cObj->stdWrap($fieldLabel, $conf['labelWrap.']) : $fieldLabel;
$commentCode = isset($conf['commentWrap.']) ? $this->cObj->stdWrap($confData['label'], $conf['commentWrap.']) : $confData['label'];
$result = $conf['layout'];
$req = isset($conf['REQ.']) ? $this->cObj->stdWrap($conf['REQ'], $conf['REQ.']) : $conf['REQ'];
if ($req && $confData['required']) {
if (isset($conf['REQ.']['fieldWrap.'])) {
$fieldCode = $this->cObj->stdWrap($fieldCode, $conf['REQ.']['fieldWrap.']);
}
if (isset($conf['REQ.']['labelWrap.'])) {
$labelCode = $this->cObj->stdWrap($fieldLabel, $conf['REQ.']['labelWrap.']);
}
$reqLayout = isset($conf['REQ.']['layout.']) ? $this->cObj->stdWrap($conf['REQ.']['layout'], $conf['REQ.']['layout.']) : $conf['REQ.']['layout'];
if ($reqLayout) {
$result = $reqLayout;
}
}
if ($confData['type'] == 'comment') {
$commentLayout = isset($conf['COMMENT.']['layout.']) ? $this->cObj->stdWrap($conf['COMMENT.']['layout'], $conf['COMMENT.']['layout.']) : $conf['COMMENT.']['layout'];
if ($commentLayout) {
$result = $commentLayout;
}
}
if ($confData['type'] == 'check') {
$checkLayout = isset($conf['CHECK.']['layout.']) ? $this->cObj->stdWrap($conf['CHECK.']['layout'], $conf['CHECK.']['layout.']) : $conf['CHECK.']['layout'];
if ($checkLayout) {
$result = $checkLayout;
}
}
if ($confData['type'] == 'radio') {
$radioLayout = isset($conf['RADIO.']['layout.']) ? $this->cObj->stdWrap($conf['RADIO.']['layout'], $conf['RADIO.']['layout.']) : $conf['RADIO.']['layout'];
if ($radioLayout) {
$result = $radioLayout;
}
}
if ($confData['type'] == 'label') {
$labelLayout = isset($conf['LABEL.']['layout.']) ? $this->cObj->stdWrap($conf['LABEL.']['layout'], $conf['LABEL.']['layout.']) : $conf['LABEL.']['layout'];
if ($labelLayout) {
$result = $labelLayout;
}
}
//RTF
$content .= str_replace(array('###FIELD###', '###LABEL###', '###COMMENT###'), array($fieldCode, $labelCode, $commentCode), $result);
}
}
}
if (isset($conf['stdWrap.'])) {
$content = $this->cObj->stdWrap($content, $conf['stdWrap.']);
}
// Redirect (external: where to go afterwards. internal: where to submit to)
$theRedirect = isset($conf['redirect.']) ? $this->cObj->stdWrap($conf['redirect'], $conf['redirect.']) : $conf['redirect'];
// redirect should be set to the page to redirect to after an external script has been used. If internal scripts is used, and if no 'type' is set that dictates otherwise, redirect is used as the url to jump to as long as it's an integer (page)
$target = isset($conf['target.']) ? $this->cObj->stdWrap($conf['target'], $conf['target.']) : $conf['target'];
// redirect should be set to the page to redirect to after an external script has been used. If internal scripts is used, and if no 'type' is set that dictates otherwise, redirect is used as the url to jump to as long as it's an integer (page)
$noCache = isset($conf['no_cache.']) ? $this->cObj->stdWrap($conf['no_cache'], $conf['no_cache.']) : $conf['no_cache'];
// redirect should be set to the page to redirect to after an external script has been used. If internal scripts is used, and if no 'type' is set that dictates otherwise, redirect is used as the url to jump to as long as it's an integer (page)
$page = $GLOBALS['TSFE']->page;
// Internal: Just submit to current page
if (!$theRedirect) {
$LD = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, 'index.php', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
} elseif (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($theRedirect)) {
// Internal: Submit to page with ID $theRedirect
$page = $GLOBALS['TSFE']->sys_page->getPage_noCheck($theRedirect);
$LD = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, 'index.php', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
} else {
// External URL, redirect-hidden field is rendered!
$LD = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, '', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
$LD['totalURL'] = $theRedirect;
$hiddenfields .= '<input type="hidden" name="redirect" value="' . htmlspecialchars($LD['totalURL']) . '" />';
}
// Formtype (where to submit to!):
if ($propertyOverride['type']) {
$formtype = $propertyOverride['type'];
} else {
$formtype = isset($conf['type.']) ? $this->cObj->stdWrap($conf['type'], $conf['type.']) : $conf['type'];
}
// Submit to a specific page
if (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($formtype)) {
$page = $GLOBALS['TSFE']->sys_page->getPage_noCheck($formtype);
$LD_A = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, '', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
$action = $LD_A['totalURL'];
} elseif ($formtype) {
// Submit to external script
$LD_A = $LD;
$action = $formtype;
} elseif (\TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($theRedirect)) {
$LD_A = $LD;
$action = $LD_A['totalURL'];
} else {
// Submit to "nothing" - which is current page
$LD_A = $GLOBALS['TSFE']->tmpl->linkData($GLOBALS['TSFE']->page, $target, $noCache, '', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
$action = $LD_A['totalURL'];
}
// Recipient:
$theEmail = isset($conf['recipient.']) ? $this->cObj->stdWrap($conf['recipient'], $conf['recipient.']) : $conf['recipient'];
if ($theEmail && !$GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
$theEmail = \TYPO3\CMS\Compatibility6\Utility\FormUtility::codeString($theEmail);
$hiddenfields .= '<input type="hidden" name="recipient" value="' . htmlspecialchars($theEmail) . '" />';
}
// location data:
$location = isset($conf['locationData.']) ? $this->cObj->stdWrap($conf['locationData'], $conf['locationData.']) : $conf['locationData'];
if ($location) {
if ($location == 'HTTP_POST_VARS' && isset($_POST['locationData'])) {
$locationData = GeneralUtility::_POST('locationData');
} else {
// locationData is [the page id]:[tablename]:[uid of record]. Indicates on which page the record (from tablename with uid) is shown. Used to check access.
if (isset($this->data['_LOCALIZED_UID'])) {
$locationData = $GLOBALS['TSFE']->id . ':' . str_replace($this->data['uid'], $this->data['_LOCALIZED_UID'], $this->cObj->currentRecord);
} else {
$locationData = $GLOBALS['TSFE']->id . ':' . $this->cObj->currentRecord;
}
}
$hiddenfields .= '<input type="hidden" name="locationData" value="' . htmlspecialchars($locationData) . '" />';
}
// Hidden fields:
if (is_array($conf['hiddenFields.'])) {
foreach ($conf['hiddenFields.'] as $hF_key => $hF_conf) {
if (substr($hF_key, -1) != '.') {
$hF_value = $this->cObj->cObjGetSingle($hF_conf, $conf['hiddenFields.'][$hF_key . '.'], 'hiddenfields');
if ((string) $hF_value !== '' && GeneralUtility::inList('recipient_copy,recipient', $hF_key)) {
if ($GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
continue;
}
$hF_value = \TYPO3\CMS\Compatibility6\Utility\FormUtility::codeString($hF_value);
}
$hiddenfields .= '<input type="hidden" name="' . $hF_key . '" value="' . htmlspecialchars($hF_value) . '" />';
}
}
}
// Wrap all hidden fields in a div tag (see http://forge.typo3.org/issues/14491)
$hiddenfields = isset($conf['hiddenFields.']['stdWrap.']) ? $this->cObj->stdWrap($hiddenfields, $conf['hiddenFields.']['stdWrap.']) : '<div style="display:none;">' . $hiddenfields . '</div>';
if ($conf['REQ']) {
$goodMess = isset($conf['goodMess.']) ? $this->cObj->stdWrap($conf['goodMess'], $conf['goodMess.']) : $conf['goodMess'];
$badMess = isset($conf['badMess.']) ? $this->cObj->stdWrap($conf['badMess'], $conf['badMess.']) : $conf['badMess'];
$emailMess = isset($conf['emailMess.']) ? $this->cObj->stdWrap($conf['emailMess'], $conf['emailMess.']) : $conf['emailMess'];
$validateForm = ' onsubmit="return validateForm(' . GeneralUtility::quoteJSvalue($formName) . ',' . GeneralUtility::quoteJSvalue(implode(',', $fieldlist)) . ',' . GeneralUtility::quoteJSvalue($goodMess) . ',' . GeneralUtility::quoteJSvalue($badMess) . ',' . GeneralUtility::quoteJSvalue($emailMess) . ')"';
$GLOBALS['TSFE']->additionalHeaderData['JSFormValidate'] = '<script type="text/javascript" src="' . GeneralUtility::createVersionNumberedFilename($GLOBALS['TSFE']->absRefPrefix . 'typo3/sysext/compatibility6/Resources/Public/JavaScript/jsfunc.validateform.js') . '"></script>';
} else {
$validateForm = '';
}
// Create form tag:
$theTarget = $theRedirect ? $LD['target'] : $LD_A['target'];
$method = isset($conf['method.']) ? $this->cObj->stdWrap($conf['method'], $conf['method.']) : $conf['method'];
$content = array('<form' . ' action="' . htmlspecialchars($action) . '"' . ' id="' . $formName . '"' . ($xhtmlStrict ? '' : ' name="' . $formName . '"') . ' enctype="multipart/form-data"' . ' method="' . ($method ? $method : 'post') . '"' . ($theTarget ? ' target="' . $theTarget . '"' : '') . $validateForm . '>', $hiddenfields . $content, '</form>');
$arrayReturnMode = isset($conf['arrayReturnMode.']) ? $this->cObj->stdWrap($conf['arrayReturnMode'], $conf['arrayReturnMode.']) : $conf['arrayReturnMode'];
if ($arrayReturnMode) {
$content['validateForm'] = $validateForm;
$content['formname'] = $formName;
return $content;
} else {
return implode('', $content);
}
}
/**
* ViewHelper combines Raw and RemoveXss Methods
*
* @return string
*/
public function render()
{
$string = $this->renderChildren();
$string = \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS($string);
return $string;
}
/**
* Helper method to escape/encode keywords for use in HTML
*
* @param string $keywords Keywords to prepare for use in HTML
* @return string Encoded keywords
*/
public static function cleanKeywords($keywords)
{
$keywords = trim($keywords);
$keywords = GeneralUtility::removeXSS($keywords);
$keywords = htmlentities($keywords, ENT_QUOTES, $GLOBALS['TSFE']->metaCharset);
// escape triple hashes as they are used in the template engine
// TODO remove after switching to fluid templates
$keywords = Template::escapeMarkers($keywords);
return $keywords;
}
/**
* Main function
* Will issue a location-header, redirecting either BACK or to a new FormEngine instance...
*
* @return void
*/
public function main()
{
if ($this->returnEditConf) {
if ($this->processDataFlag) {
// Preparing the data of the parent record...:
/** @var DataPreprocessor $dataPreprocessor */
$dataPreprocessor = GeneralUtility::makeInstance(DataPreprocessor::class);
// 'new'
$dataPreprocessor->fetchRecord($this->P['table'], $this->P['uid'], '');
$current = reset($dataPreprocessor->regTableItems_data);
// If that record was found (should absolutely be...), then init DataHandler and set, prepend or append the record
if (is_array($current)) {
/** @var DataHandler $dataHandler */
$dataHandler = GeneralUtility::makeInstance(DataHandler::class);
$dataHandler->stripslashes_values = FALSE;
$data = array();
$recordId = $this->table . '_' . $this->id;
// Setting the new field data:
// If the field is a flexForm field, work with the XML structure instead:
if ($this->P['flexFormPath']) {
// Current value of flexForm path:
$currentFlexFormData = GeneralUtility::xml2array($current[$this->P['field']]);
/** @var FlexFormTools $flexFormTools */
$flexFormTools = GeneralUtility::makeInstance(FlexFormTools::class);
$currentFlexFormValue = $flexFormTools->getArrayValueByPath($this->P['flexFormPath'], $currentFlexFormData);
$insertValue = '';
switch ((string) $this->P['params']['setValue']) {
case 'set':
$insertValue = $recordId;
break;
case 'prepend':
$insertValue = $currentFlexFormValue . ',' . $recordId;
break;
case 'append':
$insertValue = $recordId . ',' . $currentFlexFormValue;
break;
}
$insertValue = implode(',', GeneralUtility::trimExplode(',', $insertValue, TRUE));
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = array();
$flexFormTools->setArrayValueByPath($this->P['flexFormPath'], $data[$this->P['table']][$this->P['uid']][$this->P['field']], $insertValue);
} else {
switch ((string) $this->P['params']['setValue']) {
case 'set':
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = $recordId;
break;
case 'prepend':
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = $current[$this->P['field']] . ',' . $recordId;
break;
case 'append':
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = $recordId . ',' . $current[$this->P['field']];
break;
}
$data[$this->P['table']][$this->P['uid']][$this->P['field']] = implode(',', GeneralUtility::trimExplode(',', $data[$this->P['table']][$this->P['uid']][$this->P['field']], TRUE));
}
// Submit the data:
$dataHandler->start($data, array());
$dataHandler->process_datamap();
}
}
// Return to the parent FormEngine record editing session:
HttpUtility::redirect(GeneralUtility::sanitizeLocalUrl($this->P['returnUrl']));
} else {
// Redirecting to FormEngine with instructions to create a new record
// AND when closing to return back with information about that records ID etc.
$redirectUrl = BackendUtility::getModuleUrl('record_edit', array('returnEditConf' => 1, 'edit[' . $this->P['params']['table'] . '][' . $this->pid . ']' => 'new', 'returnUrl' => GeneralUtility::removeXSS(GeneralUtility::getIndpEnv('REQUEST_URI'))));
HttpUtility::redirect($redirectUrl);
}
}
/**
* Return the buttons used by the file list to include in the top header
*
* @param \TYPO3\CMS\Core\Resource\Folder $folderObject
* @return array
*/
public function getButtonsAndOtherMarkers(\TYPO3\CMS\Core\Resource\Folder $folderObject)
{
$otherMarkers = array('PAGE_ICON' => '', 'TITLE' => '');
$buttons = array('level_up' => '', 'refresh' => '', 'title' => '', 'page_icon' => '');
// Makes the code for the foldericon in the top
if ($folderObject) {
list($title, $icon, $path) = $this->dirData($folderObject);
$title = htmlspecialchars($folderObject->getIdentifier());
// Start compiling the HTML
// @todo: how to fix this? $title = $GLOBALS['SOBE']->basicFF->blindPath($title);
// If this is some subpage under the mount root....
if ($folderObject->getStorage()->isWithinFileMountBoundaries($folderObject)) {
// The icon with link
$otherMarkers['PAGE_ICON'] = \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon($icon, array('title' => $title));
$buttons['level_up'] = $this->linkWrapDir(\TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-view-go-up', array('title' => $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:labels.upOneLevel', 1))), $folderObject);
// No HTML specialchars here - HTML like <strong> </strong> is allowed
$otherMarkers['TITLE'] .= \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($title, -($this->fixedL + 20)));
} else {
// This is the root page
$otherMarkers['PAGE_ICON'] = \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('apps-filetree-root');
$otherMarkers['TITLE'] .= htmlspecialchars(\TYPO3\CMS\Core\Utility\GeneralUtility::fixed_lgd_cs($title, -($this->fixedL + 20)));
}
if ($this->clickMenus) {
$otherMarkers['PAGE_ICON'] = $GLOBALS['SOBE']->doc->wrapClickMenuOnIcon($otherMarkers['PAGE_ICON'], $folderObject->getCombinedIdentifier());
}
}
$buttons['refresh'] = '<a href="' . htmlspecialchars($this->listURL()) . '" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xml:labels.reload', 1) . '">' . \TYPO3\CMS\Backend\Utility\IconUtility::getSpriteIcon('actions-system-refresh') . '</a>';
return array($buttons, $otherMarkers);
}
/**
* Setter for the search query string.
*
* @param string $queryString
* @return void
* @see \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS()
*/
public function setQueryString($queryString)
{
$this->queryString = GeneralUtility::removeXSS($queryString);
}
/**
* This method does XSS checks and escapes malicious data
*
* @param array $values The GET/POST parameters
* @return array The sanitized GET/POST parameters
*/
public function sanitizeValues($values)
{
if (!is_array($values)) {
return [];
}
foreach ($values as $key => $value) {
if (!in_array($key, $this->doNotSanitizeFields) && is_array($value)) {
$sanitizedArray[$key] = $this->sanitizeValues($value);
} elseif (!in_array($key, $this->doNotSanitizeFields) && strlen(trim($value)) > 0) {
$removeChars = $this->removeChars;
//search for a specific setting for this field
$fieldSetting = $this->settings['fieldConf.'][$key . '.'];
if ($fieldSetting['removeChars']) {
$sep = ',';
//user set custom rules via cObject
$cObjSettings = $fieldSetting['removeChars.'];
if (is_array($cObjSettings)) {
$list = $this->utilityFuncs->getSingle($fieldSetting, 'removeChars');
//user set custom separator
if ($fieldSetting['separator']) {
$sep = $this->utilityFuncs->getSingle($fieldSetting, 'separator');
}
} else {
//user entered a comma seperated list
$list = $fieldSetting['removeChars'];
}
$removeChars = \TYPO3\CMS\Core\Utility\GeneralUtility::trimExplode($sep, $list);
} elseif (intval($this->utilityFuncs->getSingle($fieldSetting['removeChars.'], 'disable')) === 1) {
//user disabled removal for this field
$removeChars = [];
}
$value = str_replace("\t", '', $value);
$value = str_replace($removeChars, ' ', $value);
$isUTF8 = $this->isUTF8($value);
if (!$isUTF8) {
$value = utf8_encode($value);
}
$value = \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS($value);
if (!$isUTF8) {
$value = utf8_decode($value);
}
$sanitizedArray[$key] = $value;
} else {
$sanitizedArray[$key] = $value;
}
}
return $sanitizedArray;
}
/**
* Receiving the AJAX request and updating the database
*
* @return void
*/
public function ajaxexampleAction()
{
$rowGP = GeneralUtility::_GP('row');
$colGP = GeneralUtility::_GP('col');
$newValueGP = GeneralUtility::_GP('newValue');
$newValueGP = GeneralUtility::removeXSS($newValueGP);
$currentObject = $this->dataRepository->findByUid($rowGP);
if (!is_object($currentObject)) {
echo FALSE;
die;
}
$setPropertyFunction = 'set' . ucwords(str_replace('_', '', $colGP));
$currentObject->{$setPropertyFunction}($newValueGP);
$this->dataRepository->update($currentObject);
$this->view = NULL;
echo TRUE;
}
/**
* Save some data from piVars as address into database.
*
* @param bool $new If this is TRUE, a new address will be created,
* otherwise it searches for an existing dataset and updates it
* @param int $addressType Type of address delivered by piVars
*/
protected function saveAddressData($new = false, $addressType = 0)
{
// Hooks to process new/changed address
$hooks = HookFactory::getHooks('Controller/AddressesController', 'saveAddress');
$database = $this->getDatabaseConnection();
$newData = array();
// Set basic data
if (empty($addressType)) {
$addressType = 0;
}
if ($this->piVars['ismainaddress'] == 'on') {
$newData['tx_commerce_is_main_address'] = 1;
// Remove all "is main address" flags from addresses that
// are assigned to this user
$database->exec_UPDATEquery('tt_address', 'pid = ' . $this->conf['addressPid'] . ' AND tx_commerce_fe_user_id = ' . $this->user['uid'] . ' AND tx_commerce_address_type_id = ' . $addressType, array('tx_commerce_is_main_address' => 0));
} else {
$newData['tx_commerce_is_main_address'] = 0;
}
$newData['tstamp'] = time();
foreach ($this->fieldList as $name) {
$newData[$name] = \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS(strip_tags($this->piVars[$name]));
if (!$new) {
$this->addresses[(int) $this->piVars['addressid']][$name] = $newData[$name];
}
}
if ($new) {
$newData['tx_commerce_fe_user_id'] = $this->user['uid'];
$newData['tx_commerce_address_type_id'] = $addressType;
$newData['pid'] = $this->conf['addressPid'];
foreach ($hooks as $hookObj) {
if (method_exists($hookObj, 'beforeAddressSave')) {
$hookObj->beforeAddressSave($newData, $this);
}
}
$database->exec_INSERTquery('tt_address', $newData);
$newUid = $database->sql_insert_id();
foreach ($hooks as $hookObj) {
if (method_exists($hookObj, 'afterAddressSave')) {
$hookObj->afterAddressSave($newUid, $newData, $this);
}
}
$this->addresses = $this->getAddresses((int) $this->user['uid']);
} else {
foreach ($hooks as $hookObj) {
if (method_exists($hookObj, 'beforeAddressEdit')) {
$hookObj->beforeAddressEdit((int) $this->piVars['addressid'], $newData, $this);
}
}
$sWhere = 'uid = ' . (int) $this->piVars['addressid'] . ' AND tx_commerce_fe_user_id = ' . $this->getFrontendUser()->user['uid'];
$database->exec_UPDATEquery('tt_address', $sWhere, $newData);
foreach ($hooks as $hookObj) {
if (method_exists($hookObj, 'afterAddressEdit')) {
$hookObj->afterAddressEdit((int) $this->piVars['addressid'], $newData, $this);
}
}
}
}
/**
* Setter for the search query string.
*
* @param string $queryString
* @return void
* @see t3lib_div::removeXSS()
*/
public function setQueryString($queryString)
{
$this->queryString = \TYPO3\CMS\Core\Utility\GeneralUtility::removeXSS($queryString);
}
/**
* Logs calls passed to \TYPO3\CMS\Core\Utility\GeneralUtility::devLog().
*
* $logData = array('msg'=>$msg, 'extKey'=>$extKey, 'severity'=>$severity, 'dataVar'=>$dataVar);
* 'msg' string Message (in english).
* 'extKey' string Extension key (from which extension you are calling the log)
* 'severity' integer Severity: 0 is info, 1 is notice, 2 is warning, 3 is fatal error, -1 is "OK" message
* 'dataVar' array Additional data you want to pass to the logger.
*
* @param array $logData Log data
* @return void
*/
public function log($logData)
{
// If logging is disabled, abort immediately
if (!$this->isLoggingEnabled) {
return;
}
// Add IP address for validation
$logData['ip'] = GeneralUtility::getIndpEnv('REMOTE_ADDR');
// If the log entry doesn't pass the basic filters, exit early doing nothing
if (!$this->isEntryAccepted($logData)) {
return;
}
// Disable logging while inside the devlog, to avoid recursive calls
$this->isLoggingEnabled = FALSE;
// Create an entry and fill it with data
/** @var \Devlog\Devlog\Domain\Model\Entry $entry */
$entry = GeneralUtility::makeInstance('Devlog\\Devlog\\Domain\\Model\\Entry');
$entry->setRunId($this->runId);
$entry->setSorting($this->counter);
$this->counter++;
$entry->setCrdate($GLOBALS['EXEC_TIME']);
$entry->setMessage(GeneralUtility::removeXSS($logData['msg']));
$entry->setExtkey(strip_tags($logData['extKey']));
$entry->setSeverity(intval($logData['severity']));
$entry->setExtraData($logData['dataVar']);
// Try to get a page id that makes sense
$pid = 0;
// In the FE context, this is obviously the current page
if (TYPO3_MODE == 'FE') {
$pid = $GLOBALS['TSFE']->id;
// In other contexts, a global variable may be set with a relevant pid
} elseif (isset($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['debugData']['pid'])) {
$pid = $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['GLOBAL']['debugData']['pid'];
}
$entry->setPid($pid);
$entry->setCruserId(isset($GLOBALS['BE_USER']->user['uid']) ? $GLOBALS['BE_USER']->user['uid'] : 0);
$entry->setIp($logData['ip']);
// Get information about the place where this method was called from
try {
$callPlaceInfo = $this->getCallPlaceInfo(debug_backtrace());
$entry->setLocation($callPlaceInfo['basename']);
$entry->setLine($callPlaceInfo['line']);
} catch (\OutOfBoundsException $e) {
// Do nothing
}
// Loop on all writers to output the log entry to some backend
/** @var \Devlog\Devlog\Writer\WriterInterface $logWriter */
foreach ($this->logWriters as $logWriter) {
$logWriter->write($entry);
}
$this->isLoggingEnabled = TRUE;
}
/**
* Returns a valid and XSS cleaned url for redirect, checked against configuration "allowedRedirectHosts"
*
* @param string $url
* @return string cleaned referer or empty string if not valid
*/
protected function validateRedirectUrl($url)
{
$url = strval($url);
if ($url === '') {
return '';
}
$decodedUrl = rawurldecode($url);
$sanitizedUrl = GeneralUtility::removeXSS($decodedUrl);
if ($decodedUrl !== $sanitizedUrl || preg_match('#["<>\\\\]+#', $url)) {
GeneralUtility::sysLog(sprintf($this->pi_getLL('xssAttackDetected'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
return '';
}
// Validate the URL:
if ($this->isRelativeUrl($url) || $this->isInCurrentDomain($url) || $this->isInLocalDomain($url)) {
return $url;
}
// URL is not allowed
GeneralUtility::sysLog(sprintf($this->pi_getLL('noValidRedirectUrl'), $url), 'felogin', GeneralUtility::SYSLOG_SEVERITY_WARNING);
return '';
}
/**
* Return the buttons used by the file list to include in the top header
*
* @param \TYPO3\CMS\Core\Resource\Folder $folderObject
* @return array
*/
public function getButtonsAndOtherMarkers(\TYPO3\CMS\Core\Resource\Folder $folderObject)
{
$otherMarkers = array('PAGE_ICON' => '', 'TITLE' => '');
$buttons = array('level_up' => $this->getLinkToParentFolder($folderObject), 'refresh' => '', 'title' => '', 'page_icon' => '', 'PASTE' => '');
// Makes the code for the folder icon in the top
if ($folderObject) {
$title = htmlspecialchars($folderObject->getIdentifier());
// Start compiling the HTML
// If this is some subFolder under the mount root....
if ($folderObject->getStorage()->isWithinFileMountBoundaries($folderObject)) {
// The icon with link
$otherMarkers['PAGE_ICON'] = IconUtility::getSpriteIconForResource($folderObject, array('title' => $title));
// No HTML specialchars here - HTML like <strong> </strong> is allowed
$otherMarkers['TITLE'] .= GeneralUtility::removeXSS(GeneralUtility::fixed_lgd_cs($title, -($this->fixedL + 20)));
} else {
// This is the root folder
$otherMarkers['PAGE_ICON'] = IconUtility::getSpriteIconForResource($folderObject, array('title' => $title, 'mount-root' => TRUE));
$otherMarkers['TITLE'] .= htmlspecialchars(GeneralUtility::fixed_lgd_cs($title, -($this->fixedL + 20)));
}
if ($this->clickMenus) {
$otherMarkers['PAGE_ICON'] = $GLOBALS['SOBE']->doc->wrapClickMenuOnIcon($otherMarkers['PAGE_ICON'], $folderObject->getCombinedIdentifier());
}
// Add paste button if clipboard is initialized
if ($this->clipObj instanceof \TYPO3\CMS\Backend\Clipboard\Clipboard) {
$elFromTable = $this->clipObj->elFromTable('_FILE');
if (count($elFromTable)) {
$buttons['PASTE'] = '<a href="' . htmlspecialchars($this->clipObj->pasteUrl('_FILE', $this->folderObject->getCombinedIdentifier())) . '" onclick="return ' . htmlspecialchars($this->clipObj->confirmMsg('_FILE', $this->path, 'into', $elFromTable)) . '" title="' . $GLOBALS['LANG']->getLL('clip_paste', TRUE) . '">' . IconUtility::getSpriteIcon('actions-document-paste-after') . '</a>';
}
}
}
$buttons['refresh'] = '<a href="' . htmlspecialchars($this->listURL()) . '" title="' . $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:labels.reload', TRUE) . '">' . IconUtility::getSpriteIcon('actions-system-refresh') . '</a>';
return array($buttons, $otherMarkers);
}
/**
* Return the buttons used by the file list to include in the top header
*
* @param Folder $folderObject
* @return array
*/
public function getButtonsAndOtherMarkers(Folder $folderObject)
{
$otherMarkers = array('PAGE_ICON' => '', 'TITLE' => '');
$buttons = array('level_up' => $this->getLinkToParentFolder($folderObject), 'refresh' => '', 'title' => '', 'page_icon' => '', 'PASTE' => '');
// Makes the code for the folder icon in the top
if ($folderObject) {
$title = htmlspecialchars($folderObject->getReadablePath());
// Start compiling the HTML
// If this is some subFolder under the mount root....
if ($folderObject->getStorage()->isWithinFileMountBoundaries($folderObject)) {
// The icon with link
$otherMarkers['PAGE_ICON'] = IconUtility::getSpriteIconForResource($folderObject, array('title' => $title));
// No HTML specialchars here - HTML like <strong> </strong> is allowed
$otherMarkers['TITLE'] .= GeneralUtility::removeXSS(GeneralUtility::fixed_lgd_cs($title, -($this->fixedL + 20)));
} else {
// This is the root folder
$otherMarkers['PAGE_ICON'] = IconUtility::getSpriteIconForResource($folderObject, array('title' => $title, 'mount-root' => TRUE));
$otherMarkers['TITLE'] .= htmlspecialchars(GeneralUtility::fixed_lgd_cs($title, -($this->fixedL + 20)));
}
if ($this->clickMenus) {
$otherMarkers['PAGE_ICON'] = $GLOBALS['SOBE']->doc->wrapClickMenuOnIcon($otherMarkers['PAGE_ICON'], $folderObject->getCombinedIdentifier());
}
// Add paste button if clipboard is initialized
if ($this->clipObj instanceof Clipboard && $folderObject->checkActionPermission('write')) {
$elFromTable = $this->clipObj->elFromTable('_FILE');
if (!empty($elFromTable)) {
$addPasteButton = TRUE;
$elToConfirm = array();
foreach ($elFromTable as $key => $element) {
$clipBoardElement = $this->resourceFactory->retrieveFileOrFolderObject($element);
if ($clipBoardElement instanceof Folder && $clipBoardElement->getStorage()->isWithinFolder($clipBoardElement, $folderObject)) {
$addPasteButton = FALSE;
}
$fileInfo = $clipBoardElement->getStorage()->getFileInfoByIdentifier(substr(strstr($element, ':'), 1));
$elToConfirm[$key] = $fileInfo['name'];
}
if ($addPasteButton) {
$buttons['PASTE'] = '<a href="' . htmlspecialchars($this->clipObj->pasteUrl('_FILE', $folderObject->getCombinedIdentifier())) . '" onclick="return ' . htmlspecialchars($this->clipObj->confirmMsg('_FILE', $this->path, 'into', $elToConfirm)) . '" title="' . $this->getLanguageService()->getLL('clip_paste', TRUE) . '">' . IconUtility::getSpriteIcon('actions-document-paste-after') . '</a>';
}
}
}
}
$buttons['refresh'] = '<a href="' . htmlspecialchars($this->listURL()) . '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:labels.reload', TRUE) . '">' . IconUtility::getSpriteIcon('actions-system-refresh') . '</a>';
return array($buttons, $otherMarkers);
}
/**
* Sanitize comment content
*
* @param Comment $comment
*
* @return void
*/
protected function sanitizeComment(Comment $comment)
{
$allowTags = $this->settings['blogsystem']['comments']['allowTags'];
$comment->setText(GeneralUtility::removeXSS(strip_tags($comment->getText(), trim($allowTags))));
}
