[BUGFIX] Do not resolve resource paths in EXT:form

The method resolveResourcePaths() is superfluous because the PageRenderer resolves path with EXT: later with getStreamlinedFileName() anyway. Furthermore this patch resolves open_basedir errors. As a plus, the form.css gets a version numbered filename now which mitigates caching issues. Resolves: #98545 Releases: main, 12.4, 11.5 Change-Id: Ie93b6aa817889281c8f96fd272884f03cab3857e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82635 Reviewed-by: Benni Mack <benni@typo3.org> Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Stefan Bürk <stefan@buerk.tech> Tested-by: core-ci <typo3@b13.com> Reviewed-by: Stefan Bürk <stefan@buerk.tech> Tested-by: Benni Mack <benni@typo3.org>

[BUGFIX] Do not resolve resource paths in EXT:form
The method resolveResourcePaths() is superfluous because the PageRenderer resolves path with EXT: later with getStreamlinedFileName() anyway. Furthermore this patch resolves open_basedir errors. As a plus, the form.css gets a version numbered filename now which mitigates caching issues. Resolves: #98545 Releases: main, 12.4, 11.5 Change-Id: Ie93b6aa817889281c8f96fd272884f03cab3857e Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/82635 Reviewed-by: Benni Mack <benni@typo3.org> Reviewed-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Oliver Hader <oliver.hader@typo3.org> Tested-by: Stefan Bürk <stefan@buerk.tech> Tested-by: core-ci <typo3@b13.com> Reviewed-by: Stefan Bürk <stefan@buerk.tech> Tested-by: Benni Mack <benni@typo3.org>
6d3e4e45 · Peter Kraume · Oliver Hader · cd003b87 · 6d3e4e45 · 6d3e4e45
Commit 6d3e4e45 authored 1 year ago by Peter Kraume Committed by Oliver Hader 1 year ago
--- a/typo3/sysext/form/Classes/Controller/AbstractBackendController.php
+++ b/typo3/sysext/form/Classes/Controller/AbstractBackendController.php
@@ -18,7 +18,6 @@ declare(strict_types=1);
 namespace TYPO3\CMS\Form\Controller;

 use TYPO3\CMS\Core\Utility\GeneralUtility;
-use TYPO3\CMS\Core\Utility\PathUtility;
 use TYPO3\CMS\Extbase\Mvc\Controller\ActionController;
 use TYPO3\CMS\Form\Mvc\Configuration\ConfigurationManagerInterface;
 use TYPO3\CMS\Form\Mvc\Persistence\FormPersistenceManagerInterface;
@@ -51,29 +50,12 @@ abstract class AbstractBackendController extends ActionController
    }

    /**
-     * Convert arrays with EXT: resource paths to web paths
-     *
-     * Input:
-     * [
-     *   100 => 'EXT:form/Resources/Public/Css/form.css'
-     * ]
-     *
-     * Output:
-     *
-     * [
-     *   0 => 'typo3/sysext/form/Resources/Public/Css/form.css'
-     * ]
+     * The functionality of this method has been removed because it caused problems with open_basedir restrictions.
+     * See https://forge.typo3.org/issues/98545 for details.
+     * This method will be removed in TYPO3 v13.
     */
    protected function resolveResourcePaths(array $resourcePaths): array
    {
-        $return = [];
-        foreach ($resourcePaths as $resourcePath) {
-            $resourcePath = PathUtility::getPublicResourceWebPath($resourcePath);
-            if (empty($resourcePath)) {
-                continue;
-            }
-            $return[] = $resourcePath;
-        }
-        return $return;
+        return $resourcePaths;
    }
 }
--- a/typo3/sysext/form/Classes/Controller/FormEditorController.php
+++ b/typo3/sysext/form/Classes/Controller/FormEditorController.php
@@ -155,7 +155,7 @@ class FormEditorController extends AbstractBackendController
        array_map($pageRenderer->getJavaScriptRenderer()->addJavaScriptModuleInstruction(...), $javaScriptModules);
        $pageRenderer->addInlineSettingArray(null, $addInlineSettings);
        $pageRenderer->addInlineLanguageLabelFile('EXT:form/Resources/Private/Language/locallang_formEditor_failSafeErrorHandling_javascript.xlf');
-        $stylesheets = $this->resolveResourcePaths($this->prototypeConfiguration['formEditor']['stylesheets']);
+        $stylesheets = $this->prototypeConfiguration['formEditor']['stylesheets'];
        foreach ($stylesheets as $stylesheet) {
            $pageRenderer->addCssFile($stylesheet);
        }

--- a/typo3/sysext/form/Classes/Controller/FormManagerController.php
+++ b/typo3/sysext/form/Classes/Controller/FormManagerController.php
@@ -79,7 +79,7 @@ class FormManagerController extends AbstractBackendController
            'pagination' => $pagination,
            'searchTerm' => $searchTerm,
            'hasForms' => $hasForms,
-            'stylesheets' => $this->resolveResourcePaths($this->formSettings['formManager']['stylesheets']),
+            'stylesheets' => $this->formSettings['formManager']['stylesheets'],
            'formManagerAppInitialData' => json_encode($this->getFormManagerAppInitialData()),
        ]);
        if (!empty($this->formSettings['formManager']['javaScriptTranslationFile'])) {

--- a/typo3/sysext/form/Tests/Unit/Controller/AbstractBackendControllerTest.php
+++ b/typo3/sysext/form/Tests/Unit/Controller/AbstractBackendControllerTest.php
-<?php
-
-declare(strict_types=1);
-
-/*
- * This file is part of the TYPO3 CMS project.
- *
- * It is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License, either version 2
- * of the License, or any later version.
- *
- * For the full copyright and license information, please read the
- * LICENSE.txt file that was distributed with this source code.
- *
- * The TYPO3 project - inspiring people to share!
- */
-
-namespace TYPO3\CMS\Form\Tests\Unit\Controller;
-
-use TYPO3\CMS\Form\Tests\Unit\Controller\Fixtures\TestingController;
-use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
-
-final class AbstractBackendControllerTest extends UnitTestCase
-{
-    /**
-     * @test
-     */
-    public function resolveResourcePathsResolvesExtNotation(): void
-    {
-        $subject = new TestingController();
-        $input = [0 => 'EXT:form/Resources/Public/Css/form.css'];
-
-        $result = $subject->resolveResourcePaths($input);
-
-        $expected = [0 => 'typo3/sysext/form/Resources/Public/Css/form.css'];
-        self::assertSame($expected, $result);
-    }
-}
--- a/typo3/sysext/form/Tests/Unit/Controller/Fixtures/TestingController.php
+++ b/typo3/sysext/form/Tests/Unit/Controller/Fixtures/TestingController.php
-<?php
-
-declare(strict_types=1);
-
-/*
- * This file is part of the TYPO3 CMS project.
- *
- * It is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License, either version 2
- * of the License, or any later version.
- *
- * For the full copyright and license information, please read the
- * LICENSE.txt file that was distributed with this source code.
- *
- * The TYPO3 project - inspiring people to share!
- */
-
-namespace TYPO3\CMS\Form\Tests\Unit\Controller\Fixtures;
-
-use TYPO3\CMS\Form\Controller\AbstractBackendController;
-
-/**
- * Testing subclass of the abstract class with some protected methods exposed as public.
- */
-final class TestingController extends AbstractBackendController
-{
-    public function resolveResourcePaths(array $resourcePaths): array
-    {
-        return parent::resolveResourcePaths($resourcePaths);
-    }
-}