TYPO3 CMS  TYPO3_6-2
PreviewHook.php
Go to the documentation of this file.
1 <?php
2 namespace TYPO3\CMS\Version\Hook;
3 
17 use TYPO3\CMS\Backend\FrontendBackendUserAuthentication;
18 use TYPO3\CMS\Backend\Utility\BackendUtility;
19 use TYPO3\CMS\Core\Utility\ExtensionManagementUtility;
20 use TYPO3\CMS\Core\Utility\GeneralUtility;
21 
28 class PreviewHook implements \TYPO3\CMS\Core\SingletonInterface {
29 
35  protected $previewKey = 'ADMCMD_prev';
36 
42  protected $tsfeObj;
43 
49  protected $previewConfiguration = FALSE;
50 
57  protected $forceReadPermissions = FALSE;
58 
67  public function checkForPreview($params, &$pObj) {
68  $this->tsfeObj = $pObj;
69  $this->previewConfiguration = $this->getPreviewConfiguration();
70  if (is_array($this->previewConfiguration)) {
71  // In case of a keyword-authenticated preview,
72  // re-initialize the TSFE object:
73  // because the GET variables are taken from the preview
74  // configuration
75  $this->tsfeObj = GeneralUtility::makeInstance(
76  'TYPO3\\CMS\\Frontend\\Controller\\TypoScriptFrontendController',
77  $GLOBALS['TYPO3_CONF_VARS'],
78  GeneralUtility::_GP('id'),
79  GeneralUtility::_GP('type'),
80  GeneralUtility::_GP('no_cache'),
81  GeneralUtility::_GP('cHash'),
82  GeneralUtility::_GP('jumpurl'),
83  GeneralUtility::_GP('MP'),
84  GeneralUtility::_GP('RDCT')
85  );
86  $GLOBALS['TSFE'] = $this->tsfeObj;
87  // Configuration after initialization of TSFE object.
88  // Basically this unsets the BE cookie if any and forces
89  // the BE user set according to the preview configuration.
90  // @previouslyknownas TSFE->ADMCMD_preview_postInit
91  // Clear cookies:
92  unset($_COOKIE['be_typo_user']);
93  }
94  }
95 
105  public function initializePreviewUser(&$params, &$pObj) {
106  // if there is a valid BE user, and the full workspace should be previewed, the workspacePreview option should be set
107  $workspaceUid = $this->previewConfiguration['fullWorkspace'];
108  $workspaceRecord = null;
109  if ((is_null($params['BE_USER']) || $params['BE_USER'] === FALSE) && $this->previewConfiguration !== FALSE && $this->previewConfiguration['BEUSER_uid'] > 0) {
110  // First initialize a temp user object and resolve usergroup information
112  $tempBackendUser = $this->createFrontendBackendUser();
113  $tempBackendUser->userTS_dontGetCached = 1;
114  $tempBackendUser->setBeUserByUid($this->previewConfiguration['BEUSER_uid']);
115  if ($tempBackendUser->user['uid']) {
116  $tempBackendUser->unpack_uc('');
117  $tempBackendUser->fetchGroupData();
118  // Handle degradation of admin users
119  if ($tempBackendUser->isAdmin() && ExtensionManagementUtility::isLoaded('workspaces')) {
120  $workspaceRecord = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
121  'uid, adminusers, reviewers, members, db_mountpoints',
122  'sys_workspace',
123  'pid=0 AND uid=' . (int)$workspaceUid . BackendUtility::deleteClause('sys_workspace')
124  );
125  // Either use configured workspace mount or current page id, if admin user does not have any page mounts
126  if (empty($tempBackendUser->groupData['webmounts'])) {
127  $tempBackendUser->groupData['webmounts'] = !empty($workspaceRecord['db_mountpoints']) ? $workspaceRecord['db_mountpoints'] : $pObj->id;
128  }
129  // Force add degraded admin user as member of this workspace
130  $workspaceRecord['members'] = 'be_users_' . $this->previewConfiguration['BEUSER_uid'];
131  // Force read permission for degraded admin user
132  $this->forceReadPermissions = TRUE;
133  }
134  // Store only needed information in the real simulate backend
135  $BE_USER = $this->createFrontendBackendUser();
136  $BE_USER->userTS_dontGetCached = 1;
137  $BE_USER->user = $tempBackendUser->user;
138  $BE_USER->user['admin'] = 0;
139  $BE_USER->groupData['webmounts'] = $tempBackendUser->groupData['webmounts'];
140  $BE_USER->groupList = $tempBackendUser->groupList;
141  $BE_USER->userGroups = $tempBackendUser->userGroups;
142  $BE_USER->userGroupsUID = $tempBackendUser->userGroupsUID;
143  $pObj->beUserLogin = TRUE;
144  } else {
145  $BE_USER = NULL;
146  $pObj->beUserLogin = FALSE;
147  $_SESSION['TYPO3-TT-start'] = FALSE;
148  }
149  unset($tempBackendUser);
150  $params['BE_USER'] = $BE_USER;
151  }
152  if (
153  $pObj->beUserLogin
154  && is_object($params['BE_USER'])
155  && \TYPO3\CMS\Core\Utility\MathUtility::canBeInterpretedAsInteger($workspaceUid)
156  && $params['BE_USER']->isInWebMount($pObj->id)
157  ) {
158  if ($workspaceUid == 0 || $workspaceUid >= -1 && $params['BE_USER']->checkWorkspace($workspaceRecord ?: $workspaceUid)) {
159  // Check Access to workspace. Live (0) is OK to preview for all.
160  $pObj->workspacePreview = (int)$workspaceUid;
161  } else {
162  // No preview, will default to "Live" at the moment
163  $pObj->workspacePreview = -99;
164  }
165  }
166  }
167 
177  public function overridePagePermissionClause(array $parameters) {
178  $clause = $parameters['currentClause'];
179  if ($parameters['perms'] & 1 && $this->forceReadPermissions) {
180  $clause = ' 1=1';
181  }
182  return $clause;
183  }
184 
194  public function overridePermissionCalculation(array $parameters) {
195  $permissions = $parameters['outputPermissions'];
196  if (!($permissions & 1) && $this->forceReadPermissions) {
197  $permissions |= 1;
198  }
199  return $permissions;
200  }
201 
218  public function getPreviewConfiguration() {
219  $inputCode = $this->getPreviewInputCode();
220  // If input code is available and shall not be ignored, look up the settings
221  if ($inputCode && $inputCode !== 'IGNORE') {
222  // "log out"
223  if ($inputCode == 'LOGOUT') {
224  setcookie($this->previewKey, '', 0, GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
225  if ($this->tsfeObj->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate']) {
226  $templateFile = PATH_site . $this->tsfeObj->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate'];
227  if (@is_file($templateFile)) {
228  $message = GeneralUtility::getUrl(PATH_site . $this->tsfeObj->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate']);
229  } else {
230  $message = '<strong>ERROR!</strong><br>Template File "'
231  . $this->tsfeObj->TYPO3_CONF_VARS['FE']['workspacePreviewLogoutTemplate']
232  . '" configured with $TYPO3_CONF_VARS["FE"]["workspacePreviewLogoutTemplate"] not found. Please contact webmaster about this problem.';
233  }
234  } else {
235  $message = 'You logged out from Workspace preview mode. Click this link to <a href="%1$s">go back to the website</a>';
236  }
237  $returnUrl = GeneralUtility::sanitizeLocalUrl(GeneralUtility::_GET('returnUrl'));
238  die(sprintf($message, htmlspecialchars(preg_replace('/\\&?' . $this->previewKey . '=[[:alnum:]]+/', '', $returnUrl))));
239  }
240  // Look for keyword configuration record:
241  $where = 'keyword=' . $GLOBALS['TYPO3_DB']->fullQuoteStr($inputCode, 'sys_preview') . ' AND endtime>' . $GLOBALS['EXEC_TIME'];
242  $previewData = $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow('*', 'sys_preview', $where);
243  // Get: Backend login status, Frontend login status
244  // - Make sure to remove fe/be cookies (temporarily);
245  // BE already done in ADMCMD_preview_postInit()
246  if (is_array($previewData)) {
247  if (!count(GeneralUtility::_POST())) {
248  // Unserialize configuration:
249  $previewConfig = unserialize($previewData['config']);
250  // For full workspace preview we only ADD a get variable
251  // to set the preview of the workspace - so all other Get
252  // vars are accepted. Hope this is not a security problem.
253  // Still posting is not allowed and even if a backend user
254  // get initialized it shouldn't lead to situations where
255  // users can use those credentials.
256  if ($previewConfig['fullWorkspace']) {
257  // Set the workspace preview value:
258  GeneralUtility::_GETset($previewConfig['fullWorkspace'], 'ADMCMD_previewWS');
259  // If ADMCMD_prev is set the $inputCode value cannot come
260  // from a cookie and we set that cookie here. Next time it will
261  // be found from the cookie if ADMCMD_prev is not set again...
262  if (GeneralUtility::_GP($this->previewKey)) {
263  // Lifetime is 1 hour, does it matter much?
264  // Requires the user to click the link from their email again if it expires.
265  SetCookie($this->previewKey, GeneralUtility::_GP($this->previewKey), 0, GeneralUtility::getIndpEnv('TYPO3_SITE_PATH'));
266  }
267  return $previewConfig;
268  } elseif (GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . 'index.php?' . $this->previewKey . '=' . $inputCode === GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL')) {
269  // Set GET variables
270  $GET_VARS = '';
271  parse_str($previewConfig['getVars'], $GET_VARS);
272  GeneralUtility::_GETset($GET_VARS);
273  // Return preview keyword configuration
274  return $previewConfig;
275  } else {
276  // This check is to prevent people from setting additional
277  // GET vars via realurl or other URL path based ways of passing parameters.
278  throw new \Exception(htmlspecialchars('Request URL did not match "'
279  . GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . 'index.php?' . $this->previewKey . '='
280  . $inputCode . '"', 1294585190));
281  }
282  } else {
283  throw new \Exception('POST requests are incompatible with keyword preview.', 1294585191);
284  }
285  } else {
286  throw new \Exception('ADMCMD command could not be executed! (No keyword configuration found)', 1294585192);
287  }
288  }
289  return FALSE;
290  }
291 
297  protected function getPreviewInputCode() {
298  $inputCode = GeneralUtility::_GP($this->previewKey);
299  // If no inputcode and a cookie is set, load input code from cookie:
300  if (!$inputCode && $_COOKIE[$this->previewKey]) {
301  $inputCode = $_COOKIE[$this->previewKey];
302  }
303  return $inputCode;
304  }
305 
320  public function compilePreviewKeyword($getVarsStr, $backendUserUid, $ttl = 172800, $fullWorkspace = NULL) {
321  $fieldData = array(
322  'keyword' => md5(uniqid(microtime(), TRUE)),
323  'tstamp' => $GLOBALS['EXEC_TIME'],
324  'endtime' => $GLOBALS['EXEC_TIME'] + $ttl,
325  'config' => serialize(array(
326  'fullWorkspace' => $fullWorkspace,
327  'getVars' => $getVarsStr,
328  'BEUSER_uid' => $backendUserUid
329  ))
330  );
331  $GLOBALS['TYPO3_DB']->exec_INSERTquery('sys_preview', $fieldData);
332  return $fieldData['keyword'];
333  }
334 
342  public function getPreviewLinkLifetime() {
343  $ttlHours = (int)$GLOBALS['BE_USER']->getTSConfigVal('options.workspaces.previewLinkTTLHours');
344  return $ttlHours ? $ttlHours : 24 * 2;
345  }
346 
350  protected function createFrontendBackendUser() {
351  return GeneralUtility::makeInstance(
352  'TYPO3\\CMS\\Backend\\FrontendBackendUserAuthentication'
353  );
354  }
355 
356 }
$parameters
$parameters
Definition: FileDumpEID.php:15
TYPO3\CMS\Version\Hook\PreviewHook\overridePagePermissionClause
overridePagePermissionClause(array $parameters)
Definition: PreviewHook.php:177
die
die
Definition: index.php:6
TYPO3\CMS\Core\Utility\GeneralUtility\_GETset
static _GETset($inputGet, $key='')
Definition: GeneralUtility.php:207
TYPO3\CMS\Core\Utility\GeneralUtility\getUrl
static getUrl($url, $includeHeader=0, $requestHeaders=FALSE, &$report=NULL)
Definition: GeneralUtility.php:2461
TYPO3\CMS\Version\Hook\PreviewHook\overridePermissionCalculation
overridePermissionCalculation(array $parameters)
Definition: PreviewHook.php:194
TYPO3\CMS\Version\Hook\PreviewHook\compilePreviewKeyword
compilePreviewKeyword($getVarsStr, $backendUserUid, $ttl=172800, $fullWorkspace=NULL)
Definition: PreviewHook.php:320
$GLOBALS
if(!defined('TYPO3_MODE')) $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['t3lib/class.t3lib_userauth.php']['logoff_pre_processing'][]
Definition: ext_localconf.php:5
$BE_USER
$BE_USER
Definition: index_ts.php:114
TYPO3\CMS\Backend\Utility\BackendUtility\deleteClause
static deleteClause($table, $tableAlias='')
Definition: BackendUtility.php:71