From c275746354e3ee2f6b9c45afd3b80393de4b71d6 Mon Sep 17 00:00:00 2001
From: Wouter Wolters <typo3@wouterwolters.nl>
Date: Sat, 21 Nov 2015 14:00:37 +0100
Subject: [PATCH] [TASK] Use GeneralUtility::quoteJSvalue() where needed part 4
Resolves: #71753
Releases: master
Change-Id: Ie84dc9c49b606e6b3d6b15c0af64fe9614f4c5e4
Reviewed-on: https://review.typo3.org/44857
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
Tested-by: Stefan Neufeind <typo3.neufeind@speedpartner.de>
---
typo3/sysext/filelist/Classes/FileList.php | 4 +--
.../Controller/SearchFormController.php | 2 +-
.../Classes/RecordList/DatabaseRecordList.php | 32 +++++++++----------
.../Status/WarningMessagePostProcessor.php | 2 +-
.../Classes/Form/Element/RichTextElement.php | 2 +-
.../Controller/SetupModuleController.php | 10 +++---
.../Controller/VersionModuleController.php | 2 +-
7 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/typo3/sysext/filelist/Classes/FileList.php b/typo3/sysext/filelist/Classes/FileList.php
index 0b22fe087cc0..21a27a6698ab 100644
--- a/typo3/sysext/filelist/Classes/FileList.php
+++ b/typo3/sysext/filelist/Classes/FileList.php
@@ -307,7 +307,7 @@ class FileList extends AbstractRecordList
*/
public function linkClipboardHeaderIcon($string, $_, $cmd, $warning = '')
{
- $onClickEvent = 'document.dblistForm.cmd.value=\'' . $cmd . '\';document.dblistForm.submit();';
+ $onClickEvent = 'document.dblistForm.cmd.value=' . GeneralUtility::quoteJSvalue($cmd) . ';document.dblistForm.submit();';
if ($warning) {
$onClickEvent = 'if (confirm(' . GeneralUtility::quoteJSvalue($warning) . ')){' . $onClickEvent . '}';
}
@@ -433,7 +433,7 @@ class FileList extends AbstractRecordList
if ($this->clipObj->current !== 'normal' && $iOut) {
$cells[] = $this->linkClipboardHeaderIcon('<span title="' . $this->getLanguageService()->getLL('clip_selectMarked', true) . '">' . $this->iconFactory->getIcon('actions-edit-copy', Icon::SIZE_SMALL)->render() . '</span>', $table, 'setCB');
$cells[] = $this->linkClipboardHeaderIcon('<span title="' . $this->getLanguageService()->getLL('clip_deleteMarked', true) . '">' . $this->iconFactory->getIcon('actions-edit-delete', Icon::SIZE_SMALL)->render(), $table, 'delete', $this->getLanguageService()->getLL('clip_deleteMarkedWarning'));
- $onClick = 'checkOffCB(\'' . implode(',', $this->CBnames) . '\', this); return false;';
+ $onClick = 'checkOffCB(' . GeneralUtility::quoteJSvalue(implode(',', $this->CBnames)) . ', this); return false;';
$cells[] = '<a class="btn btn-default" rel="" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $this->getLanguageService()->getLL('clip_markRecords', true) . '">' . $this->iconFactory->getIcon('actions-document-select', Icon::SIZE_SMALL)->render() . '</a>';
}
$theData[$v] = implode('', $cells);
diff --git a/typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php b/typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php
index 13996bb41cde..536875e9cd23 100755
--- a/typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php
+++ b/typo3/sysext/indexed_search/Classes/Controller/SearchFormController.php
@@ -1840,7 +1840,7 @@ class SearchFormController extends \TYPO3\CMS\Frontend\Plugin\AbstractPlugin
*/
public function makePointerSelector_link($str, $p, $freeIndexUid)
{
- $onclick = 'document.getElementById(\'' . $this->prefixId . '_pointer\').value=\'' . $p . '\';' . 'document.getElementById(\'' . $this->prefixId . '_freeIndexUid\').value=\'' . rawurlencode($freeIndexUid) . '\';' . 'document.getElementById(\'' . $this->prefixId . '\').submit();return false;';
+ $onclick = 'document.getElementById(' . GeneralUtility::quoteJSvalue($this->prefixId . '_pointer') . ').value=' . GeneralUtility::quoteJSvalue($p) . ';' . 'document.getElementById(' . GeneralUtility::quoteJSvalue($this->prefixId . '_freeIndexUid') . ').value=' . GeneralUtility::quoteJSvalue($freeIndexUid) . ';' . 'document.getElementById(' . GeneralUtility::quoteJSvalue($this->prefixId) . ').submit();return false;';
return '<a href="#" onclick="' . htmlspecialchars($onclick) . '">' . $str . '</a>';
}
diff --git a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
index b4854aa94a63..75d1b5db6c7d 100644
--- a/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
+++ b/typo3/sysext/recordlist/Classes/RecordList/DatabaseRecordList.php
@@ -1075,7 +1075,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$cells['copyMarked'] = $this->linkClipboardHeaderIcon($spriteIcon, $table, 'setCB');
// The "edit marked" link:
$editIdList = implode(',', $currentIdList);
- $editIdList = '\'+editList(\'' . $table . '\',\'' . $editIdList . '\')+\'';
+ $editIdList = '\'+editList(' . GeneralUtility::quoteJSvalue($table) . ',' . GeneralUtility::quoteJSvalue($editIdList) . ')+\'';
$params = 'edit[' . $table . '][' . $editIdList . ']=edit';
$onClick = BackendUtility::editOnClick('', '', -1);
$onClickArray = explode('?', $onClick, 2);
@@ -1093,7 +1093,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
sprintf($lang->getLL('clip_deleteMarkedWarning'), $lang->sL($GLOBALS['TCA'][$table]['ctrl']['title']))
);
// The "Select all" link:
- $onClick = htmlspecialchars(('checkOffCB(\'' . implode(',', $this->CBnames) . '\', this); return false;'));
+ $onClick = htmlspecialchars(('checkOffCB(' . GeneralUtility::quoteJSvalue(implode(',', $this->CBnames)) . ', this); return false;'));
$cells['markAll'] = '<a class="btn btn-default" rel="" href="#" onclick="' . $onClick . '" title="'
. $lang->getLL('clip_markRecords', true) . '">'
. $this->iconFactory->getIcon('actions-document-select', Icon::SIZE_SMALL)->render() . '</a>';
@@ -1154,7 +1154,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($permsEdit && $this->table && is_array($currentIdList)) {
$editIdList = implode(',', $currentIdList);
if ($this->clipNumPane()) {
- $editIdList = '\'+editList(\'' . $table . '\',\'' . $editIdList . '\')+\'';
+ $editIdList = '\'+editList(' . GeneralUtility::quoteJSvalue($table) . ',' . GeneralUtility::quoteJSvalue($editIdList) . ')+\'';
}
$params = 'edit[' . $table . '][' . $editIdList . ']=edit&columnsOnly=' . implode(',', $this->fieldArray);
// we need to build this uri differently, otherwise GeneralUtility::quoteJSvalue messes up the edit list function
@@ -1200,7 +1200,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
if ($this->isEditable($table) && $permsEdit && $GLOBALS['TCA'][$table]['columns'][$fCol]) {
$editIdList = implode(',', $currentIdList);
if ($this->clipNumPane()) {
- $editIdList = '\'+editList(\'' . $table . '\',\'' . $editIdList . '\')+\'';
+ $editIdList = '\'+editList(' . GeneralUtility::quoteJSvalue($table) . ',' . GeneralUtility::quoteJSvalue($editIdList) . ')+\'';
}
$params = 'edit[' . $table . '][' . $editIdList . ']=edit&columnsOnly=' . $fCol;
// we need to build this uri differently, otherwise GeneralUtility::quoteJSvalue messes up the edit list function
@@ -1293,9 +1293,9 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
$next = '<li class="disabled"><span>' . $this->iconFactory->getIcon('actions-view-paging-next', Icon::SIZE_SMALL)->render() . '</span></li>';
$last = '<li class="disabled"><span>' . $this->iconFactory->getIcon('actions-view-paging-last', Icon::SIZE_SMALL)->render() . '</span></li>';
}
- $reload = '<li><a href="#" onclick="document.dblistForm.action=\'' . $listURL
- . '&pointer=\'+calculatePointer(document.getElementById(\'jumpPage-' . $renderPart
- . '\').value); document.dblistForm.submit(); return true;" title="'
+ $reload = '<li><a href="#" onclick="document.dblistForm.action=' . GeneralUtility::quoteJSvalue($listURL
+ . '&pointer=') . '+calculatePointer(document.getElementById(' . GeneralUtility::quoteJSvalue('jumpPage-' . $renderPart)
+ . ').value); document.dblistForm.submit(); return true;" title="'
. $this->getLanguageService()->sL('LLL:EXT:lang/locallang_common.xlf:reload', true) . '">'
. $this->iconFactory->getIcon('actions-refresh', Icon::SIZE_SMALL)->render() . '</a></li>';
if ($renderPart === 'top') {
@@ -1318,8 +1318,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
}
$pageNumberInput = '
<input type="text" value="' . $currentPage . '" size="3" class="form-control input-sm paginator-input" id="jumpPage-' . $renderPart . '" name="jumpPage-'
- . $renderPart . '" onkeyup="if (event.keyCode == 13) { document.dblistForm.action=\'' . $listURL
- . '&pointer=\'+calculatePointer(this.value); document.dblistForm.submit(); } return true;" />
+ . $renderPart . '" onkeyup="if (event.keyCode == 13) { document.dblistForm.action=' . GeneralUtility::quoteJSvalue($listURL
+ . '&pointer=') . '+calculatePointer(this.value); document.dblistForm.submit(); } return true;" />
';
$pageIndicatorText = sprintf(
$this->getLanguageService()->sL('LLL:EXT:lang/locallang_mod_web_list.xlf:pageIndicator'),
@@ -1411,13 +1411,13 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
}
$this->addActionToCellGroup($cells, $editAction, 'edit');
// "Info": (All records)
- $onClick = 'top.launchView(\'' . $table . '\', \'' . $row['uid'] . '\'); return false;';
+ $onClick = 'top.launchView(' . GeneralUtility::quoteJSvalue($table) . ', ' . (int)$row['uid'] . '); return false;';
$viewBigAction = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $this->getLanguageService()->getLL('showInfo', true) . '">'
. $this->iconFactory->getIcon('actions-document-info', Icon::SIZE_SMALL)->render() . '</a>';
$this->addActionToCellGroup($cells, $viewBigAction, 'viewBig');
// "Move" wizard link for pages/tt_content elements:
if ($permsEdit && ($table === 'tt_content' || $table === 'pages')) {
- $onClick = 'return jumpExt(\'' . BackendUtility::getModuleUrl('move_element') . '&table=' . $table . '&uid=' . $row['uid'] . '\');';
+ $onClick = 'return jumpExt(' . GeneralUtility::quoteJSvalue(BackendUtility::getModuleUrl('move_element') . '&table=' . $table . '&uid=' . $row['uid']) . ');';
$linkTitleLL = $this->getLanguageService()->getLL('move_' . ($table === 'tt_content' ? 'record' : 'page'), true);
$icon = ($table == 'pages' ? $this->iconFactory->getIcon('actions-page-move', Icon::SIZE_SMALL) : $this->iconFactory->getIcon('actions-document-move', Icon::SIZE_SMALL));
$moveAction = '<a class="btn btn-default" href="#" onclick="' . htmlspecialchars($onClick) . '" title="' . $linkTitleLL . '">' . $icon->render() . '</a>';
@@ -1691,12 +1691,12 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
}
$cells['copy'] = '<a class="btn btn-default" href="#" onclick="'
- . htmlspecialchars('return jumpSelf(\'' . $this->clipObj->selUrlDB($table, $row['uid'], 1, ($isSel === 'copy'), array('returnUrl' => '')) . '\');')
+ . htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 1, ($isSel === 'copy'), array('returnUrl' => ''))) . ');')
. '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.copy', true) . '">'
. $copyIcon->render() . '</a>';
if (true) {
$cells['cut'] = '<a class="btn btn-default" href="#" onclick="'
- . htmlspecialchars('return jumpSelf(\'' . $this->clipObj->selUrlDB($table, $row['uid'], 0, ($isSel === 'cut'), array('returnUrl' => '')) . '\');')
+ . htmlspecialchars('return jumpSelf(' . GeneralUtility::quoteJSvalue($this->clipObj->selUrlDB($table, $row['uid'], 0, ($isSel === 'cut'), array('returnUrl' => ''))) . ');')
. '" title="' . $this->getLanguageService()->sL('LLL:EXT:lang/locallang_core.xlf:cm.cut', true) . '">'
. $cutIcon->render() . '</a>';
} else {
@@ -1781,7 +1781,7 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
'ref_table = ' . $db->fullQuoteStr($tableName, 'sys_refindex') .
' AND ref_uid = ' . $uid . ' AND deleted = 0'
);
- return $this->generateReferenceToolTip($referenceCount, '\'' . $tableName . '\', \'' . $uid . '\'');
+ return $this->generateReferenceToolTip($referenceCount, GeneralUtility::quoteJSvalue($tableName) . ', ' . GeneralUtility::quoteJSvalue($uid));
}
/**
@@ -1927,8 +1927,8 @@ class DatabaseRecordList extends AbstractDatabaseRecordList
*/
public function linkClipboardHeaderIcon($string, $table, $cmd, $warning = '')
{
- $onClickEvent = 'document.dblistForm.cmd.value=\'' . $cmd . '\';document.dblistForm.cmd_table.value=\''
- . $table . '\';document.dblistForm.submit();';
+ $onClickEvent = 'document.dblistForm.cmd.value=' . GeneralUtility::quoteJSvalue($cmd) . ';document.dblistForm.cmd_table.value='
+ . GeneralUtility::quoteJSvalue($table) . ';document.dblistForm.submit();';
if ($warning) {
$onClickEvent = 'if (confirm(' . GeneralUtility::quoteJSvalue($warning) . ')){' . $onClickEvent . '}';
}
diff --git a/typo3/sysext/reports/Classes/Report/Status/WarningMessagePostProcessor.php b/typo3/sysext/reports/Classes/Report/Status/WarningMessagePostProcessor.php
index 749126d981bb..a637f51e170d 100644
--- a/typo3/sysext/reports/Classes/Report/Status/WarningMessagePostProcessor.php
+++ b/typo3/sysext/reports/Classes/Report/Status/WarningMessagePostProcessor.php
@@ -46,7 +46,7 @@ class WarningMessagePostProcessor
);
$warningMessages['tx_reports_status_notification'] = sprintf(
$GLOBALS['LANG']->getLL('status_problemNotification'),
- '<a href="javascript:top.goToModule(\'' . $reportModuleIdentifier . '\', 1, \'&' . implode('&', $reportModuleParameters) . '\');">', '</a>'
+ '<a href="javascript:top.goToModule(' . \TYPO3\CMS\Core\Utility\GeneralUtility::quoteJSvalue($reportModuleIdentifier) . ', 1, ' . \TYPO3\CMS\Core\Utility\GeneralUtility::quoteJSvalue('&' . implode('&', $reportModuleParameters)) . ');">', '</a>'
);
}
}
diff --git a/typo3/sysext/rtehtmlarea/Classes/Form/Element/RichTextElement.php b/typo3/sysext/rtehtmlarea/Classes/Form/Element/RichTextElement.php
index fcb91e862115..eefdcfe6ad00 100644
--- a/typo3/sysext/rtehtmlarea/Classes/Form/Element/RichTextElement.php
+++ b/typo3/sysext/rtehtmlarea/Classes/Form/Element/RichTextElement.php
@@ -655,7 +655,7 @@ class RichTextElement extends AbstractFormElement
$jsArray[] = '}';
$jsArray[] = 'configureEditorInstance["' . $this->domIdentifier . '"] = function() {';
$jsArray[] = 'if (typeof RTEarea === "undefined" || typeof HTMLArea === "undefined") {';
- $jsArray[] = ' window.setTimeout("configureEditorInstance[\'' . $this->domIdentifier . '\']();", 40);';
+ $jsArray[] = ' window.setTimeout("configureEditorInstance[' . GeneralUtilit::quoteJSvalue($this->domIdentifier) . ']();", 40);';
$jsArray[] = '} else {';
$jsArray[] = 'editornumber = "' . $this->domIdentifier . '";';
$jsArray[] = 'RTEarea[editornumber] = new Object();';
diff --git a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
index 8f14c73e4383..915b380bba60 100644
--- a/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
+++ b/typo3/sysext/setup/Classes/Controller/SetupModuleController.php
@@ -1000,15 +1000,15 @@ class SetupModuleController extends AbstractModule
}
function clearExistingImage() {
- TYPO3.jQuery(\'#image_' . htmlspecialchars($fieldName) . '\').hide();
- TYPO3.jQuery(\'#clear_button_' . htmlspecialchars($fieldName) . '\').hide();
- TYPO3.jQuery(\'#field_' . htmlspecialchars($fieldName) . '\').val(\'\');
+ TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#image_' . htmlspecialchars($fieldName)) . ').hide();
+ TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#clear_button_' . htmlspecialchars($fieldName)) . ').hide();
+ TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(\'\');
}
function setFileUid(field, value, fileUid) {
clearExistingImage();
- TYPO3.jQuery(\'#field_' . htmlspecialchars($fieldName) . '\').val(fileUid);
- TYPO3.jQuery(\'#add_button_' . htmlspecialchars($fieldName) . '\').removeClass(\'btn-default\').addClass(\'btn-info\');
+ TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#field_' . htmlspecialchars($fieldName)) . ').val(fileUid);
+ TYPO3.jQuery(' . GeneralUtility::quoteJSvalue('#add_button_' . htmlspecialchars($fieldName)) . ').removeClass(\'btn-default\').addClass(\'btn-info\');
browserWin.close();
}
diff --git a/typo3/sysext/version/Classes/Controller/VersionModuleController.php b/typo3/sysext/version/Classes/Controller/VersionModuleController.php
index 1cb2fb635c04..35772cfbc02a 100644
--- a/typo3/sysext/version/Classes/Controller/VersionModuleController.php
+++ b/typo3/sysext/version/Classes/Controller/VersionModuleController.php
@@ -541,7 +541,7 @@ class VersionModuleController extends \TYPO3\CMS\Backend\Module\BaseScriptClass
// Perform some access checks:
$a_wl = $GLOBALS['BE_USER']->check('modules', 'web_list');
$a_wp = $GLOBALS['BE_USER']->check('modules', $pageModule);
- $adminLink .= '<a class="btn btn-default" href="#" onclick="top.loadEditId(' . $row['uid'] . ');top.goToModule(\'' . $pageModule . '\'); return false;">'
+ $adminLink .= '<a class="btn btn-default" href="#" onclick="top.loadEditId(' . $row['uid'] . ');top.goToModule(' . GeneralUtility::quoteJSvalue($pageModule) . '); return false;">'
. $this->moduleTemplate->getIconFactory()->getIcon('actions-page-open', Icon::SIZE_SMALL)->render()
. '</a>';
$adminLink .= '<a class="btn btn-default" href="#" onclick="top.loadEditId(' . $row['uid'] . ');top.goToModule(\'web_list\'); return false;">' . $this->moduleTemplate->getIconFactory()->getIcon('actions-system-list-open', Icon::SIZE_SMALL)->render() . '</a>';
--
GitLab