Bug #23299 » 0015282_v2_42.patch
| t3lib/class.t3lib_tceforms.php (Arbeitskopie) | ||
|---|---|---|
|
// Makes a "Add new" link:
|
||
|
$var = uniqid('idvar');
|
||
|
$replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '"+' . $var . '+"-")';
|
||
|
$onClickInsert = 'var ' . $var . ' = "' . $idTagPrefix . '-idx"+(new Date()).getTime();';
|
||
|
$replace = 'replace(/' . $idTagPrefix . '-/g,"' . $idTagPrefix . '-"+' . $var . '+"-")';
|
||
|
$onClickInsert = 'var ' . $var . ' = "' . 'idx"+(new Date()).getTime();';
|
||
|
// Do not replace $isTagPrefix in setActionStatus() because it needs section id!
|
||
|
$onClickInsert .= 'new Insertion.Bottom($("'.$idTagPrefix.'"), unescape("'.rawurlencode($newElementTemplate).'").' . $replace . '); setActionStatus("'.$idTagPrefix.'");';
|
||
|
$onClickInsert .= 'eval(unescape("' . rawurlencode(implode(';', $this->additionalJS_post)) . '").' . $replace . ');';
|
||
| typo3/class.browse_links.php (Arbeitskopie) | ||
|---|---|---|
|
';
|
||
|
if ($this->mode == 'wizard') { // Functions used, if the link selector is in wizard mode (= TCEforms fields)
|
||
|
if (!$this->areFieldChangeFunctionsValid()) {
|
||
|
if (!$this->areFieldChangeFunctionsValid() && !$this->areFieldChangeFunctionsValid(TRUE)) {
|
||
|
$this->P['fieldChangeFunc'] = array();
|
||
|
}
|
||
|
unset($this->P['fieldChangeFunc']['alert']);
|
||
| ... | ... | |
|
$P2['itemName']=$this->P['itemName'];
|
||
|
$P2['formName']=$this->P['formName'];
|
||
|
$P2['fieldChangeFunc']=$this->P['fieldChangeFunc'];
|
||
|
$P2['fieldChangeFuncHash'] = t3lib_div::hmac(serialize($this->P['fieldChangeFunc']));
|
||
|
$P2['params']['allowedExtensions']=$this->P['params']['allowedExtensions'];
|
||
|
$P2['params']['blindLinkOptions']=$this->P['params']['blindLinkOptions'];
|
||
|
$addPassOnParams.=t3lib_div::implodeArrayForUrl('P',$P2);
|
||
| ... | ... | |
|
* Determines whether submitted field change functions are valid
|
||
|
* and are coming from the system and not from an external abuse.
|
||
|
*
|
||
|
* @param boolean $allowFlexformSections Whether to handle flexform sections differently
|
||
|
* @return boolean Whether the submitted field change functions are valid
|
||
|
*/
|
||
|
protected function areFieldChangeFunctionsValid() {
|
||
|
return (
|
||
|
isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])
|
||
|
&& $this->P['fieldChangeFuncHash'] == t3lib_div::hmac(serialize($this->P['fieldChangeFunc']))
|
||
|
);
|
||
|
protected function areFieldChangeFunctionsValid($handleFlexformSections = FALSE) {
|
||
|
$result = FALSE;
|
||
|
if (isset($this->P['fieldChangeFunc']) && is_array($this->P['fieldChangeFunc']) && isset($this->P['fieldChangeFuncHash'])) {
|
||
|
$matches = array();
|
||
|
$pattern = '#\[el\]\[(([^]-]+-[^]-]+-)(idx\d+-)([^]]+))\]#i';
|
||
|
$fieldChangeFunctions = $this->P['fieldChangeFunc'];
|
||
|
// Special handling of flexform sections:
|
||
|
// Field change functions are modified in JavaScript, thus the hash is always invalid
|
||
|
if ($handleFlexformSections && preg_match($pattern, $this->P['itemName'], $matches)) {
|
||
|
$originalName = $matches[1];
|
||
|
$cleanedName = $matches[2] . $matches[4];
|
||
|
foreach ($fieldChangeFunctions as &$value) {
|
||
|
$value = str_replace($originalName, $cleanedName, $value);
|
||
|
}
|
||
|
}
|
||
|
$result = ($this->P['fieldChangeFuncHash'] === t3lib_div::hmac(serialize($fieldChangeFunctions)));
|
||
|
}
|
||
|
return $result;
|
||
|
}
|
||
|
}
|
||