| public static useSession ( $func, string $namespace = "pimcore_admin" ) : mixed | ||
| $func | ||
| $namespace | string | |
| return | mixed | |
public function updateCurrentUserAction()
{
$this->protectCSRF();
$user = $this->getUser();
if ($user != null) {
if ($user->getId() == $this->getParam("id")) {
$values = \Zend_Json::decode($this->getParam("data"));
unset($values["name"]);
unset($values["id"]);
unset($values["admin"]);
unset($values["permissions"]);
unset($values["roles"]);
unset($values["active"]);
if (!empty($values["new_password"])) {
$oldPasswordCheck = false;
if (empty($values["old_password"])) {
// if the user want to reset the password, the old password isn't required
$oldPasswordCheck = Tool\Session::useSession(function ($adminSession) use($oldPasswordCheck) {
if ($adminSession->password_reset) {
return true;
}
return false;
});
} else {
// the password has to match
$checkUser = Tool\Authentication::authenticatePlaintext($user->getName(), $values["old_password"]);
if ($checkUser) {
$oldPasswordCheck = true;
}
}
if ($oldPasswordCheck && $values["new_password"] == $values["retype_password"]) {
$values["password"] = Tool\Authentication::getPasswordHash($user->getName(), $values["new_password"]);
} else {
$this->_helper->json(["success" => false, "message" => "password_cannot_be_changed"]);
}
}
$user->setValues($values);
$user->save();
$this->_helper->json(["success" => true]);
} else {
\Logger::warn("prevented save current user, because ids do not match. ");
$this->_helper->json(false);
}
} else {
$this->_helper->json(false);
}
}
public function copyRewriteIdsAction()
{
$transactionId = $this->getParam("transactionId");
$idStore = Tool\Session::useSession(function ($session) use($transactionId) {
return $session->{$transactionId};
}, "pimcore_copy");
if (!array_key_exists("rewrite-stack", $idStore)) {
$idStore["rewrite-stack"] = array_values($idStore["idMapping"]);
}
$id = array_shift($idStore["rewrite-stack"]);
$object = Object::getById($id);
// create rewriteIds() config parameter
$rewriteConfig = array("object" => $idStore["idMapping"]);
$object = Object\Service::rewriteIds($object, $rewriteConfig);
$object->setUserModification($this->getUser()->getId());
$object->save();
// write the store back to the session
Tool\Session::useSession(function ($session) use($transactionId, $idStore) {
$session->{$transactionId} = $idStore;
}, "pimcore_copy");
$this->_helper->json(array("success" => true, "id" => $id));
}
public function logoutAction()
{
$controller = $this;
// clear open edit locks for this session
\Pimcore\Model\Element\Editlock::clearSession(session_id());
Tool\Session::useSession(function ($adminSession) use($controller) {
if ($adminSession->user instanceof User) {
\Pimcore::getEventManager()->trigger("admin.login.logout", $controller, ["user" => $adminSession->user]);
$adminSession->user = null;
}
\Zend_Session::destroy();
});
// cleanup pimcore-cookies => 315554400 => strtotime('1980-01-01')
setcookie("pimcore_opentabs", false, 315554400, "/");
$this->redirect("/admin/login/");
}
/**
*
*/
protected function protectCSRF()
{
$csrfToken = Session::useSession(function ($adminSession) {
return $adminSession->csrfToken;
});
if ($csrfToken != $_SERVER["HTTP_X_PIMCORE_CSRF_TOKEN"]) {
die("Detected CSRF Attack! Do not do evil things with pimcore ... ;-)");
}
}
/**
*
*/
public function removeFromSessionAction()
{
$key = "document_" . $this->getParam("id");
Session::useSession(function ($session) use($key) {
$session->{$key} = null;
}, "pimcore_documents");
$this->_helper->json(array("success" => true));
}
public function indexAction()
{
// IE compatibility
//$this->getResponse()->setHeader("X-UA-Compatible", "IE=8; IE=9", true);
// clear open edit locks for this session (in the case of a reload, ...)
\Pimcore\Model\Element\Editlock::clearSession(session_id());
// check maintenance
$maintenance_enabled = false;
$manager = Model\Schedule\Manager\Factory::getManager("maintenance.pid");
$lastExecution = $manager->getLastExecution();
if ($lastExecution) {
if (time() - $lastExecution < 610) {
// maintenance script should run at least every 10 minutes + a little tolerance
$maintenance_enabled = true;
}
}
$this->view->maintenance_enabled = \Zend_Json::encode($maintenance_enabled);
// configuration
$sysConfig = Config::getSystemConfig();
$this->view->config = $sysConfig;
//mail settings
$mailIncomplete = false;
if ($sysConfig->email) {
if (!$sysConfig->email->debug->emailaddresses) {
$mailIncomplete = true;
}
if (!$sysConfig->email->sender->email) {
$mailIncomplete = true;
}
if ($sysConfig->email->method == "smtp" && !$sysConfig->email->smtp->host) {
$mailIncomplete = true;
}
}
$this->view->mail_settings_complete = \Zend_Json::encode(!$mailIncomplete);
// report configuration
$this->view->report_config = Config::getReportConfig();
// customviews config
$cvConfig = Tool::getCustomViewConfig();
$cvData = array();
if ($cvConfig) {
foreach ($cvConfig as $node) {
$tmpData = $node;
$rootNode = Model\Object::getByPath($tmpData["rootfolder"]);
if ($rootNode) {
$tmpData["rootId"] = $rootNode->getId();
$tmpData["allowedClasses"] = explode(",", $tmpData["classes"]);
$tmpData["showroot"] = (bool) $tmpData["showroot"];
$cvData[] = $tmpData;
}
}
}
$this->view->customview_config = $cvData;
// upload limit
$max_upload = filesize2bytes(ini_get("upload_max_filesize") . "B");
$max_post = filesize2bytes(ini_get("post_max_size") . "B");
$upload_mb = min($max_upload, $max_post);
$this->view->upload_max_filesize = $upload_mb;
// csrf token
$user = $this->getUser();
$this->view->csrfToken = Tool\Session::useSession(function ($adminSession) use($user) {
if (!isset($adminSession->csrfToken) && !$adminSession->csrfToken) {
$adminSession->csrfToken = sha1(microtime() . $user->getName() . uniqid());
}
return $adminSession->csrfToken;
});
if (\Pimcore\Tool\Admin::isExtJS6()) {
$this->forward("index6");
}
}
public function copyInfoAction()
{
$transactionId = time();
$pasteJobs = array();
Tool\Session::useSession(function ($session) use($transactionId) {
$session->{$transactionId} = array();
}, "pimcore_copy");
if ($this->getParam("type") == "recursive") {
$asset = Asset::getById($this->getParam("sourceId"));
// first of all the new parent
$pasteJobs[] = array(array("url" => "/admin/asset/copy", "params" => array("sourceId" => $this->getParam("sourceId"), "targetId" => $this->getParam("targetId"), "type" => "child", "transactionId" => $transactionId, "saveParentId" => true)));
if ($asset->hasChilds()) {
// get amount of childs
$list = new Asset\Listing();
$list->setCondition("path LIKE '" . $asset->getFullPath() . "/%'");
$list->setOrderKey("LENGTH(path)", false);
$list->setOrder("ASC");
$childIds = $list->loadIdList();
if (count($childIds) > 0) {
foreach ($childIds as $id) {
$pasteJobs[] = array(array("url" => "/admin/asset/copy", "params" => array("sourceId" => $id, "targetParentId" => $this->getParam("targetId"), "sourceParentId" => $this->getParam("sourceId"), "type" => "child", "transactionId" => $transactionId)));
}
}
}
} else {
if ($this->getParam("type") == "child" || $this->getParam("type") == "replace") {
// the object itself is the last one
$pasteJobs[] = array(array("url" => "/admin/asset/copy", "params" => array("sourceId" => $this->getParam("sourceId"), "targetId" => $this->getParam("targetId"), "type" => $this->getParam("type"), "transactionId" => $transactionId)));
}
}
$this->_helper->json(array("pastejobs" => $pasteJobs));
}
public function indexAction()
{
// clear open edit locks for this session (in the case of a reload, ...)
\Pimcore\Model\Element\Editlock::clearSession(session_id());
// check maintenance
$maintenance_enabled = false;
$manager = Model\Schedule\Manager\Factory::getManager("maintenance.pid");
$lastExecution = $manager->getLastExecution();
if ($lastExecution) {
if (time() - $lastExecution < 610) {
// maintenance script should run at least every 10 minutes + a little tolerance
$maintenance_enabled = true;
}
}
$this->view->maintenance_enabled = \Zend_Json::encode($maintenance_enabled);
// configuration
$sysConfig = Config::getSystemConfig();
$this->view->config = $sysConfig;
//mail settings
$mailIncomplete = false;
if ($sysConfig->email) {
if (!$sysConfig->email->debug->emailaddresses) {
$mailIncomplete = true;
}
if (!$sysConfig->email->sender->email) {
$mailIncomplete = true;
}
if ($sysConfig->email->method == "smtp" && !$sysConfig->email->smtp->host) {
$mailIncomplete = true;
}
}
$this->view->mail_settings_complete = \Zend_Json::encode(!$mailIncomplete);
// report configuration
$this->view->report_config = Config::getReportConfig();
$cvData = [];
// still needed when publishing objects
$cvConfig = Tool::getCustomViewConfig();
if ($cvConfig) {
foreach ($cvConfig as $node) {
$tmpData = $node;
// backwards compatibility
$treeType = $tmpData["treetype"] ? $tmpData["treetype"] : "object";
$rootNode = Model\Element\Service::getElementByPath($treeType, $tmpData["rootfolder"]);
if ($rootNode) {
$tmpData["rootId"] = $rootNode->getId();
$tmpData["allowedClasses"] = $tmpData["classes"] ? explode(",", $tmpData["classes"]) : null;
$tmpData["showroot"] = (bool) $tmpData["showroot"];
// Check if a user has privileges to that node
if ($rootNode->isAllowed("list")) {
$cvData[] = $tmpData;
}
}
}
}
$this->view->customview_config = $cvData;
// upload limit
$max_upload = filesize2bytes(ini_get("upload_max_filesize") . "B");
$max_post = filesize2bytes(ini_get("post_max_size") . "B");
$upload_mb = min($max_upload, $max_post);
$this->view->upload_max_filesize = $upload_mb;
// session lifetime (gc)
$session_gc_maxlifetime = ini_get("session.gc_maxlifetime");
if (empty($session_gc_maxlifetime)) {
$session_gc_maxlifetime = 120;
}
$this->view->session_gc_maxlifetime = $session_gc_maxlifetime;
// csrf token
$user = $this->getUser();
$this->view->csrfToken = Tool\Session::useSession(function ($adminSession) use($user) {
if (!isset($adminSession->csrfToken) && !$adminSession->csrfToken) {
$adminSession->csrfToken = sha1(microtime() . $user->getName() . uniqid());
}
return $adminSession->csrfToken;
});
if (\Pimcore\Tool\Admin::isExtJS6()) {
$this->forward("index6");
}
}
public function copyRewriteIdsAction()
{
$transactionId = $this->getParam("transactionId");
$idStore = Session::useSession(function ($session) use($transactionId) {
return $session->{$transactionId};
}, "pimcore_copy");
if (!array_key_exists("rewrite-stack", $idStore)) {
$idStore["rewrite-stack"] = array_values($idStore["idMapping"]);
}
$id = array_shift($idStore["rewrite-stack"]);
$document = Document::getById($id);
if ($document) {
// create rewriteIds() config parameter
$rewriteConfig = array("document" => $idStore["idMapping"]);
$document = Document\Service::rewriteIds($document, $rewriteConfig, array("enableInheritance" => $this->getParam("enableInheritance") == "true" ? true : false));
$document->setUserModification($this->getUser()->getId());
$document->save();
}
// write the store back to the session
Session::useSession(function ($session) use($transactionId, $idStore) {
$session->{$transactionId} = $idStore;
}, "pimcore_copy");
$this->_helper->json(array("success" => true, "id" => $id));
}
public function saveAction()
{
try {
if ($this->getParam("id")) {
$page = Document\Page::getById($this->getParam("id"));
// check if there's a document in session which should be used as data-source
// see also self::clearEditableDataAction() | this is necessary to reset all fields and to get rid of
// outdated and unused data elements in this document (eg. entries of area-blocks)
$pageSession = Session::useSession(function ($session) use($page) {
if (isset($session->{"document_" . $page->getId()}) && isset($session->{"document_" . $page->getId() . "_useForSave"})) {
if ($session->{"document_" . $page->getId() . "_useForSave"}) {
// only use the page from the session once
unset($session->{"document_" . $page->getId() . "_useForSave"});
return $session->{"document_" . $page->getId()};
}
}
return null;
}, "pimcore_documents");
if ($pageSession) {
$page = $pageSession;
} else {
$page = $this->getLatestVersion($page);
}
$page->setUserModification($this->getUser()->getId());
if ($this->getParam("task") == "unpublish") {
$page->setPublished(false);
}
if ($this->getParam("task") == "publish") {
$page->setPublished(true);
}
$settings = [];
if ($this->getParam("settings")) {
$settings = \Zend_Json::decode($this->getParam("settings"));
}
// check for redirects
if ($this->getUser()->isAllowed("redirects") && $this->getParam("settings")) {
if (is_array($settings)) {
$redirectList = new Redirect\Listing();
$redirectList->setCondition("target = ?", $page->getId());
$existingRedirects = $redirectList->load();
$existingRedirectIds = [];
foreach ($existingRedirects as $existingRedirect) {
$existingRedirectIds[$existingRedirect->getId()] = $existingRedirect->getId();
}
for ($i = 1; $i < 100; $i++) {
if (array_key_exists("redirect_url_" . $i, $settings)) {
// check for existing
if ($settings["redirect_id_" . $i]) {
$redirect = Redirect::getById($settings["redirect_id_" . $i]);
unset($existingRedirectIds[$redirect->getId()]);
} else {
// create new one
$redirect = new Redirect();
}
$redirect->setSource($settings["redirect_url_" . $i]);
$redirect->setTarget($page->getId());
$redirect->setStatusCode(301);
$redirect->save();
}
}
// remove existing redirects which were delete
foreach ($existingRedirectIds as $existingRedirectId) {
$redirect = Redirect::getById($existingRedirectId);
$redirect->delete();
}
}
}
// check if settings exist, before saving meta data
if ($this->getParam("settings") && is_array($settings)) {
$metaData = [];
for ($i = 1; $i < 30; $i++) {
if (array_key_exists("metadata_" . $i, $settings)) {
$metaData[] = $settings["metadata_" . $i];
}
}
$page->setMetaData($metaData);
}
// only save when publish or unpublish
if ($this->getParam("task") == "publish" && $page->isAllowed("publish") or $this->getParam("task") == "unpublish" && $page->isAllowed("unpublish")) {
$this->setValuesToDocument($page);
try {
$page->save();
$this->saveToSession($page);
$this->_helper->json(["success" => true]);
} catch (\Exception $e) {
if (\Pimcore\Tool\Admin::isExtJS6() && $e instanceof Element\ValidationException) {
throw $e;
}
Logger::err($e);
$this->_helper->json(["success" => false, "message" => $e->getMessage()]);
}
} else {
if ($page->isAllowed("save")) {
$this->setValuesToDocument($page);
try {
$page->saveVersion();
$this->saveToSession($page);
$this->_helper->json(["success" => true]);
} catch (\Exception $e) {
Logger::err($e);
$this->_helper->json(["success" => false, "message" => $e->getMessage()]);
}
}
}
}
} catch (\Exception $e) {
Logger::log($e);
if (\Pimcore\Tool\Admin::isExtJS6() && $e instanceof Element\ValidationException) {
$this->_helper->json(["success" => false, "type" => "ValidationException", "message" => $e->getMessage(), "stack" => $e->getTraceAsString(), "code" => $e->getCode()]);
}
throw $e;
}
$this->_helper->json(false);
}
