/**
* Create a new series
*
* @param array $post
* @param array $authorsAllowed
* @return bool
*/
protected function processNewSeries(array $post = [], array $authorsAllowed = []) : bool
{
if (!\Airship\all_keys_exist(['author', 'items'], $post)) {
return false;
}
if (!\in_array($post['author'], $authorsAllowed)) {
return false;
}
return $this->blog->createSeries($post);
}
/**
* Trigger the package install process
*/
public function updatePackage()
{
$expected = ['package', 'supplier', 'type', 'version'];
if (!\Airship\all_keys_exist($expected, $_POST)) {
\Airship\json_response(['status' => 'ERROR', 'message' => \__('Incomplete request.')]);
}
try {
$filter = new SkyportFilter();
$_POST = $filter($_POST);
} catch (\TypeError $ex) {
$this->log("Input violation", LogLevel::ALERT, \Airship\throwableToArray($ex));
\Airship\json_response(['status' => 'ERROR', 'message' => \__('Invalid input.')]);
}
/**
* @security We need to guarantee RCE isn't possible:
*/
$args = \implode(' ', [\escapeshellarg(Util::charWhitelist($_POST['type'], Util::PRINTABLE_ASCII)), \escapeshellarg(Util::charWhitelist($_POST['supplier'], Util::PRINTABLE_ASCII) . '/' . Util::charWhitelist($_POST['package'], Util::PRINTABLE_ASCII)), \escapeshellarg(Util::charWhitelist($_POST['version'], Util::PRINTABLE_ASCII))]);
$output = \shell_exec('php -dphar.readonly=0 ' . ROOT . '/CommandLine/update_one.sh ' . $args);
\Airship\json_response(['status' => 'OK', 'message' => $output]);
}
/**
* @covers \Airship\all_keys_exist()
*/
public function testAllKeysExist()
{
$this->assertTrue(\Airship\all_keys_exist(['a', 'b'], ['a' => 1, 'b' => 2, 'c' => 'three']), 'All keys should be found present.');
$this->assertTrue(\Airship\all_keys_exist(['a', 'b', 'c'], ['a' => 1, 'b' => 2, 'c' => 'three']), 'All keys should be found present.');
$this->assertFalse(\Airship\all_keys_exist(['a', 'd'], ['a' => 1, 'b' => 2, 'c' => 'three']), 'The key, d, should not have been present.');
}
/**
* Create a new redirect
*
* @param string $cabin
* @route redirects/{string}/new
*/
public function newRedirect(string $cabin)
{
$cabins = $this->getCabinNamespaces();
if (!\in_array($cabin, $cabins) && !$this->can('create')) {
\Airship\redirect($this->airship_cabin_prefix . '/redirects');
}
$this->setTemplateExtraData($cabin);
$post = $this->post(new RedirectFilter());
if ($post) {
if (\Airship\all_keys_exist(['old_url', 'new_url'], $post)) {
if (\preg_match('#^https?://#', $post['new_url'])) {
// Less restrictions:
$result = $this->pg->createDifferentCabinRedirect(\trim($post['old_url'], '/'), \trim($post['new_url'], '/'), $cabin);
} else {
$result = $this->pg->createSameCabinRedirect(\trim($post['old_url'], '/'), \trim($post['new_url'], '/'), $cabin);
}
if ($result) {
\Airship\redirect($this->airship_cabin_prefix . '/redirects/' . $cabin);
}
}
}
$this->lens('redirect/new', ['cabin' => $cabin]);
}
/**
* @route ajax/authors_save_photo
*/
public function saveAuthorsPhoto()
{
$auth_bp = $this->blueprint('Author');
if (IDE_HACKS) {
$db = \Airship\get_database();
$auth_bp = new Author($db);
}
$authorId = (int) $_POST['author'];
if (!$this->isSuperUser()) {
$authors = $auth_bp->getAuthorIdsForUser($this->getActiveUserId());
if (!\in_array($authorId, $authors)) {
\Airship\json_response(['status' => 'ERROR', 'message' => \__('You do not have permission to access this author\'s posts.')]);
}
}
if (!\Airship\all_keys_exist(['cabin', 'context', 'author', 'filename'], $_POST)) {
\Airship\json_response(['keys' => array_keys($_POST), 'status' => 'ERROR', 'message' => 'Insufficient parameters']);
}
$result = $auth_bp->savePhotoChoice($authorId, $_POST['context'], $_POST['cabin'], $_POST['filename']);
if (!$result) {
\Airship\json_response(['status' => 'ERROR', 'message' => 'Could not save photo choice.', 'photo' => null]);
}
\Airship\json_response(['status' => 'OK', 'message' => 'Saved!']);
}
/**
* Create a new page in the current directory
*
* @param string $cabin
* @param string $path
* @param array $post
* @return mixed
*/
protected function processNewPage(string $cabin, string $path, array $post = []) : bool
{
$expected = ['url', 'format', 'page_body', 'save_btn', 'metadata'];
if (!\Airship\all_keys_exist($expected, $post)) {
return false;
}
$url = $path . '/' . \str_replace('/', '_', $post['url']);
if (!empty($post['ignore_collisions']) && $this->detectCollisions($url, $cabin)) {
$this->storeLensVar('post_response', ['message' => \__('The given filename might conflict with another route in this Airship.'), 'status' => 'error']);
return false;
}
$raw = $this->isSuperUser() ? !empty($post['raw']) : false;
if ($this->can('publish')) {
$publish = $post['save_btn'] === 'publish';
} elseif ($this->can('create')) {
$publish = false;
} else {
$this->storeLensVar('post_response', ['message' => \__('You do not have permission to create new pages.'), 'status' => 'error']);
return false;
}
if ($this->pg->createPage($cabin, $path, $post, $publish, $raw)) {
\Airship\redirect($this->airship_cabin_prefix . '/pages/' . $cabin, ['dir' => $path]);
}
return true;
}
