FormViewHelper.php

Go to the documentation of this file.

<?php
namespace ‪TYPO3\CMS\Fluid\ViewHelpers;
 
/*
 * This file is part of the TYPO3 CMS project.
 *
 * It is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License, either version 2
 * of the License, or any later version.
 *
 * For the full copyright and license information, please read the
 * LICENSE.txt file that was distributed with this source code.
 *
 * The TYPO3 project - inspiring people to share!
 */
 
class ‪FormViewHelper extends ‪\TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewHelper
{
    protected ‪$tagName = 'form';
 
    protected ‪$hashService;
 
    protected ‪$mvcPropertyMappingConfigurationService;
 
    protected ‪$extensionService;
 
    protected ‪$formActionUriArguments;
 
    public function ‪injectHashService(\‪TYPO3\CMS\‪Extbase\Security\Cryptography\HashService ‪$hashService)
    {
        $this->hashService = ‪$hashService;
    }
 
    public function ‪injectMvcPropertyMappingConfigurationService(\‪TYPO3\CMS\‪Extbase\Mvc\Controller\MvcPropertyMappingConfigurationService ‪$mvcPropertyMappingConfigurationService)
    {
        $this->mvcPropertyMappingConfigurationService = ‪$mvcPropertyMappingConfigurationService;
    }
 
    public function ‪injectExtensionService(\‪TYPO3\CMS\‪Extbase\Service\ExtensionService ‪$extensionService)
    {
        $this->extensionService = ‪$extensionService;
    }
 
    public function ‪initializeArguments()
    {
        parent::initializeArguments();
        $this->registerArgument('action', 'string', 'Target action');
        $this->registerArgument('arguments', 'array', 'Arguments', false, []);
        $this->registerArgument('controller', 'string', 'Target controller');
        $this->registerArgument('extensionName', 'string', 'Target Extension Name (without "tx_" prefix and no underscores). If NULL the current extension name is used');
        $this->registerArgument('pluginName', 'string', 'Target plugin. If empty, the current plugin name is used');
        $this->registerArgument('pageUid', 'int', 'Target page uid');
        $this->registerArgument('object', 'mixed', 'Object to use for the form. Use in conjunction with the "property" attribute on the sub tags');
        $this->registerArgument('pageType', 'int', 'Target page type', false, 0);
        $this->registerArgument('noCache', 'bool', 'set this to disable caching for the target page. You should not need this.', false, false);
        $this->registerArgument('noCacheHash', 'bool', 'set this to suppress the cHash query parameter created by TypoLink. You should not need this.', false, false);
        $this->registerArgument('section', 'string', 'The anchor to be added to the action URI (only active if $actionUri is not set)', false, '');
        $this->registerArgument('format', 'string', 'The requested format (e.g. ".html") of the target page (only active if $actionUri is not set)', false, '');
        $this->registerArgument('additionalParams', 'array', 'additional action URI query parameters that won\'t be prefixed like $arguments (overrule $arguments) (only active if $actionUri is not set)', false, []);
        $this->registerArgument('absolute', 'bool', 'If set, an absolute action URI is rendered (only active if $actionUri is not set)', false, false);
        $this->registerArgument('addQueryString', 'bool', 'If set, the current query parameters will be kept in the action URI (only active if $actionUri is not set)', false, false);
        $this->registerArgument('argumentsToBeExcludedFromQueryString', 'array', 'arguments to be removed from the action URI. Only active if $addQueryString = TRUE and $actionUri is not set', false, []);
        $this->registerArgument('addQueryStringMethod', 'string', 'Method to use when keeping query parameters (GET or POST, only active if $actionUri is not set', false, 'GET');
        $this->registerArgument('fieldNamePrefix', 'string', 'Prefix that will be added to all field names within this form. If not set the prefix will be tx_yourExtension_plugin');
        $this->registerArgument('actionUri', 'string', 'can be used to overwrite the "action" attribute of the form tag');
        $this->registerArgument('objectName', 'string', 'name of the object that is bound to this form. If this argument is not specified, the name attribute of this form is used to determine the FormObjectName');
        $this->registerArgument('hiddenFieldClassName', 'string', 'hiddenFieldClassName');
        $this->registerTagAttribute('enctype', 'string', 'MIME type with which the form is submitted');
        $this->registerTagAttribute('method', 'string', 'Transfer type (GET or POST)');
        $this->registerTagAttribute('name', 'string', 'Name of form');
        $this->registerTagAttribute('onreset', 'string', 'JavaScript: On reset of the form');
        $this->registerTagAttribute('onsubmit', 'string', 'JavaScript: On submit of the form');
        $this->registerTagAttribute('target', 'string', 'Target attribute of the form');
        $this->registerTagAttribute('novalidate', 'bool', 'Indicate that the form is not to be validated on submit.');
        $this->registerUniversalTagAttributes();
    }
 
    public function ‪render()
    {
        $this->‪setFormActionUri();
        if (isset($this->arguments['method']) && strtolower($this->arguments['method']) === 'get') {
            $this->tag->addAttribute('method', 'get');
        } else {
            $this->tag->addAttribute('method', 'post');
        }
 
        if (isset($this->arguments['novalidate']) && $this->arguments['novalidate'] === true) {
            $this->tag->addAttribute('novalidate', 'novalidate');
        }
 
        $this->‪addFormObjectNameToViewHelperVariableContainer();
        $this->‪addFormObjectToViewHelperVariableContainer();
        $this->‪addFieldNamePrefixToViewHelperVariableContainer();
        $this->‪addFormFieldNamesToViewHelperVariableContainer();
        $formContent = $this->renderChildren();
 
        if (isset($this->arguments['hiddenFieldClassName']) && $this->arguments['hiddenFieldClassName'] !== null) {
            $content = LF . '<div class="' . htmlspecialchars($this->arguments['hiddenFieldClassName']) . '">';
        } else {
            $content = LF . '<div>';
        }
 
        $content .= $this->‪renderHiddenIdentityField($this->arguments['object'] ?? null, $this->‪getFormObjectName());
        $content .= $this->‪renderAdditionalIdentityFields();
        $content .= $this->‪renderHiddenReferrerFields();
 
        // Render the trusted list of all properties after everything else has been rendered
        $content .= $this->‪renderTrustedPropertiesField();
 
        $content .= LF . '</div>' . LF;
        $content .= $formContent;
        $this->tag->setContent($content);
        $this->‪removeFieldNamePrefixFromViewHelperVariableContainer();
        $this->‪removeFormObjectFromViewHelperVariableContainer();
        $this->‪removeFormObjectNameFromViewHelperVariableContainer();
        $this->‪removeFormFieldNamesFromViewHelperVariableContainer();
        $this->‪removeCheckboxFieldNamesFromViewHelperVariableContainer();
        return $this->tag->render();
    }
 
    protected function ‪setFormActionUri()
    {
        if ($this->hasArgument('actionUri')) {
            $formActionUri = $this->arguments['actionUri'];
        } else {
            $pageUid = (isset($this->arguments['pageUid']) && (int)$this->arguments['pageUid'] > 0) ? (int)$this->arguments['pageUid'] : null;
            $uriBuilder = $this->renderingContext->getControllerContext()->getUriBuilder();
            $formActionUri = $uriBuilder
                ->reset()
                ->setTargetPageUid($pageUid)
                ->setTargetPageType($this->arguments['pageType'] ?? 0)
                ->setNoCache($this->arguments['noCache'] ?? false)
                ->setUseCacheHash(isset($this->arguments['noCacheHash']) ? !$this->arguments['noCacheHash'] : true)
                ->setSection($this->arguments['section'] ?? '')
                ->setCreateAbsoluteUri($this->arguments['absolute'] ?? false)
                ->setArguments(isset($this->arguments['additionalParams']) ? (array)$this->arguments['additionalParams'] : [])
                ->setAddQueryString($this->arguments['addQueryString'] ?? false)
                ->setAddQueryStringMethod($this->arguments['addQueryStringMethod'] ?? null)
                ->setArgumentsToBeExcludedFromQueryString(isset($this->arguments['argumentsToBeExcludedFromQueryString']) ? (array)$this->arguments['argumentsToBeExcludedFromQueryString'] : [])
                ->setFormat($this->arguments['format'] ?? '')
                ->uriFor(
                    $this->arguments['action'] ?? null,
                    $this->arguments['arguments'] ?? [],
                    $this->arguments['controller'] ?? null,
                    $this->arguments['extensionName'] ?? null,
                    $this->arguments['pluginName'] ?? null
                );
            $this->formActionUriArguments = $uriBuilder->getArguments();
        }
        $this->tag->addAttribute('action', $formActionUri);
    }
 
    protected function ‪renderAdditionalIdentityFields()
    {
        $viewHelperVariableContainer = $this->renderingContext->getViewHelperVariableContainer();
        if ($viewHelperVariableContainer->exists(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'additionalIdentityProperties')) {
            $additionalIdentityProperties = $viewHelperVariableContainer->get(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'additionalIdentityProperties');
            ‪$output = '';
            foreach ($additionalIdentityProperties as $identity) {
                ‪$output .= LF . $identity;
            }
            return ‪$output;
        }
        return '';
    }
 
    protected function ‪renderHiddenReferrerFields()
    {
        $request = $this->renderingContext->getControllerContext()->getRequest();
        $extensionName = $request->getControllerExtensionName();
        $vendorName = $request->getControllerVendorName();
        $controllerName = $request->getControllerName();
        $actionName = $request->getControllerActionName();
        $actionRequest = [
            '@extension' => $extensionName,
            '@controller' => $controllerName,
            '@action' => $actionName,
        ];
 
        $result = LF;
        $result .= '<input type="hidden" name="' . htmlspecialchars($this->‪prefixFieldName('__referrer[@extension]')) . '" value="' . htmlspecialchars($extensionName) . '" />' . LF;
        if ($vendorName !== null) {
            $result .= '<input type="hidden" name="' . $this->‪prefixFieldName('__referrer[@vendor]') . '" value="' . $vendorName . '" />' . LF;
            $actionRequest['@vendor'] = $vendorName;
        }
        $result .= '<input type="hidden" name="' . htmlspecialchars($this->‪prefixFieldName('__referrer[@controller]')) . '" value="' . htmlspecialchars($controllerName) . '" />' . LF;
        $result .= '<input type="hidden" name="' . htmlspecialchars($this->‪prefixFieldName('__referrer[@action]')) . '" value="' . htmlspecialchars($actionName) . '" />' . LF;
        $result .= '<input type="hidden" name="' . htmlspecialchars($this->‪prefixFieldName('__referrer[arguments]')) . '" value="' . htmlspecialchars($this->hashService->appendHmac(base64_encode(serialize($request->getArguments())))) . '" />' . LF;
        $result .= '<input type="hidden" name="' . htmlspecialchars($this->‪prefixFieldName('__referrer[@request]')) . '" value="' . htmlspecialchars($this->hashService->appendHmac(serialize($actionRequest))) . '" />' . LF;
 
        return $result;
    }
 
    protected function ‪addFormObjectNameToViewHelperVariableContainer()
    {
        $formObjectName = $this->‪getFormObjectName();
        if ($formObjectName !== null) {
            $this->renderingContext->getViewHelperVariableContainer()->add(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'formObjectName', $formObjectName);
        }
    }
 
    protected function ‪removeFormObjectNameFromViewHelperVariableContainer()
    {
        $formObjectName = $this->‪getFormObjectName();
        if ($formObjectName !== null) {
            $this->renderingContext->getViewHelperVariableContainer()->remove(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'formObjectName');
        }
    }
 
    protected function ‪getFormObjectName()
    {
        $formObjectName = null;
        if ($this->hasArgument('objectName')) {
            $formObjectName = $this->arguments['objectName'];
        } elseif ($this->hasArgument('name')) {
            $formObjectName = $this->arguments['name'];
        }
        return $formObjectName;
    }
 
    protected function ‪addFormObjectToViewHelperVariableContainer()
    {
        if ($this->hasArgument('object')) {
            $viewHelperVariableContainer = $this->renderingContext->getViewHelperVariableContainer();
            $viewHelperVariableContainer->add(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'formObject', $this->arguments['object']);
            $viewHelperVariableContainer->add(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'additionalIdentityProperties', []);
        }
    }
 
    protected function ‪removeFormObjectFromViewHelperVariableContainer()
    {
        if ($this->hasArgument('object')) {
            $viewHelperVariableContainer = $this->renderingContext->getViewHelperVariableContainer();
            $viewHelperVariableContainer->remove(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'formObject');
            $viewHelperVariableContainer->remove(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'additionalIdentityProperties');
        }
    }
 
    protected function ‪addFieldNamePrefixToViewHelperVariableContainer()
    {
        $fieldNamePrefix = $this->‪getFieldNamePrefix();
        $this->renderingContext->getViewHelperVariableContainer()->add(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'fieldNamePrefix', $fieldNamePrefix);
    }
 
    protected function ‪getFieldNamePrefix()
    {
        if ($this->hasArgument('fieldNamePrefix')) {
            return $this->arguments['fieldNamePrefix'];
        }
        return $this->‪getDefaultFieldNamePrefix();
    }
 
    protected function ‪removeFieldNamePrefixFromViewHelperVariableContainer()
    {
        $this->renderingContext->getViewHelperVariableContainer()->remove(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'fieldNamePrefix');
    }
 
    protected function ‪addFormFieldNamesToViewHelperVariableContainer()
    {
        $this->renderingContext->getViewHelperVariableContainer()->add(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'formFieldNames', []);
    }
 
    protected function ‪removeFormFieldNamesFromViewHelperVariableContainer()
    {
        $viewHelperVariableContainer = $this->renderingContext->getViewHelperVariableContainer();
        $viewHelperVariableContainer->remove(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'formFieldNames');
        if ($viewHelperVariableContainer->exists(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'renderedHiddenFields')) {
            $viewHelperVariableContainer->remove(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'renderedHiddenFields');
        }
    }
 
    protected function ‪renderRequestHashField()
    {
        $formFieldNames = $this->viewHelperVariableContainer->get(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'formFieldNames');
        $this->‪postProcessUriArgumentsForRequestHash($this->formActionUriArguments, $formFieldNames);
        $requestHash = $this->requestHashService->generateRequestHash($formFieldNames, $this->‪getFieldNamePrefix());
        return '<input type="hidden" name="' . $this->‪prefixFieldName('__hmac') . '" value="' . htmlspecialchars($requestHash) . '" />';
    }
 
    protected function ‪postProcessUriArgumentsForRequestHash($arguments, &$results, $currentPrefix = '', $level = 0)
    {
        if (count($arguments)) {
            foreach ($arguments as $argumentName => $argumentValue) {
                if (is_array($argumentValue)) {
                    $prefix = $level == 0 ? $argumentName : $currentPrefix . '[' . $argumentName . ']';
                    $this->‪postProcessUriArgumentsForRequestHash($argumentValue, $results, $prefix, $level + 1);
                } else {
                    $results[] = $level == 0 ? $argumentName : $currentPrefix . '[' . $argumentName . ']';
                }
            }
        }
    }
 
    protected function ‪getDefaultFieldNamePrefix()
    {
        $request = $this->renderingContext->getControllerContext()->getRequest();
        if ($this->hasArgument('extensionName')) {
            $extensionName = $this->arguments['extensionName'];
        } else {
            $extensionName = $request->getControllerExtensionName();
        }
        if ($this->hasArgument('pluginName')) {
            $pluginName = $this->arguments['pluginName'];
        } else {
            $pluginName = $request->getPluginName();
        }
        if ($extensionName !== null && $pluginName != null) {
            return $this->extensionService->getPluginNamespace($extensionName, $pluginName);
        }
        return '';
    }
 
    protected function ‪removeCheckboxFieldNamesFromViewHelperVariableContainer()
    {
        $viewHelperVariableContainer = $this->renderingContext->getViewHelperVariableContainer();
        if ($viewHelperVariableContainer->exists(\‪TYPO3\CMS\Fluid\ViewHelpers\Form\CheckboxViewHelper::class, 'checkboxFieldNames')) {
            $viewHelperVariableContainer->remove(\‪TYPO3\CMS\Fluid\ViewHelpers\Form\CheckboxViewHelper::class, 'checkboxFieldNames');
        }
    }
 
    protected function ‪renderTrustedPropertiesField()
    {
        $formFieldNames = $this->renderingContext->getViewHelperVariableContainer()->get(\‪TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'formFieldNames');
        $requestHash = $this->mvcPropertyMappingConfigurationService->generateTrustedPropertiesToken($formFieldNames, $this->‪getFieldNamePrefix());
        return '<input type="hidden" name="' . htmlspecialchars($this->‪prefixFieldName('__trustedProperties')) . '" value="' . htmlspecialchars($requestHash) . '" />';
    }
}