From 95f94f80e36eabbd9334a0cf48259910b8b7bd37 Mon Sep 17 00:00:00 2001
From: Benni Mack <benni@typo3.org>
Date: Wed, 25 Mar 2020 20:27:10 +0100
Subject: [PATCH] [BUGFIX] Ensure to override JSwindow custom parameters

Currently "typolink.JSwindow_params" allows to set custom parameters
when opening a link within a JS-based popup. When linking an image,
the custom parameters have been added as well.

Resolves: #21302
Releases: master
Change-Id: Ia3ec655d8fe5536fd14564383da41a3fdfbb86c2
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/63921
Tested-by: Susanne Moog <look@susi.dev>
Tested-by: TYPO3com <noreply@typo3.com>
Tested-by: Daniel Goerz <daniel.goerz@posteo.de>
Reviewed-by: Susanne Moog <look@susi.dev>
Reviewed-by: Daniel Goerz <daniel.goerz@posteo.de>
---
 .../ContentObject/ContentObjectRenderer.php   | 26 ++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php b/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
index b01c32fd2a54..d4762b98da69 100644
--- a/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
+++ b/typo3/sysext/frontend/Classes/ContentObject/ContentObjectRenderer.php
@@ -1374,12 +1374,32 @@ class ContentObjectRenderer implements LoggerAwareInterface
                 $JSwindowExpand = isset($conf['JSwindow.']['expand.']) ? $this->stdWrap($conf['JSwindow.']['expand'], $conf['JSwindow.']['expand.']) : $conf['JSwindow.']['expand'];
                 $offset = GeneralUtility::intExplode(',', $JSwindowExpand . ',');
                 $newWindow = isset($conf['JSwindow.']['newWindow.']) ? $this->stdWrap($conf['JSwindow.']['newWindow'], $conf['JSwindow.']['newWindow.']) : $conf['JSwindow.']['newWindow'];
+                $params = [
+                    'width' => ($processedFile->getProperty('width') + $offset[0]),
+                    'height' => ($processedFile->getProperty('height') + $offset[1]),
+                    'status' => '0',
+                    'menubar' => '0'
+                ];
+                // params override existing parameters from above, or add more
+                $windowParams = isset($conf['JSwindow.']['params.']) ? $this->stdWrap($conf['JSwindow.']['params'], $conf['JSwindow.']['params.']) : $conf['JSwindow.']['params'];
+                $windowParams = explode(',', $windowParams);
+                foreach ($windowParams as $windowParam) {
+                    [$paramKey, $paramValue] = explode('=', $windowParam);
+                    if ($paramValue !== '') {
+                        $params[$paramKey] = $paramValue;
+                    } else {
+                        unset($params[$paramKey]);
+                    }
+                }
+                $paramString = '';
+                foreach ($params as $paramKey => $paramValue) {
+                    $paramString .= htmlspecialchars($paramKey) . '=' . htmlspecialchars($paramValue) . ',';
+                }
+
                 $onClick = 'openPic('
                     . GeneralUtility::quoteJSvalue($this->getTypoScriptFrontendController()->baseUrlWrap($url)) . ','
                     . '\'' . ($newWindow ? md5($url) : 'thePicture') . '\','
-                    . GeneralUtility::quoteJSvalue('width=' . ($processedFile->getProperty('width') + $offset[0])
-                        . ',height=' . ($processedFile->getProperty('height') + $offset[1]) . ',status=0,menubar=0')
-                    . '); return false;';
+                    . GeneralUtility::quoteJSvalue(rtrim($paramString, ',')) . '); return false;';
                 $a1 = '<a href="' . htmlspecialchars($url) . '"'
                     . ' onclick="' . htmlspecialchars($onClick) . '"'
                     . ($target !== '' ? ' target="' . htmlspecialchars($target) . '"' : '')
-- 
GitLab