TYPO3 CMS  TYPO3_6-2
FormViewHelper.php
Go to the documentation of this file.
1 <?php
3 
4 /* *
5  * This script is backported from the TYPO3 Flow package "TYPO3.Fluid". *
6  * *
7  * It is free software; you can redistribute it and/or modify it under *
8  * the terms of the GNU General Public License as published by the Free *
9  * Software Foundation, either version 3 of the License, or (at your *
10  * *
11  * *
12  * This script is distributed in the hope that it will be useful, but *
13  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHAN- *
14  * TABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General *
15  * Public License for more details. *
16  * *
17  * You should have received a copy of the GNU General Public License *
18  * along with the script. *
19  * If not, see http://www.gnu.org/licenses/gpl.html *
20  * *
21  * The TYPO3 project - inspiring people to share! *
22  * */
51 
55  protected $tagName = 'form';
56 
62 
67  protected $hashService;
68 
74 
79  protected $extensionService;
80 
88 
94 
100  public function initializeArguments() {
101  $this->registerTagAttribute('enctype', 'string', 'MIME type with which the form is submitted');
102  $this->registerTagAttribute('method', 'string', 'Transfer type (GET or POST)');
103  $this->registerTagAttribute('name', 'string', 'Name of form');
104  $this->registerTagAttribute('onreset', 'string', 'JavaScript: On reset of the form');
105  $this->registerTagAttribute('onsubmit', 'string', 'JavaScript: On submit of the form');
107  }
108 
134  public function render($action = NULL, array $arguments = array(), $controller = NULL, $extensionName = NULL, $pluginName = NULL, $pageUid = NULL, $object = NULL, $pageType = 0, $noCache = FALSE, $noCacheHash = FALSE, $section = '', $format = '', array $additionalParams = array(), $absolute = FALSE, $addQueryString = FALSE, array $argumentsToBeExcludedFromQueryString = array(), $fieldNamePrefix = NULL, $actionUri = NULL, $objectName = NULL, $hiddenFieldClassName = NULL) {
135  $this->setFormActionUri();
136  if (strtolower($this->arguments['method']) === 'get') {
137  $this->tag->addAttribute('method', 'get');
138  } else {
139  $this->tag->addAttribute('method', 'post');
140  }
145  $formContent = $this->renderChildren();
146 
147  if ($this->arguments['hiddenFieldClassName'] !== NULL) {
148  $content = chr(10) . '<div class="' . htmlspecialchars($this->arguments['hiddenFieldClassName']) . '">';
149  } else {
150  $content = chr(10) . '<div>';
151  }
152 
153  $content .= $this->renderHiddenIdentityField($this->arguments['object'], $this->getFormObjectName());
154  $content .= $this->renderAdditionalIdentityFields();
155  $content .= $this->renderHiddenReferrerFields();
156  $content .= $this->renderHiddenSecuredReferrerField();
157  if ($this->configurationManager->isFeatureEnabled('rewrittenPropertyMapper') === FALSE) {
158  // Render hmac after everything else has been rendered
159  $content .= $this->renderRequestHashField();
160  } else {
161  // Render the trusted list of all properties after everything else has been rendered
162  $content .= $this->renderTrustedPropertiesField();
163  }
164  $content .= chr(10) . '</div>' . chr(10);
165  $content .= $formContent;
166  $this->tag->setContent($content);
173  return $this->tag->render();
174  }
175 
181  protected function setFormActionUri() {
182  if ($this->hasArgument('actionUri')) {
183  $formActionUri = $this->arguments['actionUri'];
184  } else {
185  $uriBuilder = $this->controllerContext->getUriBuilder();
186  $formActionUri = $uriBuilder->reset()->setTargetPageUid($this->arguments['pageUid'])->setTargetPageType($this->arguments['pageType'])->setNoCache($this->arguments['noCache'])->setUseCacheHash(!$this->arguments['noCacheHash'])->setSection($this->arguments['section'])->setCreateAbsoluteUri($this->arguments['absolute'])->setArguments((array) $this->arguments['additionalParams'])->setAddQueryString($this->arguments['addQueryString'])->setArgumentsToBeExcludedFromQueryString((array) $this->arguments['argumentsToBeExcludedFromQueryString'])->setFormat($this->arguments['format'])->uriFor($this->arguments['action'], $this->arguments['arguments'], $this->arguments['controller'], $this->arguments['extensionName'], $this->arguments['pluginName']);
187  $this->formActionUriArguments = $uriBuilder->getArguments();
188  }
189  $this->tag->addAttribute('action', $formActionUri);
190  }
191 
198  protected function renderAdditionalIdentityFields() {
199  if ($this->viewHelperVariableContainer->exists('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'additionalIdentityProperties')) {
200  $additionalIdentityProperties = $this->viewHelperVariableContainer->get('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'additionalIdentityProperties');
201  $output = '';
202  foreach ($additionalIdentityProperties as $identity) {
203  $output .= chr(10) . $identity;
204  }
205  return $output;
206  }
207  return '';
208  }
209 
217  protected function renderHiddenReferrerFields() {
218  $request = $this->controllerContext->getRequest();
219  $extensionName = $request->getControllerExtensionName();
220  $vendorName = $request->getControllerVendorName();
221  $controllerName = $request->getControllerName();
222  $actionName = $request->getControllerActionName();
223  $result = chr(10);
224  if ($this->configurationManager->isFeatureEnabled('rewrittenPropertyMapper')) {
225  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@extension]') . '" value="' . $extensionName . '" />' . chr(10);
226  if ($vendorName !== NULL) {
227  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@vendor]') . '" value="' . $vendorName . '" />' . chr(10);
228  }
229  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@controller]') . '" value="' . $controllerName . '" />' . chr(10);
230  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@action]') . '" value="' . $actionName . '" />' . chr(10);
231  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[arguments]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(base64_encode(serialize($request->getArguments())))) . '" />' . chr(10);
232  } else {
233  // @deprecated since Fluid 1.4.0, will be removed two versions after Fluid 6.1.
234  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[extensionName]') . '" value="' . $extensionName . '" />' . chr(10);
235  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[controllerName]') . '" value="' . $controllerName . '" />' . chr(10);
236  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[actionName]') . '" value="' . $actionName . '" />' . chr(10);
237  }
239  return $result;
240  }
241 
249  protected function renderHiddenSecuredReferrerField()
250  {
251  if ($this->hasSecuredHiddenFieldsRendered()) {
252  return '';
253  }
254  $request = $this->renderingContext->getControllerContext()->getRequest();
255  $extensionName = $request->getControllerExtensionName();
256  $vendorName = $request->getControllerVendorName();
257  $controllerName = $request->getControllerName();
258  $actionName = $request->getControllerActionName();
259  if ($this->configurationManager->isFeatureEnabled('rewrittenPropertyMapper')) {
260  $actionRequest = array(
261  '@extension' => $extensionName,
262  '@controller' => $controllerName,
263  '@action' => $actionName,
264  );
265  if ($vendorName !== null) {
266  $actionRequest['@vendor'] = $vendorName;
267  }
268  } else {
269  $actionRequest = array(
270  'extensionName' => $extensionName,
271  'controllerName' => $controllerName,
272  'actionName' => $actionName,
273  );
274  }
275  $result = '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@request]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(serialize($actionRequest))) . '" />' . LF;
277  return $result;
278  }
279 
286  $formObjectName = $this->getFormObjectName();
287  if ($formObjectName !== NULL) {
288  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formObjectName', $formObjectName);
289  }
290  }
291 
298  $formObjectName = $this->getFormObjectName();
299  if ($formObjectName !== NULL) {
300  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formObjectName');
301  }
302  }
303 
311  protected function getFormObjectName() {
312  $formObjectName = NULL;
313  if ($this->hasArgument('objectName')) {
314  $formObjectName = $this->arguments['objectName'];
315  } elseif ($this->hasArgument('name')) {
316  $formObjectName = $this->arguments['name'];
317  }
318  return $formObjectName;
319  }
320 
327  if ($this->hasArgument('object')) {
328  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formObject', $this->arguments['object']);
329  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'additionalIdentityProperties', array());
330  }
331  }
332 
339  if ($this->hasArgument('object')) {
340  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formObject');
341  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'additionalIdentityProperties');
342  }
343  }
344 
351  $fieldNamePrefix = $this->getFieldNamePrefix();
352  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'fieldNamePrefix', $fieldNamePrefix);
353  }
354 
360  protected function getFieldNamePrefix() {
361  if ($this->hasArgument('fieldNamePrefix')) {
362  return $this->arguments['fieldNamePrefix'];
363  } else {
364  return $this->getDefaultFieldNamePrefix();
365  }
366  }
367 
374  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'fieldNamePrefix');
375  }
376 
383  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formFieldNames', array());
384  }
385 
392  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formFieldNames');
393  if ($this->viewHelperVariableContainer->exists('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'renderedHiddenFields')) {
394  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'renderedHiddenFields');
395  }
396  }
397 
402  {
403  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'securedHiddenFieldsRendered', true);
404  }
405 
411  protected function hasSecuredHiddenFieldsRendered()
412  {
413  return $this->viewHelperVariableContainer->exists('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'securedHiddenFieldsRendered');
414  }
415 
420  {
421  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'securedHiddenFieldsRendered');
422  }
423 
429  protected function renderRequestHashField() {
430  $formFieldNames = $this->viewHelperVariableContainer->get('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formFieldNames');
431  $this->postProcessUriArgumentsForRequesthash($this->formActionUriArguments, $formFieldNames);
432  $requestHash = $this->requestHashService->generateRequestHash($formFieldNames, $this->getFieldNamePrefix());
433  // in v4, we need to prefix __hmac as well to make it show up in the request object.
434  return '<input type="hidden" name="' . $this->prefixFieldName('__hmac') . '" value="' . htmlspecialchars($requestHash) . '" />';
435  }
436 
440  protected function postProcessUriArgumentsForRequestHash($arguments, &$results, $currentPrefix = '', $level = 0) {
441  if (!count($arguments)) {
442  return;
443  }
444  foreach ($arguments as $argumentName => $argumentValue) {
445  if (is_array($argumentValue)) {
446  $prefix = $level == 0 ? $argumentName : $currentPrefix . '[' . $argumentName . ']';
447  $this->postProcessUriArgumentsForRequestHash($argumentValue, $results, $prefix, $level + 1);
448  } else {
449  $results[] = $level == 0 ? $argumentName : $currentPrefix . '[' . $argumentName . ']';
450  }
451  }
452  }
453 
459  protected function getDefaultFieldNamePrefix() {
460  $request = $this->controllerContext->getRequest();
461  if ($this->hasArgument('extensionName')) {
462  $extensionName = $this->arguments['extensionName'];
463  } else {
464  $extensionName = $request->getControllerExtensionName();
465  }
466  if ($this->hasArgument('pluginName')) {
467  $pluginName = $this->arguments['pluginName'];
468  } else {
469  $pluginName = $request->getPluginName();
470  }
471  if ($extensionName !== NULL && $pluginName != NULL) {
472  return $this->extensionService->getPluginNamespace($extensionName, $pluginName);
473  } else {
474  return '';
475  }
476  }
477 
482  if ($this->viewHelperVariableContainer->exists('TYPO3\\CMS\\Fluid\\ViewHelpers\\Form\\CheckboxViewHelper', 'checkboxFieldNames')) {
483  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\Form\\CheckboxViewHelper', 'checkboxFieldNames');
484  }
485  }
486 
492  protected function renderTrustedPropertiesField() {
493  $formFieldNames = $this->viewHelperVariableContainer->get('TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper', 'formFieldNames');
494  $requestHash = $this->mvcPropertyMappingConfigurationService->generateTrustedPropertiesToken($formFieldNames, $this->getFieldNamePrefix());
495  return '<input type="hidden" name="' . $this->prefixFieldName('__trustedProperties') . '" value="' . htmlspecialchars($requestHash) . '" />';
496  }
497 }
registerTagAttribute($name, $type, $description, $required=FALSE, $default=NULL)
if($list_of_literals) if(!empty($literals)) if(!empty($literals)) $result
Analyse literals to prepend the N char to them if their contents aren&#39;t numeric.
render($action=NULL, array $arguments=array(), $controller=NULL, $extensionName=NULL, $pluginName=NULL, $pageUid=NULL, $object=NULL, $pageType=0, $noCache=FALSE, $noCacheHash=FALSE, $section='', $format='', array $additionalParams=array(), $absolute=FALSE, $addQueryString=FALSE, array $argumentsToBeExcludedFromQueryString=array(), $fieldNamePrefix=NULL, $actionUri=NULL, $objectName=NULL, $hiddenFieldClassName=NULL)
postProcessUriArgumentsForRequestHash($arguments, &$results, $currentPrefix='', $level=0)