/** * The init Function, to check the access rights * * @return void */ function init() { $this->arrExtConf = $this->GetExtConf(); $this->u = intval(t3lib_div::_GP('u')); if (!$this->u) { $this->u = 0; } $this->hash = t3lib_div::_GP('hash'); $this->t = t3lib_div::_GP('t'); $this->file = t3lib_div::_GP('file'); $this->data = $this->u . $this->file . $this->t; $this->checkhash = t3lib_div::hmac($this->data); // Hook for init: if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/naw_securedl/class.tx_nawsecuredl_output.php']['init'])) { $_params = array('pObj' => &$this); foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/naw_securedl/class.tx_nawsecuredl_output.php']['init'] as $_funcRef) { t3lib_div::callUserFunction($_funcRef, $_params, $this); } } if ($this->checkhash != $this->hash) { header('HTTP/1.1 403 Forbidden'); exit('Access denied!'); } if (intval($this->t) < time()) { header('HTTP/1.1 403 Forbidden'); exit('Access denied!'); } $this->feUserObj = tslib_eidtools::initFeUser(); tslib_eidtools::connectDB(); if ($this->u != 0) { $feuser = $this->feUserObj->user['uid']; if ($this->u != $feuser) { header('HTTP/1.1 403 Forbidden'); exit('Access denied!'); } } }
/** * Returns a URL parameter string setting parameters for secure downloads by "jumpurl". * Helper function for filelink() * * @param string The URL to jump to, basically the filepath * @param array TypoScript properties for the "jumpurl.secure" property of "filelink" * @return string URL parameters like "&juSecure=1....." * @access private * @see filelink() */ function locDataJU($jumpUrl, $conf) { $fI = pathinfo($jumpUrl); $mimetype = ''; $mimetypeValue = ''; if ($fI['extension']) { $mimeTypes = t3lib_div::trimExplode(',', $conf['mimeTypes'], 1); foreach ($mimeTypes as $v) { $parts = explode('=', $v, 2); if (strtolower($fI['extension']) == strtolower(trim($parts[0]))) { $mimetypeValue = trim($parts[1]); $mimetype = '&mimeType=' . rawurlencode($mimetypeValue); break; } } } $locationData = $GLOBALS['TSFE']->id . ':' . $this->currentRecord; $rec = '&locationData=' . rawurlencode($locationData); $hArr = array($jumpUrl, $locationData, $mimetypeValue); $juHash = '&juHash=' . t3lib_div::hmac(serialize($hArr)); return '&juSecure=1' . $mimetype . $rec . $juHash; }
/** * @test */ public function tokenFromSessionDataIsAvailableForValidateToken() { $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd'; $formName = 'foo'; $action = 'edit'; $formInstanceName = '42'; $tokenId = \t3lib_div::hmac($formName . $action . $formInstanceName . $sessionToken); $_SESSION['installToolFormToken'] = $sessionToken; $this->fixture->retrieveSessionToken(); $this->assertTrue($this->fixture->validateToken($tokenId, $formName, $action, $formInstanceName)); }
/** * Determines whether submitted field change functions are valid * and are coming from the system and not from an external abuse. * * @return boolean Whether the submitted field change functions are valid */ protected function areFieldChangeFunctionsValid() { return isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash']) && $this->P['fieldChangeFuncHash'] == t3lib_div::hmac(serialize($this->P['fieldChangeFunc'])); }
/** * Start function * This class is able to generate a mail in formmail-style from the data in $V * Fields: * * [recipient]: email-adress of the one to receive the mail. If array, then all values are expected to be recipients * [attachment]: .... * * [subject]: The subject of the mail * [from_email]: Sender email. If not set, [email] is used * [from_name]: Sender name. If not set, [name] is used * [replyto_email]: Reply-to email. If not set [from_email] is used * [replyto_name]: Reply-to name. If not set [from_name] is used * [organisation]: Organization (header) * [priority]: Priority, 1-5, default 3 * [html_enabled]: If mail is sent as html * [use_base64]: If set, base64 encoding will be used instead of quoted-printable * * @param array Contains values for the field names listed above (with slashes removed if from POST input) * @param boolean Whether to base64 encode the mail content * @return void */ function start($valueList, $base64 = false) { $this->mailMessage = t3lib_div::makeInstance('t3lib_mail_Message'); if ($GLOBALS['TSFE']->config['config']['formMailCharset']) { // Respect formMailCharset if it was set $this->characterSet = $GLOBALS['TSFE']->csConvObj->parse_charset($GLOBALS['TSFE']->config['config']['formMailCharset']); } elseif ($GLOBALS['TSFE']->metaCharset != $GLOBALS['TSFE']->renderCharset) { // Use metaCharset for mail if different from renderCharset $this->characterSet = $GLOBALS['TSFE']->metaCharset; } if ($base64 || $valueList['use_base64']) { $this->encoding = 'base64'; } if (isset($valueList['recipient'])) { // convert form data from renderCharset to mail charset $this->subject = $valueList['subject'] ? $valueList['subject'] : 'Formmail on ' . t3lib_div::getIndpEnv('HTTP_HOST'); $this->subject = $this->sanitizeHeaderString($this->subject); $this->fromName = $valueList['from_name'] ? $valueList['from_name'] : ($valueList['name'] ? $valueList['name'] : ''); $this->fromName = $this->sanitizeHeaderString($this->fromName); $this->replyToName = $valueList['replyto_name'] ? $valueList['replyto_name'] : $this->fromName; $this->replyToName = $this->sanitizeHeaderString($this->replyToName); $this->organisation = $valueList['organisation'] ? $valueList['organisation'] : ''; $this->organisation = $this->sanitizeHeaderString($this->organisation); $this->fromAddress = $valueList['from_email'] ? $valueList['from_email'] : ($valueList['email'] ? $valueList['email'] : ''); if (!t3lib_div::validEmail($this->fromAddress)) { $this->fromAddress = t3lib_utility_Mail::getSystemFromAddress(); $this->fromName = t3lib_utility_Mail::getSystemFromName(); } $this->replyToAddress = $valueList['replyto_email'] ? $valueList['replyto_email'] : $this->fromAddress; $this->priority = $valueList['priority'] ? t3lib_div::intInRange($valueList['priority'], 1, 5) : 3; // auto responder $this->autoRespondMessage = trim($valueList['auto_respond_msg']) && $this->fromAddress ? trim($valueList['auto_respond_msg']) : ''; if ($this->autoRespondMessage !== '') { // Check if the value of the auto responder message has been modified with evil intentions $autoRespondChecksum = $valueList['auto_respond_checksum']; $correctHmacChecksum = t3lib_div::hmac($this->autoRespondMessage); if ($autoRespondChecksum !== $correctHmacChecksum) { t3lib_div::sysLog('Possible misuse of t3lib_formmail auto respond method. Subject: ' . $valueList['subject'], 'Core', 3); return; } else { $this->autoRespondMessage = $this->sanitizeHeaderString($this->autoRespondMessage); } } $plainTextContent = ''; $htmlContent = '<table border="0" cellpadding="2" cellspacing="2">'; // Runs through $V and generates the mail if (is_array($valueList)) { foreach ($valueList as $key => $val) { if (!t3lib_div::inList($this->reserved_names, $key)) { $space = strlen($val) > 60 ? LF : ''; $val = is_array($val) ? implode($val, LF) : $val; // convert form data from renderCharset to mail charset (HTML may use entities) $plainTextValue = $val; $HtmlValue = htmlspecialchars($val); $plainTextContent .= strtoupper($key) . ': ' . $space . $plainTextValue . LF . $space; $htmlContent .= '<tr><td bgcolor="#eeeeee"><font face="Verdana" size="1"><strong>' . strtoupper($key) . '</strong></font></td><td bgcolor="#eeeeee"><font face="Verdana" size="1">' . nl2br($HtmlValue) . ' </font></td></tr>'; } } } $htmlContent .= '</table>'; $this->plainContent = $plainTextContent; if ($valueList['html_enabled']) { $this->mailMessage->setBody($htmlContent, 'text/html'); $this->mailMessage->addPart($plainTextContent, 'text/plain'); } else { $this->mailMessage->setBody($plainTextContent, 'text/plain'); } for ($a = 0; $a < 10; $a++) { $variableName = 'attachment' . ($a ? $a : ''); if (!isset($_FILES[$variableName])) { continue; } if (!is_uploaded_file($_FILES[$variableName]['tmp_name'])) { t3lib_div::sysLog('Possible abuse of t3lib_formmail: temporary file "' . $_FILES[$variableName]['tmp_name'] . '" ("' . $_FILES[$variableName]['name'] . '") was not an uploaded file.', 'Core', 3); } if ($_FILES[$variableName]['tmp_name']['error'] !== UPLOAD_ERR_OK) { t3lib_div::sysLog('Error in uploaded file in t3lib_formmail: temporary file "' . $_FILES[$variableName]['tmp_name'] . '" ("' . $_FILES[$variableName]['name'] . '") Error code: ' . $_FILES[$variableName]['tmp_name']['error'], 'Core', 3); } $theFile = t3lib_div::upload_to_tempfile($_FILES[$variableName]['tmp_name']); $theName = $_FILES[$variableName]['name']; if ($theFile && file_exists($theFile)) { if (filesize($theFile) < $GLOBALS['TYPO3_CONF_VARS']['FE']['formmailMaxAttachmentSize']) { $this->mailMessage->attach(Swift_Attachment::fromPath($theFile)->setFilename($theName)); } } $this->temporaryFiles[] = $theFile; } $from = $this->fromName ? array($this->fromAddress => $this->fromName) : array($this->fromAddress); $this->recipient = $this->parseAddresses($valueList['recipient']); $this->mailMessage->setSubject($this->subject)->setFrom($from)->setTo($this->recipient)->setPriority($this->priority); $replyTo = $this->replyToName ? array($this->replyToAddress => $this->replyToName) : array($this->replyToAddress); $this->mailMessage->addReplyTo($replyTo); $this->mailMessage->getHeaders()->addTextHeader('Organization', $this->organisation); if ($valueList['recipient_copy']) { $this->mailMessage->addCc($this->parseAddresses($valueList['recipient_copy'])); } if ($this->characterSet) { $this->mailMessage->setCharset($this->characterSet); } // Ignore target encoding. This is handled automatically by Swift Mailer and overriding the defaults // is not worth the trouble // log dirty header lines if ($this->dirtyHeaders) { t3lib_div::sysLog('Possible misuse of t3lib_formmail: see TYPO3 devLog', 'Core', 3); if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_DLOG']) { t3lib_div::devLog('t3lib_formmail: ' . t3lib_div::arrayToLogString($this->dirtyHeaders, '', 200), 'Core', 3); } } } }
/** * [Describe function...] * * @param [type] $element: ... * @return [type] ... */ function makeSecure($element) { //header("Content-type: text/css; charset=UTF-8"); if ($GLOBALS['TSFE']->fe_user->user['uid']) { $this->feuser = $GLOBALS['TSFE']->fe_user->user['uid']; } else { $this->feuser = 0; } //$securefilename = 'secure.php'; $securefilename = 'index.php?eID=tx_nawsecuredl'; //$tmp = explode(PATH_site,t3lib_extMgm::extPath('naw_securedl'),2); //$pre_dir = dirname(t3lib_div::getIndpEnv('SCRIPT_NAME')); //$pre_dir = str_replace('\\','/',$pre_dir); //if ($pre_dir != '/') $pre_dir .= '/'; //$path_and_file_to_secure = $pre_dir.$tmp[1].$securefilename; $path_and_file_to_secure = $securefilename; $cachetimeadd = $this->extConf['cachetimeadd']; if ($GLOBALS['TSFE']->page['cache_timeout'] == 0) { $timeout = 86400 + time() + $cachetimeadd; } else { $timeout = $GLOBALS['TSFE']->page['cache_timeout'] + time() + $cachetimeadd; } // $element contains the URL which is already urlencoded by TYPO3. // Since we check the hash in the output script using the decoded filename we must decode it here also! $data = $this->feuser . rawurldecode($element) . $timeout; $hash = t3lib_div::hmac($data); $file = $element; $returnPath = $path_and_file_to_secure . '&u=' . $this->feuser . '&file=' . $file . '&t=' . $timeout . '&hash=' . $hash; // Hook for makeSecure: if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/naw_securedl/class.tx_nawsecuredl.php']['makeSecure'])) { foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/naw_securedl/class.tx_nawsecuredl.php']['makeSecure'] as $_funcRef) { $returnPath = t3lib_div::callUserFunction($_funcRef, $returnPath, $this); } } return $returnPath; }
/** * @test */ public function tokenFromSessionDataIsAvailableForValidateToken() { $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd'; $formName = 'foo'; $action = 'edit'; $formInstanceName = '42'; $tokenId = \t3lib_div::hmac($formName . $action . $formInstanceName . $sessionToken); $GLOBALS['BE_USER']->expects($this->atLeastOnce())->method('getSessionData')->with('formSessionToken')->will($this->returnValue($sessionToken)); $this->fixture->retrieveSessionToken(); $this->assertTrue($this->fixture->validateToken($tokenId, $formName, $action, $formInstanceName)); }
/** * Generates the tipUrl link for the configuration. * * @return string */ protected function tiplink() { $url = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL'); $subpart = $this->cObj->getSubpart($this->templateCode, '###TEMPLATE_TIPLINK###'); // Generate link configuration $tConf = $this->typolink_conf; $tConf['additionalParams'] .= '&tipUrl=' . rawurlencode($url) . '&tipHash=' . t3lib_div::hmac($url, $this->hmacSalt); if (empty($subpart)) { // Support native link output for easier update if (!empty($this->conf['value'])) { $value = $this->cObj->stdWrap($this->conf['value'], $this->conf['value.']); } else { $value = $this->pi_getLL('link'); } return $this->cObj->typoLink($value, $tConf); } else { // Generate markerArray for template substitution $wrappedSubpartArray = array(); $wrappedSubpartArray['###LINK###'] = $this->cObj->typolinkWrap($tConf); $markerArray = array(); $markerArray['###URL###'] = $url; $markerArray['###URL_ENCODED###'] = rawurlencode($url); $markerArray['###URL_SPECIALCHARS###'] = htmlspecialchars($url); $markerArray['###TAF_LINK###'] = $this->pi_getLL('link'); // Substitute $content = $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, array(), $wrappedSubpartArray); return $content; } }
/** * Init function, setting the input vars in the global space. * * @return void */ function init() { // Loading internal vars with the GET/POST parameters from outside: $this->file = t3lib_div::_GP('file'); $parametersArray = t3lib_div::_GP('parameters'); $this->frame = t3lib_div::_GP('frame'); $this->md5 = t3lib_div::_GP('md5'); // *********************** // Check parameters // *********************** // If no file-param or parameters are given, we must exit if (!$this->file || !isset($parametersArray) || !is_array($parametersArray)) { throw new UnexpectedValueException('Parameter Error: No file or no parameters given.'); } $this->parametersEncoded = implode($parametersArray); // Chech md5-checksum: If this md5-value does not match the one submitted, then we fail... (this is a kind of security that somebody don't just hit the script with a lot of different parameters $md5_value = t3lib_div::hmac(implode('|', array($this->file, $this->parametersEncoded))); if ($md5_value != $this->md5) { throw new UnexpectedValueException('Parameter Error: Wrong parameters sent.'); } $parameters = unserialize(base64_decode($this->parametersEncoded)); foreach ($parameters as $parameterName => $parameterValue) { $this->{$parameterName} = $parameterValue; } // *********************** // Check the file. If must be in a directory beneath the dir of this script... // $this->file remains unchanged, because of the code in stdgraphic, but we do check if the file exists within the current path // *********************** $test_file = PATH_site . $this->file; if (!t3lib_div::validPathStr($test_file)) { throw new UnexpectedValueException('Parameter Error: No valid filepath'); } if (!@is_file($test_file)) { throw new UnexpectedValueException('The given file was not found'); } }
/** * Rendering wizards for form fields. * * @param array Array with the real item in the first value, and an alternative item in the second value. * @param array The "wizard" key from the config array for the field (from TCA) * @param string Table name * @param array The record array * @param string The field name * @param array Additional configuration array. (passed by reference!) * @param string The field name * @param array Special configuration if available. * @param boolean Whether the RTE could have been loaded. * @return string The new item value. */ function renderWizards($itemKinds, $wizConf, $table, $row, $field, &$PA, $itemName, $specConf, $RTE = 0) { // Init: $fieldChangeFunc = $PA['fieldChangeFunc']; $item = $itemKinds[0]; $outArr = array(); $colorBoxLinks = array(); $fName = '[' . $table . '][' . $row['uid'] . '][' . $field . ']'; $md5ID = 'ID' . t3lib_div::shortmd5($itemName); $listFlag = '_list'; $prefixOfFormElName = 'data[' . $table . '][' . $row['uid'] . '][' . $field . ']'; if (t3lib_div::isFirstPartOfStr($PA['itemFormElName'], $prefixOfFormElName)) { $flexFormPath = str_replace('][', '/', substr($PA['itemFormElName'], strlen($prefixOfFormElName) + 1, -1)); } // Manipulate the field name (to be the true form field name) and remove a suffix-value if the item is a selector box with renderMode "singlebox": if ($PA['fieldConf']['config']['form_type'] == 'select') { if ($PA['fieldConf']['config']['maxitems'] <= 1) { // Single select situation: $listFlag = ''; } elseif ($PA['fieldConf']['config']['renderMode'] == 'singlebox') { $itemName .= '[]'; $listFlag = ''; } } // traverse wizards: if (is_array($wizConf) && !$this->disableWizards) { $parametersOfWizards =& $specConf['wizards']['parameters']; foreach ($wizConf as $wid => $wConf) { if (substr($wid, 0, 1) != '_' && (!$wConf['enableByTypeConfig'] || is_array($parametersOfWizards) && in_array($wid, $parametersOfWizards)) && ($RTE || !$wConf['RTEonly'])) { // Title / icon: $iTitle = htmlspecialchars($this->sL($wConf['title'])); if ($wConf['icon']) { $icon = $this->getIconHtml($wConf['icon'], $iTitle, $iTitle); } else { $icon = $iTitle; } // switch ((string) $wConf['type']) { case 'userFunc': case 'script': case 'popup': case 'colorbox': if (!$wConf['notNewRecords'] || t3lib_div::testInt($row['uid'])) { // Setting &P array contents: $params = array(); $params['params'] = $wConf['params']; $params['exampleImg'] = $wConf['exampleImg']; $params['table'] = $table; $params['uid'] = $row['uid']; $params['pid'] = $row['pid']; $params['field'] = $field; $params['flexFormPath'] = $flexFormPath; $params['md5ID'] = $md5ID; $params['returnUrl'] = $this->thisReturnUrl(); // Resolving script filename and setting URL. if (!strcmp(substr($wConf['script'], 0, 4), 'EXT:')) { $wScript = t3lib_div::getFileAbsFileName($wConf['script']); if ($wScript) { $wScript = '../' . substr($wScript, strlen(PATH_site)); } else { break; } } else { $wScript = $wConf['script']; } $url = $this->backPath . $wScript . (strstr($wScript, '?') ? '' : '?'); // If there is no script and the type is "colorbox", break right away: if ((string) $wConf['type'] == 'colorbox' && !$wConf['script']) { break; } // If "script" type, create the links around the icon: if ((string) $wConf['type'] == 'script') { $aUrl = $url . t3lib_div::implodeArrayForUrl('', array('P' => $params)); $outArr[] = '<a href="' . htmlspecialchars($aUrl) . '" onclick="' . $this->blur() . 'return !TBE_EDITOR.isFormChanged();">' . $icon . '</a>'; } else { // ... else types "popup", "colorbox" and "userFunc" will need additional parameters: $params['formName'] = $this->formName; $params['itemName'] = $itemName; $params['fieldChangeFunc'] = $fieldChangeFunc; $params['fieldChangeFuncHash'] = t3lib_div::hmac(serialize($fieldChangeFunc)); switch ((string) $wConf['type']) { case 'popup': case 'colorbox': // Current form value is passed as P[currentValue]! $addJS = $wConf['popup_onlyOpenIfSelected'] ? 'if (!TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\')){alert(' . $GLOBALS['LANG']->JScharCode($this->getLL('m_noSelItemForEdit')) . '); return false;}' : ''; $curSelectedValues = '+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\')'; $aOnClick = $this->blur() . $addJS . 'vHWin=window.open(\'' . $url . t3lib_div::implodeArrayForUrl('', array('P' => $params)) . '\'+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' . $this->elName($itemName) . '.value,200)' . $curSelectedValues . ',\'popUp' . $md5ID . '\',\'' . $wConf['JSopenParams'] . '\');' . 'vHWin.focus();return false;'; // Setting "colorBoxLinks" - user LATER to wrap around the color box as well: $colorBoxLinks = array('<a href="#" onclick="' . htmlspecialchars($aOnClick) . '">', '</a>'); if ((string) $wConf['type'] == 'popup') { $outArr[] = $colorBoxLinks[0] . $icon . $colorBoxLinks[1]; } break; case 'userFunc': $params['item'] =& $item; // Reference set! $params['icon'] = $icon; $params['iTitle'] = $iTitle; $params['wConf'] = $wConf; $params['row'] = $row; $outArr[] = t3lib_div::callUserFunction($wConf['userFunc'], $params, $this); break; } } // Hide the real form element? if (is_array($wConf['hideParent']) || $wConf['hideParent']) { $item = $itemKinds[1]; // Setting the item to a hidden-field. if (is_array($wConf['hideParent'])) { $item .= $this->getSingleField_typeNone_render($wConf['hideParent'], $PA['itemFormElValue']); } } } break; case 'select': $fieldValue = array('config' => $wConf); $TSconfig = $this->setTSconfig($table, $row); $TSconfig[$field] = $TSconfig[$field]['wizards.'][$wid . '.']; $selItems = $this->addSelectOptionsToItemArray($this->initItemArray($fieldValue), $fieldValue, $TSconfig, $field); $opt = array(); $opt[] = '<option>' . $iTitle . '</option>'; foreach ($selItems as $p) { $opt[] = '<option value="' . htmlspecialchars($p[1]) . '">' . htmlspecialchars($p[0]) . '</option>'; } if ($wConf['mode'] == 'append') { $assignValue = $this->elName($itemName) . '.value=\'\'+this.options[this.selectedIndex].value+' . $this->elName($itemName) . '.value'; } elseif ($wConf['mode'] == 'prepend') { $assignValue = $this->elName($itemName) . '.value+=\'\'+this.options[this.selectedIndex].value'; } else { $assignValue = $this->elName($itemName) . '.value=this.options[this.selectedIndex].value'; } $sOnChange = $assignValue . ';this.blur();this.selectedIndex=0;' . implode('', $fieldChangeFunc); $outArr[] = '<select id="' . uniqid('tceforms-select-') . '" class="tceforms-select tceforms-wizardselect" name="_WIZARD' . $fName . '" onchange="' . htmlspecialchars($sOnChange) . '">' . implode('', $opt) . '</select>'; break; case 'suggest': if (isset($PA['fieldTSConfig']['suggest.']['default.']['hide']) && (bool) $PA['fieldTSConfig']['suggest.']['default.']['hide'] == TRUE) { break; } $outArr[] = $this->suggest->renderSuggestSelector($PA['itemFormElName'], $table, $field, $row, $PA); break; } // Color wizard colorbox: if ((string) $wConf['type'] == 'colorbox') { $dim = t3lib_div::intExplode('x', $wConf['dim']); $dX = t3lib_div::intInRange($dim[0], 1, 200, 20); $dY = t3lib_div::intInRange($dim[1], 1, 200, 20); $color = $PA['itemFormElValue'] ? ' bgcolor="' . htmlspecialchars($PA['itemFormElValue']) . '"' : ''; $outArr[] = '<table border="0" cellpadding="0" cellspacing="0" id="' . $md5ID . '"' . $color . ' style="' . htmlspecialchars($wConf['tableStyle']) . '"> <tr> <td>' . $colorBoxLinks[0] . '<img ' . t3lib_iconWorks::skinImg($this->backPath, strlen(trim($color)) == 0 || strcmp(trim($color), '0') == 0 ? 'gfx/colorpicker_empty.png' : 'gfx/colorpicker.png', 'width="' . $dX . '" height="' . $dY . '"' . t3lib_BEfunc::titleAltAttrib(trim($iTitle . ' ' . $PA['itemFormElValue'])) . ' border="0"') . '>' . $colorBoxLinks[1] . '</td> </tr> </table>'; } } } // For each rendered wizard, put them together around the item. if (count($outArr)) { if ($wizConf['_HIDDENFIELD']) { $item = $itemKinds[1]; } $outStr = ''; $vAlign = $wizConf['_VALIGN'] ? ' style="vertical-align:' . $wizConf['_VALIGN'] . '"' : ''; if (count($outArr) > 1 || $wizConf['_PADDING']) { $dist = intval($wizConf['_DISTANCE']); if ($wizConf['_VERTICAL']) { $dist = $dist ? '<tr><td><img src="clear.gif" width="1" height="' . $dist . '" alt="" /></td></tr>' : ''; $outStr = '<tr><td>' . implode('</td></tr>' . $dist . '<tr><td>', $outArr) . '</td></tr>'; } else { $dist = $dist ? '<td><img src="clear.gif" height="1" width="' . $dist . '" alt="" /></td>' : ''; $outStr = '<tr><td' . $vAlign . '>' . implode('</td>' . $dist . '<td' . $vAlign . '>', $outArr) . '</td></tr>'; } $outStr = '<table border="0" cellpadding="' . intval($wizConf['_PADDING']) . '" cellspacing="' . intval($wizConf['_PADDING']) . '">' . $outStr . '</table>'; } else { $outStr = implode('', $outArr); } if (!strcmp($wizConf['_POSITION'], 'left')) { $outStr = '<tr><td' . $vAlign . '>' . $outStr . '</td><td' . $vAlign . '>' . $item . '</td></tr>'; } elseif (!strcmp($wizConf['_POSITION'], 'top')) { $outStr = '<tr><td>' . $outStr . '</td></tr><tr><td>' . $item . '</td></tr>'; } elseif (!strcmp($wizConf['_POSITION'], 'bottom')) { $outStr = '<tr><td>' . $item . '</td></tr><tr><td>' . $outStr . '</td></tr>'; } else { $outStr = '<tr><td' . $vAlign . '>' . $item . '</td><td' . $vAlign . '>' . $outStr . '</td></tr>'; } $item = '<table border="0" cellpadding="0" cellspacing="0">' . $outStr . '</table>'; } } return $item; }
/** * @test */ public function hmacReturnsNotEqualHashesForNotEqualInput() { $msg0 = 'message0'; $msg1 = 'message1'; $this->assertNotEquals(t3lib_div::hmac($msg0), t3lib_div::hmac($msg1)); }
/** * Determines whether submitted field change functions are valid * and are coming from the system and not from an external abuse. * * @param boolean $allowFlexformSections Whether to handle flexform sections differently * @return boolean Whether the submitted field change functions are valid */ protected function areFieldChangeFunctionsValid($handleFlexformSections = FALSE) { $result = FALSE; if (isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])) { $matches = array(); $pattern = '#\\[el\\]\\[(([^]-]+-[^]-]+-)(idx\\d+-)([^]]+))\\]#i'; $fieldChangeFunctions = $this->P['fieldChangeFunc']; // Special handling of flexform sections: // Field change functions are modified in JavaScript, thus the hash is always invalid if ($handleFlexformSections && preg_match($pattern, $this->P['itemName'], $matches)) { $originalName = $matches[1]; $cleanedName = $matches[2] . $matches[4]; foreach ($fieldChangeFunctions as &$value) { $value = str_replace($originalName, $cleanedName, $value); } } $result = $this->P['fieldChangeFuncHash'] === t3lib_div::hmac(serialize($fieldChangeFunctions)); } return $result; }
/** * Determines whether submitted field change functions are valid * and are coming from the system and not from an external abuse. * * @return boolean Whether the submitted field change functions are valid */ protected function areFieldChangeFunctionsValid() { return $this->fieldChangeFunc && $this->fieldChangeFuncHash && $this->fieldChangeFuncHash == t3lib_div::hmac($this->fieldChangeFunc); }
/** * Rendering the cObject, FORM * * Note on $formData: * In the optional $formData array each entry represents a line in the ordinary setup. * In those entries each entry (0,1,2...) represents a space normally divided by the '|' line. * * $formData [] = array('Name:', 'name=input, 25 ', 'Default value....'); * $formData [] = array('Email:', 'email=input, 25 ', 'Default value for email....'); * * - corresponds to the $conf['data'] value being : * Name:|name=input, 25 |Default value....||Email:|email=input, 25 |Default value for email.... * * If $formData is an array the value of $conf['data'] is ignored. * * @param array Array of TypoScript properties * @param array Alternative formdata overriding whatever comes from TypoScript * @return string Output */ public function render($conf = array(), $formData = '') { $content = ''; if (is_array($formData)) { $dataArray = $formData; } else { $data = isset($conf['data.']) ? $this->cObj->stdWrap($conf['data'], $conf['data.']) : $conf['data']; // Clearing dataArr $dataArray = array(); // Getting the original config if (trim($data)) { $data = str_replace(LF, '||', $data); $dataArray = explode('||', $data); } // Adding the new dataArray config form: if (is_array($conf['dataArray.'])) { // dataArray is supplied $sortedKeyArray = t3lib_TStemplate::sortedKeyList($conf['dataArray.'], TRUE); foreach ($sortedKeyArray as $theKey) { $singleKeyArray = $conf['dataArray.'][$theKey . '.']; if (is_array($singleKeyArray)) { $temp = array(); $label = isset($singleKeyArray['label.']) ? $this->cObj->stdWrap($singleKeyArray['label'], $singleKeyArray['label.']) : $singleKeyArray['label']; list($temp[0]) = explode('|', $label); $type = isset($singleKeyArray['type.']) ? $this->cObj->stdWrap($singleKeyArray['type'], $singleKeyArray['type.']) : $singleKeyArray['type']; list($temp[1]) = explode('|', $type); $required = isset($singleKeyArray['required.']) ? $this->cObj->stdWrap($singleKeyArray['required'], $singleKeyArray['required.']) : $singleKeyArray['required']; if ($required) { $temp[1] = '*' . $temp[1]; } $singleValue = isset($singleKeyArray['value.']) ? $this->cObj->stdWrap($singleKeyArray['value'], $singleKeyArray['value.']) : $singleKeyArray['value']; list($temp[2]) = explode('|', $singleValue); // If value array is set, then implode those values. if (is_array($singleKeyArray['valueArray.'])) { $temp_accumulated = array(); foreach ($singleKeyArray['valueArray.'] as $singleKey => $singleKey_valueArray) { if (is_array($singleKey_valueArray) && !strcmp(intval($singleKey) . '.', $singleKey)) { $temp_valueArray = array(); $valueArrayLabel = isset($singleKey_valueArray['label.']) ? $this->cObj->stdWrap($singleKey_valueArray['label'], $singleKey_valueArray['label.']) : $singleKey_valueArray['label']; list($temp_valueArray[0]) = explode('=', $valueArrayLabel); $selected = isset($singleKeyArray['selected.']) ? $this->cObj->stdWrap($singleKeyArray['selected'], $singleKeyArray['selected.']) : $singleKeyArray['selected']; if ($selected) { $temp_valueArray[0] = '*' . $temp_valueArray[0]; } $singleKeyValue = isset($singleKey_valueArray['value.']) ? $this->cObj->stdWrap($singleKey_valueArray['value'], $singleKey_valueArray['value.']) : $singleKey_valueArray['value']; list($temp_valueArray[1]) = explode(',', $singleKeyValue); } $temp_accumulated[] = implode('=', $temp_valueArray); } $temp[2] = implode(',', $temp_accumulated); } $specialEval = isset($singleKeyArray['specialEval.']) ? $this->cObj->stdWrap($singleKeyArray['specialEval'], $singleKeyArray['specialEval.']) : $singleKeyArray['specialEval']; list($temp[3]) = explode('|', $specialEval); // adding the form entry to the dataArray $dataArray[] = implode('|', $temp); } } } } $attachmentCounter = ''; $hiddenfields = ''; $fieldlist = array(); $propertyOverride = array(); $fieldname_hashArray = array(); $counter = 0; $xhtmlStrict = t3lib_div::inList('xhtml_strict,xhtml_11,xhtml_2', $GLOBALS['TSFE']->xhtmlDoctype); // Formname $formName = isset($conf['formName.']) ? $this->cObj->stdWrap($conf['formName'], $conf['formName.']) : $conf['formName']; if ($formName) { $formName = $this->cObj->cleanFormName($formName); } else { $formName = 'a' . $GLOBALS['TSFE']->uniqueHash(); // form name has to start with a letter to reach XHTML compliance } $fieldPrefix = isset($conf['fieldPrefix.']) ? $this->cObj->stdWrap($conf['fieldPrefix'], $conf['fieldPrefix.']) : $conf['fieldPrefix']; if (isset($conf['fieldPrefix']) || isset($conf['fieldPrefix.'])) { if ($fieldPrefix) { $prefix = $this->cObj->cleanFormName($fieldPrefix); } else { $prefix = ''; } } else { $prefix = $formName; } foreach ($dataArray as $dataValue) { $counter++; $confData = array(); if (is_array($formData)) { $parts = $dataValue; $dataValue = 1; // TRUE... } else { $dataValue = trim($dataValue); $parts = explode('|', $dataValue); } if ($dataValue && strcspn($dataValue, '#/')) { // label: $confData['label'] = t3lib_div::removeXSS(trim($parts[0])); // field: $fParts = explode(',', $parts[1]); $fParts[0] = trim($fParts[0]); if (substr($fParts[0], 0, 1) == '*') { $confData['required'] = 1; $fParts[0] = substr($fParts[0], 1); } $typeParts = explode('=', $fParts[0]); $confData['type'] = trim(strtolower(end($typeParts))); if (count($typeParts) == 1) { $confData['fieldname'] = $this->cObj->cleanFormName($parts[0]); if (strtolower(preg_replace('/[^[:alnum:]]/', '', $confData['fieldname'])) == 'email') { $confData['fieldname'] = 'email'; } // Duplicate fieldnames resolved if (isset($fieldname_hashArray[md5($confData['fieldname'])])) { $confData['fieldname'] .= '_' . $counter; } $fieldname_hashArray[md5($confData['fieldname'])] = $confData['fieldname']; // Attachment names... if ($confData['type'] == 'file') { $confData['fieldname'] = 'attachment' . $attachmentCounter; $attachmentCounter = intval($attachmentCounter) + 1; } } else { $confData['fieldname'] = str_replace(' ', '_', trim($typeParts[0])); } $confData['fieldname'] = htmlspecialchars($confData['fieldname']); $fieldCode = ''; $wrapFieldName = isset($conf['wrapFieldName']) ? $this->cObj->stdWrap($conf['wrapFieldName'], $conf['wrapFieldName.']) : $conf['wrapFieldName']; if ($wrapFieldName) { $confData['fieldname'] = $this->cObj->wrap($confData['fieldname'], $wrapFieldName); } // Set field name as current: $this->cObj->setCurrentVal($confData['fieldname']); // Additional parameters if (trim($confData['type'])) { if (isset($conf['params.'][$confData['type']])) { $addParams = isset($conf['params.'][$confData['type'] . '.']) ? trim($this->cObj->stdWrap($conf['params.'][$confData['type']], $conf['params.'][$confData['type'] . '.'])) : trim($conf['params.'][$confData['type']]); } else { $addParams = isset($conf['params.']) ? trim($this->cObj->stdWrap($conf['params'], $conf['params.'])) : trim($conf['params']); } if (strcmp('', $addParams)) { $addParams = ' ' . $addParams; } } else { $addParams = ''; } $dontMd5FieldNames = isset($conf['dontMd5FieldNames.']) ? $this->cObj->stdWrap($conf['dontMd5FieldNames'], $conf['dontMd5FieldNames.']) : $conf['dontMd5FieldNames']; if ($dontMd5FieldNames) { $fName = $confData['fieldname']; } else { $fName = md5($confData['fieldname']); } // Accessibility: Set id = fieldname attribute: $accessibility = isset($conf['accessibility.']) ? $this->cObj->stdWrap($conf['accessibility'], $conf['accessibility.']) : $conf['accessibility']; if ($accessibility || $xhtmlStrict) { $elementIdAttribute = ' id="' . $prefix . $fName . '"'; } else { $elementIdAttribute = ''; } // Create form field based on configuration/type: switch ($confData['type']) { case 'textarea': $cols = trim($fParts[1]) ? intval($fParts[1]) : 20; $compensateFieldWidth = isset($conf['compensateFieldWidth.']) ? $this->cObj->stdWrap($conf['compensateFieldWidth'], $conf['compensateFieldWidth.']) : $conf['compensateFieldWidth']; $compWidth = doubleval($compensateFieldWidth ? $compensateFieldWidth : $GLOBALS['TSFE']->compensateFieldWidth); $compWidth = $compWidth ? $compWidth : 1; $cols = t3lib_div::intInRange($cols * $compWidth, 1, 120); $rows = trim($fParts[2]) ? t3lib_div::intInRange($fParts[2], 1, 30) : 5; $wrap = trim($fParts[3]); $noWrapAttr = isset($conf['noWrapAttr.']) ? $this->cObj->stdWrap($conf['noWrapAttr'], $conf['noWrapAttr.']) : $conf['noWrapAttr']; if ($noWrapAttr || $wrap === 'disabled') { $wrap = ''; } else { $wrap = $wrap ? ' wrap="' . $wrap . '"' : ' wrap="virtual"'; } $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert']; $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], str_replace('\\n', LF, trim($parts[2]))); $fieldCode = sprintf('<textarea name="%s"%s cols="%s" rows="%s"%s%s>%s</textarea>', $confData['fieldname'], $elementIdAttribute, $cols, $rows, $wrap, $addParams, t3lib_div::formatForTextarea($default)); break; case 'input': case 'password': $size = trim($fParts[1]) ? intval($fParts[1]) : 20; $compensateFieldWidth = isset($conf['compensateFieldWidth.']) ? $this->cObj->stdWrap($conf['compensateFieldWidth'], $conf['compensateFieldWidth.']) : $conf['compensateFieldWidth']; $compWidth = doubleval($compensateFieldWidth ? $compensateFieldWidth : $GLOBALS['TSFE']->compensateFieldWidth); $compWidth = $compWidth ? $compWidth : 1; $size = t3lib_div::intInRange($size * $compWidth, 1, 120); $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert']; $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], trim($parts[2])); if ($confData['type'] == 'password') { $default = ''; } $max = trim($fParts[2]) ? ' maxlength="' . t3lib_div::intInRange($fParts[2], 1, 1000) . '"' : ""; $theType = $confData['type'] == 'input' ? 'text' : 'password'; $fieldCode = sprintf('<input type="%s" name="%s"%s size="%s"%s value="%s"%s />', $theType, $confData['fieldname'], $elementIdAttribute, $size, $max, htmlspecialchars($default), $addParams); break; case 'file': $size = trim($fParts[1]) ? t3lib_div::intInRange($fParts[1], 1, 60) : 20; $fieldCode = sprintf('<input type="file" name="%s"%s size="%s"%s />', $confData['fieldname'], $elementIdAttribute, $size, $addParams); break; case 'check': // alternative default value: $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert']; $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], trim($parts[2])); $checked = $default ? ' checked="checked"' : ''; $fieldCode = sprintf('<input type="checkbox" value="%s" name="%s"%s%s%s />', 1, $confData['fieldname'], $elementIdAttribute, $checked, $addParams); break; case 'select': $option = ''; $valueParts = explode(',', $parts[2]); // size if (strtolower(trim($fParts[1])) == 'auto') { $fParts[1] = count($valueParts); } // Auto size set here. Max 20 $size = trim($fParts[1]) ? t3lib_div::intInRange($fParts[1], 1, 20) : 1; // multiple $multiple = strtolower(trim($fParts[2])) == 'm' ? ' multiple="multiple"' : ''; $items = array(); // Where the items will be $defaults = array(); //RTF $pCount = count($valueParts); for ($a = 0; $a < $pCount; $a++) { $valueParts[$a] = trim($valueParts[$a]); if (substr($valueParts[$a], 0, 1) == '*') { // Finding default value $sel = 'selected'; $valueParts[$a] = substr($valueParts[$a], 1); } else { $sel = ''; } // Get value/label $subParts = explode('=', $valueParts[$a]); $subParts[1] = isset($subParts[1]) ? trim($subParts[1]) : trim($subParts[0]); // Sets the value $items[] = $subParts; // Adds the value/label pair to the items-array if ($sel) { $defaults[] = $subParts[1]; } // Sets the default value if value/label pair is marked as default. } // alternative default value: $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert']; $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], $defaults); if (!is_array($default)) { $defaults = array(); $defaults[] = $default; } else { $defaults = $default; } // Create the select-box: $iCount = count($items); for ($a = 0; $a < $iCount; $a++) { $option .= '<option value="' . $items[$a][1] . '"' . (in_array($items[$a][1], $defaults) ? ' selected="selected"' : '') . '>' . trim($items[$a][0]) . '</option>'; //RTF } if ($multiple) { // The fieldname must be prepended '[]' if multiple select. And the reason why it's prepended is, because the required-field list later must also have [] prepended. $confData['fieldname'] .= '[]'; } $fieldCode = sprintf('<select name="%s"%s size="%s"%s%s>%s</select>', $confData['fieldname'], $elementIdAttribute, $size, $multiple, $addParams, $option); //RTF break; case 'radio': $option = ''; $valueParts = explode(',', $parts[2]); $items = array(); // Where the items will be $default = ''; $pCount = count($valueParts); for ($a = 0; $a < $pCount; $a++) { $valueParts[$a] = trim($valueParts[$a]); if (substr($valueParts[$a], 0, 1) == '*') { $sel = 'checked'; $valueParts[$a] = substr($valueParts[$a], 1); } else { $sel = ''; } // Get value/label $subParts = explode('=', $valueParts[$a]); $subParts[1] = isset($subParts[1]) ? trim($subParts[1]) : trim($subParts[0]); // Sets the value $items[] = $subParts; // Adds the value/label pair to the items-array if ($sel) { $default = $subParts[1]; } // Sets the default value if value/label pair is marked as default. } // alternative default value: $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert']; $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], $default); // Create the select-box: $iCount = count($items); for ($a = 0; $a < $iCount; $a++) { $optionParts = ''; $radioId = $prefix . $fName . $this->cObj->cleanFormName($items[$a][0]); if ($accessibility) { $radioLabelIdAttribute = ' id="' . $radioId . '"'; } else { $radioLabelIdAttribute = ''; } $optionParts .= '<input type="radio" name="' . $confData['fieldname'] . '"' . $radioLabelIdAttribute . ' value="' . $items[$a][1] . '"' . (!strcmp($items[$a][1], $default) ? ' checked="checked"' : '') . $addParams . ' />'; if ($accessibility) { $label = isset($conf['radioWrap.']) ? $this->cObj->stdWrap(trim($items[$a][0]), $conf['radioWrap.']) : trim($items[$a][0]); $optionParts .= '<label for="' . $radioId . '">' . $label . '</label>'; } else { $optionParts .= isset($conf['radioWrap.']) ? $this->cObj->stdWrap(trim($items[$a][0]), $conf['radioWrap.']) : trim($items[$a][0]); } $option .= isset($conf['radioInputWrap.']) ? $this->cObj->stdWrap($optionParts, $conf['radioInputWrap.']) : $optionParts; } if ($accessibility) { $accessibilityWrap = isset($conf['radioWrap.']['accessibilityWrap.']) ? $this->cObj->stdWrap($conf['radioWrap.']['accessibilityWrap'], $conf['radioWrap.']['accessibilityWrap.']) : $conf['radioWrap.']['accessibilityWrap.']; if ($accessibilityWrap) { $search = array('###RADIO_FIELD_ID###', '###RADIO_GROUP_LABEL###'); $replace = array($elementIdAttribute, $confData['label']); $accessibilityWrap = str_replace($search, $replace, $accessibilityWrap); $option = $this->cObj->wrap($option, $accessibilityWrap); } } $fieldCode = $option; break; case 'hidden': $value = trim($parts[2]); // If this form includes an auto responder message, include a HMAC checksum field // in order to verify potential abuse of this feature. if (strlen($value) && t3lib_div::inList($confData['fieldname'], 'auto_respond_msg')) { $hmacChecksum = t3lib_div::hmac($value); $hiddenfields .= sprintf('<input type="hidden" name="auto_respond_checksum" id="%sauto_respond_checksum" value="%s" />', $prefix, $hmacChecksum); } if (strlen($value) && t3lib_div::inList('recipient_copy,recipient', $confData['fieldname']) && $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) { break; } if (strlen($value) && t3lib_div::inList('recipient_copy,recipient', $confData['fieldname'])) { $value = $GLOBALS['TSFE']->codeString($value); } $hiddenfields .= sprintf('<input type="hidden" name="%s"%s value="%s" />', $confData['fieldname'], $elementIdAttribute, htmlspecialchars($value)); break; case 'property': if (t3lib_div::inList('type,locationData,goodMess,badMess,emailMess', $confData['fieldname'])) { $value = trim($parts[2]); $propertyOverride[$confData['fieldname']] = $value; $conf[$confData['fieldname']] = $value; } break; case 'submit': $value = trim($parts[2]); if ($conf['image.']) { $this->cObj->data[$this->cObj->currentValKey] = $value; $image = $this->cObj->IMG_RESOURCE($conf['image.']); $params = $conf['image.']['params'] ? ' ' . $conf['image.']['params'] : ''; $params .= $this->cObj->getAltParam($conf['image.'], FALSE); $params .= $addParams; } else { $image = ''; } if ($image) { $fieldCode = sprintf('<input type="image" name="%s"%s src="%s"%s />', $confData['fieldname'], $elementIdAttribute, $image, $params); } else { $fieldCode = sprintf('<input type="submit" name="%s"%s value="%s"%s />', $confData['fieldname'], $elementIdAttribute, t3lib_div::deHSCentities(htmlspecialchars($value)), $addParams); } break; case 'reset': $value = trim($parts[2]); $fieldCode = sprintf('<input type="reset" name="%s"%s value="%s"%s />', $confData['fieldname'], $elementIdAttribute, t3lib_div::deHSCentities(htmlspecialchars($value)), $addParams); break; case 'label': $fieldCode = nl2br(htmlspecialchars(trim($parts[2]))); break; default: $confData['type'] = 'comment'; $fieldCode = trim($parts[2]) . ' '; break; } if ($fieldCode) { // Checking for special evaluation modes: if (t3lib_div::inList('textarea,input,password', $confData['type']) && strlen(trim($parts[3]))) { $modeParameters = t3lib_div::trimExplode(':', $parts[3]); } else { $modeParameters = array(); } // Adding evaluation based on settings: switch ((string) $modeParameters[0]) { case 'EREG': $fieldlist[] = '_EREG'; $fieldlist[] = $modeParameters[1]; $fieldlist[] = $modeParameters[2]; $fieldlist[] = $confData['fieldname']; $fieldlist[] = $confData['label']; $confData['required'] = 1; // Setting this so "required" layout is used. break; case 'EMAIL': $fieldlist[] = '_EMAIL'; $fieldlist[] = $confData['fieldname']; $fieldlist[] = $confData['label']; $confData['required'] = 1; // Setting this so "required" layout is used. break; default: if ($confData['required']) { $fieldlist[] = $confData['fieldname']; $fieldlist[] = $confData['label']; } break; } // Field: $fieldLabel = $confData['label']; if ($accessibility && trim($fieldLabel) && !preg_match('/^(label|hidden|comment)$/', $confData['type'])) { $fieldLabel = '<label for="' . $prefix . $fName . '">' . $fieldLabel . '</label>'; } // Getting template code: if (isset($conf['fieldWrap.'])) { $fieldCode = $this->cObj->stdWrap($fieldCode, $conf['fieldWrap.']); } $labelCode = isset($conf['labelWrap.']) ? $this->cObj->stdWrap($fieldLabel, $conf['labelWrap.']) : $fieldLabel; $commentCode = isset($conf['commentWrap.']) ? $this->cObj->stdWrap($confData['label'], $conf['commentWrap.']) : $confData['label']; $result = $conf['layout']; $req = isset($conf['REQ.']) ? $this->cObj->stdWrap($conf['REQ'], $conf['REQ.']) : $conf['REQ']; if ($req && $confData['required']) { if (isset($conf['REQ.']['fieldWrap.'])) { $fieldCode = $this->cObj->stdWrap($fieldCode, $conf['REQ.']['fieldWrap.']); } if (isset($conf['REQ.']['labelWrap.'])) { $labelCode = $this->cObj->stdWrap($fieldLabel, $conf['REQ.']['labelWrap.']); } $reqLayout = isset($conf['REQ.']['layout.']) ? $this->cObj->stdWrap($conf['REQ.']['layout'], $conf['REQ.']['layout.']) : $conf['REQ.']['layout']; if ($reqLayout) { $result = $reqLayout; } } if ($confData['type'] == 'comment') { $commentLayout = isset($conf['COMMENT.']['layout.']) ? $this->cObj->stdWrap($conf['COMMENT.']['layout'], $conf['COMMENT.']['layout.']) : $conf['COMMENT.']['layout']; if ($commentLayout) { $result = $commentLayout; } } if ($confData['type'] == 'check') { $checkLayout = isset($conf['CHECK.']['layout.']) ? $this->cObj->stdWrap($conf['CHECK.']['layout'], $conf['CHECK.']['layout.']) : $conf['CHECK.']['layout']; if ($checkLayout) { $result = $checkLayout; } } if ($confData['type'] == 'radio') { $radioLayout = isset($conf['RADIO.']['layout.']) ? $this->cObj->stdWrap($conf['RADIO.']['layout'], $conf['RADIO.']['layout.']) : $conf['RADIO.']['layout']; if ($radioLayout) { $result = $radioLayout; } } if ($confData['type'] == 'label') { $labelLayout = isset($conf['LABEL.']['layout.']) ? $this->cObj->stdWrap($conf['LABEL.']['layout'], $conf['LABEL.']['layout.']) : $conf['CHECK.']['layout']; if ($labelLayout) { $result = $labelLayout; } } $result = str_replace('###FIELD###', $fieldCode, $result); $result = str_replace('###LABEL###', $labelCode, $result); $result = str_replace('###COMMENT###', $commentCode, $result); //RTF $content .= $result; } } } if (isset($conf['stdWrap.'])) { $content = $this->cObj->stdWrap($content, $conf['stdWrap.']); } // redirect (external: where to go afterwards. internal: where to submit to) $theRedirect = isset($conf['redirect.']) ? $this->cObj->stdWrap($conf['redirect'], $conf['redirect.']) : $conf['redirect']; // redirect should be set to the page to redirect to after an external script has been used. If internal scripts is used, and if no 'type' is set that dictates otherwise, redirect is used as the url to jump to as long as it's an integer (page) $target = isset($conf['target.']) ? $this->cObj->stdWrap($conf['target'], $conf['target.']) : $conf['target']; // redirect should be set to the page to redirect to after an external script has been used. If internal scripts is used, and if no 'type' is set that dictates otherwise, redirect is used as the url to jump to as long as it's an integer (page) $noCache = isset($conf['no_cache.']) ? $this->cObj->stdWrap($conf['no_cache'], $conf['no_cache.']) : $conf['no_cache']; // redirect should be set to the page to redirect to after an external script has been used. If internal scripts is used, and if no 'type' is set that dictates otherwise, redirect is used as the url to jump to as long as it's an integer (page) $page = $GLOBALS['TSFE']->page; if (!$theRedirect) { // Internal: Just submit to current page $LD = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, 'index.php', '', $this->cObj->getClosestMPvalueForPage($page['uid'])); } elseif (t3lib_div::testInt($theRedirect)) { // Internal: Submit to page with ID $theRedirect $page = $GLOBALS['TSFE']->sys_page->getPage_noCheck($theRedirect); $LD = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, 'index.php', '', $this->cObj->getClosestMPvalueForPage($page['uid'])); } else { // External URL, redirect-hidden field is rendered! $LD = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, '', '', $this->cObj->getClosestMPvalueForPage($page['uid'])); $LD['totalURL'] = $theRedirect; $hiddenfields .= '<input type="hidden" name="redirect" value="' . htmlspecialchars($LD['totalURL']) . '" />'; // 18-09-00 added } // Formtype (where to submit to!): if ($propertyOverride['type']) { $formtype = $propertyOverride['type']; } else { $formtype = isset($conf['type.']) ? $this->cObj->stdWrap($conf['type'], $conf['type.']) : $conf['type']; } if (t3lib_div::testInt($formtype)) { // Submit to a specific page $page = $GLOBALS['TSFE']->sys_page->getPage_noCheck($formtype); $LD_A = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, '', '', $this->cObj->getClosestMPvalueForPage($page['uid'])); $action = $LD_A['totalURL']; } elseif ($formtype) { // Submit to external script $LD_A = $LD; $action = $formtype; } elseif (t3lib_div::testInt($theRedirect)) { $LD_A = $LD; $action = $LD_A['totalURL']; } else { // Submit to "nothing" - which is current page $LD_A = $GLOBALS['TSFE']->tmpl->linkData($GLOBALS['TSFE']->page, $target, $noCache, '', '', $this->cObj->getClosestMPvalueForPage($page['uid'])); $action = $LD_A['totalURL']; } // Recipient: $theEmail = isset($conf['recipient.']) ? $this->cObj->stdWrap($conf['recipient'], $conf['recipient.']) : $conf['recipient']; if ($theEmail && !$GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) { $theEmail = $GLOBALS['TSFE']->codeString($theEmail); $hiddenfields .= '<input type="hidden" name="recipient" value="' . htmlspecialchars($theEmail) . '" />'; } // location data: $location = isset($conf['locationData.']) ? $this->cObj->stdWrap($conf['locationData'], $conf['locationData.']) : $conf['locationData']; if ($location) { if ($location == 'HTTP_POST_VARS' && isset($_POST['locationData'])) { $locationData = t3lib_div::_POST('locationData'); } else { // locationData is [hte page id]:[tablename]:[uid of record]. Indicates on which page the record (from tablename with uid) is shown. Used to check access. $locationData = $GLOBALS['TSFE']->id . ':' . $this->cObj->currentRecord; } $hiddenfields .= '<input type="hidden" name="locationData" value="' . htmlspecialchars($locationData) . '" />'; } // hidden fields: if (is_array($conf['hiddenFields.'])) { foreach ($conf['hiddenFields.'] as $hF_key => $hF_conf) { if (substr($hF_key, -1) != '.') { $hF_value = $this->cObj->cObjGetSingle($hF_conf, $conf['hiddenFields.'][$hF_key . '.'], 'hiddenfields'); if (strlen($hF_value) && t3lib_div::inList('recipient_copy,recipient', $hF_key)) { if ($GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) { continue; } $hF_value = $GLOBALS['TSFE']->codeString($hF_value); } $hiddenfields .= '<input type="hidden" name="' . $hF_key . '" value="' . htmlspecialchars($hF_value) . '" />'; } } } // Wrap all hidden fields in a div tag (see http://bugs.typo3.org/view.php?id=678) $hiddenfields = isset($conf['hiddenFields.']['stdWrap.']) ? $this->cObj->stdWrap($hiddenfields, $conf['hiddenFields.']['stdWrap.']) : '<div style="display:none;">' . $hiddenfields . '</div>'; if ($conf['REQ']) { $goodMess = isset($conf['goodMess.']) ? $this->cObj->stdWrap($conf['goodMess'], $conf['goodMess.']) : $conf['goodMess']; $badMess = isset($conf['badMess.']) ? $this->cObj->stdWrap($conf['badMess'], $conf['badMess.']) : $conf['badMess']; $emailMess = isset($conf['emailMess.']) ? $this->cObj->stdWrap($conf['emailMess'], $conf['emailMess.']) : $conf['emailMess']; $validateForm = ' onsubmit="return validateForm(\'' . $formName . '\',\'' . implode(',', $fieldlist) . '\',' . t3lib_div::quoteJSvalue($goodMess) . ',' . t3lib_div::quoteJSvalue($badMess) . ',' . t3lib_div::quoteJSvalue($emailMess) . ')"'; $GLOBALS['TSFE']->additionalHeaderData['JSFormValidate'] = '<script type="text/javascript" src="' . t3lib_div::createVersionNumberedFilename($GLOBALS['TSFE']->absRefPrefix . 't3lib/jsfunc.validateform.js') . '"></script>'; } else { $validateForm = ''; } // Create form tag: $theTarget = $theRedirect ? $LD['target'] : $LD_A['target']; $method = isset($conf['method.']) ? $this->cObj->stdWrap($conf['method'], $conf['method.']) : $conf['method']; $content = array('<form' . ' action="' . htmlspecialchars($action) . '"' . ' id="' . $formName . '"' . ($xhtmlStrict ? '' : ' name="' . $formName . '"') . ' enctype="' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['form_enctype'] . '"' . ' method="' . ($method ? $method : 'post') . '"' . ($theTarget ? ' target="' . $theTarget . '"' : '') . $validateForm . '>', $hiddenfields . $content, '</form>'); $arrayReturnMode = isset($conf['arrayReturnMode.']) ? $this->cObj->stdWrap($conf['arrayReturnMode'], $conf['arrayReturnMode.']) : $conf['arrayReturnMode']; if ($arrayReturnMode) { $content['validateForm'] = $validateForm; $content['formname'] = $formName; return $content; } else { return implode('', $content); } }