1 <?php

2 namespace TYPO3\CMS\Fluid\ViewHelpers;

3 

4 /* *

5  * This script is backported from the TYPO3 Flow package "TYPO3.Fluid". *

6  * *

7  * It is free software; you can redistribute it and/or modify it under *

8  * the terms of the GNU General Public License as published by the Free *

9  * Software Foundation, either version 3 of the License, or (at your *

10  * *

11  * *

12  * This script is distributed in the hope that it will be useful, but *

13  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHAN- *

14  * TABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General *

15  * Public License for more details. *

16  * *

17  * You should have received a copy of the GNU General Public License *

18  * along with the script. *

19  * If not, see http://www.gnu.org/licenses/gpl.html *

20  * *

21  * The TYPO3 project - inspiring people to share! *

22  * */

50 class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewHelper {

51 

55  protected $tagName = 'form';

56 

61  protected $requestHashService;

62 

67  protected $hashService;

68 

73  protected $mvcPropertyMappingConfigurationService;

74 

79  protected $extensionService;

80 

87  protected $formActionUriArguments;

88 

93  protected $configurationManager;

94 

100  public function initializeArguments() {

101  $this->registerTagAttribute('enctype', 'string', 'MIME type with which the form is submitted');

102  $this->registerTagAttribute('method', 'string', 'Transfer type (GET or POST)');

103  $this->registerTagAttribute('name', 'string', 'Name of form');

104  $this->registerTagAttribute('onreset', 'string', 'JavaScript: On reset of the form');

105  $this->registerTagAttribute('onsubmit', 'string', 'JavaScript: On submit of the form');

106  $this->registerUniversalTagAttributes();

107  }

108 

134  public function render($action = NULL, array $arguments = array(), $controller = NULL, $extensionName = NULL, $pluginName = NULL, $pageUid = NULL, $object = NULL, $pageType = 0, $noCache = FALSE, $noCacheHash = FALSE, $section = '', $format = '', array $additionalParams = array(), $absolute = FALSE, $addQueryString = FALSE, array $argumentsToBeExcludedFromQueryString = array(), $fieldNamePrefix = NULL, $actionUri = NULL, $objectName = NULL, $hiddenFieldClassName = NULL) {

135  $this->setFormActionUri();

136  if (strtolower($this->arguments['method']) === 'get') {

137  $this->tag->addAttribute('method', 'get');

138  } else {

139  $this->tag->addAttribute('method', 'post');

140  }

141  $this->addFormObjectNameToViewHelperVariableContainer();

142  $this->addFormObjectToViewHelperVariableContainer();

143  $this->addFieldNamePrefixToViewHelperVariableContainer();

144  $this->addFormFieldNamesToViewHelperVariableContainer();

145  $formContent = $this->renderChildren();

146 

147  if ($this->arguments['hiddenFieldClassName'] !== NULL) {

148  $content = chr(10) . '<div class="' . htmlspecialchars($this->arguments['hiddenFieldClassName']) . '">';

149  } else {

150  $content = chr(10) . '<div>';

151  }

152 

153  $content .= $this->renderHiddenIdentityField($this->arguments['object'], $this->getFormObjectName());

154  $content .= $this->renderAdditionalIdentityFields();

155  $content .= $this->renderHiddenReferrerFields();

156  $content .= $this->renderHiddenSecuredReferrerField();

157  if ($this->configurationManager->isFeatureEnabled('rewrittenPropertyMapper') === FALSE) {

158  // Render hmac after everything else has been rendered

159  $content .= $this->renderRequestHashField();

160  } else {

161  // Render the trusted list of all properties after everything else has been rendered

162  $content .= $this->renderTrustedPropertiesField();

163  }

164  $content .= chr(10) . '</div>' . chr(10);

165  $content .= $formContent;

166  $this->tag->setContent($content);

167  $this->removeFieldNamePrefixFromViewHelperVariableContainer();

168  $this->removeFormObjectFromViewHelperVariableContainer();

169  $this->removeFormObjectNameFromViewHelperVariableContainer();

170  $this->removeFormFieldNamesFromViewHelperVariableContainer();

171  $this->removeCheckboxFieldNamesFromViewHelperVariableContainer();

172  $this->removeSecuredHiddenFieldsRenderedFromViewHelperVariableContainer();

173  return $this->tag->render();

174  }

175 

181  protected function setFormActionUri() {

182  if ($this->hasArgument('actionUri')) {

183  $formActionUri = $this->arguments['actionUri'];

184  } else {

185  $uriBuilder = $this->controllerContext->getUriBuilder();

186  $formActionUri = $uriBuilder->reset()->setTargetPageUid($this->arguments['pageUid'])->setTargetPageType($this->arguments['pageType'])->setNoCache($this->arguments['noCache'])->setUseCacheHash(!$this->arguments['noCacheHash'])->setSection($this->arguments['section'])->setCreateAbsoluteUri($this->arguments['absolute'])->setArguments((array) $this->arguments['additionalParams'])->setAddQueryString($this->arguments['addQueryString'])->setArgumentsToBeExcludedFromQueryString((array) $this->arguments['argumentsToBeExcludedFromQueryString'])->setFormat($this->arguments['format'])->uriFor($this->arguments['action'], $this->arguments['arguments'], $this->arguments['controller'], $this->arguments['extensionName'], $this->arguments['pluginName']);

187  $this->formActionUriArguments = $uriBuilder->getArguments();

188  }

189  $this->tag->addAttribute('action', $formActionUri);

190  }

191 

198  protected function renderAdditionalIdentityFields() {

199  if ($this->viewHelperVariableContainer->exists('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'additionalIdentityProperties')) {

200  $additionalIdentityProperties = $this->viewHelperVariableContainer->get('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'additionalIdentityProperties');

201  $output = '';

202  foreach ($additionalIdentityProperties as $identity) {

203  $output .= chr(10) . $identity;

204  }

205  return $output;

206  }

207  return '';

208  }

209 

217  protected function renderHiddenReferrerFields() {

218  $request = $this->controllerContext->getRequest();

219  $extensionName = $request->getControllerExtensionName();

220  $vendorName = $request->getControllerVendorName();

221  $controllerName = $request->getControllerName();

222  $actionName = $request->getControllerActionName();

223  $result = chr(10);

224  if ($this->configurationManager->isFeatureEnabled('rewrittenPropertyMapper')) {

225  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@extension]') . '" value="' . $extensionName . '" />' . chr(10);

226  if ($vendorName !== NULL) {

227  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@vendor]') . '" value="' . $vendorName . '" />' . chr(10);

228  }

229  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@controller]') . '" value="' . $controllerName . '" />' . chr(10);

230  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@action]') . '" value="' . $actionName . '" />' . chr(10);

231  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[arguments]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(base64_encode(serialize($request->getArguments())))) . '" />' . chr(10);

232  } else {

233  // @deprecated since Fluid 1.4.0, will be removed two versions after Fluid 6.1.

234  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[extensionName]') . '" value="' . $extensionName . '" />' . chr(10);

235  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[controllerName]') . '" value="' . $controllerName . '" />' . chr(10);

236  $result .= '<input type="hidden" name="' . $this->prefixFieldName('__referrer[actionName]') . '" value="' . $actionName . '" />' . chr(10);

237  }

238  $result .= $this->renderHiddenSecuredReferrerField();

239  return $result;

240  }

241 

249  protected function renderHiddenSecuredReferrerField()

250  {

251  if ($this->hasSecuredHiddenFieldsRendered()) {

252  return '';

253  }

254  $request = $this->renderingContext->getControllerContext()->getRequest();

255  $extensionName = $request->getControllerExtensionName();

256  $vendorName = $request->getControllerVendorName();

257  $controllerName = $request->getControllerName();

258  $actionName = $request->getControllerActionName();

259  if ($this->configurationManager->isFeatureEnabled('rewrittenPropertyMapper')) {

260  $actionRequest = array(

261  '@extension' => $extensionName,

262  '@controller' => $controllerName,

263  '@action' => $actionName,

264  );

265  if ($vendorName !== null) {

266  $actionRequest['@vendor'] = $vendorName;

267  }

268  } else {

269  $actionRequest = array(

270  'extensionName' => $extensionName,

271  'controllerName' => $controllerName,

272  'actionName' => $actionName,

273  );

274  }

275  $result = '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@request]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(serialize($actionRequest))) . '" />' . LF;

276  $this->addSecuredHiddenFieldsRenderedToViewHelperVariableContainer();

277  return $result;

278  }

279 

285  protected function addFormObjectNameToViewHelperVariableContainer() {

286  $formObjectName = $this->getFormObjectName();

287  if ($formObjectName !== NULL) {

288  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formObjectName', $formObjectName);

289  }

290  }

291 

297  protected function removeFormObjectNameFromViewHelperVariableContainer() {

298  $formObjectName = $this->getFormObjectName();

299  if ($formObjectName !== NULL) {

300  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formObjectName');

301  }

302  }

303 

311  protected function getFormObjectName() {

312  $formObjectName = NULL;

313  if ($this->hasArgument('objectName')) {

314  $formObjectName = $this->arguments['objectName'];

315  } elseif ($this->hasArgument('name')) {

316  $formObjectName = $this->arguments['name'];

317  }

318  return $formObjectName;

319  }

320 

326  protected function addFormObjectToViewHelperVariableContainer() {

327  if ($this->hasArgument('object')) {

328  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formObject', $this->arguments['object']);

329  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'additionalIdentityProperties', array());

330  }

331  }

332 

338  protected function removeFormObjectFromViewHelperVariableContainer() {

339  if ($this->hasArgument('object')) {

340  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formObject');

341  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'additionalIdentityProperties');

342  }

343  }

344 

350  protected function addFieldNamePrefixToViewHelperVariableContainer() {

351  $fieldNamePrefix = $this->getFieldNamePrefix();

352  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'fieldNamePrefix', $fieldNamePrefix);

353  }

354 

360  protected function getFieldNamePrefix() {

361  if ($this->hasArgument('fieldNamePrefix')) {

362  return $this->arguments['fieldNamePrefix'];

363  } else {

364  return $this->getDefaultFieldNamePrefix();

365  }

366  }

367 

373  protected function removeFieldNamePrefixFromViewHelperVariableContainer() {

374  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'fieldNamePrefix');

375  }

376 

382  protected function addFormFieldNamesToViewHelperVariableContainer() {

383  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formFieldNames', array());

384  }

385 

391  protected function removeFormFieldNamesFromViewHelperVariableContainer() {

392  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formFieldNames');

393  if ($this->viewHelperVariableContainer->exists('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'renderedHiddenFields')) {

394  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'renderedHiddenFields');

395  }

396  }

397 

401  protected function addSecuredHiddenFieldsRenderedToViewHelperVariableContainer()

402  {

403  $this->viewHelperVariableContainer->add('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'securedHiddenFieldsRendered', true);

404  }

405 

411  protected function hasSecuredHiddenFieldsRendered()

412  {

413  return $this->viewHelperVariableContainer->exists('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'securedHiddenFieldsRendered');

414  }

415 

419  protected function removeSecuredHiddenFieldsRenderedFromViewHelperVariableContainer()

420  {

421  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'securedHiddenFieldsRendered');

422  }

423 

429  protected function renderRequestHashField() {

430  $formFieldNames = $this->viewHelperVariableContainer->get('TYPO3\\CMS\\Fluid\\ViewHelpers\\FormViewHelper', 'formFieldNames');

431  $this->postProcessUriArgumentsForRequesthash($this->formActionUriArguments, $formFieldNames);

432  $requestHash = $this->requestHashService->generateRequestHash($formFieldNames, $this->getFieldNamePrefix());

433  // in v4, we need to prefix __hmac as well to make it show up in the request object.

434  return '<input type="hidden" name="' . $this->prefixFieldName('__hmac') . '" value="' . htmlspecialchars($requestHash) . '" />';

435  }

436 

440  protected function postProcessUriArgumentsForRequestHash($arguments, &$results, $currentPrefix = '', $level = 0) {

441  if (!count($arguments)) {

442  return;

443  }

444  foreach ($arguments as $argumentName => $argumentValue) {

445  if (is_array($argumentValue)) {

446  $prefix = $level == 0 ? $argumentName : $currentPrefix . '[' . $argumentName . ']';

447  $this->postProcessUriArgumentsForRequestHash($argumentValue, $results, $prefix, $level + 1);

448  } else {

449  $results[] = $level == 0 ? $argumentName : $currentPrefix . '[' . $argumentName . ']';

450  }

451  }

452  }

453 

459  protected function getDefaultFieldNamePrefix() {

460  $request = $this->controllerContext->getRequest();

461  if ($this->hasArgument('extensionName')) {

462  $extensionName = $this->arguments['extensionName'];

463  } else {

464  $extensionName = $request->getControllerExtensionName();

465  }

466  if ($this->hasArgument('pluginName')) {

467  $pluginName = $this->arguments['pluginName'];

468  } else {

469  $pluginName = $request->getPluginName();

470  }

471  if ($extensionName !== NULL && $pluginName != NULL) {

472  return $this->extensionService->getPluginNamespace($extensionName, $pluginName);

473  } else {

474  return '';

475  }

476  }

477 

481  protected function removeCheckboxFieldNamesFromViewHelperVariableContainer() {

482  if ($this->viewHelperVariableContainer->exists('TYPO3\\CMS\\Fluid\\ViewHelpers\\Form\\CheckboxViewHelper', 'checkboxFieldNames')) {

483  $this->viewHelperVariableContainer->remove('TYPO3\\CMS\\Fluid\\ViewHelpers\\Form\\CheckboxViewHelper', 'checkboxFieldNames');

484  }

485  }

486 

492  protected function renderTrustedPropertiesField() {

493  $formFieldNames = $this->viewHelperVariableContainer->get('TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper', 'formFieldNames');

494  $requestHash = $this->mvcPropertyMappingConfigurationService->generateTrustedPropertiesToken($formFieldNames, $this->getFieldNamePrefix());

495  return '<input type="hidden" name="' . $this->prefixFieldName('__trustedProperties') . '" value="' . htmlspecialchars($requestHash) . '" />';

496  }

497 }