From 1d2ee7abc1d4527a2a6ef845c9e799e18e1bc0f8 Mon Sep 17 00:00:00 2001
From: Helmut Hummel <info@helhum.io>
Date: Tue, 19 Jul 2016 16:23:36 +0200
Subject: [PATCH] [BUGFIX] Reset FormViewHelper on execution
This commit ensures that the FormViewHelper is in a clean state and
can render the required hidden fields (again).
Resolves: #77097
Releases: master, 7.6, 6.2
Change-Id: I82f90ee7c0aaf44cd48a9abde6dbb012f536543e
Reviewed-on: https://review.typo3.org/49104
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Nicole Cordes <typo3@cordes.co>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Reviewed-by: Markus Sommer <markussom@posteo.de>
Tested-by: Markus Sommer <markussom@posteo.de>
Reviewed-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
Tested-by: Anja Leichsenring <aleichsenring@ab-softlab.de>
---
.../Classes/ViewHelpers/FormViewHelper.php | 36 +++++++++++++++----
1 file changed, 29 insertions(+), 7 deletions(-)
diff --git a/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php b/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
index 6c905a00c047..f5746868cde5 100644
--- a/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
+++ b/typo3/sysext/fluid/Classes/ViewHelpers/FormViewHelper.php
@@ -71,11 +71,6 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
*/
protected $formActionUriArguments;
- /**
- * @var bool
- */
- private $securedReferrerFieldRendered = false;
-
/**
* @param \TYPO3\CMS\Extbase\Security\Cryptography\HashService $hashService
*/
@@ -176,6 +171,7 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
$this->removeFormObjectNameFromViewHelperVariableContainer();
$this->removeFormFieldNamesFromViewHelperVariableContainer();
$this->removeCheckboxFieldNamesFromViewHelperVariableContainer();
+ $this->removeSecuredHiddenFieldsRenderedFromViewHelperVariableContainer();
return $this->tag->render();
}
@@ -269,7 +265,7 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
*/
protected function renderHiddenSecuredReferrerField()
{
- if ($this->securedReferrerFieldRendered) {
+ if ($this->hasSecuredHiddenFieldsRendered()) {
return '';
}
$request = $this->renderingContext->getControllerContext()->getRequest();
@@ -286,7 +282,7 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
$actionRequest['@vendor'] = $vendorName;
}
$result = '<input type="hidden" name="' . $this->prefixFieldName('__referrer[@request]') . '" value="' . htmlspecialchars($this->hashService->appendHmac(serialize($actionRequest))) . '" />' . LF;
- $this->securedReferrerFieldRendered = true;
+ $this->addSecuredHiddenFieldsRenderedToViewHelperVariableContainer();
return $result;
}
@@ -399,6 +395,32 @@ class FormViewHelper extends \TYPO3\CMS\Fluid\ViewHelpers\Form\AbstractFormViewH
$this->viewHelperVariableContainer->remove(\TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'formFieldNames');
}
+ /**
+ * Adds flag to indicate the secured hidden fields have been rendered to the ViewHelperVariableContainer
+ */
+ protected function addSecuredHiddenFieldsRenderedToViewHelperVariableContainer()
+ {
+ $this->viewHelperVariableContainer->add(\TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'securedHiddenFieldsRendered', true);
+ }
+
+ /**
+ * Checks whether the secured hidden fields have been rendered
+ *
+ * @return bool
+ */
+ protected function hasSecuredHiddenFieldsRendered()
+ {
+ return $this->viewHelperVariableContainer->exists(\TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'securedHiddenFieldsRendered');
+ }
+
+ /**
+ * Removes flag to indicate the secured hidden fields have been rendered from the ViewHelperVariableContainer
+ */
+ protected function removeSecuredHiddenFieldsRenderedFromViewHelperVariableContainer()
+ {
+ $this->viewHelperVariableContainer->remove(\TYPO3\CMS\Fluid\ViewHelpers\FormViewHelper::class, 'securedHiddenFieldsRendered');
+ }
+
/**
* Render the request hash field
*
--
GitLab