Beispiel #1
0
 protected function updateOptions($token)
 {
     global $currentIndex;
     if ($this->tabAccess['edit'] === '1') {
         foreach ($this->_fieldsOptions as $key => $field) {
             if ($this->validateField(Tools14::getValue($key), $field)) {
                 // check if a method updateOptionFieldName is available
                 $method_name = 'updateOption' . Tools14::toCamelCase($key, true);
                 if (method_exists($this, $method_name)) {
                     $this->{$method_name}(Tools14::getValue($key));
                 } elseif ($field['type'] == 'textLang' or $field['type'] == 'textareaLang') {
                     $languages = Language::getLanguages(false);
                     $list = array();
                     foreach ($languages as $language) {
                         $val = isset($field['cast']) ? $field['cast'](Tools14::getValue($key . '_' . $language['id_lang'])) : Tools14::getValue($key . '_' . $language['id_lang']);
                         if (Validate::isCleanHtml($val)) {
                             $list[$language['id_lang']] = $val;
                         } else {
                             $this->_errors[] = Tools14::displayError('Can not add configuration ' . $key . ' for lang ' . Language::getIsoById((int) $language['id_lang']));
                         }
                     }
                     Configuration::updateValue($key, $list);
                 } else {
                     $val = isset($field['cast']) ? $field['cast'](Tools14::getValue($key)) : Tools14::getValue($key);
                     if (Validate::isCleanHtml($val)) {
                         Configuration::updateValue($key, $val);
                     } else {
                         $this->_errors[] = Tools14::displayError('Can not add configuration ' . $key);
                     }
                 }
             }
         }
         if (count($this->_errors) <= 0) {
             Tools14::redirectAdmin($currentIndex . '&conf=6&token=' . $token);
         }
     } else {
         $this->_errors[] = Tools14::displayError('You do not have permission to edit here.');
     }
 }
Beispiel #2
0
define('_PS_ADMIN_DIR_', _PS_ROOT_DIR_ . DIRECTORY_SEPARATOR . $_POST['dir']);
define('PS_ADMIN_DIR', _PS_ADMIN_DIR_);
// Retro-compatibility
//require(_PS_ADMIN_DIR_.'/functions.php');
include AUTOUPGRADE_MODULE_DIR . 'init.php';
$adminObj = new $tab();
$adminObj->ajax = true;
if (is_object($adminObj)) {
    if ($adminObj->checkToken()) {
        // the differences with index.php is here
        $adminObj->ajaxPreProcess();
        $action = Tools14::getValue('action');
        // no need to use displayConf() here
        if (!empty($action) and method_exists($adminObj, 'ajaxProcess' . Tools14::toCamelCase($action))) {
            $adminObj->{'ajaxProcess' . Tools14::toCamelCase($action)}();
        } else {
            $adminObj->ajaxProcess();
        }
        // @TODO We should use a displayAjaxError
        $adminObj->displayErrors();
        if (!empty($action) and method_exists($adminObj, 'displayAjax' . Tools14::toCamelCase($action))) {
            $adminObj->{'displayAjax' . $action}();
        } else {
            $adminObj->displayAjax();
        }
    } else {
        // If this is an XSS attempt, then we should only display a simple, secure page
        ob_clean();
        $adminObj->displayInvalidToken();
    }
}