/** * The slot for the signal in DatabaseTreeDataProvider. * * @param DatabaseTreeDataProvider $dataProvider * @param TreeNode $treeData * @return void */ public function addUserPermissionsToCategoryTreeData(DatabaseTreeDataProvider $dataProvider, $treeData) { if (!$this->backendUserAuthentication->isAdmin() && $dataProvider->getTableName() === $this->categoryTableName) { // Get User permissions related to category $categoryMountPoints = $this->backendUserAuthentication->getCategoryMountPoints(); // Backup child nodes to be processed. $treeNodeCollection = $treeData->getChildNodes(); if (!empty($categoryMountPoints) && !empty($treeNodeCollection)) { // First, remove all child nodes which must be analysed to be considered as "secure". // The nodes were backed up in variable $treeNodeCollection beforehand. $treeData->removeChildNodes(); // Create an empty tree node collection to receive the secured nodes. /** @var TreeNodeCollection $securedTreeNodeCollection */ $securedTreeNodeCollection = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\Tree\\TreeNodeCollection'); foreach ($categoryMountPoints as $categoryMountPoint) { $treeNode = $this->lookUpCategoryMountPointInTreeNodes((int) $categoryMountPoint, $treeNodeCollection); if (!is_null($treeNode)) { $securedTreeNodeCollection->append($treeNode); } } // Reset child nodes. $treeData->setChildNodes($securedTreeNodeCollection); } } }
/** * @test */ public function logoffCleansFormProtection() { $formProtection = $this->getMock('TYPO3\\CMS\\Core\\FormProtection\\BackendFormProtection', array('clean')); $formProtection->expects($this->atLeastOnce())->method('clean'); \TYPO3\CMS\Core\FormProtection\FormProtectionFactory::set('TYPO3\\CMS\\Core\\FormProtection\\BackendFormProtection', $formProtection); $this->fixture->logoff(); }
/** * @test */ public function addDataWithInlineTypeAndModifyRightsWillAddChildren() { $input = ['processedTca' => ['columns' => ['aField' => ['config' => ['type' => 'inline', 'foreign_table' => 'aForeignTableName']]]]]; $this->beUserProphecy->check('tables_modify', $input['processedTca']['columns']['aField']['config']['foreign_table'])->shouldBeCalled()->willReturn(true); $expected = $this->defaultConfig; $expected['processedTca']['columns']['aField']['children'] = []; $this->assertEquals($expected, $this->subject->addData($input)); }
/** * Returns the session contents * * @param string $key * @return mixed */ public function getSessionContents($key) { $sessionData = $this->backendUserAuthentication->getSessionData($key); if ($sessionData !== null) { $content = unserialize($sessionData); if (isset($content['contents'])) { return $content['contents']; } } return false; }
/** * Adds file mounts from the user's file mount records * * @param ResourceStorage $storage * @return void */ protected function addFileMountsToStorage(ResourceStorage $storage) { foreach ($this->backendUserAuthentication->getFileMountRecords() as $fileMountRow) { if ((int) $fileMountRow['base'] === (int) $storage->getUid()) { try { $storage->addFileMount($fileMountRow['path'], $fileMountRow); } catch (FolderDoesNotExistException $e) { // That file mount does not seem to be valid, fail silently } } } }
/** * Executes the modules configured via Extbase * * @param string $moduleName * @return Response A PSR-7 response object * @throws \RuntimeException */ protected function dispatchModule($moduleName) { $moduleConfiguration = $this->getModuleConfiguration($moduleName); // Check permissions and exit if the user has no permission for entry $this->backendUserAuthentication->modAccess($moduleConfiguration, true); $id = isset($this->request->getQueryParams()['id']) ? $this->request->getQueryParams()['id'] : $this->request->getParsedBody()['id']; if ($id && MathUtility::canBeInterpretedAsInteger($id)) { // Check page access $permClause = $this->backendUserAuthentication->getPagePermsClause(true); $access = is_array(BackendUtility::readPageAccess((int) $id, $permClause)); if (!$access) { throw new \RuntimeException('You don\'t have access to this page', 1289917924); } } /** @var Response $response */ $response = GeneralUtility::makeInstance(Response::class); // Use Core Dispatching if (isset($moduleConfiguration['routeTarget'])) { $dispatcher = GeneralUtility::makeInstance(Dispatcher::class); $this->request = $this->request->withAttribute('target', $moduleConfiguration['routeTarget']); $response = $dispatcher->dispatch($this->request, $response); } else { // extbase module $configuration = array('extensionName' => $moduleConfiguration['extensionName'], 'pluginName' => $moduleName); if (isset($moduleConfiguration['vendorName'])) { $configuration['vendorName'] = $moduleConfiguration['vendorName']; } // Run Extbase $bootstrap = GeneralUtility::makeInstance(\TYPO3\CMS\Extbase\Core\Bootstrap::class); $content = $bootstrap->run('', $configuration); $response->getBody()->write($content); } return $response; }
/** * Returns a comma-separeted list of mounts. * * @return string item1, item2, ..., itemN */ protected function getMounts() { $mounts = ''; // Set mount to 0 if the User is a admin if (!$this->byGroup && $this->user->isAdmin()) { $mounts = '0'; } else { $database = $this->getDatabaseConnection(); // Read usermounts - if none are set, mounts are set to NULL if (!$this->byGroup) { $result = $database->exec_SELECTquery($this->field . ',' . $this->usergroupField, $this->table, 'uid = ' . $this->user_uid, $this->where); $row = $database->sql_fetch_assoc($result); $mounts = $row[$this->field]; // Read Usergroup mounts $groups = \TYPO3\CMS\Core\Utility\GeneralUtility::uniqueList($row[$this->usergroupField]); } else { $groups = $this->group; } if (trim($groups)) { $result = $database->exec_SELECTquery($this->field, $this->grouptable, 'uid IN (' . $groups . ')'); // Walk the groups and add the mounts while ($row = $database->sql_fetch_assoc($result)) { $mounts .= ',' . $row[$this->field]; } // Make nicely formated list $mounts = \TYPO3\CMS\Core\Utility\GeneralUtility::uniqueList($mounts); } } return $mounts; }
/** * Returns TRUE if the internal BE_USER has access to the module $name with $MCONF (based on security level set for that module) * * @param string $name Module name * @param array $MCONF MCONF array (module configuration array) from the modules conf.php file (contains settings about what access level the module has) * @return boolean TRUE if access is granted for $this->BE_USER * @todo Define visibility */ public function checkModAccess($name, $MCONF) { if ($MCONF['access']) { $access = strtolower($MCONF['access']); // Checking if admin-access is required // If admin-permissions is required then return TRUE if user is admin if (strstr($access, 'admin')) { if ($this->BE_USER->isAdmin()) { return TRUE; } } // This will add modules to the select-lists of user and groups if (strstr($access, 'user')) { $this->modListUser[] = $name; } if (strstr($access, 'group')) { $this->modListGroup[] = $name; } // This checks if a user is permitted to access the module if ($this->BE_USER->isAdmin() || $this->BE_USER->check('modules', $name)) { return TRUE; } } else { return TRUE; } }
/** * Check if given category is allowed by the access rights * * @param \TYPO3\CMS\Backend\Tree\TreeNode $child * @return bool */ protected function isCategoryAllowed($child) { $mounts = $this->backendUserAuthentication->getCategoryMountPoints(); if (empty($mounts)) { return TRUE; } return in_array($child->getId(), $mounts); }
/** * @test */ public function addDataThrowsExceptionForNewRecordsOnRootLevelWithoutAdminPermissions() { $input = ['tableName' => 'pages', 'command' => 'new', 'vanillaUid' => 123, 'parentPageRow' => null]; $this->beUserProphecy->isAdmin()->willReturn(false); $this->beUserProphecy->check('tables_modify', $input['tableName'])->willReturn(true); $this->setExpectedException(\RuntimeException::class, $this->anything(), 1437745221); $this->subject->addData($input); }
/** * Adding CM element for Delete * * @param string $table Table name * @param integer $uid UID for the current record. * @param array $elInfo Label for including in the confirmation message, EXT:lang/locallang_core.php:mess.delete * @return array Item array, element in $menuItems * @internal */ function DB_delete($table, $uid, $elInfo) { $loc = 'top.content.list_frame'; if ($this->beUser->jsConfirmation(4)) { $conf = "confirm(" . GeneralUtility::quoteJSvalue(sprintf($this->LANG->sL('LLL:EXT:lang/locallang_core.php:mess.delete'), $elInfo[0]) . BackendUtility::referenceCount($table, $uid, ' (There are %s reference(s) to this record!)')) . ")"; } else { $conf = '1==1'; } $editOnClick = 'if(' . $loc . " && " . $conf . " ){" . $loc . ".location.href=top.TS.PATH_typo3+'tce_db.php?redirect='+top.rawurlencode(" . $this->backRef->frameLocation($loc . '.document') . ")+'" . "&cmd[" . $table . '][' . $uid . '][DDdelete]=1&prErr=1&vC=' . $this->beUser->veriCode() . BackendUtility::getUrlToken('tceAction') . "';hideCM();}"; return $this->backRef->linkItem($this->LANG->getLLL('delete', $this->LL), $this->backRef->excludeIcon(IconUtility::getSpriteIcon('actions-edit-delete')), $editOnClick . 'return false;'); }
/** * Switch backen user session * * @param array $params * @param \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $that * @see t3lib_userauth::logoff() * @todo Define visibility */ public function switchBack($params, $that) { // Is a backend session handled? if ($that->session_table !== 'be_sessions' || !$that->user['uid'] || !$that->user['ses_backuserid']) { return; } // @TODO: Move update functionality to Tx_Beuser_Domain_Repository_BackendUserSessionRepository $updateData = array('ses_userid' => $that->user['ses_backuserid'], 'ses_backuserid' => 0); $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', 'ses_id = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . intval($GLOBALS['BE_USER']->user['uid']), $updateData); $redirectUrl = $GLOBALS['BACK_PATH'] . 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1'); \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl); }
/** * Create the panel of buttons for submitting the form or otherwise perform operations. * * @return array All available buttons as an assoc. array */ protected function getButtons() { $buttons = array('csh' => '', 'view' => '', 'shortcut' => ''); // CSH $buttons['csh'] = BackendUtility::cshItem('_MOD_web_info', ''); // View page $buttons['view'] = '<a href="#" ' . 'onclick="' . htmlspecialchars(BackendUtility::viewOnClick($this->pageinfo['uid'], $GLOBALS['BACK_PATH'], BackendUtility::BEgetRootLine($this->pageinfo['uid']))) . '" ' . 'title="' . $this->languageService->sL('LLL:EXT:lang/locallang_core.xlf:labels.showPage', TRUE) . '">' . IconUtility::getSpriteIcon('actions-document-view') . '</a>'; // Shortcut if ($this->backendUser->mayMakeShortcut()) { $buttons['shortcut'] = $this->doc->makeShortcutIcon('id, edit_record, pointer, new_unique_uid, search_field, search_levels, showLimit', implode(',', array_keys($this->MOD_MENU)), $this->moduleName); } return $buttons; }
/** * Calls traditional modules which are identified by having a index.php in their directory * and were previously located within the global scope. * * @param string $moduleName * @return bool */ protected function callTraditionalModule($moduleName) { $moduleBasePath = $this->moduleRegistry['_PATHS'][$moduleName]; $GLOBALS['MCONF'] = $moduleConfiguration = $this->getModuleConfiguration($moduleName); if (!empty($moduleConfiguration['access'])) { $this->backendUserAuthentication->modAccess($moduleConfiguration, TRUE); } if (file_exists($moduleBasePath . 'index.php')) { global $SOBE; require $moduleBasePath . 'index.php'; return TRUE; } return FALSE; }
/** * @test */ public function addDataSetsValuesAndStructureForSectionContainerElements() { $input = ['tableName' => 'aTable', 'databaseRow' => ['aField' => ['data' => ['sDEF' => ['lDEF' => ['section_1' => ['el' => ['1' => ['container_1' => ['el' => []]], '2' => ['container_1' => ['el' => ['aFlexField' => ['vDEF' => 'dbValue']]]]]]], 'lEN' => ['section_1' => ['el' => ['1' => ['container_1' => []]]]]]], 'meta' => []]], 'processedTca' => ['columns' => ['aField' => ['config' => ['type' => 'flex', 'ds' => ['sheets' => ['sDEF' => ['ROOT' => ['type' => 'array', 'el' => ['section_1' => ['section' => '1', 'type' => 'array', 'el' => ['container_1' => ['type' => 'array', 'el' => ['aFlexField' => ['label' => 'aFlexFieldLabel', 'config' => ['type' => 'input', 'default' => 'defaultValue']]]]]]]]]]]]]]], 'pageTsConfig' => []]; $GLOBALS['TYPO3_CONF_VARS']['SYS']['formEngine']['formDataGroup']['flexFormSegment'] = [\TYPO3\CMS\Backend\Form\FormDataProvider\DatabaseRowDefaultValues::class => []]; /** @var LanguageService|ObjectProphecy $languageService */ $languageService = $this->prophesize(LanguageService::class); $GLOBALS['LANG'] = $languageService->reveal(); $languageService->sL(Argument::cetera())->willReturnArgument(0); $this->backendUserProphecy->isAdmin()->willReturn(true); $this->backendUserProphecy->checkLanguageAccess(Argument::cetera())->willReturn(true); $expected = $input; // A default value for existing container field aFlexField should have been set $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['el']['1']['container_1']['el']['aFlexField']['vDEF'] = 'defaultValue'; // Dummy row values for container_1 on lDEF sheet $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['templateRows']['container_1']['el']['aFlexField']['vDEF'] = 'defaultValue'; $this->assertEquals($expected, $this->subject->addData($input)); }
/** * Calls traditional modules which are identified by having an index.php in their directory * and were previously located within the global scope. * * @param string $moduleName * @return bool Returns TRUE if the module was executed */ protected function callTraditionalModule($moduleName) { $moduleBasePath = $this->moduleRegistry['_PATHS'][$moduleName]; // Some modules still rely on this global configuration array in a conf.php file // load configuration from an existing conf.php file inside the same directory if (file_exists($moduleBasePath . 'conf.php')) { require $moduleBasePath . 'conf.php'; $moduleConfiguration = $MCONF; } else { $moduleConfiguration = $this->getModuleConfiguration($moduleName); } $GLOBALS['MCONF'] = $moduleConfiguration; if (!empty($moduleConfiguration['access'])) { $this->backendUserAuthentication->modAccess($moduleConfiguration, true); } if (file_exists($moduleBasePath . 'index.php')) { global $SOBE; require $moduleBasePath . 'index.php'; return true; } return false; }
/** * @test */ public function addDataSetsValuesAndStructureForSectionContainerElementsWithLangChildren() { $input = ['tableName' => 'aTable', 'databaseRow' => ['aField' => ['data' => ['sDEF' => ['lDEF' => ['section_1' => ['el' => ['1' => ['container_1' => ['el' => []]], '2' => ['container_1' => ['el' => ['aFlexField' => ['vDEF' => 'dbValue']]]]]]]]], 'meta' => []]], 'systemLanguageRows' => [0 => ['uid' => 0, 'iso' => 'DEF'], 1 => ['uid' => 1, 'iso' => 'EN']], 'processedTca' => ['columns' => ['aField' => ['config' => ['type' => 'flex', 'ds' => ['meta' => ['langChildren' => 1], 'sheets' => ['sDEF' => ['ROOT' => ['type' => 'array', 'el' => ['section_1' => ['section' => '1', 'type' => 'array', 'el' => ['container_1' => ['type' => 'array', 'el' => ['aFlexField' => ['label' => 'aFlexFieldLabel', 'config' => ['type' => 'input', 'default' => 'defaultValue']]]]]]]]]]]]]]], 'pageTsConfig' => []]; $GLOBALS['TYPO3_CONF_VARS']['SYS']['formEngine']['formDataGroup']['flexFormSegment'] = [\TYPO3\CMS\Backend\Form\FormDataProvider\DatabaseRowDefaultValues::class => []]; /** @var LanguageService|ObjectProphecy $languageService */ $languageService = $this->prophesize(LanguageService::class); $GLOBALS['LANG'] = $languageService->reveal(); $languageService->sL(Argument::cetera())->willReturnArgument(0); $this->backendUserProphecy->isAdmin()->willReturn(true); $this->backendUserProphecy->checkLanguageAccess(Argument::cetera())->willReturn(true); $expected = $input; $expected['processedTca']['columns']['aField']['config']['ds']['meta'] = ['availableLanguageCodes' => [0 => 'DEF', 1 => 'EN'], 'langDisable' => false, 'langChildren' => true, 'languagesOnSheetLevel' => [0 => 'DEF'], 'languagesOnElement' => [0 => 'DEF', 1 => 'EN']]; // A default value for existing container field aFlexField should have been set $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['el']['1']['container_1']['el']['aFlexField']['vDEF'] = 'defaultValue'; $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['el']['1']['container_1']['el']['aFlexField']['vEN'] = 'defaultValue'; // Also for the other defined language $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['el']['2']['container_1']['el']['aFlexField']['vEN'] = 'defaultValue'; // There should be a templateRow for container_1 with defaultValue set for both languages $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['templateRows']['container_1']['el']['aFlexField']['vDEF'] = 'defaultValue'; $expected['databaseRow']['aField']['data']['sDEF']['lDEF']['section_1']['templateRows']['container_1']['el']['aFlexField']['vEN'] = 'defaultValue'; $this->assertEquals($expected, $this->subject->addData($input)); }
/** * Creates the backend user object and returns it. * * @return \TYPO3\CMS\Backend\FrontendBackendUserAuthentication the backend user object */ public function initializeBackendUser() { // PRE BE_USER HOOK if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'])) { foreach ($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['preBeUser'] as $_funcRef) { $_params = array(); \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($_funcRef, $_params, $this); } } /** @var $BE_USER \TYPO3\CMS\Backend\FrontendBackendUserAuthentication */ $BE_USER = NULL; // If the backend cookie is set, // we proceed and check if a backend user is logged in. if ($_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()]) { $GLOBALS['TYPO3_MISC']['microtime_BE_USER_start'] = microtime(TRUE); $GLOBALS['TT']->push('Back End user initialized', ''); // TODO: validate the comment below: is this necessary? if so, // formfield_status should be set to "" in t3lib_tsfeBeUserAuth // which is a subclass of t3lib_beUserAuth // ---- // the value this->formfield_status is set to empty in order to // disable login-attempts to the backend account through this script // New backend user object $BE_USER = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance('TYPO3\\CMS\\Backend\\FrontendBackendUserAuthentication'); $BE_USER->OS = TYPO3_OS; $BE_USER->lockIP = $this->TYPO3_CONF_VARS['BE']['lockIP']; // Object is initialized $BE_USER->start(); $BE_USER->unpack_uc(''); if ($BE_USER->user['uid']) { $BE_USER->fetchGroupData(); $this->beUserLogin = 1; } // Unset the user initialization. if (!$BE_USER->checkLockToIP() || !$BE_USER->checkBackendAccessSettingsFromInitPhp() || !$BE_USER->user['uid']) { $BE_USER = NULL; $this->beUserLogin = 0; $_SESSION['TYPO3-TT-start'] = FALSE; } $GLOBALS['TT']->pull(); $GLOBALS['TYPO3_MISC']['microtime_BE_USER_end'] = microtime(TRUE); } // POST BE_USER HOOK if (is_array($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'])) { $_params = array('BE_USER' => &$BE_USER); foreach ($this->TYPO3_CONF_VARS['SC_OPTIONS']['tslib/index_ts.php']['postBeUser'] as $_funcRef) { \TYPO3\CMS\Core\Utility\GeneralUtility::callUserFunction($_funcRef, $_params, $this); } } return $BE_USER; }
/** * Saves the content of ->stored (keeps track of expanded positions in the tree) * $this->treeName will be used as key for BE_USER->uc[] to store it in * * @return void * @access private */ public function savePosition() { $this->BE_USER->uc['browseTrees'][$this->treeName] = serialize($this->stored); $this->BE_USER->writeUC(); }
/** * Update current session to move back to the original user. * * @param \TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $authentication * @return void */ public function switchBackToOriginalUser(\TYPO3\CMS\Core\Authentication\AbstractUserAuthentication $authentication) { $updateData = array('ses_userid' => $authentication->user['ses_backuserid'], 'ses_backuserid' => 0); $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', 'ses_id = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name = ' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . (int) $GLOBALS['BE_USER']->user['uid'], $updateData); }
/** * Saves the tokens so that they can be used by a later incarnation of this * class. * * @access private * @return void */ public function persistSessionToken() { $this->backendUser->setAndSaveSessionData('formSessionToken', $this->sessionToken); }
/** * Make value list * * @param string $fieldName * @param string $fieldValue * @param array $conf * @param string $table * @param string $splitString * @return string */ public function makeValueList($fieldName, $fieldValue, $conf, $table, $splitString) { $fieldSetup = $conf; $out = ''; if ($fieldSetup['type'] == 'files') { $d = dir(PATH_site . $fieldSetup['uploadfolder']); while (false !== ($entry = $d->read())) { if ($entry == '.' || $entry == '..') { continue; } $fileArray[] = $entry; } $d->close(); natcasesort($fileArray); foreach ($fileArray as $fileName) { if (GeneralUtility::inList($fieldValue, $fileName) || $fieldValue == $fileName) { if (!$out) { $out = htmlspecialchars($fileName); } else { $out .= $splitString . htmlspecialchars($fileName); } } } } if ($fieldSetup['type'] == 'multiple') { foreach ($fieldSetup['items'] as $key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (GeneralUtility::inList($fieldValue, $val[1]) || $fieldValue == $val[1]) { if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } } if ($fieldSetup['type'] == 'binary') { foreach ($fieldSetup['items'] as $Key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } if ($fieldSetup['type'] == 'relation') { $dontPrefixFirstTable = 0; $useTablePrefix = 0; if ($fieldSetup['items']) { foreach ($fieldSetup['items'] as $key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (GeneralUtility::inList($fieldValue, $value) || $fieldValue == $value) { if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } } if (stristr($fieldSetup['allowed'], ',')) { $from_table_Arr = explode(',', $fieldSetup['allowed']); $useTablePrefix = 1; if (!$fieldSetup['prepend_tname']) { $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($table); $queryBuilder->getRestrictions()->removeAll()->add(GeneralUtility::makeInstance(DeletedRestriction::class)); $statement = $queryBuilder->select($fieldName)->from($table)->execute(); while ($row = $statement->fetch()) { if (stristr($row[$fieldName], ',')) { $checkContent = explode(',', $row[$fieldName]); foreach ($checkContent as $singleValue) { if (!stristr($singleValue, '_')) { $dontPrefixFirstTable = 1; } } } else { $singleValue = $row[$fieldName]; if ($singleValue !== '' && !stristr($singleValue, '_')) { $dontPrefixFirstTable = 1; } } } } } else { $from_table_Arr[0] = $fieldSetup['allowed']; } if ($fieldSetup['prepend_tname']) { $useTablePrefix = 1; } if ($fieldSetup['foreign_table']) { $from_table_Arr[0] = $fieldSetup['foreign_table']; } $counter = 0; $useSelectLabels = 0; $useAltSelectLabels = 0; $tablePrefix = ''; $labelFieldSelect = []; foreach ($from_table_Arr as $from_table) { if ($useTablePrefix && !$dontPrefixFirstTable && $counter != 1 || $counter == 1) { $tablePrefix = $from_table . '_'; } $counter = 1; if (is_array($GLOBALS['TCA'][$from_table])) { $labelField = $GLOBALS['TCA'][$from_table]['ctrl']['label']; $altLabelField = $GLOBALS['TCA'][$from_table]['ctrl']['label_alt']; if ($GLOBALS['TCA'][$from_table]['columns'][$labelField]['config']['items']) { $items = $GLOBALS['TCA'][$from_table]['columns'][$labelField]['config']['items']; foreach ($items as $labelArray) { if (substr($labelArray[0], 0, 4) == 'LLL:') { $labelFieldSelect[$labelArray[1]] = $this->languageService->sL($labelArray[0]); } else { $labelFieldSelect[$labelArray[1]] = $labelArray[0]; } } $useSelectLabels = 1; } if ($GLOBALS['TCA'][$from_table]['columns'][$altLabelField]['config']['items']) { $items = $GLOBALS['TCA'][$from_table]['columns'][$altLabelField]['config']['items']; foreach ($items as $altLabelArray) { if (substr($altLabelArray[0], 0, 4) == 'LLL:') { $altLabelFieldSelect[$altLabelArray[1]] = $this->languageService->sL($altLabelArray[0]); } else { $altLabelFieldSelect[$altLabelArray[1]] = $altLabelArray[0]; } } $useAltSelectLabels = 1; } if (!$this->tableArray[$from_table]) { $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable($from_table); $queryBuilder->getRestrictions()->removeAll()->add(GeneralUtility::makeInstance(DeletedRestriction::class)); $selectFields = ['uid', $labelField]; if ($altLabelField) { $selectFields[] = $altLabelField; } $queryBuilder->select(...$selectFields)->from($from_table)->orderBy('uid'); if (!$this->backendUserAuthentication->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts']) { $webMounts = $this->backendUserAuthentication->returnWebmounts(); $perms_clause = $this->backendUserAuthentication->getPagePermsClause(1); $webMountPageTree = ''; $webMountPageTreePrefix = ''; foreach ($webMounts as $webMount) { if ($webMountPageTree) { $webMountPageTreePrefix = ','; } $webMountPageTree .= $webMountPageTreePrefix . $this->getTreeList($webMount, 999, $begin = 0, $perms_clause); } if ($from_table === 'pages') { $queryBuilder->where(QueryHelper::stripLogicalOperatorPrefix($perms_clause), $queryBuilder->expr()->in('uid', $queryBuilder->createNamedParameter(GeneralUtility::intExplode(',', $webMountPageTree), Connection::PARAM_INT_ARRAY))); } else { $queryBuilder->where($queryBuilder->expr()->in('pid', $queryBuilder->createNamedParameter(GeneralUtility::intExplode(',', $webMountPageTree), Connection::PARAM_INT_ARRAY))); } } $statement = $queryBuilder->execute(); $this->tableArray[$from_table] = []; while ($row = $statement->fetch()) { $this->tableArray[$from_table][] = $row; } } foreach ($this->tableArray[$from_table] as $key => $val) { $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] = $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] == 1 ? 'on' : $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix']; $prefixString = $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] == 'on' ? '' : ' [' . $tablePrefix . $val['uid'] . '] '; if (GeneralUtility::inList($fieldValue, $tablePrefix . $val['uid']) || $fieldValue == $tablePrefix . $val['uid']) { if ($useSelectLabels) { if (!$out) { $out = htmlspecialchars($prefixString . $labelFieldSelect[$val[$labelField]]); } else { $out .= $splitString . htmlspecialchars($prefixString . $labelFieldSelect[$val[$labelField]]); } } elseif ($val[$labelField]) { if (!$out) { $out = htmlspecialchars($prefixString . $val[$labelField]); } else { $out .= $splitString . htmlspecialchars($prefixString . $val[$labelField]); } } elseif ($useAltSelectLabels) { if (!$out) { $out = htmlspecialchars($prefixString . $altLabelFieldSelect[$val[$altLabelField]]); } else { $out .= $splitString . htmlspecialchars($prefixString . $altLabelFieldSelect[$val[$altLabelField]]); } } else { if (!$out) { $out = htmlspecialchars($prefixString . $val[$altLabelField]); } else { $out .= $splitString . htmlspecialchars($prefixString . $val[$altLabelField]); } } } } } } } return $out; }
/** * Switches to a given user (SU-mode) and then redirects to the start page of the backend to refresh the navigation etc. * * @param string $switchUser BE-user record that will be switched to * @param boolean $switchBack * @return void */ protected function switchUser($switchUser, $switchBack = FALSE) { $targetUser = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', $switchUser); if (is_array($targetUser) && $GLOBALS['BE_USER']->isAdmin()) { $updateData['ses_userid'] = $targetUser['uid']; // User switchback or replace current session? if ($switchBack) { $updateData['ses_backuserid'] = (int) $GLOBALS['BE_USER']->user['uid']; // Set backend user listing module as starting module for switchback $GLOBALS['BE_USER']->uc['startModuleOnFirstLogin'] = '******'; $GLOBALS['BE_USER']->writeUC(); } $whereClause = 'ses_id=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions'); $whereClause .= ' AND ses_name=' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions'); $whereClause .= ' AND ses_userid=' . (int) $GLOBALS['BE_USER']->user['uid']; $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', $whereClause, $updateData); $redirectUrl = $GLOBALS['BACK_PATH'] . 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1'); \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl); } }
/** * Adding CM element for Copying/Moving a Folder Into from a drag & drop action * * @param string $srcPath source path for the record to modify * @param string $dstPath destination path for the records to modify * @param string $action Action code: either "move" or "copy * @return array Item array, element in $menuItems * @internal */ public function dragDrop_copymovefolder($srcPath, $dstPath, $action) { $loc = 'top.content.list_frame'; $editOnClick = 'if(' . $loc . '){' . $loc . '.document.location=' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('tce_file') . '&redirect=') . '+top.rawurlencode(' . $this->frameLocation($loc . '.document') . '.pathname+' . $this->frameLocation($loc . '.document') . '.search)+' . GeneralUtility::quoteJSvalue('&file[' . $action . '][0][data]=' . $srcPath . '&file[' . $action . '][0][target]=' . $dstPath . '&prErr=1&vC=' . $this->backendUser->veriCode()) . ';};top.nav.refresh();'; return $this->linkItem($this->label($action . 'Folder_into'), $this->iconFactory->getIcon('apps-pagetree-drag-move-into', Icon::SIZE_SMALL)->render(), $editOnClick . 'return false;'); }
/** * Logging actions from TCEmain * * @param string $table Table name the log entry is concerned with. Blank if NA * @param int $recuid Record UID. Zero if NA * @param int $action Action number: 0=No category, 1=new record, 2=update record, 3= delete record, 4= move record, 5= Check/evaluate * @param int $recpid Normally 0 (zero). If set, it indicates that this log-entry is used to notify the backend of a record which is moved to another location * @param int $error The severity: 0 = message, 1 = error, 2 = System Error, 3 = security notice (admin) * @param string $details Default error message in english * @param int $details_nr This number is unique for every combination of $type and $action. This is the error-message number, which can later be used to translate error messages. 0 if not categorized, -1 if temporary * @param array $data Array with special information that may go into $details by '%s' marks / sprintf() when the log is shown * @param int $event_pid The page_uid (pid) where the event occurred. Used to select log-content for specific pages. * @param string $NEWid NEW id for new records * @return int Log entry UID (0 if no log entry was written or logging is disabled) */ public function log($table, $recuid, $action, $recpid, $error, $details, $details_nr = -1, $data = array(), $event_pid = -1, $NEWid = '') { if (!$this->enableLogging) { return 0; } // Type value for tce_db.php $type = 1; if (!$this->storeLogMessages) { $details = ''; } if ($error > 0) { $detailMessage = $details; if (is_array($data)) { $detailMessage = vsprintf($details, $data); } $this->errorLog[] = '[' . $type . '.' . $action . '.' . $details_nr . ']: ' . $detailMessage; } return $this->BE_USER->writelog($type, $action, $error, $details_nr, $details, $data, $table, $recuid, $recpid, $event_pid, $NEWid); }
/** * Check whether the user was already authorized or not * * @return boolean */ protected function hasLoginBeenProcessed() { $loginFormData = $GLOBALS['BE_USER']->getLoginFormData(); return $loginFormData['status'] == 'login' && isset($loginFormData['uname']) && isset($loginFormData['uident']) && isset($loginFormData['chalvalue']) && (string) $_COOKIE[\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName()] !== (string) $GLOBALS['BE_USER']->id; }
/** * Update current session to move back to the original user. * * @param AbstractUserAuthentication $authentication * @return void */ public function switchBackToOriginalUser(AbstractUserAuthentication $authentication) { $queryBuilder = GeneralUtility::makeInstance(ConnectionPool::class)->getQueryBuilderForTable('be_sessions'); $queryBuilder->update('be_sessions')->set('ses_userid', $authentication->user['ses_backuserid'])->set('ses_backuserid', 0)->where($queryBuilder->expr()->eq('ses_id', $queryBuilder->createNamedParameter($GLOBALS['BE_USER']->id, \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_name', $queryBuilder->createNamedParameter(BackendUserAuthentication::getCookieName(), \PDO::PARAM_STR)), $queryBuilder->expr()->eq('ses_userid', $queryBuilder->createNamedParameter($GLOBALS['BE_USER']->user['uid'], \PDO::PARAM_INT)))->execute(); }
/** * Make value list * * @param string $fieldName * @param string $fieldValue * @param array $conf * @param string $table * @param string $splitString * @return string */ public function makeValueList($fieldName, $fieldValue, $conf, $table, $splitString) { $fieldSetup = $conf; $out = ''; if ($fieldSetup['type'] == 'files') { $d = dir(PATH_site . $fieldSetup['uploadfolder']); while (false !== ($entry = $d->read())) { if ($entry == '.' || $entry == '..') { continue; } $fileArray[] = $entry; } $d->close(); natcasesort($fileArray); foreach ($fileArray as $fileName) { if (GeneralUtility::inList($fieldValue, $fileName) || $fieldValue == $fileName) { if (!$out) { $out = htmlspecialchars($fileName); } else { $out .= $splitString . htmlspecialchars($fileName); } } } } if ($fieldSetup['type'] == 'multiple') { foreach ($fieldSetup['items'] as $key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (GeneralUtility::inList($fieldValue, $val[1]) || $fieldValue == $val[1]) { if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } } if ($fieldSetup['type'] == 'binary') { foreach ($fieldSetup['items'] as $Key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } if ($fieldSetup['type'] == 'relation') { $dontPrefixFirstTable = 0; $useTablePrefix = 0; if ($fieldSetup['items']) { foreach ($fieldSetup['items'] as $key => $val) { if (substr($val[0], 0, 4) == 'LLL:') { $value = $this->languageService->sL($val[0]); } else { $value = $val[0]; } if (GeneralUtility::inList($fieldValue, $value) || $fieldValue == $value) { if (!$out) { $out = htmlspecialchars($value); } else { $out .= $splitString . htmlspecialchars($value); } } } } if (stristr($fieldSetup['allowed'], ',')) { $from_table_Arr = explode(',', $fieldSetup['allowed']); $useTablePrefix = 1; if (!$fieldSetup['prepend_tname']) { $checkres = $this->databaseConnection->exec_SELECTquery($fieldName, $table, 'uid ' . BackendUtility::deleteClause($table)); if ($checkres) { while ($row = $this->databaseConnection->sql_fetch_assoc($checkres)) { if (stristr($row[$fieldName], ',')) { $checkContent = explode(',', $row[$fieldName]); foreach ($checkContent as $singleValue) { if (!stristr($singleValue, '_')) { $dontPrefixFirstTable = 1; } } } else { $singleValue = $row[$fieldName]; if ($singleValue !== '' && !stristr($singleValue, '_')) { $dontPrefixFirstTable = 1; } } } $this->databaseConnection->sql_free_result($checkres); } } } else { $from_table_Arr[0] = $fieldSetup['allowed']; } if ($fieldSetup['prepend_tname']) { $useTablePrefix = 1; } if ($fieldSetup['foreign_table']) { $from_table_Arr[0] = $fieldSetup['foreign_table']; } $counter = 0; $useSelectLabels = 0; $useAltSelectLabels = 0; $tablePrefix = ''; $labelFieldSelect = []; foreach ($from_table_Arr as $from_table) { if ($useTablePrefix && !$dontPrefixFirstTable && $counter != 1 || $counter == 1) { $tablePrefix = $from_table . '_'; } $counter = 1; if (is_array($GLOBALS['TCA'][$from_table])) { $labelField = $GLOBALS['TCA'][$from_table]['ctrl']['label']; $altLabelField = $GLOBALS['TCA'][$from_table]['ctrl']['label_alt']; if ($GLOBALS['TCA'][$from_table]['columns'][$labelField]['config']['items']) { $items = $GLOBALS['TCA'][$from_table]['columns'][$labelField]['config']['items']; foreach ($items as $labelArray) { if (substr($labelArray[0], 0, 4) == 'LLL:') { $labelFieldSelect[$labelArray[1]] = $this->languageService->sL($labelArray[0]); } else { $labelFieldSelect[$labelArray[1]] = $labelArray[0]; } } $useSelectLabels = 1; } if ($GLOBALS['TCA'][$from_table]['columns'][$altLabelField]['config']['items']) { $items = $GLOBALS['TCA'][$from_table]['columns'][$altLabelField]['config']['items']; foreach ($items as $altLabelArray) { if (substr($altLabelArray[0], 0, 4) == 'LLL:') { $altLabelFieldSelect[$altLabelArray[1]] = $this->languageService->sL($altLabelArray[0]); } else { $altLabelFieldSelect[$altLabelArray[1]] = $altLabelArray[0]; } } $useAltSelectLabels = 1; } $altLabelFieldSelect = $altLabelField ? ',' . $altLabelField : ''; $select_fields = 'uid,' . $labelField . $altLabelFieldSelect; if (!$this->backendUserAuthentication->isAdmin() && $GLOBALS['TYPO3_CONF_VARS']['BE']['lockBeUserToDBmounts']) { $webMounts = $this->backendUserAuthentication->returnWebmounts(); $perms_clause = $this->backendUserAuthentication->getPagePermsClause(1); $webMountPageTree = ''; $webMountPageTreePrefix = ''; foreach ($webMounts as $key => $val) { if ($webMountPageTree) { $webMountPageTreePrefix = ','; } $webMountPageTree .= $webMountPageTreePrefix . $this->getTreeList($val, 999, $begin = 0, $perms_clause); } if ($from_table == 'pages') { $where_clause = 'uid IN (' . $webMountPageTree . ') ' . BackendUtility::deleteClause($from_table) . ' AND ' . $perms_clause; } else { $where_clause = 'pid IN (' . $webMountPageTree . ') ' . BackendUtility::deleteClause($from_table); } } else { $where_clause = 'uid' . BackendUtility::deleteClause($from_table); } $orderBy = 'uid'; $res = null; if (!$this->tableArray[$from_table]) { $res = $this->databaseConnection->exec_SELECTquery($select_fields, $from_table, $where_clause, $groupBy = '', $orderBy); $this->tableArray[$from_table] = array(); } if ($res) { while ($row = $this->databaseConnection->sql_fetch_assoc($res)) { $this->tableArray[$from_table][] = $row; } $this->databaseConnection->sql_free_result($res); } foreach ($this->tableArray[$from_table] as $key => $val) { $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] = $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] == 1 ? 'on' : $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix']; $prefixString = $GLOBALS['SOBE']->MOD_SETTINGS['labels_noprefix'] == 'on' ? '' : ' [' . $tablePrefix . $val['uid'] . '] '; if (GeneralUtility::inList($fieldValue, $tablePrefix . $val['uid']) || $fieldValue == $tablePrefix . $val['uid']) { if ($useSelectLabels) { if (!$out) { $out = htmlspecialchars($prefixString . $labelFieldSelect[$val[$labelField]]); } else { $out .= $splitString . htmlspecialchars($prefixString . $labelFieldSelect[$val[$labelField]]); } } elseif ($val[$labelField]) { if (!$out) { $out = htmlspecialchars($prefixString . $val[$labelField]); } else { $out .= $splitString . htmlspecialchars($prefixString . $val[$labelField]); } } elseif ($useAltSelectLabels) { if (!$out) { $out = htmlspecialchars($prefixString . $altLabelFieldSelect[$val[$altLabelField]]); } else { $out .= $splitString . htmlspecialchars($prefixString . $altLabelFieldSelect[$val[$altLabelField]]); } } else { if (!$out) { $out = htmlspecialchars($prefixString . $val[$altLabelField]); } else { $out .= $splitString . htmlspecialchars($prefixString . $val[$altLabelField]); } } } } } } } return $out; }
/** * Checking, if we should perform some sort of redirection OR closing of windows. * * Do redirect: * * If a user is logged in AND * a) if either the login is just done (isLoginInProgress) or * b) a loginRefresh is done * * @throws \RuntimeException * @throws \UnexpectedValueException */ protected function checkRedirect() { if (empty($this->getBackendUserAuthentication()->user['uid']) && ($this->isLoginInProgress() || !$this->loginRefresh)) { return; } /* * If no cookie has been set previously, we tell people that this is a problem. * This assumes that a cookie-setting script (like this one) has been hit at * least once prior to this instance. */ if (!$_COOKIE[BackendUserAuthentication::getCookieName()]) { if ($this->submitValue === 'setCookie') { /* * we tried it a second time but still no cookie * 26/4 2005: This does not work anymore, because the saving of challenge values * in $_SESSION means the system will act as if the password was wrong. */ throw new \RuntimeException('Login-error: Yeah, that\'s a classic. No cookies, no TYPO3. ' . 'Please accept cookies from TYPO3 - otherwise you\'ll not be able to use the system.', 1294586846); } else { // try it once again - that might be needed for auto login $this->redirectToURL = 'index.php?commandLI=setCookie'; } } $redirectToUrl = (string) $this->getBackendUserAuthentication()->getTSConfigVal('auth.BE.redirectToURL'); if (empty($redirectToUrl)) { // Based on the interface we set the redirect script switch (GeneralUtility::_GP('interface')) { case 'frontend': $interface = 'frontend'; $this->redirectToURL = '../'; break; case 'backend': $interface = 'backend'; $this->redirectToURL = BackendUtility::getModuleUrl('main'); break; default: $interface = ''; } } else { $this->redirectToURL = $redirectToUrl; $interface = ''; } // store interface $this->getBackendUserAuthentication()->uc['interfaceSetup'] = $interface; $this->getBackendUserAuthentication()->writeUC(); $formProtection = FormProtectionFactory::get(); if (!$formProtection instanceof BackendFormProtection) { throw new \RuntimeException('The Form Protection retrieved does not match the expected one.', 1432080411); } if ($this->loginRefresh) { $formProtection->setSessionTokenFromRegistry(); $formProtection->persistSessionToken(); $this->getDocumentTemplate()->JScode .= $this->getDocumentTemplate()->wrapScriptTags(' if (parent.opener && parent.opener.TYPO3 && parent.opener.TYPO3.LoginRefresh) { parent.opener.TYPO3.LoginRefresh.startTask(); parent.close(); } '); } else { $formProtection->storeSessionTokenInRegistry(); HttpUtility::redirect($this->redirectToURL); } }
/** * Switches to a given user (SU-mode) and then redirects to the start page of the backend to refresh the navigation etc. * * @param array $switchUser BE-user record that will be switched to * @param boolean $switchBack * @return void */ protected function switchUser($switchUser, $switchBack = FALSE) { $targetUser = \TYPO3\CMS\Backend\Utility\BackendUtility::getRecord('be_users', $switchUser); if (is_array($targetUser) && $GLOBALS['BE_USER']->isAdmin()) { $updateData['ses_userid'] = $targetUser['uid']; // User switchback or replace current session? if ($switchBack) { $updateData['ses_backuserid'] = intval($GLOBALS['BE_USER']->user['uid']); } $GLOBALS['TYPO3_DB']->exec_UPDATEquery('be_sessions', 'ses_id=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($GLOBALS['BE_USER']->id, 'be_sessions') . ' AND ses_name=' . $GLOBALS['TYPO3_DB']->fullQuoteStr(\TYPO3\CMS\Core\Authentication\BackendUserAuthentication::getCookieName(), 'be_sessions') . ' AND ses_userid=' . intval($GLOBALS['BE_USER']->user['uid']), $updateData); $redirectUrl = $GLOBALS['BACK_PATH'] . 'index.php' . ($GLOBALS['TYPO3_CONF_VARS']['BE']['interfaces'] ? '' : '?commandLI=1'); \TYPO3\CMS\Core\Utility\HttpUtility::redirect($redirectUrl); } }