コード例 #1
0
 /**
  * The init Function, to check the access rights
  *
  * @return void
  */
 function init()
 {
     $this->arrExtConf = $this->GetExtConf();
     $this->u = intval(t3lib_div::_GP('u'));
     if (!$this->u) {
         $this->u = 0;
     }
     $this->hash = t3lib_div::_GP('hash');
     $this->t = t3lib_div::_GP('t');
     $this->file = t3lib_div::_GP('file');
     $this->data = $this->u . $this->file . $this->t;
     $this->checkhash = t3lib_div::hmac($this->data);
     // Hook for init:
     if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/naw_securedl/class.tx_nawsecuredl_output.php']['init'])) {
         $_params = array('pObj' => &$this);
         foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/naw_securedl/class.tx_nawsecuredl_output.php']['init'] as $_funcRef) {
             t3lib_div::callUserFunction($_funcRef, $_params, $this);
         }
     }
     if ($this->checkhash != $this->hash) {
         header('HTTP/1.1 403 Forbidden');
         exit('Access denied!');
     }
     if (intval($this->t) < time()) {
         header('HTTP/1.1 403 Forbidden');
         exit('Access denied!');
     }
     $this->feUserObj = tslib_eidtools::initFeUser();
     tslib_eidtools::connectDB();
     if ($this->u != 0) {
         $feuser = $this->feUserObj->user['uid'];
         if ($this->u != $feuser) {
             header('HTTP/1.1 403 Forbidden');
             exit('Access denied!');
         }
     }
 }
コード例 #2
0
 /**
  * Returns a URL parameter string setting parameters for secure downloads by "jumpurl".
  * Helper function for filelink()
  *
  * @param	string		The URL to jump to, basically the filepath
  * @param	array		TypoScript properties for the "jumpurl.secure" property of "filelink"
  * @return	string		URL parameters like "&juSecure=1....."
  * @access private
  * @see filelink()
  */
 function locDataJU($jumpUrl, $conf)
 {
     $fI = pathinfo($jumpUrl);
     $mimetype = '';
     $mimetypeValue = '';
     if ($fI['extension']) {
         $mimeTypes = t3lib_div::trimExplode(',', $conf['mimeTypes'], 1);
         foreach ($mimeTypes as $v) {
             $parts = explode('=', $v, 2);
             if (strtolower($fI['extension']) == strtolower(trim($parts[0]))) {
                 $mimetypeValue = trim($parts[1]);
                 $mimetype = '&mimeType=' . rawurlencode($mimetypeValue);
                 break;
             }
         }
     }
     $locationData = $GLOBALS['TSFE']->id . ':' . $this->currentRecord;
     $rec = '&locationData=' . rawurlencode($locationData);
     $hArr = array($jumpUrl, $locationData, $mimetypeValue);
     $juHash = '&juHash=' . t3lib_div::hmac(serialize($hArr));
     return '&juSecure=1' . $mimetype . $rec . $juHash;
 }
 /**
  * @test
  */
 public function tokenFromSessionDataIsAvailableForValidateToken()
 {
     $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
     $formName = 'foo';
     $action = 'edit';
     $formInstanceName = '42';
     $tokenId = \t3lib_div::hmac($formName . $action . $formInstanceName . $sessionToken);
     $_SESSION['installToolFormToken'] = $sessionToken;
     $this->fixture->retrieveSessionToken();
     $this->assertTrue($this->fixture->validateToken($tokenId, $formName, $action, $formInstanceName));
 }
コード例 #4
0
 /**
  * Determines whether submitted field change functions are valid
  * and are coming from the system and not from an external abuse.
  *
  * @return boolean Whether the submitted field change functions are valid
  */
 protected function areFieldChangeFunctionsValid()
 {
     return isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash']) && $this->P['fieldChangeFuncHash'] == t3lib_div::hmac(serialize($this->P['fieldChangeFunc']));
 }
コード例 #5
0
 /**
  * Start function
  * This class is able to generate a mail in formmail-style from the data in $V
  * Fields:
  *
  * [recipient]:			email-adress of the one to receive the mail. If array, then all values are expected to be recipients
  * [attachment]:		....
  *
  * [subject]:			The subject of the mail
  * [from_email]:		Sender email. If not set, [email] is used
  * [from_name]:			Sender name. If not set, [name] is used
  * [replyto_email]:		Reply-to email. If not set [from_email] is used
  * [replyto_name]:		Reply-to name. If not set [from_name] is used
  * [organisation]:		Organization (header)
  * [priority]:			Priority, 1-5, default 3
  * [html_enabled]:		If mail is sent as html
  * [use_base64]:		If set, base64 encoding will be used instead of quoted-printable
  *
  * @param	array		Contains values for the field names listed above (with slashes removed if from POST input)
  * @param	boolean		Whether to base64 encode the mail content
  * @return	void
  */
 function start($valueList, $base64 = false)
 {
     $this->mailMessage = t3lib_div::makeInstance('t3lib_mail_Message');
     if ($GLOBALS['TSFE']->config['config']['formMailCharset']) {
         // Respect formMailCharset if it was set
         $this->characterSet = $GLOBALS['TSFE']->csConvObj->parse_charset($GLOBALS['TSFE']->config['config']['formMailCharset']);
     } elseif ($GLOBALS['TSFE']->metaCharset != $GLOBALS['TSFE']->renderCharset) {
         // Use metaCharset for mail if different from renderCharset
         $this->characterSet = $GLOBALS['TSFE']->metaCharset;
     }
     if ($base64 || $valueList['use_base64']) {
         $this->encoding = 'base64';
     }
     if (isset($valueList['recipient'])) {
         // convert form data from renderCharset to mail charset
         $this->subject = $valueList['subject'] ? $valueList['subject'] : 'Formmail on ' . t3lib_div::getIndpEnv('HTTP_HOST');
         $this->subject = $this->sanitizeHeaderString($this->subject);
         $this->fromName = $valueList['from_name'] ? $valueList['from_name'] : ($valueList['name'] ? $valueList['name'] : '');
         $this->fromName = $this->sanitizeHeaderString($this->fromName);
         $this->replyToName = $valueList['replyto_name'] ? $valueList['replyto_name'] : $this->fromName;
         $this->replyToName = $this->sanitizeHeaderString($this->replyToName);
         $this->organisation = $valueList['organisation'] ? $valueList['organisation'] : '';
         $this->organisation = $this->sanitizeHeaderString($this->organisation);
         $this->fromAddress = $valueList['from_email'] ? $valueList['from_email'] : ($valueList['email'] ? $valueList['email'] : '');
         if (!t3lib_div::validEmail($this->fromAddress)) {
             $this->fromAddress = t3lib_utility_Mail::getSystemFromAddress();
             $this->fromName = t3lib_utility_Mail::getSystemFromName();
         }
         $this->replyToAddress = $valueList['replyto_email'] ? $valueList['replyto_email'] : $this->fromAddress;
         $this->priority = $valueList['priority'] ? t3lib_div::intInRange($valueList['priority'], 1, 5) : 3;
         // auto responder
         $this->autoRespondMessage = trim($valueList['auto_respond_msg']) && $this->fromAddress ? trim($valueList['auto_respond_msg']) : '';
         if ($this->autoRespondMessage !== '') {
             // Check if the value of the auto responder message has been modified with evil intentions
             $autoRespondChecksum = $valueList['auto_respond_checksum'];
             $correctHmacChecksum = t3lib_div::hmac($this->autoRespondMessage);
             if ($autoRespondChecksum !== $correctHmacChecksum) {
                 t3lib_div::sysLog('Possible misuse of t3lib_formmail auto respond method. Subject: ' . $valueList['subject'], 'Core', 3);
                 return;
             } else {
                 $this->autoRespondMessage = $this->sanitizeHeaderString($this->autoRespondMessage);
             }
         }
         $plainTextContent = '';
         $htmlContent = '<table border="0" cellpadding="2" cellspacing="2">';
         // Runs through $V and generates the mail
         if (is_array($valueList)) {
             foreach ($valueList as $key => $val) {
                 if (!t3lib_div::inList($this->reserved_names, $key)) {
                     $space = strlen($val) > 60 ? LF : '';
                     $val = is_array($val) ? implode($val, LF) : $val;
                     // convert form data from renderCharset to mail charset (HTML may use entities)
                     $plainTextValue = $val;
                     $HtmlValue = htmlspecialchars($val);
                     $plainTextContent .= strtoupper($key) . ':  ' . $space . $plainTextValue . LF . $space;
                     $htmlContent .= '<tr><td bgcolor="#eeeeee"><font face="Verdana" size="1"><strong>' . strtoupper($key) . '</strong></font></td><td bgcolor="#eeeeee"><font face="Verdana" size="1">' . nl2br($HtmlValue) . '&nbsp;</font></td></tr>';
                 }
             }
         }
         $htmlContent .= '</table>';
         $this->plainContent = $plainTextContent;
         if ($valueList['html_enabled']) {
             $this->mailMessage->setBody($htmlContent, 'text/html');
             $this->mailMessage->addPart($plainTextContent, 'text/plain');
         } else {
             $this->mailMessage->setBody($plainTextContent, 'text/plain');
         }
         for ($a = 0; $a < 10; $a++) {
             $variableName = 'attachment' . ($a ? $a : '');
             if (!isset($_FILES[$variableName])) {
                 continue;
             }
             if (!is_uploaded_file($_FILES[$variableName]['tmp_name'])) {
                 t3lib_div::sysLog('Possible abuse of t3lib_formmail: temporary file "' . $_FILES[$variableName]['tmp_name'] . '" ("' . $_FILES[$variableName]['name'] . '") was not an uploaded file.', 'Core', 3);
             }
             if ($_FILES[$variableName]['tmp_name']['error'] !== UPLOAD_ERR_OK) {
                 t3lib_div::sysLog('Error in uploaded file in t3lib_formmail: temporary file "' . $_FILES[$variableName]['tmp_name'] . '" ("' . $_FILES[$variableName]['name'] . '") Error code: ' . $_FILES[$variableName]['tmp_name']['error'], 'Core', 3);
             }
             $theFile = t3lib_div::upload_to_tempfile($_FILES[$variableName]['tmp_name']);
             $theName = $_FILES[$variableName]['name'];
             if ($theFile && file_exists($theFile)) {
                 if (filesize($theFile) < $GLOBALS['TYPO3_CONF_VARS']['FE']['formmailMaxAttachmentSize']) {
                     $this->mailMessage->attach(Swift_Attachment::fromPath($theFile)->setFilename($theName));
                 }
             }
             $this->temporaryFiles[] = $theFile;
         }
         $from = $this->fromName ? array($this->fromAddress => $this->fromName) : array($this->fromAddress);
         $this->recipient = $this->parseAddresses($valueList['recipient']);
         $this->mailMessage->setSubject($this->subject)->setFrom($from)->setTo($this->recipient)->setPriority($this->priority);
         $replyTo = $this->replyToName ? array($this->replyToAddress => $this->replyToName) : array($this->replyToAddress);
         $this->mailMessage->addReplyTo($replyTo);
         $this->mailMessage->getHeaders()->addTextHeader('Organization', $this->organisation);
         if ($valueList['recipient_copy']) {
             $this->mailMessage->addCc($this->parseAddresses($valueList['recipient_copy']));
         }
         if ($this->characterSet) {
             $this->mailMessage->setCharset($this->characterSet);
         }
         // Ignore target encoding. This is handled automatically by Swift Mailer and overriding the defaults
         // is not worth the trouble
         // log dirty header lines
         if ($this->dirtyHeaders) {
             t3lib_div::sysLog('Possible misuse of t3lib_formmail: see TYPO3 devLog', 'Core', 3);
             if ($GLOBALS['TYPO3_CONF_VARS']['SYS']['enable_DLOG']) {
                 t3lib_div::devLog('t3lib_formmail: ' . t3lib_div::arrayToLogString($this->dirtyHeaders, '', 200), 'Core', 3);
             }
         }
     }
 }
コード例 #6
0
 /**
  * [Describe function...]
  *
  * @param	[type]		$element: ...
  * @return	[type]		...
  */
 function makeSecure($element)
 {
     //header("Content-type: text/css; charset=UTF-8");
     if ($GLOBALS['TSFE']->fe_user->user['uid']) {
         $this->feuser = $GLOBALS['TSFE']->fe_user->user['uid'];
     } else {
         $this->feuser = 0;
     }
     //$securefilename = 'secure.php';
     $securefilename = 'index.php?eID=tx_nawsecuredl';
     //$tmp = explode(PATH_site,t3lib_extMgm::extPath('naw_securedl'),2);
     //$pre_dir = dirname(t3lib_div::getIndpEnv('SCRIPT_NAME'));
     //$pre_dir = str_replace('\\','/',$pre_dir);
     //if ($pre_dir != '/') $pre_dir .= '/';
     //$path_and_file_to_secure = $pre_dir.$tmp[1].$securefilename;
     $path_and_file_to_secure = $securefilename;
     $cachetimeadd = $this->extConf['cachetimeadd'];
     if ($GLOBALS['TSFE']->page['cache_timeout'] == 0) {
         $timeout = 86400 + time() + $cachetimeadd;
     } else {
         $timeout = $GLOBALS['TSFE']->page['cache_timeout'] + time() + $cachetimeadd;
     }
     // $element contains the URL which is already urlencoded by TYPO3.
     // Since we check the hash in the output script using the decoded filename we must decode it here also!
     $data = $this->feuser . rawurldecode($element) . $timeout;
     $hash = t3lib_div::hmac($data);
     $file = $element;
     $returnPath = $path_and_file_to_secure . '&amp;u=' . $this->feuser . '&amp;file=' . $file . '&amp;t=' . $timeout . '&amp;hash=' . $hash;
     // Hook for makeSecure:
     if (is_array($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/naw_securedl/class.tx_nawsecuredl.php']['makeSecure'])) {
         foreach ($GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['ext/naw_securedl/class.tx_nawsecuredl.php']['makeSecure'] as $_funcRef) {
             $returnPath = t3lib_div::callUserFunction($_funcRef, $returnPath, $this);
         }
     }
     return $returnPath;
 }
 /**
  * @test
  */
 public function tokenFromSessionDataIsAvailableForValidateToken()
 {
     $sessionToken = '881ffea2159ac72182557b79dc0c723f5a8d20136f9fab56cdd4f8b3a1dbcfcd';
     $formName = 'foo';
     $action = 'edit';
     $formInstanceName = '42';
     $tokenId = \t3lib_div::hmac($formName . $action . $formInstanceName . $sessionToken);
     $GLOBALS['BE_USER']->expects($this->atLeastOnce())->method('getSessionData')->with('formSessionToken')->will($this->returnValue($sessionToken));
     $this->fixture->retrieveSessionToken();
     $this->assertTrue($this->fixture->validateToken($tokenId, $formName, $action, $formInstanceName));
 }
コード例 #8
0
 /**
  * Generates the tipUrl link for the configuration.
  *
  * @return string
  */
 protected function tiplink()
 {
     $url = t3lib_div::getIndpEnv('TYPO3_REQUEST_URL');
     $subpart = $this->cObj->getSubpart($this->templateCode, '###TEMPLATE_TIPLINK###');
     // Generate link configuration
     $tConf = $this->typolink_conf;
     $tConf['additionalParams'] .= '&tipUrl=' . rawurlencode($url) . '&tipHash=' . t3lib_div::hmac($url, $this->hmacSalt);
     if (empty($subpart)) {
         // Support native link output for easier update
         if (!empty($this->conf['value'])) {
             $value = $this->cObj->stdWrap($this->conf['value'], $this->conf['value.']);
         } else {
             $value = $this->pi_getLL('link');
         }
         return $this->cObj->typoLink($value, $tConf);
     } else {
         // Generate markerArray for template substitution
         $wrappedSubpartArray = array();
         $wrappedSubpartArray['###LINK###'] = $this->cObj->typolinkWrap($tConf);
         $markerArray = array();
         $markerArray['###URL###'] = $url;
         $markerArray['###URL_ENCODED###'] = rawurlencode($url);
         $markerArray['###URL_SPECIALCHARS###'] = htmlspecialchars($url);
         $markerArray['###TAF_LINK###'] = $this->pi_getLL('link');
         // Substitute
         $content = $this->cObj->substituteMarkerArrayCached($subpart, $markerArray, array(), $wrappedSubpartArray);
         return $content;
     }
 }
コード例 #9
0
ファイル: showpic.php プロジェクト: NaveedWebdeveloper/Test
 /**
  * Init function, setting the input vars in the global space.
  *
  * @return	void
  */
 function init()
 {
     // Loading internal vars with the GET/POST parameters from outside:
     $this->file = t3lib_div::_GP('file');
     $parametersArray = t3lib_div::_GP('parameters');
     $this->frame = t3lib_div::_GP('frame');
     $this->md5 = t3lib_div::_GP('md5');
     // ***********************
     // Check parameters
     // ***********************
     // If no file-param or parameters are given, we must exit
     if (!$this->file || !isset($parametersArray) || !is_array($parametersArray)) {
         throw new UnexpectedValueException('Parameter Error: No file or no parameters given.');
     }
     $this->parametersEncoded = implode($parametersArray);
     // Chech md5-checksum: If this md5-value does not match the one submitted, then we fail... (this is a kind of security that somebody don't just hit the script with a lot of different parameters
     $md5_value = t3lib_div::hmac(implode('|', array($this->file, $this->parametersEncoded)));
     if ($md5_value != $this->md5) {
         throw new UnexpectedValueException('Parameter Error: Wrong parameters sent.');
     }
     $parameters = unserialize(base64_decode($this->parametersEncoded));
     foreach ($parameters as $parameterName => $parameterValue) {
         $this->{$parameterName} = $parameterValue;
     }
     // ***********************
     // Check the file. If must be in a directory beneath the dir of this script...
     // $this->file remains unchanged, because of the code in stdgraphic, but we do check if the file exists within the current path
     // ***********************
     $test_file = PATH_site . $this->file;
     if (!t3lib_div::validPathStr($test_file)) {
         throw new UnexpectedValueException('Parameter Error: No valid filepath');
     }
     if (!@is_file($test_file)) {
         throw new UnexpectedValueException('The given file was not found');
     }
 }
コード例 #10
0
    /**
     * Rendering wizards for form fields.
     *
     * @param	array		Array with the real item in the first value, and an alternative item in the second value.
     * @param	array		The "wizard" key from the config array for the field (from TCA)
     * @param	string		Table name
     * @param	array		The record array
     * @param	string		The field name
     * @param	array		Additional configuration array. (passed by reference!)
     * @param	string		The field name
     * @param	array		Special configuration if available.
     * @param	boolean		Whether the RTE could have been loaded.
     * @return	string		The new item value.
     */
    function renderWizards($itemKinds, $wizConf, $table, $row, $field, &$PA, $itemName, $specConf, $RTE = 0)
    {
        // Init:
        $fieldChangeFunc = $PA['fieldChangeFunc'];
        $item = $itemKinds[0];
        $outArr = array();
        $colorBoxLinks = array();
        $fName = '[' . $table . '][' . $row['uid'] . '][' . $field . ']';
        $md5ID = 'ID' . t3lib_div::shortmd5($itemName);
        $listFlag = '_list';
        $prefixOfFormElName = 'data[' . $table . '][' . $row['uid'] . '][' . $field . ']';
        if (t3lib_div::isFirstPartOfStr($PA['itemFormElName'], $prefixOfFormElName)) {
            $flexFormPath = str_replace('][', '/', substr($PA['itemFormElName'], strlen($prefixOfFormElName) + 1, -1));
        }
        // Manipulate the field name (to be the true form field name) and remove a suffix-value if the item is a selector box with renderMode "singlebox":
        if ($PA['fieldConf']['config']['form_type'] == 'select') {
            if ($PA['fieldConf']['config']['maxitems'] <= 1) {
                // Single select situation:
                $listFlag = '';
            } elseif ($PA['fieldConf']['config']['renderMode'] == 'singlebox') {
                $itemName .= '[]';
                $listFlag = '';
            }
        }
        // traverse wizards:
        if (is_array($wizConf) && !$this->disableWizards) {
            $parametersOfWizards =& $specConf['wizards']['parameters'];
            foreach ($wizConf as $wid => $wConf) {
                if (substr($wid, 0, 1) != '_' && (!$wConf['enableByTypeConfig'] || is_array($parametersOfWizards) && in_array($wid, $parametersOfWizards)) && ($RTE || !$wConf['RTEonly'])) {
                    // Title / icon:
                    $iTitle = htmlspecialchars($this->sL($wConf['title']));
                    if ($wConf['icon']) {
                        $icon = $this->getIconHtml($wConf['icon'], $iTitle, $iTitle);
                    } else {
                        $icon = $iTitle;
                    }
                    //
                    switch ((string) $wConf['type']) {
                        case 'userFunc':
                        case 'script':
                        case 'popup':
                        case 'colorbox':
                            if (!$wConf['notNewRecords'] || t3lib_div::testInt($row['uid'])) {
                                // Setting &P array contents:
                                $params = array();
                                $params['params'] = $wConf['params'];
                                $params['exampleImg'] = $wConf['exampleImg'];
                                $params['table'] = $table;
                                $params['uid'] = $row['uid'];
                                $params['pid'] = $row['pid'];
                                $params['field'] = $field;
                                $params['flexFormPath'] = $flexFormPath;
                                $params['md5ID'] = $md5ID;
                                $params['returnUrl'] = $this->thisReturnUrl();
                                // Resolving script filename and setting URL.
                                if (!strcmp(substr($wConf['script'], 0, 4), 'EXT:')) {
                                    $wScript = t3lib_div::getFileAbsFileName($wConf['script']);
                                    if ($wScript) {
                                        $wScript = '../' . substr($wScript, strlen(PATH_site));
                                    } else {
                                        break;
                                    }
                                } else {
                                    $wScript = $wConf['script'];
                                }
                                $url = $this->backPath . $wScript . (strstr($wScript, '?') ? '' : '?');
                                // If there is no script and the type is "colorbox", break right away:
                                if ((string) $wConf['type'] == 'colorbox' && !$wConf['script']) {
                                    break;
                                }
                                // If "script" type, create the links around the icon:
                                if ((string) $wConf['type'] == 'script') {
                                    $aUrl = $url . t3lib_div::implodeArrayForUrl('', array('P' => $params));
                                    $outArr[] = '<a href="' . htmlspecialchars($aUrl) . '" onclick="' . $this->blur() . 'return !TBE_EDITOR.isFormChanged();">' . $icon . '</a>';
                                } else {
                                    // ... else types "popup", "colorbox" and "userFunc" will need additional parameters:
                                    $params['formName'] = $this->formName;
                                    $params['itemName'] = $itemName;
                                    $params['fieldChangeFunc'] = $fieldChangeFunc;
                                    $params['fieldChangeFuncHash'] = t3lib_div::hmac(serialize($fieldChangeFunc));
                                    switch ((string) $wConf['type']) {
                                        case 'popup':
                                        case 'colorbox':
                                            // Current form value is passed as P[currentValue]!
                                            $addJS = $wConf['popup_onlyOpenIfSelected'] ? 'if (!TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\')){alert(' . $GLOBALS['LANG']->JScharCode($this->getLL('m_noSelItemForEdit')) . '); return false;}' : '';
                                            $curSelectedValues = '+\'&P[currentSelectedValues]=\'+TBE_EDITOR.curSelected(\'' . $itemName . $listFlag . '\')';
                                            $aOnClick = $this->blur() . $addJS . 'vHWin=window.open(\'' . $url . t3lib_div::implodeArrayForUrl('', array('P' => $params)) . '\'+\'&P[currentValue]=\'+TBE_EDITOR.rawurlencode(' . $this->elName($itemName) . '.value,200)' . $curSelectedValues . ',\'popUp' . $md5ID . '\',\'' . $wConf['JSopenParams'] . '\');' . 'vHWin.focus();return false;';
                                            // Setting "colorBoxLinks" - user LATER to wrap around the color box as well:
                                            $colorBoxLinks = array('<a href="#" onclick="' . htmlspecialchars($aOnClick) . '">', '</a>');
                                            if ((string) $wConf['type'] == 'popup') {
                                                $outArr[] = $colorBoxLinks[0] . $icon . $colorBoxLinks[1];
                                            }
                                            break;
                                        case 'userFunc':
                                            $params['item'] =& $item;
                                            // Reference set!
                                            $params['icon'] = $icon;
                                            $params['iTitle'] = $iTitle;
                                            $params['wConf'] = $wConf;
                                            $params['row'] = $row;
                                            $outArr[] = t3lib_div::callUserFunction($wConf['userFunc'], $params, $this);
                                            break;
                                    }
                                }
                                // Hide the real form element?
                                if (is_array($wConf['hideParent']) || $wConf['hideParent']) {
                                    $item = $itemKinds[1];
                                    // Setting the item to a hidden-field.
                                    if (is_array($wConf['hideParent'])) {
                                        $item .= $this->getSingleField_typeNone_render($wConf['hideParent'], $PA['itemFormElValue']);
                                    }
                                }
                            }
                            break;
                        case 'select':
                            $fieldValue = array('config' => $wConf);
                            $TSconfig = $this->setTSconfig($table, $row);
                            $TSconfig[$field] = $TSconfig[$field]['wizards.'][$wid . '.'];
                            $selItems = $this->addSelectOptionsToItemArray($this->initItemArray($fieldValue), $fieldValue, $TSconfig, $field);
                            $opt = array();
                            $opt[] = '<option>' . $iTitle . '</option>';
                            foreach ($selItems as $p) {
                                $opt[] = '<option value="' . htmlspecialchars($p[1]) . '">' . htmlspecialchars($p[0]) . '</option>';
                            }
                            if ($wConf['mode'] == 'append') {
                                $assignValue = $this->elName($itemName) . '.value=\'\'+this.options[this.selectedIndex].value+' . $this->elName($itemName) . '.value';
                            } elseif ($wConf['mode'] == 'prepend') {
                                $assignValue = $this->elName($itemName) . '.value+=\'\'+this.options[this.selectedIndex].value';
                            } else {
                                $assignValue = $this->elName($itemName) . '.value=this.options[this.selectedIndex].value';
                            }
                            $sOnChange = $assignValue . ';this.blur();this.selectedIndex=0;' . implode('', $fieldChangeFunc);
                            $outArr[] = '<select id="' . uniqid('tceforms-select-') . '" class="tceforms-select tceforms-wizardselect" name="_WIZARD' . $fName . '" onchange="' . htmlspecialchars($sOnChange) . '">' . implode('', $opt) . '</select>';
                            break;
                        case 'suggest':
                            if (isset($PA['fieldTSConfig']['suggest.']['default.']['hide']) && (bool) $PA['fieldTSConfig']['suggest.']['default.']['hide'] == TRUE) {
                                break;
                            }
                            $outArr[] = $this->suggest->renderSuggestSelector($PA['itemFormElName'], $table, $field, $row, $PA);
                            break;
                    }
                    // Color wizard colorbox:
                    if ((string) $wConf['type'] == 'colorbox') {
                        $dim = t3lib_div::intExplode('x', $wConf['dim']);
                        $dX = t3lib_div::intInRange($dim[0], 1, 200, 20);
                        $dY = t3lib_div::intInRange($dim[1], 1, 200, 20);
                        $color = $PA['itemFormElValue'] ? ' bgcolor="' . htmlspecialchars($PA['itemFormElValue']) . '"' : '';
                        $outArr[] = '<table border="0" cellpadding="0" cellspacing="0" id="' . $md5ID . '"' . $color . ' style="' . htmlspecialchars($wConf['tableStyle']) . '">
									<tr>
										<td>' . $colorBoxLinks[0] . '<img ' . t3lib_iconWorks::skinImg($this->backPath, strlen(trim($color)) == 0 || strcmp(trim($color), '0') == 0 ? 'gfx/colorpicker_empty.png' : 'gfx/colorpicker.png', 'width="' . $dX . '" height="' . $dY . '"' . t3lib_BEfunc::titleAltAttrib(trim($iTitle . ' ' . $PA['itemFormElValue'])) . ' border="0"') . '>' . $colorBoxLinks[1] . '</td>
									</tr>
								</table>';
                    }
                }
            }
            // For each rendered wizard, put them together around the item.
            if (count($outArr)) {
                if ($wizConf['_HIDDENFIELD']) {
                    $item = $itemKinds[1];
                }
                $outStr = '';
                $vAlign = $wizConf['_VALIGN'] ? ' style="vertical-align:' . $wizConf['_VALIGN'] . '"' : '';
                if (count($outArr) > 1 || $wizConf['_PADDING']) {
                    $dist = intval($wizConf['_DISTANCE']);
                    if ($wizConf['_VERTICAL']) {
                        $dist = $dist ? '<tr><td><img src="clear.gif" width="1" height="' . $dist . '" alt="" /></td></tr>' : '';
                        $outStr = '<tr><td>' . implode('</td></tr>' . $dist . '<tr><td>', $outArr) . '</td></tr>';
                    } else {
                        $dist = $dist ? '<td><img src="clear.gif" height="1" width="' . $dist . '" alt="" /></td>' : '';
                        $outStr = '<tr><td' . $vAlign . '>' . implode('</td>' . $dist . '<td' . $vAlign . '>', $outArr) . '</td></tr>';
                    }
                    $outStr = '<table border="0" cellpadding="' . intval($wizConf['_PADDING']) . '" cellspacing="' . intval($wizConf['_PADDING']) . '">' . $outStr . '</table>';
                } else {
                    $outStr = implode('', $outArr);
                }
                if (!strcmp($wizConf['_POSITION'], 'left')) {
                    $outStr = '<tr><td' . $vAlign . '>' . $outStr . '</td><td' . $vAlign . '>' . $item . '</td></tr>';
                } elseif (!strcmp($wizConf['_POSITION'], 'top')) {
                    $outStr = '<tr><td>' . $outStr . '</td></tr><tr><td>' . $item . '</td></tr>';
                } elseif (!strcmp($wizConf['_POSITION'], 'bottom')) {
                    $outStr = '<tr><td>' . $item . '</td></tr><tr><td>' . $outStr . '</td></tr>';
                } else {
                    $outStr = '<tr><td' . $vAlign . '>' . $item . '</td><td' . $vAlign . '>' . $outStr . '</td></tr>';
                }
                $item = '<table border="0" cellpadding="0" cellspacing="0">' . $outStr . '</table>';
            }
        }
        return $item;
    }
コード例 #11
0
 /**
  * @test
  */
 public function hmacReturnsNotEqualHashesForNotEqualInput()
 {
     $msg0 = 'message0';
     $msg1 = 'message1';
     $this->assertNotEquals(t3lib_div::hmac($msg0), t3lib_div::hmac($msg1));
 }
コード例 #12
0
 /**
  * Determines whether submitted field change functions are valid
  * and are coming from the system and not from an external abuse.
  *
  * @param boolean $allowFlexformSections Whether to handle flexform sections differently
  * @return boolean Whether the submitted field change functions are valid
  */
 protected function areFieldChangeFunctionsValid($handleFlexformSections = FALSE)
 {
     $result = FALSE;
     if (isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])) {
         $matches = array();
         $pattern = '#\\[el\\]\\[(([^]-]+-[^]-]+-)(idx\\d+-)([^]]+))\\]#i';
         $fieldChangeFunctions = $this->P['fieldChangeFunc'];
         // Special handling of flexform sections:
         // Field change functions are modified in JavaScript, thus the hash is always invalid
         if ($handleFlexformSections && preg_match($pattern, $this->P['itemName'], $matches)) {
             $originalName = $matches[1];
             $cleanedName = $matches[2] . $matches[4];
             foreach ($fieldChangeFunctions as &$value) {
                 $value = str_replace($originalName, $cleanedName, $value);
             }
         }
         $result = $this->P['fieldChangeFuncHash'] === t3lib_div::hmac(serialize($fieldChangeFunctions));
     }
     return $result;
 }
コード例 #13
0
 /**
  * Determines whether submitted field change functions are valid
  * and are coming from the system and not from an external abuse.
  *
  * @return boolean Whether the submitted field change functions are valid
  */
 protected function areFieldChangeFunctionsValid()
 {
     return $this->fieldChangeFunc && $this->fieldChangeFuncHash && $this->fieldChangeFuncHash == t3lib_div::hmac($this->fieldChangeFunc);
 }
コード例 #14
0
 /**
  * Rendering the cObject, FORM
  *
  * Note on $formData:
  * In the optional $formData array each entry represents a line in the ordinary setup.
  * In those entries each entry (0,1,2...) represents a space normally divided by the '|' line.
  *
  * $formData [] = array('Name:', 'name=input, 25 ', 'Default value....');
  * $formData [] = array('Email:', 'email=input, 25 ', 'Default value for email....');
  *
  * - corresponds to the $conf['data'] value being :
  * Name:|name=input, 25 |Default value....||Email:|email=input, 25 |Default value for email....
  *
  * If $formData is an array the value of $conf['data'] is ignored.
  *
  * @param	array		Array of TypoScript properties
  * @param	array		Alternative formdata overriding whatever comes from TypoScript
  * @return	string		Output
  */
 public function render($conf = array(), $formData = '')
 {
     $content = '';
     if (is_array($formData)) {
         $dataArray = $formData;
     } else {
         $data = isset($conf['data.']) ? $this->cObj->stdWrap($conf['data'], $conf['data.']) : $conf['data'];
         // Clearing dataArr
         $dataArray = array();
         // Getting the original config
         if (trim($data)) {
             $data = str_replace(LF, '||', $data);
             $dataArray = explode('||', $data);
         }
         // Adding the new dataArray config form:
         if (is_array($conf['dataArray.'])) {
             // dataArray is supplied
             $sortedKeyArray = t3lib_TStemplate::sortedKeyList($conf['dataArray.'], TRUE);
             foreach ($sortedKeyArray as $theKey) {
                 $singleKeyArray = $conf['dataArray.'][$theKey . '.'];
                 if (is_array($singleKeyArray)) {
                     $temp = array();
                     $label = isset($singleKeyArray['label.']) ? $this->cObj->stdWrap($singleKeyArray['label'], $singleKeyArray['label.']) : $singleKeyArray['label'];
                     list($temp[0]) = explode('|', $label);
                     $type = isset($singleKeyArray['type.']) ? $this->cObj->stdWrap($singleKeyArray['type'], $singleKeyArray['type.']) : $singleKeyArray['type'];
                     list($temp[1]) = explode('|', $type);
                     $required = isset($singleKeyArray['required.']) ? $this->cObj->stdWrap($singleKeyArray['required'], $singleKeyArray['required.']) : $singleKeyArray['required'];
                     if ($required) {
                         $temp[1] = '*' . $temp[1];
                     }
                     $singleValue = isset($singleKeyArray['value.']) ? $this->cObj->stdWrap($singleKeyArray['value'], $singleKeyArray['value.']) : $singleKeyArray['value'];
                     list($temp[2]) = explode('|', $singleValue);
                     // If value array is set, then implode those values.
                     if (is_array($singleKeyArray['valueArray.'])) {
                         $temp_accumulated = array();
                         foreach ($singleKeyArray['valueArray.'] as $singleKey => $singleKey_valueArray) {
                             if (is_array($singleKey_valueArray) && !strcmp(intval($singleKey) . '.', $singleKey)) {
                                 $temp_valueArray = array();
                                 $valueArrayLabel = isset($singleKey_valueArray['label.']) ? $this->cObj->stdWrap($singleKey_valueArray['label'], $singleKey_valueArray['label.']) : $singleKey_valueArray['label'];
                                 list($temp_valueArray[0]) = explode('=', $valueArrayLabel);
                                 $selected = isset($singleKeyArray['selected.']) ? $this->cObj->stdWrap($singleKeyArray['selected'], $singleKeyArray['selected.']) : $singleKeyArray['selected'];
                                 if ($selected) {
                                     $temp_valueArray[0] = '*' . $temp_valueArray[0];
                                 }
                                 $singleKeyValue = isset($singleKey_valueArray['value.']) ? $this->cObj->stdWrap($singleKey_valueArray['value'], $singleKey_valueArray['value.']) : $singleKey_valueArray['value'];
                                 list($temp_valueArray[1]) = explode(',', $singleKeyValue);
                             }
                             $temp_accumulated[] = implode('=', $temp_valueArray);
                         }
                         $temp[2] = implode(',', $temp_accumulated);
                     }
                     $specialEval = isset($singleKeyArray['specialEval.']) ? $this->cObj->stdWrap($singleKeyArray['specialEval'], $singleKeyArray['specialEval.']) : $singleKeyArray['specialEval'];
                     list($temp[3]) = explode('|', $specialEval);
                     // adding the form entry to the dataArray
                     $dataArray[] = implode('|', $temp);
                 }
             }
         }
     }
     $attachmentCounter = '';
     $hiddenfields = '';
     $fieldlist = array();
     $propertyOverride = array();
     $fieldname_hashArray = array();
     $counter = 0;
     $xhtmlStrict = t3lib_div::inList('xhtml_strict,xhtml_11,xhtml_2', $GLOBALS['TSFE']->xhtmlDoctype);
     // Formname
     $formName = isset($conf['formName.']) ? $this->cObj->stdWrap($conf['formName'], $conf['formName.']) : $conf['formName'];
     if ($formName) {
         $formName = $this->cObj->cleanFormName($formName);
     } else {
         $formName = 'a' . $GLOBALS['TSFE']->uniqueHash();
         // form name has to start with a letter to reach XHTML compliance
     }
     $fieldPrefix = isset($conf['fieldPrefix.']) ? $this->cObj->stdWrap($conf['fieldPrefix'], $conf['fieldPrefix.']) : $conf['fieldPrefix'];
     if (isset($conf['fieldPrefix']) || isset($conf['fieldPrefix.'])) {
         if ($fieldPrefix) {
             $prefix = $this->cObj->cleanFormName($fieldPrefix);
         } else {
             $prefix = '';
         }
     } else {
         $prefix = $formName;
     }
     foreach ($dataArray as $dataValue) {
         $counter++;
         $confData = array();
         if (is_array($formData)) {
             $parts = $dataValue;
             $dataValue = 1;
             // TRUE...
         } else {
             $dataValue = trim($dataValue);
             $parts = explode('|', $dataValue);
         }
         if ($dataValue && strcspn($dataValue, '#/')) {
             // label:
             $confData['label'] = t3lib_div::removeXSS(trim($parts[0]));
             // field:
             $fParts = explode(',', $parts[1]);
             $fParts[0] = trim($fParts[0]);
             if (substr($fParts[0], 0, 1) == '*') {
                 $confData['required'] = 1;
                 $fParts[0] = substr($fParts[0], 1);
             }
             $typeParts = explode('=', $fParts[0]);
             $confData['type'] = trim(strtolower(end($typeParts)));
             if (count($typeParts) == 1) {
                 $confData['fieldname'] = $this->cObj->cleanFormName($parts[0]);
                 if (strtolower(preg_replace('/[^[:alnum:]]/', '', $confData['fieldname'])) == 'email') {
                     $confData['fieldname'] = 'email';
                 }
                 // Duplicate fieldnames resolved
                 if (isset($fieldname_hashArray[md5($confData['fieldname'])])) {
                     $confData['fieldname'] .= '_' . $counter;
                 }
                 $fieldname_hashArray[md5($confData['fieldname'])] = $confData['fieldname'];
                 // Attachment names...
                 if ($confData['type'] == 'file') {
                     $confData['fieldname'] = 'attachment' . $attachmentCounter;
                     $attachmentCounter = intval($attachmentCounter) + 1;
                 }
             } else {
                 $confData['fieldname'] = str_replace(' ', '_', trim($typeParts[0]));
             }
             $confData['fieldname'] = htmlspecialchars($confData['fieldname']);
             $fieldCode = '';
             $wrapFieldName = isset($conf['wrapFieldName']) ? $this->cObj->stdWrap($conf['wrapFieldName'], $conf['wrapFieldName.']) : $conf['wrapFieldName'];
             if ($wrapFieldName) {
                 $confData['fieldname'] = $this->cObj->wrap($confData['fieldname'], $wrapFieldName);
             }
             // Set field name as current:
             $this->cObj->setCurrentVal($confData['fieldname']);
             // Additional parameters
             if (trim($confData['type'])) {
                 if (isset($conf['params.'][$confData['type']])) {
                     $addParams = isset($conf['params.'][$confData['type'] . '.']) ? trim($this->cObj->stdWrap($conf['params.'][$confData['type']], $conf['params.'][$confData['type'] . '.'])) : trim($conf['params.'][$confData['type']]);
                 } else {
                     $addParams = isset($conf['params.']) ? trim($this->cObj->stdWrap($conf['params'], $conf['params.'])) : trim($conf['params']);
                 }
                 if (strcmp('', $addParams)) {
                     $addParams = ' ' . $addParams;
                 }
             } else {
                 $addParams = '';
             }
             $dontMd5FieldNames = isset($conf['dontMd5FieldNames.']) ? $this->cObj->stdWrap($conf['dontMd5FieldNames'], $conf['dontMd5FieldNames.']) : $conf['dontMd5FieldNames'];
             if ($dontMd5FieldNames) {
                 $fName = $confData['fieldname'];
             } else {
                 $fName = md5($confData['fieldname']);
             }
             // Accessibility: Set id = fieldname attribute:
             $accessibility = isset($conf['accessibility.']) ? $this->cObj->stdWrap($conf['accessibility'], $conf['accessibility.']) : $conf['accessibility'];
             if ($accessibility || $xhtmlStrict) {
                 $elementIdAttribute = ' id="' . $prefix . $fName . '"';
             } else {
                 $elementIdAttribute = '';
             }
             // Create form field based on configuration/type:
             switch ($confData['type']) {
                 case 'textarea':
                     $cols = trim($fParts[1]) ? intval($fParts[1]) : 20;
                     $compensateFieldWidth = isset($conf['compensateFieldWidth.']) ? $this->cObj->stdWrap($conf['compensateFieldWidth'], $conf['compensateFieldWidth.']) : $conf['compensateFieldWidth'];
                     $compWidth = doubleval($compensateFieldWidth ? $compensateFieldWidth : $GLOBALS['TSFE']->compensateFieldWidth);
                     $compWidth = $compWidth ? $compWidth : 1;
                     $cols = t3lib_div::intInRange($cols * $compWidth, 1, 120);
                     $rows = trim($fParts[2]) ? t3lib_div::intInRange($fParts[2], 1, 30) : 5;
                     $wrap = trim($fParts[3]);
                     $noWrapAttr = isset($conf['noWrapAttr.']) ? $this->cObj->stdWrap($conf['noWrapAttr'], $conf['noWrapAttr.']) : $conf['noWrapAttr'];
                     if ($noWrapAttr || $wrap === 'disabled') {
                         $wrap = '';
                     } else {
                         $wrap = $wrap ? ' wrap="' . $wrap . '"' : ' wrap="virtual"';
                     }
                     $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
                     $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], str_replace('\\n', LF, trim($parts[2])));
                     $fieldCode = sprintf('<textarea name="%s"%s cols="%s" rows="%s"%s%s>%s</textarea>', $confData['fieldname'], $elementIdAttribute, $cols, $rows, $wrap, $addParams, t3lib_div::formatForTextarea($default));
                     break;
                 case 'input':
                 case 'password':
                     $size = trim($fParts[1]) ? intval($fParts[1]) : 20;
                     $compensateFieldWidth = isset($conf['compensateFieldWidth.']) ? $this->cObj->stdWrap($conf['compensateFieldWidth'], $conf['compensateFieldWidth.']) : $conf['compensateFieldWidth'];
                     $compWidth = doubleval($compensateFieldWidth ? $compensateFieldWidth : $GLOBALS['TSFE']->compensateFieldWidth);
                     $compWidth = $compWidth ? $compWidth : 1;
                     $size = t3lib_div::intInRange($size * $compWidth, 1, 120);
                     $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
                     $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], trim($parts[2]));
                     if ($confData['type'] == 'password') {
                         $default = '';
                     }
                     $max = trim($fParts[2]) ? ' maxlength="' . t3lib_div::intInRange($fParts[2], 1, 1000) . '"' : "";
                     $theType = $confData['type'] == 'input' ? 'text' : 'password';
                     $fieldCode = sprintf('<input type="%s" name="%s"%s size="%s"%s value="%s"%s />', $theType, $confData['fieldname'], $elementIdAttribute, $size, $max, htmlspecialchars($default), $addParams);
                     break;
                 case 'file':
                     $size = trim($fParts[1]) ? t3lib_div::intInRange($fParts[1], 1, 60) : 20;
                     $fieldCode = sprintf('<input type="file" name="%s"%s size="%s"%s />', $confData['fieldname'], $elementIdAttribute, $size, $addParams);
                     break;
                 case 'check':
                     // alternative default value:
                     $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
                     $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], trim($parts[2]));
                     $checked = $default ? ' checked="checked"' : '';
                     $fieldCode = sprintf('<input type="checkbox" value="%s" name="%s"%s%s%s />', 1, $confData['fieldname'], $elementIdAttribute, $checked, $addParams);
                     break;
                 case 'select':
                     $option = '';
                     $valueParts = explode(',', $parts[2]);
                     // size
                     if (strtolower(trim($fParts[1])) == 'auto') {
                         $fParts[1] = count($valueParts);
                     }
                     // Auto size set here. Max 20
                     $size = trim($fParts[1]) ? t3lib_div::intInRange($fParts[1], 1, 20) : 1;
                     // multiple
                     $multiple = strtolower(trim($fParts[2])) == 'm' ? ' multiple="multiple"' : '';
                     $items = array();
                     // Where the items will be
                     $defaults = array();
                     //RTF
                     $pCount = count($valueParts);
                     for ($a = 0; $a < $pCount; $a++) {
                         $valueParts[$a] = trim($valueParts[$a]);
                         if (substr($valueParts[$a], 0, 1) == '*') {
                             // Finding default value
                             $sel = 'selected';
                             $valueParts[$a] = substr($valueParts[$a], 1);
                         } else {
                             $sel = '';
                         }
                         // Get value/label
                         $subParts = explode('=', $valueParts[$a]);
                         $subParts[1] = isset($subParts[1]) ? trim($subParts[1]) : trim($subParts[0]);
                         // Sets the value
                         $items[] = $subParts;
                         // Adds the value/label pair to the items-array
                         if ($sel) {
                             $defaults[] = $subParts[1];
                         }
                         // Sets the default value if value/label pair is marked as default.
                     }
                     // alternative default value:
                     $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
                     $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], $defaults);
                     if (!is_array($default)) {
                         $defaults = array();
                         $defaults[] = $default;
                     } else {
                         $defaults = $default;
                     }
                     // Create the select-box:
                     $iCount = count($items);
                     for ($a = 0; $a < $iCount; $a++) {
                         $option .= '<option value="' . $items[$a][1] . '"' . (in_array($items[$a][1], $defaults) ? ' selected="selected"' : '') . '>' . trim($items[$a][0]) . '</option>';
                         //RTF
                     }
                     if ($multiple) {
                         // The fieldname must be prepended '[]' if multiple select. And the reason why it's prepended is, because the required-field list later must also have [] prepended.
                         $confData['fieldname'] .= '[]';
                     }
                     $fieldCode = sprintf('<select name="%s"%s size="%s"%s%s>%s</select>', $confData['fieldname'], $elementIdAttribute, $size, $multiple, $addParams, $option);
                     //RTF
                     break;
                 case 'radio':
                     $option = '';
                     $valueParts = explode(',', $parts[2]);
                     $items = array();
                     // Where the items will be
                     $default = '';
                     $pCount = count($valueParts);
                     for ($a = 0; $a < $pCount; $a++) {
                         $valueParts[$a] = trim($valueParts[$a]);
                         if (substr($valueParts[$a], 0, 1) == '*') {
                             $sel = 'checked';
                             $valueParts[$a] = substr($valueParts[$a], 1);
                         } else {
                             $sel = '';
                         }
                         // Get value/label
                         $subParts = explode('=', $valueParts[$a]);
                         $subParts[1] = isset($subParts[1]) ? trim($subParts[1]) : trim($subParts[0]);
                         // Sets the value
                         $items[] = $subParts;
                         // Adds the value/label pair to the items-array
                         if ($sel) {
                             $default = $subParts[1];
                         }
                         // Sets the default value if value/label pair is marked as default.
                     }
                     // alternative default value:
                     $noValueInsert = isset($conf['noValueInsert.']) ? $this->cObj->stdWrap($conf['noValueInsert'], $conf['noValueInsert.']) : $conf['noValueInsert'];
                     $default = $this->cObj->getFieldDefaultValue($noValueInsert, $confData['fieldname'], $default);
                     // Create the select-box:
                     $iCount = count($items);
                     for ($a = 0; $a < $iCount; $a++) {
                         $optionParts = '';
                         $radioId = $prefix . $fName . $this->cObj->cleanFormName($items[$a][0]);
                         if ($accessibility) {
                             $radioLabelIdAttribute = ' id="' . $radioId . '"';
                         } else {
                             $radioLabelIdAttribute = '';
                         }
                         $optionParts .= '<input type="radio" name="' . $confData['fieldname'] . '"' . $radioLabelIdAttribute . ' value="' . $items[$a][1] . '"' . (!strcmp($items[$a][1], $default) ? ' checked="checked"' : '') . $addParams . ' />';
                         if ($accessibility) {
                             $label = isset($conf['radioWrap.']) ? $this->cObj->stdWrap(trim($items[$a][0]), $conf['radioWrap.']) : trim($items[$a][0]);
                             $optionParts .= '<label for="' . $radioId . '">' . $label . '</label>';
                         } else {
                             $optionParts .= isset($conf['radioWrap.']) ? $this->cObj->stdWrap(trim($items[$a][0]), $conf['radioWrap.']) : trim($items[$a][0]);
                         }
                         $option .= isset($conf['radioInputWrap.']) ? $this->cObj->stdWrap($optionParts, $conf['radioInputWrap.']) : $optionParts;
                     }
                     if ($accessibility) {
                         $accessibilityWrap = isset($conf['radioWrap.']['accessibilityWrap.']) ? $this->cObj->stdWrap($conf['radioWrap.']['accessibilityWrap'], $conf['radioWrap.']['accessibilityWrap.']) : $conf['radioWrap.']['accessibilityWrap.'];
                         if ($accessibilityWrap) {
                             $search = array('###RADIO_FIELD_ID###', '###RADIO_GROUP_LABEL###');
                             $replace = array($elementIdAttribute, $confData['label']);
                             $accessibilityWrap = str_replace($search, $replace, $accessibilityWrap);
                             $option = $this->cObj->wrap($option, $accessibilityWrap);
                         }
                     }
                     $fieldCode = $option;
                     break;
                 case 'hidden':
                     $value = trim($parts[2]);
                     // If this form includes an auto responder message, include a HMAC checksum field
                     // in order to verify potential abuse of this feature.
                     if (strlen($value) && t3lib_div::inList($confData['fieldname'], 'auto_respond_msg')) {
                         $hmacChecksum = t3lib_div::hmac($value);
                         $hiddenfields .= sprintf('<input type="hidden" name="auto_respond_checksum" id="%sauto_respond_checksum" value="%s" />', $prefix, $hmacChecksum);
                     }
                     if (strlen($value) && t3lib_div::inList('recipient_copy,recipient', $confData['fieldname']) && $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
                         break;
                     }
                     if (strlen($value) && t3lib_div::inList('recipient_copy,recipient', $confData['fieldname'])) {
                         $value = $GLOBALS['TSFE']->codeString($value);
                     }
                     $hiddenfields .= sprintf('<input type="hidden" name="%s"%s value="%s" />', $confData['fieldname'], $elementIdAttribute, htmlspecialchars($value));
                     break;
                 case 'property':
                     if (t3lib_div::inList('type,locationData,goodMess,badMess,emailMess', $confData['fieldname'])) {
                         $value = trim($parts[2]);
                         $propertyOverride[$confData['fieldname']] = $value;
                         $conf[$confData['fieldname']] = $value;
                     }
                     break;
                 case 'submit':
                     $value = trim($parts[2]);
                     if ($conf['image.']) {
                         $this->cObj->data[$this->cObj->currentValKey] = $value;
                         $image = $this->cObj->IMG_RESOURCE($conf['image.']);
                         $params = $conf['image.']['params'] ? ' ' . $conf['image.']['params'] : '';
                         $params .= $this->cObj->getAltParam($conf['image.'], FALSE);
                         $params .= $addParams;
                     } else {
                         $image = '';
                     }
                     if ($image) {
                         $fieldCode = sprintf('<input type="image" name="%s"%s src="%s"%s />', $confData['fieldname'], $elementIdAttribute, $image, $params);
                     } else {
                         $fieldCode = sprintf('<input type="submit" name="%s"%s value="%s"%s />', $confData['fieldname'], $elementIdAttribute, t3lib_div::deHSCentities(htmlspecialchars($value)), $addParams);
                     }
                     break;
                 case 'reset':
                     $value = trim($parts[2]);
                     $fieldCode = sprintf('<input type="reset" name="%s"%s value="%s"%s />', $confData['fieldname'], $elementIdAttribute, t3lib_div::deHSCentities(htmlspecialchars($value)), $addParams);
                     break;
                 case 'label':
                     $fieldCode = nl2br(htmlspecialchars(trim($parts[2])));
                     break;
                 default:
                     $confData['type'] = 'comment';
                     $fieldCode = trim($parts[2]) . '&nbsp;';
                     break;
             }
             if ($fieldCode) {
                 // Checking for special evaluation modes:
                 if (t3lib_div::inList('textarea,input,password', $confData['type']) && strlen(trim($parts[3]))) {
                     $modeParameters = t3lib_div::trimExplode(':', $parts[3]);
                 } else {
                     $modeParameters = array();
                 }
                 // Adding evaluation based on settings:
                 switch ((string) $modeParameters[0]) {
                     case 'EREG':
                         $fieldlist[] = '_EREG';
                         $fieldlist[] = $modeParameters[1];
                         $fieldlist[] = $modeParameters[2];
                         $fieldlist[] = $confData['fieldname'];
                         $fieldlist[] = $confData['label'];
                         $confData['required'] = 1;
                         // Setting this so "required" layout is used.
                         break;
                     case 'EMAIL':
                         $fieldlist[] = '_EMAIL';
                         $fieldlist[] = $confData['fieldname'];
                         $fieldlist[] = $confData['label'];
                         $confData['required'] = 1;
                         // Setting this so "required" layout is used.
                         break;
                     default:
                         if ($confData['required']) {
                             $fieldlist[] = $confData['fieldname'];
                             $fieldlist[] = $confData['label'];
                         }
                         break;
                 }
                 // Field:
                 $fieldLabel = $confData['label'];
                 if ($accessibility && trim($fieldLabel) && !preg_match('/^(label|hidden|comment)$/', $confData['type'])) {
                     $fieldLabel = '<label for="' . $prefix . $fName . '">' . $fieldLabel . '</label>';
                 }
                 // Getting template code:
                 if (isset($conf['fieldWrap.'])) {
                     $fieldCode = $this->cObj->stdWrap($fieldCode, $conf['fieldWrap.']);
                 }
                 $labelCode = isset($conf['labelWrap.']) ? $this->cObj->stdWrap($fieldLabel, $conf['labelWrap.']) : $fieldLabel;
                 $commentCode = isset($conf['commentWrap.']) ? $this->cObj->stdWrap($confData['label'], $conf['commentWrap.']) : $confData['label'];
                 $result = $conf['layout'];
                 $req = isset($conf['REQ.']) ? $this->cObj->stdWrap($conf['REQ'], $conf['REQ.']) : $conf['REQ'];
                 if ($req && $confData['required']) {
                     if (isset($conf['REQ.']['fieldWrap.'])) {
                         $fieldCode = $this->cObj->stdWrap($fieldCode, $conf['REQ.']['fieldWrap.']);
                     }
                     if (isset($conf['REQ.']['labelWrap.'])) {
                         $labelCode = $this->cObj->stdWrap($fieldLabel, $conf['REQ.']['labelWrap.']);
                     }
                     $reqLayout = isset($conf['REQ.']['layout.']) ? $this->cObj->stdWrap($conf['REQ.']['layout'], $conf['REQ.']['layout.']) : $conf['REQ.']['layout'];
                     if ($reqLayout) {
                         $result = $reqLayout;
                     }
                 }
                 if ($confData['type'] == 'comment') {
                     $commentLayout = isset($conf['COMMENT.']['layout.']) ? $this->cObj->stdWrap($conf['COMMENT.']['layout'], $conf['COMMENT.']['layout.']) : $conf['COMMENT.']['layout'];
                     if ($commentLayout) {
                         $result = $commentLayout;
                     }
                 }
                 if ($confData['type'] == 'check') {
                     $checkLayout = isset($conf['CHECK.']['layout.']) ? $this->cObj->stdWrap($conf['CHECK.']['layout'], $conf['CHECK.']['layout.']) : $conf['CHECK.']['layout'];
                     if ($checkLayout) {
                         $result = $checkLayout;
                     }
                 }
                 if ($confData['type'] == 'radio') {
                     $radioLayout = isset($conf['RADIO.']['layout.']) ? $this->cObj->stdWrap($conf['RADIO.']['layout'], $conf['RADIO.']['layout.']) : $conf['RADIO.']['layout'];
                     if ($radioLayout) {
                         $result = $radioLayout;
                     }
                 }
                 if ($confData['type'] == 'label') {
                     $labelLayout = isset($conf['LABEL.']['layout.']) ? $this->cObj->stdWrap($conf['LABEL.']['layout'], $conf['LABEL.']['layout.']) : $conf['CHECK.']['layout'];
                     if ($labelLayout) {
                         $result = $labelLayout;
                     }
                 }
                 $result = str_replace('###FIELD###', $fieldCode, $result);
                 $result = str_replace('###LABEL###', $labelCode, $result);
                 $result = str_replace('###COMMENT###', $commentCode, $result);
                 //RTF
                 $content .= $result;
             }
         }
     }
     if (isset($conf['stdWrap.'])) {
         $content = $this->cObj->stdWrap($content, $conf['stdWrap.']);
     }
     // redirect (external: where to go afterwards. internal: where to submit to)
     $theRedirect = isset($conf['redirect.']) ? $this->cObj->stdWrap($conf['redirect'], $conf['redirect.']) : $conf['redirect'];
     // redirect should be set to the page to redirect to after an external script has been used. If internal scripts is used, and if no 'type' is set that dictates otherwise, redirect is used as the url to jump to as long as it's an integer (page)
     $target = isset($conf['target.']) ? $this->cObj->stdWrap($conf['target'], $conf['target.']) : $conf['target'];
     // redirect should be set to the page to redirect to after an external script has been used. If internal scripts is used, and if no 'type' is set that dictates otherwise, redirect is used as the url to jump to as long as it's an integer (page)
     $noCache = isset($conf['no_cache.']) ? $this->cObj->stdWrap($conf['no_cache'], $conf['no_cache.']) : $conf['no_cache'];
     // redirect should be set to the page to redirect to after an external script has been used. If internal scripts is used, and if no 'type' is set that dictates otherwise, redirect is used as the url to jump to as long as it's an integer (page)
     $page = $GLOBALS['TSFE']->page;
     if (!$theRedirect) {
         // Internal: Just submit to current page
         $LD = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, 'index.php', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
     } elseif (t3lib_div::testInt($theRedirect)) {
         // Internal: Submit to page with ID $theRedirect
         $page = $GLOBALS['TSFE']->sys_page->getPage_noCheck($theRedirect);
         $LD = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, 'index.php', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
     } else {
         // External URL, redirect-hidden field is rendered!
         $LD = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, '', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
         $LD['totalURL'] = $theRedirect;
         $hiddenfields .= '<input type="hidden" name="redirect" value="' . htmlspecialchars($LD['totalURL']) . '" />';
         // 18-09-00 added
     }
     // Formtype (where to submit to!):
     if ($propertyOverride['type']) {
         $formtype = $propertyOverride['type'];
     } else {
         $formtype = isset($conf['type.']) ? $this->cObj->stdWrap($conf['type'], $conf['type.']) : $conf['type'];
     }
     if (t3lib_div::testInt($formtype)) {
         // Submit to a specific page
         $page = $GLOBALS['TSFE']->sys_page->getPage_noCheck($formtype);
         $LD_A = $GLOBALS['TSFE']->tmpl->linkData($page, $target, $noCache, '', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
         $action = $LD_A['totalURL'];
     } elseif ($formtype) {
         // Submit to external script
         $LD_A = $LD;
         $action = $formtype;
     } elseif (t3lib_div::testInt($theRedirect)) {
         $LD_A = $LD;
         $action = $LD_A['totalURL'];
     } else {
         // Submit to "nothing" - which is current page
         $LD_A = $GLOBALS['TSFE']->tmpl->linkData($GLOBALS['TSFE']->page, $target, $noCache, '', '', $this->cObj->getClosestMPvalueForPage($page['uid']));
         $action = $LD_A['totalURL'];
     }
     // Recipient:
     $theEmail = isset($conf['recipient.']) ? $this->cObj->stdWrap($conf['recipient'], $conf['recipient.']) : $conf['recipient'];
     if ($theEmail && !$GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
         $theEmail = $GLOBALS['TSFE']->codeString($theEmail);
         $hiddenfields .= '<input type="hidden" name="recipient" value="' . htmlspecialchars($theEmail) . '" />';
     }
     // location data:
     $location = isset($conf['locationData.']) ? $this->cObj->stdWrap($conf['locationData'], $conf['locationData.']) : $conf['locationData'];
     if ($location) {
         if ($location == 'HTTP_POST_VARS' && isset($_POST['locationData'])) {
             $locationData = t3lib_div::_POST('locationData');
         } else {
             // locationData is [hte page id]:[tablename]:[uid of record]. Indicates on which page the record (from tablename with uid) is shown. Used to check access.
             $locationData = $GLOBALS['TSFE']->id . ':' . $this->cObj->currentRecord;
         }
         $hiddenfields .= '<input type="hidden" name="locationData" value="' . htmlspecialchars($locationData) . '" />';
     }
     // hidden fields:
     if (is_array($conf['hiddenFields.'])) {
         foreach ($conf['hiddenFields.'] as $hF_key => $hF_conf) {
             if (substr($hF_key, -1) != '.') {
                 $hF_value = $this->cObj->cObjGetSingle($hF_conf, $conf['hiddenFields.'][$hF_key . '.'], 'hiddenfields');
                 if (strlen($hF_value) && t3lib_div::inList('recipient_copy,recipient', $hF_key)) {
                     if ($GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail']) {
                         continue;
                     }
                     $hF_value = $GLOBALS['TSFE']->codeString($hF_value);
                 }
                 $hiddenfields .= '<input type="hidden" name="' . $hF_key . '" value="' . htmlspecialchars($hF_value) . '" />';
             }
         }
     }
     // Wrap all hidden fields in a div tag (see http://bugs.typo3.org/view.php?id=678)
     $hiddenfields = isset($conf['hiddenFields.']['stdWrap.']) ? $this->cObj->stdWrap($hiddenfields, $conf['hiddenFields.']['stdWrap.']) : '<div style="display:none;">' . $hiddenfields . '</div>';
     if ($conf['REQ']) {
         $goodMess = isset($conf['goodMess.']) ? $this->cObj->stdWrap($conf['goodMess'], $conf['goodMess.']) : $conf['goodMess'];
         $badMess = isset($conf['badMess.']) ? $this->cObj->stdWrap($conf['badMess'], $conf['badMess.']) : $conf['badMess'];
         $emailMess = isset($conf['emailMess.']) ? $this->cObj->stdWrap($conf['emailMess'], $conf['emailMess.']) : $conf['emailMess'];
         $validateForm = ' onsubmit="return validateForm(\'' . $formName . '\',\'' . implode(',', $fieldlist) . '\',' . t3lib_div::quoteJSvalue($goodMess) . ',' . t3lib_div::quoteJSvalue($badMess) . ',' . t3lib_div::quoteJSvalue($emailMess) . ')"';
         $GLOBALS['TSFE']->additionalHeaderData['JSFormValidate'] = '<script type="text/javascript" src="' . t3lib_div::createVersionNumberedFilename($GLOBALS['TSFE']->absRefPrefix . 't3lib/jsfunc.validateform.js') . '"></script>';
     } else {
         $validateForm = '';
     }
     // Create form tag:
     $theTarget = $theRedirect ? $LD['target'] : $LD_A['target'];
     $method = isset($conf['method.']) ? $this->cObj->stdWrap($conf['method'], $conf['method.']) : $conf['method'];
     $content = array('<form' . ' action="' . htmlspecialchars($action) . '"' . ' id="' . $formName . '"' . ($xhtmlStrict ? '' : ' name="' . $formName . '"') . ' enctype="' . $GLOBALS['TYPO3_CONF_VARS']['SYS']['form_enctype'] . '"' . ' method="' . ($method ? $method : 'post') . '"' . ($theTarget ? ' target="' . $theTarget . '"' : '') . $validateForm . '>', $hiddenfields . $content, '</form>');
     $arrayReturnMode = isset($conf['arrayReturnMode.']) ? $this->cObj->stdWrap($conf['arrayReturnMode'], $conf['arrayReturnMode.']) : $conf['arrayReturnMode'];
     if ($arrayReturnMode) {
         $content['validateForm'] = $validateForm;
         $content['formname'] = $formName;
         return $content;
     } else {
         return implode('', $content);
     }
 }