This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /*************************************************************** |
||
3 | * Copyright notice |
||
4 | * |
||
5 | * (c) 2009 Tim Lochmueller ([email protected]) |
||
6 | * All rights reserved |
||
7 | * |
||
8 | * This script is part of the Typo3 project. The Typo3 project is |
||
9 | * free software; you can redistribute it and/or modify |
||
10 | * it under the terms of the GNU General Public License as published by |
||
11 | * the Free Software Foundation; either version 2 of the License, or |
||
12 | * (at your option) any later version. |
||
13 | * |
||
14 | * The GNU General Public License can be found at |
||
15 | * http://www.gnu.org/copyleft/gpl.html. |
||
16 | * |
||
17 | * This script is distributed in the hope that it will be useful, |
||
18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
20 | * GNU General Public License for more details. |
||
21 | * |
||
22 | * This copyright notice MUST APPEAR in all copies of the script! |
||
23 | ***************************************************************/ |
||
24 | |||
25 | namespace FRUIT\Popup; |
||
26 | |||
27 | use TYPO3\CMS\Core\Utility\ArrayUtility; |
||
28 | use TYPO3\CMS\Core\Utility\GeneralUtility; |
||
29 | use TYPO3\CMS\Core\Utility\MathUtility; |
||
30 | use TYPO3\CMS\Frontend\ContentObject\ContentObjectRenderer; |
||
31 | use TYPO3\CMS\Frontend\Page\PageRepository; |
||
32 | |||
33 | /** |
||
34 | * base class for the popup extension |
||
35 | * |
||
36 | * @author Tim Lochmueller <[email protected]> |
||
37 | * @package popup |
||
38 | * @subpackage tx_popup |
||
39 | */ |
||
40 | class Popup |
||
41 | { |
||
42 | |||
43 | /** |
||
44 | * cObj for the RTE replacement |
||
45 | * |
||
46 | * @var ContentObjectRenderer |
||
47 | */ |
||
48 | public $cObj; |
||
49 | |||
50 | /** |
||
51 | * init the convert functions |
||
52 | */ |
||
53 | protected $convertParams = []; |
||
54 | |||
55 | /** |
||
56 | * Possible popup parameter |
||
57 | */ |
||
58 | public $allowedParams = [ |
||
59 | 'height' => 'integer', |
||
60 | 'width' => 'integer', |
||
61 | 'resizable' => 'boolean', |
||
62 | 'scrollbars' => 'boolean', |
||
63 | 'menubar' => 'boolean', |
||
64 | 'status' => 'boolean', |
||
65 | 'location' => 'boolean', |
||
66 | 'toolbar' => 'boolean', |
||
67 | 'dependent' => 'boolean', |
||
68 | 'top' => 'integer', |
||
69 | 'left' => 'integer', |
||
70 | ]; |
||
71 | |||
72 | /** |
||
73 | * Possible popup parameter |
||
74 | */ |
||
75 | public $advancedParams = [ |
||
76 | 'once_per_session' => 'boolean', |
||
77 | 'once_per_link' => 'boolean', |
||
78 | 'center' => 'boolean', |
||
79 | 'maximize' => 'boolean', |
||
80 | 'popunder' => 'boolean', |
||
81 | ]; |
||
82 | |||
83 | /** |
||
84 | * Static Funktion for hooking the menu link generation |
||
85 | * |
||
86 | * @param array|int $pageOrPageID The Page row or the page ID |
||
87 | * @param array $LD A reference of the Link Data |
||
88 | */ |
||
89 | public static function makeMenuLink($pageOrPageID, &$LD) |
||
90 | { |
||
91 | $popup = GeneralUtility::makeInstance('FRUIT\\Popup\\Popup'); |
||
92 | if ($target = $popup->getPopupTarget($pageOrPageID)) { |
||
93 | $LD['target'] = $target; |
||
94 | } |
||
95 | } # function - makeMenuLink |
||
96 | |||
97 | |||
98 | /** |
||
99 | * Get the target of a page |
||
100 | * |
||
101 | * @param array|integer $pageOrPageID The Page row or the page ID |
||
102 | * |
||
103 | * @return string |
||
104 | */ |
||
105 | public function getPopupTarget($pageOrPageID) |
||
106 | { |
||
107 | if (MathUtility::canBeInterpretedAsInteger($pageOrPageID)) { |
||
108 | $pageOrPageID = $GLOBALS['TYPO3_DB']->sql_fetch_assoc($GLOBALS['TYPO3_DB']->exec_SELECTquery( |
||
109 | '*', |
||
110 | 'pages', |
||
111 | 'uid=' . $pageOrPageID, |
||
112 | '', |
||
113 | '', |
||
114 | 1 |
||
115 | )); |
||
116 | } # if |
||
117 | |||
118 | if (!is_array($pageOrPageID) || isset($pageOrPageID['tx_popup_configuration']) == false) { |
||
0 ignored issues
–
show
|
|||
119 | return ''; |
||
120 | } |
||
121 | |||
122 | $config = $pageOrPageID['tx_popup_configuration']; |
||
123 | if (!strlen(trim($config))) { |
||
124 | return ''; |
||
125 | } |
||
126 | return $config; |
||
127 | } # function - getPopupTarget |
||
128 | |||
129 | |||
130 | /** |
||
131 | * Return the default configuration |
||
132 | * |
||
133 | * @param $page |
||
134 | * @param bool $advanced |
||
135 | * |
||
136 | * @return array The default configuration |
||
137 | */ |
||
138 | public function getDefaultConfiguration($page, $advanced = false) |
||
139 | { |
||
140 | $config = $this->loadTypoScript($page); |
||
141 | |||
142 | if (!isset($config['allowedParams.'])) { |
||
143 | return []; |
||
144 | } |
||
145 | $c = $config['allowedParams.']; |
||
146 | if ($advanced && isset($config['advancedParams.'])) { |
||
147 | $c = array_merge($c, $config['advancedParams.']); |
||
148 | } |
||
149 | |||
150 | return $c; |
||
151 | } # function - getDefaultConfiguration |
||
152 | |||
153 | |||
154 | /** |
||
155 | * Text parser for internal popup links |
||
156 | * |
||
157 | * @author Tim Lochmueller |
||
158 | * @author before 2009 Mathias Schreiber, Rene Fritz |
||
159 | */ |
||
160 | public function textParse($content, $conf) |
||
161 | { |
||
162 | |||
163 | // ################ |
||
164 | // Default vars |
||
165 | // Noch auslagern und f�r beides benutzen |
||
166 | // ######################### |
||
167 | |||
168 | $JSpopup['link'] = $content['url']; |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$JSpopup was never initialized. Although not strictly required by PHP, it is generally a good practice to add $JSpopup = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop. ![]() |
|||
169 | $JSpopup['ATagParams'] = $content['ATagParams']; |
||
170 | $JSpopup['windowname'] = 'Easy Popup'; |
||
171 | |||
172 | $JSpopup['properties']['dependent'] = 'yes'; |
||
173 | $JSpopup['properties.']['height'] = '300'; |
||
174 | $JSpopup['properties.']['left'] = '10'; |
||
175 | $JSpopup['properties.']['location'] = 'yes'; |
||
176 | $JSpopup['properties.']['menubar'] = 'no'; |
||
177 | $JSpopup['properties.']['resizable'] = 'yes'; |
||
178 | $JSpopup['properties.']['scrollbars'] = 'yes'; |
||
179 | $JSpopup['properties.']['status'] = 'no'; |
||
180 | $JSpopup['properties.']['toolbar'] = 'no'; |
||
181 | $JSpopup['properties.']['top'] = '10'; |
||
182 | $JSpopup['properties.']['width'] = '300'; |
||
183 | |||
184 | |||
185 | $linkContent = ''; |
||
186 | if ($conf['link'] or is_array($conf['link.'])) { |
||
187 | $conf['link'] = $this->cObj->stdWrap($conf['link'], $conf['link.']); |
||
188 | $conf['ATagParams'] = $this->cObj->stdWrap($conf['ATagParams'], $conf['ATagParams.']); |
||
189 | $conf['windowname'] = $this->cObj->stdWrap($conf['windowname'], $conf['windowname.']); |
||
190 | |||
191 | $JSpopup = $this->arrayMergeRecursiveOverrule($JSpopup, $conf, true); |
||
192 | |||
193 | $linkContent = $this->cObj->stdWrap($conf['linkContent'], $conf['linkContent.']); |
||
194 | } else { |
||
195 | if (isset($this->cObj->parameters['slim'])) { |
||
196 | $JSpopup['properties.']['location'] = 'no'; |
||
197 | $JSpopup['properties.']['menubar'] = 'no'; |
||
198 | $JSpopup['properties.']['status'] = 'no'; |
||
199 | $JSpopup['properties.']['toolbar'] = 'no'; |
||
200 | } |
||
201 | if (isset($this->cObj->parameters['fixed'])) { |
||
202 | $JSpopup['properties.']['resizable'] = 'no'; |
||
203 | $JSpopup['properties.']['scrollbars'] = 'no'; |
||
204 | } |
||
205 | $JSpopup['properties.'] = $this->arrayMergeRecursiveOverrule( |
||
206 | $JSpopup['properties.'], |
||
207 | $this->cObj->parameters, |
||
208 | true |
||
209 | ); |
||
210 | } |
||
211 | |||
212 | $temp = []; |
||
213 | while (list($key, $val) = each($JSpopup['properties.'])) { |
||
214 | $temp[] = $key . '=' . $val; |
||
215 | } |
||
216 | |||
217 | $props = implode(',', $temp); |
||
218 | |||
219 | if (!$JSpopup['link']) { |
||
220 | return ''; |
||
221 | } |
||
222 | |||
223 | $TAG = '<a href="' . $JSpopup['link'] . '" onClick="openPic(this.href,\'' . str_replace( |
||
224 | ' ', |
||
225 | '', |
||
226 | $JSpopup['windowname'] |
||
227 | ) . '\',\'' . $props . '\'); return false;" class="linkpop"' . $JSpopup['ATagParams'] . '>'; |
||
228 | if ($linkContent) { |
||
229 | $TAG .= $linkContent . '</a>'; |
||
230 | } |
||
231 | |||
232 | return $TAG; |
||
233 | } # function - textParse |
||
234 | |||
235 | |||
236 | /** |
||
237 | * Merges two arrays recursively, overruling the values of the first array |
||
238 | * in case of identical keys, ie. keeping the values of the second. |
||
239 | */ |
||
240 | public function arrayMergeRecursiveOverrule($arr0, $arr1, $notAddKeys = 0) |
||
241 | { |
||
242 | reset($arr1); |
||
243 | while (list($key, $val) = each($arr1)) { |
||
244 | if (is_array($arr0[$key])) { |
||
245 | if (is_array($arr1[$key])) { |
||
246 | ArrayUtility::mergeRecursiveWithOverrule($arr0[$key], $arr1[$key], $notAddKeys); |
||
247 | } |
||
248 | } else { |
||
249 | if ($notAddKeys) { |
||
250 | if (isset($arr0[$key])) { |
||
251 | $arr0[$key] = $val; |
||
252 | } |
||
253 | } else { |
||
254 | $arr0[$key] = $val; |
||
255 | } |
||
256 | } |
||
257 | } |
||
258 | reset($arr0); |
||
259 | return $arr0; |
||
260 | } |
||
261 | |||
262 | |||
263 | /** |
||
264 | * Load TypoScript for the backend |
||
265 | * This is important for the single configuration concept in the popup extension |
||
266 | */ |
||
267 | public function loadTypoScript($pid, $pluginExtKey = 'tx_popup_pi1') |
||
268 | { |
||
269 | |||
270 | $sysPageObj = GeneralUtility::makeInstance('TYPO3\\CMS\\Frontend\\Page\\PageRepository'); |
||
271 | $rootLine = $sysPageObj->getRootLine($pid); |
||
272 | $TSObj = GeneralUtility::makeInstance('TYPO3\\CMS\\Core\\TypoScript\\ExtendedTemplateService'); |
||
273 | $TSObj->tt_track = 0; |
||
274 | $TSObj->init(); |
||
275 | $TSObj->runThroughTemplates($rootLine); |
||
276 | $TSObj->generateConfig(); |
||
277 | return $TSObj->setup['plugin.'][$pluginExtKey . '.']; |
||
278 | } |
||
279 | |||
280 | |||
281 | /** |
||
282 | * Start the convertion prcess |
||
283 | * Init this process mit the parameter for the convertion |
||
284 | * all iligal parameter will be removed |
||
285 | */ |
||
286 | public function convertInit($params) |
||
287 | { |
||
288 | $this->convertParams = $params; |
||
289 | } |
||
290 | |||
291 | |||
292 | /** |
||
293 | * Convert a TYPO3 Popup configuration String to an Array |
||
294 | * |
||
295 | * @param string $configString The T3 configuration string (Like "width:height:param1=value,param2=value2") |
||
296 | * @param boolean $advanced If set, the advanced parameter will be included in the array |
||
297 | * |
||
298 | * @return array |
||
299 | */ |
||
300 | public function convertCfg2Array($configString, $advanced = false) |
||
301 | { |
||
302 | $params = $this->allowedParams; |
||
303 | if ($advanced) { |
||
304 | $params = array_merge($params, $this->advancedParams); |
||
305 | } |
||
306 | |||
307 | $parts = explode(':', $configString); |
||
308 | if (sizeof($parts) != 2) { |
||
309 | return false; |
||
310 | } |
||
311 | $size = explode('x', $parts[0]); |
||
312 | if (sizeof($size) != 2) { |
||
313 | return false; |
||
314 | } |
||
315 | |||
316 | $config = $this->convertJs2Array('width=' . $size[0] . ',height=' . $size[1] . ',' . $parts[1], $params); |
||
317 | return $this->setAllFields($params, $config); |
||
318 | } |
||
319 | |||
320 | |||
321 | /** |
||
322 | * Convert JavaScript Params to an array |
||
323 | * |
||
324 | * @param string $string |
||
325 | * @param string $params Javascript param String (Like "param1=value,param2=value2") |
||
326 | * |
||
327 | * @return array |
||
328 | */ |
||
329 | 1 | public function convertJs2Array($string, $params) |
|
330 | { |
||
331 | 1 | $config_pre = explode(',', $string); |
|
332 | 1 | $config = []; |
|
333 | 1 | foreach ($config_pre as $check) { |
|
334 | 1 | $p = explode('=', $check); |
|
335 | 1 | switch ($params[$p[0]]) { |
|
336 | 1 | case 'integer': |
|
337 | $config[$p[0]] = intval($p[1]); |
||
338 | break; |
||
339 | 1 | case 'boolean': |
|
340 | 1 | $config[$p[0]] = ($p[1] == "yes") ? true : false; |
|
341 | 1 | break; |
|
342 | } |
||
343 | } |
||
344 | 1 | return $config; |
|
345 | } |
||
346 | |||
347 | |||
348 | /** |
||
349 | * Convert an array to a TYPO3 Popup configuration String |
||
350 | * |
||
351 | * @param array $array Data Array of the field (key value pairs) |
||
352 | * @param boolean $advanced If set, the advanced parameter will be included in the array |
||
353 | * |
||
354 | * @return string |
||
355 | */ |
||
356 | public function convertArray2Cfg($array, $advanced = false) |
||
357 | { |
||
358 | $params = $this->allowedParams; |
||
359 | if ($advanced) { |
||
360 | $params = array_merge($params, $this->advancedParams); |
||
361 | } |
||
362 | |||
363 | $array = $this->setAllFields($params, $array); |
||
364 | |||
365 | $cfg = ''; |
||
366 | if (isset($array['height']) && isset($array['width'])) { |
||
367 | $cfg = $array['width'] . 'x' . $array['height'] . ':'; |
||
368 | unset($array['width']); |
||
369 | unset($array['height']); |
||
370 | } |
||
371 | |||
372 | foreach ($array as $key => $value) { |
||
373 | switch ($params[$key]) { |
||
374 | case 'integer': |
||
375 | $cfg .= $key . '=' . intval($value); |
||
376 | break; |
||
377 | case 'boolean': |
||
378 | $cfg .= $key . '=' . (($value) ? 'yes' : 'no'); |
||
379 | break; |
||
380 | } # switch |
||
381 | $cfg .= ','; |
||
382 | } # froeach |
||
383 | |||
384 | return $cfg; |
||
385 | } # function - convertArray2Cfg |
||
386 | |||
387 | |||
388 | /** |
||
389 | * Convert an array to a JS configuration String |
||
390 | */ |
||
391 | public function convertArray2Js($array) |
||
392 | { |
||
393 | $params = $this->allowedParams; |
||
394 | $array = $this->setAllFields($params, $array); |
||
395 | |||
396 | $out = ''; |
||
397 | foreach ($array as $key => $value) { |
||
398 | $out .= ($out != '') ? ',' : ''; |
||
399 | |||
400 | switch ($params[$key]) { |
||
401 | case 'integer': |
||
402 | $out .= $key . '=' . intval($value); |
||
403 | break; |
||
404 | case 'boolean': |
||
405 | $out .= $key . '=' . (($value) ? 'yes' : 'no'); |
||
406 | break; |
||
407 | } # switch |
||
408 | } # foreach |
||
409 | |||
410 | return $out; |
||
411 | } # function - convertArray2Js |
||
412 | |||
413 | |||
414 | /** |
||
415 | * Convert a TYPO3 Popup configuration String to a JS configuration String |
||
416 | */ |
||
417 | public function convertCfg2Js($string) |
||
418 | { |
||
419 | return $this->convertArray2Js($this->convertCfg2Array($string)); |
||
420 | } # function - convertCfg2Js |
||
421 | |||
422 | |||
423 | /** |
||
424 | * Convert a JS configuration string to a TYPO3 Popup configuration |
||
425 | */ |
||
426 | public function convertJs2Cfg($string) |
||
427 | { |
||
428 | return $this->convertArray2Cfg($this->convertJs2Array($string, [])); |
||
429 | } # function - convertJs2Cfg |
||
430 | |||
431 | |||
432 | /** |
||
433 | * Set all fields in the given configuration by the param parameter |
||
434 | */ |
||
435 | protected function setAllFields($params, $config) |
||
436 | { |
||
437 | $param = []; |
||
438 | foreach (array_keys($params) as $p) { |
||
439 | if (!in_array($p, array_keys($config))) { |
||
440 | switch ($params[$p]) { |
||
441 | case 'integer': |
||
442 | $config[$p] = 0; |
||
443 | break; |
||
444 | case 'boolean': |
||
445 | $config[$p] = false; |
||
446 | break; |
||
447 | } # switch |
||
448 | } # if |
||
449 | } # foreach |
||
450 | return $config; |
||
451 | } # function - setAllFields |
||
452 | } |
||
453 |
When comparing two booleans, it is generally considered safer to use the strict comparison operator.