From a167e6c328f5183e6206ca866c5c8c1e61ec86a8 Mon Sep 17 00:00:00 2001
From: Andreas Fernandez <a.fernandez@scripting-base.de>
Date: Wed, 30 Sep 2015 11:00:37 +0200
Subject: [PATCH] [BUGFIX] Remove eval from TCA slider JavaScript

Resolves: #70205
Related: #63712
Releases: master
Change-Id: I6d5c7d21870a7d36557db40f9047450701315bc1
Reviewed-on: http://review.typo3.org/43651
Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch>
Tested-by: Christian Kuhn <lolli@schwarzbu.ch>
Reviewed-by: Wouter Wolters <typo3@wouterwolters.nl>
Tested-by: Wouter Wolters <typo3@wouterwolters.nl>
---
 .../Classes/Form/Element/AbstractFormElement.php     |  2 +-
 .../Classes/Form/Wizard/ValueSliderWizard.php        |  6 ++----
 .../Resources/Public/JavaScript/ValueSlider.js       | 12 +++---------
 3 files changed, 6 insertions(+), 14 deletions(-)

diff --git a/typo3/sysext/backend/Classes/Form/Element/AbstractFormElement.php b/typo3/sysext/backend/Classes/Form/Element/AbstractFormElement.php
index 2d0540992f8d..a3dcdf6bf886 100644
--- a/typo3/sysext/backend/Classes/Form/Element/AbstractFormElement.php
+++ b/typo3/sysext/backend/Classes/Form/Element/AbstractFormElement.php
@@ -355,10 +355,10 @@ abstract class AbstractFormElement extends AbstractNode {
 					$params = array();
 					$params['fieldConfig'] = $fieldConfig;
 					$params['field'] = $field;
+					$params['table'] = $table;
 					$params['flexFormPath'] = $flexFormPath;
 					$params['md5ID'] = $md5ID;
 					$params['itemName'] = $itemName;
-					$params['fieldChangeFunc'] = $fieldChangeFunc;
 					$params['wConf'] = $wizardConfiguration;
 					$params['row'] = $row;
 
diff --git a/typo3/sysext/backend/Classes/Form/Wizard/ValueSliderWizard.php b/typo3/sysext/backend/Classes/Form/Wizard/ValueSliderWizard.php
index 1deb72663319..c99e90d06905 100644
--- a/typo3/sysext/backend/Classes/Form/Wizard/ValueSliderWizard.php
+++ b/typo3/sysext/backend/Classes/Form/Wizard/ValueSliderWizard.php
@@ -80,8 +80,7 @@ class ValueSliderWizard {
 			$step = 1;
 			$value = $index;
 		}
-		$callback = $params['fieldChangeFunc']['TBE_EDITOR_fieldChanged'];
-		$getField = $params['fieldChangeFunc']['typo3form.fieldGet'];
+		$callbackParams = [ $params['table'], $params['row']['uid'], $params['field'], $params['itemName'] ];
 		$id = 'slider-' . $params['md5ID'];
 		$content =
 			'<div'
@@ -94,8 +93,7 @@ class ValueSliderWizard {
 				. ' data-slider-value-type="' . htmlspecialchars($type) . '"'
 				. ' data-slider-item-name="' . htmlspecialchars($itemName) . '"'
 				. ' data-slider-element-type="' . htmlspecialchars($elementType) . '"'
-				. ' data-slider-field="' . htmlspecialchars($getField) . '"'
-				. ' data-slider-callback="' . htmlspecialchars($callback) . '"'
+				. ' data-slider-callback-params="' . htmlspecialchars(json_encode($callbackParams)) . '"'
 				. ' style="width: ' . $width . 'px;"'
 			. '></div>';
 
diff --git a/typo3/sysext/backend/Resources/Public/JavaScript/ValueSlider.js b/typo3/sysext/backend/Resources/Public/JavaScript/ValueSlider.js
index 9964359b0295..226442adb86e 100644
--- a/typo3/sysext/backend/Resources/Public/JavaScript/ValueSlider.js
+++ b/typo3/sysext/backend/Resources/Public/JavaScript/ValueSlider.js
@@ -47,7 +47,7 @@ define('TYPO3/CMS/Backend/ValueSlider', ['jquery', 'twbs/bootstrap-slider'], fun
 			$foreignField = $('[data-formengine-input-name="' + $slider.data('sliderItemName') + '"]'),
 			elementType = $slider.data('sliderElementType'),
 			sliderField = $slider.data('sliderField'),
-			sliderCallback = $slider.data('sliderCallback');
+			sliderCallbackParams = $slider.data('sliderCallbackParams');
 
 		switch (elementType) {
 			case 'input':
@@ -58,13 +58,7 @@ define('TYPO3/CMS/Backend/ValueSlider', ['jquery', 'twbs/bootstrap-slider'], fun
 				break;
 		}
 
-		if (sliderField) {
-			eval(sliderField);
-		}
-
-		if (sliderCallback) {
-			eval(sliderCallback);
-		}
+		TBE_EDITOR.fieldChanged.apply(sliderCallbackParams);
 	};
 
 	/**
@@ -74,7 +68,7 @@ define('TYPO3/CMS/Backend/ValueSlider', ['jquery', 'twbs/bootstrap-slider'], fun
 	 */
 	ValueSlider.renderTooltipValue = function(value) {
 		var renderedValue,
-			$slider = $('[data-slider-id="' + $(this).get(0).id + '"]'),
+			$slider = $('[data-slider-id="' + this.id + '"]'),
 			data = $slider.data();
 		switch (data.sliderValueType) {
 			case 'array':
-- 
GitLab