/**
* Save an attachment (from editing)
*/
public function save($key = null, $urlVar = null)
{
// Check for request forgeries
JSession::checkToken() or die(JText::_('JINVALID_TOKEN'));
// Access check.
$user = JFactory::getUser();
if (!($user->authorise('core.edit', 'com_attachments') or $user->authorise('core.edit.own', 'com_attachments'))) {
return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 134)');
}
$model = $this->getModel();
$attachment = $model->getTable();
// Make sure the article ID is valid
$attachment_id = JRequest::getInt('id');
if (!$attachment->load($attachment_id)) {
$errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_UPDATE_ATTACHMENT_INVALID_ID_N', $id) . ' (ERR 135)';
JError::raiseError(500, $errmsg);
}
// Note the old uri type
$old_uri_type = $attachment->uri_type;
// Get the data from the form
if (!$attachment->bind(JRequest::get('post'))) {
$errmsg = $attachment->getError() . ' (ERR 136)';
JError::raiseError(500, $errmsg);
}
// Get the parent handler for this attachment
JPluginHelper::importPlugin('attachments');
$apm = getAttachmentsPluginManager();
if (!$apm->attachmentsPluginInstalled($attachment->parent_type)) {
$errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $attachment->parent_type) . ' (ERR 135B)';
JError::raiseError(500, $errmsg);
}
$parent = $apm->getAttachmentsPlugin($attachment->parent_type);
// See if the parent ID has been changed
$parent_changed = false;
$old_parent_id = JRequest::getString('old_parent_id');
if ($old_parent_id == '') {
$old_parent_id = null;
} else {
$old_parent_id = JRequest::getInt('old_parent_id');
}
// Handle new parents (in process of creation)
if ($parent->newParent($attachment)) {
$attachment->parent_id = null;
}
// Deal with updating an orphaned attachment
if ($old_parent_id == null && is_numeric($attachment->parent_id)) {
$parent_changed = true;
}
// Check for normal parent changes
if ($old_parent_id && $attachment->parent_id != $old_parent_id) {
$parent_changed = true;
}
// See if we are updating a file or URL
$new_uri_type = JRequest::getWord('update');
if ($new_uri_type && !in_array($new_uri_type, AttachmentsDefines::$LEGAL_URI_TYPES)) {
// Make sure only legal values are entered
$new_uri_type = '';
}
// See if the parent type has changed
$new_parent_type = JRequest::getCmd('new_parent_type');
$new_parent_entity = JRequest::getCmd('new_parent_entity');
$old_parent_type = JRequest::getCmd('old_parent_type');
$old_parent_entity = JRequest::getCmd('old_parent_entity');
if ($new_parent_type && ($new_parent_type != $old_parent_type || $new_parent_entity != $old_parent_entity)) {
$parent_changed = true;
}
// If the parent has changed, make sure they have selected the new parent
if ($parent_changed && (int) $attachment->parent_id == -1) {
$errmsg = JText::sprintf('ATTACH_ERROR_MUST_SELECT_PARENT');
echo "<script type=\"text/javascript\"> alert('{$errmsg}'); window.history.go(-1); </script>\n";
exit;
}
// If the parent has changed, switch the parent, rename files if necessary
if ($parent_changed) {
if ($new_uri_type == 'url' && $old_uri_type == 'file') {
// If we are changing parents and converting from file to URL, delete the old file
jimport('joomla.filesystem.file');
// Load the attachment so we can get its filename_sys
$db = JFactory::getDBO();
$query = $db->getQuery(true);
$query->select('filename_sys, id')->from('#__attachments')->where('id=' . (int) $attachment->id);
$db->setQuery($query, 0, 1);
$filename_sys = $db->loadResult();
JFile::delete($filename_sys);
AttachmentsHelper::clean_directory($filename_sys);
} else {
// Otherwise switch the file/url to the new parent
if ($old_parent_id == null) {
$old_parent_id = 0;
// NOTE: When attaching a file to an article during creation,
// the article_id (parent_id) is initially null until
// the article is saved (at that point the
// parent_id/article_id updated). If the attachment is
// added and creating the article is canceled, the
// attachment exists but is orhpaned since it does not
// have a parent. It's article_id is null, but it is
// saved in directory as if its article_id is 0:
// article/0/file.txt. Therefore, if the parent has
// changed, we pretend the old_parent_id=0 for file
// renaming/moving.
}
$error_msg = AttachmentsHelper::switch_parent($attachment, $old_parent_id, $attachment->parent_id, $new_parent_type, $new_parent_entity);
if ($error_msg != '') {
$errmsg = JText::_($error_msg) . ' (ERR 137)';
$link = 'index.php?option=com_attachments';
$this->setRedirect($link, $errmsg, 'error');
return;
}
}
}
// Update parent type/entity, if needed
if ($new_parent_type && $new_parent_type != $old_parent_type) {
$attachment->parent_type = $new_parent_type;
}
if ($new_parent_type && $new_parent_entity != $old_parent_entity) {
$attachment->parent_entity = $new_parent_entity;
}
// Get the article/parent handler
if ($new_parent_type) {
$parent_type = $new_parent_type;
$parent_entity = $new_parent_entity;
} else {
$parent_type = JRequest::getCmd('parent_type', 'com_content');
$parent_entity = JRequest::getCmd('parent_entity', 'default');
}
$parent = $apm->getAttachmentsPlugin($parent_type);
$parent_entity = $parent->getCanonicalEntityId($parent_entity);
// Get the title of the article/parent
$new_parent = JRequest::getBool('new_parent', false);
$parent->new = $new_parent;
if ($new_parent) {
$attachment->parent_id = null;
$parent->title = '';
} else {
$parent->title = $parent->getTitle($attachment->parent_id, $parent_entity);
}
// Check to make sure the user has permissions to edit the attachment
if (!$parent->userMayEditAttachment($attachment)) {
// ??? Add better error message
return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 139)');
}
// Double-check to see if the URL changed
$old_url = JRequest::getString('old_url');
if (!$new_uri_type && $old_url && $old_url != $attachment->url) {
$new_uri_type = 'url';
}
// If this is a URL, get settings
$verify_url = false;
$relative_url = false;
if ($new_uri_type == 'url') {
// See if we need to verify the URL (if applicable)
if (JRequest::getWord('verify_url') == 'verify') {
$verify_url = true;
}
// Allow relative URLs?
if (JRequest::getWord('url_relative') == 'relative') {
$relative_url = true;
}
}
// Compute the update time
$now = JFactory::getDate();
// Update create/modify info
$attachment->modified_by = $user->get('id');
$attachment->modified = $now->toSql();
// Upload new file/url and create/update the attachment
$msg = null;
$msgType = 'message';
if ($new_uri_type == 'file') {
// Upload a new file
$result = AttachmentsHelper::upload_file($attachment, $parent, $attachment_id, 'update');
if (is_object($result)) {
$msg = $result->error_msg . ' (ERR 140)';
$msgType = 'error';
} else {
$msg = $result;
}
// NOTE: store() is not needed if upload_file() is called since it does it
} elseif ($new_uri_type == 'url') {
// Upload/add the new URL
$result = AttachmentsHelper::add_url($attachment, $parent, $verify_url, $relative_url, $old_uri_type, $attachment_id);
// NOTE: store() is not needed if add_url() is called since it does it
if (is_object($result)) {
$msg = $result->error_msg . ' (ERR 141)';
$msgType = 'error';
} else {
$msg = $result;
}
} else {
// Extra handling for checkboxes for URLs
if ($attachment->uri_type == 'url') {
// Update the url_relative field
$attachment->url_relative = $relative_url;
$attachment->url_verify = $verify_url;
}
// Remove any extraneous fields
if (isset($attachment->parent_entity_name)) {
unset($attachment->parent_entity_name);
}
// Save the updated attachment info
if (!$attachment->store()) {
$errmsg = $attachment->getError() . ' (ERR 142)';
JError::raiseError(500, $errmsg);
}
}
switch ($this->getTask()) {
case 'apply':
if (!$msg) {
$msg = JText::_('ATTACH_CHANGES_TO_ATTACHMENT_SAVED');
}
$link = 'index.php?option=com_attachments&task=attachment.edit&cid[]=' . (int) $attachment->id;
break;
case 'save':
default:
if (!$msg) {
$msg = JText::_('ATTACH_ATTACHMENT_UPDATED');
}
$link = 'index.php?option=com_attachments';
break;
}
// If invoked from an iframe popup, close it and refresh the attachments list
$from = JRequest::getWord('from');
$known_froms = $parent->knownFroms();
if (in_array($from, $known_froms)) {
// If there has been a problem, alert the user and redisplay
if ($msgType == 'error') {
$errmsg = $msg;
if (DIRECTORY_SEPARATOR == "\\") {
// Fix filename on Windows system so alert can display it
$errmsg = str_replace(DIRECTORY_SEPARATOR, "\\\\", $errmsg);
}
$errmsg = str_replace("'", "\\'", $errmsg);
$errmsg = str_replace("<br />", "\\n", $errmsg);
echo "<script type=\"text/javascript\"> alert('{$errmsg}'); window.history.go(-1); </script>";
exit;
}
// Can only refresh the old parent
if ($parent_changed) {
$parent_type = $old_parent_type;
$parent_entity = $old_parent_entity;
$parent_id = $old_parent_id;
} else {
$parent_id = (int) $attachment->parent_id;
}
// Close the iframe and refresh the attachments list in the parent window
$uri = JFactory::getURI();
$base_url = $uri->base(true);
$lang = JRequest::getCmd('lang', '');
AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $parent_id, $lang, $from);
exit;
}
$this->setRedirect($link, $msg, $msgType);
}
function saveNew()
{
// Check for request forgeries
JRequest::checkToken() or die('Invalid Token');
// Make sure we have a user
$user =& JFactory::getUser();
if ($user->get('username') == '') {
$errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT');
JError::raiseError(500, $errmsg);
}
// Make sure we have a valid article ID
require_once JPATH_BASE . DS . '..' . DS . 'components' . DS . 'com_attachments' . DS . 'helper.php';
$article_id = AttachmentsHelper::valid_article_id($_POST['article_id']);
if ($article_id == -1) {
// Save the warning message for the pop-up window
// ???
// echo "<script>SqueezeBox.fromElement('<a href=\"index.php\"></a>')</script>";
// echo "<script>document.getElementById('sbox-window').open()</script>";
// require_once(JPATH_BASE.DS.'..'.DS.'components'.DS.'com_attachments'.DS.'helper.php');
// $msg = JText::_('ERROR MUST SELECT ARTICLE');
// AttachmentsHelper::save_warning_message($msg);
// $button->set('options', "{handler: 'iframe', size: {x: 400, y: 300}}");
// $link = "index.php?option=com_attachments&task=warning&tmpl=component";
$errmsg = JText::_('ERROR MUST SELECT ARTICLE');
echo "<script> alert('{$errmsg}'); window.history.go(-1); </script>\n";
// exit();
}
// Make sure this user has permission to upload (should never fail with admin?)
require_once JPATH_COMPONENT_SITE . DS . 'permissions.php';
if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) {
$errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD');
JError::raiseError(500, $errmsg);
exit;
}
// Set up the new record
$row =& JTable::getInstance('Attachments', 'Table');
if (!$row->bind(JRequest::get('post'))) {
JError::raiseError(500, $row->getError());
}
$row->uploader_id = $user->get('id');
$row->article_id = $article_id;
// Handle 'from' clause
$from = JRequest::getVar('from', ' (no from)');
$msg = AttachmentsHelper::upload_file($row, $article_id);
// See where to go to next
global $option;
switch ($this->_task) {
case 'applyNew':
$link = 'index.php?option=' . $option . '&task=edit&cid[]=' . $row->id;
break;
case 'saveNew':
default:
$link = 'index.php?option=' . $option;
break;
}
// If called from the editor, go back to it
if ($from == 'editor') {
$link = 'index.php?option=com_content&task=edit&cid[]=' . $article_id;
}
// If we are supposed to close this iframe, do it now.
if ($from == 'closeme') {
echo "<script language=\"javascript\" type=\"text/javascript\">window.parent.document.getElementById('sbox-window').close()</script>";
exit;
}
$this->setRedirect($link, $msg);
}
/**
* Save a new or edited attachment
*/
public function save()
{
// Check for request forgeries
JSession::checkToken() or die(JText::_('JINVALID_TOKEN'));
// Make sure that the user is logged in
$user = JFactory::getUser();
// Get the parameters
jimport('joomla.application.component.helper');
$params = JComponentHelper::getParams('com_attachments');
// Get the article/parent handler
$new_parent = JRequest::getBool('new_parent', false);
$parent_type = JRequest::getCmd('parent_type', 'com_content');
$parent_entity = JRequest::getCmd('parent_entity', 'default');
JPluginHelper::importPlugin('attachments');
$apm = getAttachmentsPluginManager();
if (!$apm->attachmentsPluginInstalled($parent_type)) {
$errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 5)';
JError::raiseError(500, $errmsg);
}
$parent = $apm->getAttachmentsPlugin($parent_type);
$parent_entity = $parent->getCanonicalEntityId($parent_entity);
$parent_entity_name = JText::_('ATTACH_' . $parent_entity);
// Make sure we have a valid parent ID
$parent_id = JRequest::getInt('parent_id', -1);
if (!$new_parent && ($parent_id == 0 || $parent_id == -1 || !$parent->parentExists($parent_id, $parent_entity))) {
$errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_S_ID_N', $parent_entity_name, $parent_id) . ' (ERR 6)';
JError::raiseError(500, $errmsg);
}
// Verify that this user may add attachments to this parent
if (!$parent->userMayAddAttachment($parent_id, $parent_entity, $new_parent)) {
$errmsg = JText::sprintf('ATTACH_ERROR_NO_PERMISSION_TO_UPLOAD_S', $parent_entity_name) . ' (ERR 7)';
JError::raiseError(500, $errmsg);
}
// Get the Itemid
$Itemid = JRequest::getInt('Itemid', 1);
// How to redirect?
$from = JRequest::getWord('from', 'closeme');
$uri = JFactory::getURI();
if ($from) {
if ($from == 'frontpage') {
$redirect_to = $uri->root(true);
} elseif ($from == 'article') {
$redirect_to = JRoute::_("index.php?option=com_content&view=article&id={$parent_id}", False);
} else {
$redirect_to = $uri->root(true);
}
} else {
$redirect_to = $uri->root(true);
}
// See if we should cancel
if ($_POST['submit'] == JText::_('ATTACH_CANCEL')) {
$msg = JText::_('ATTACH_UPLOAD_CANCELED');
$this->setRedirect($redirect_to, $msg);
return;
}
// Figure out if we are uploading or updating
$save_type = JString::strtolower(JRequest::getWord('save_type'));
if (!in_array($save_type, AttachmentsDefines::$LEGAL_SAVE_TYPES)) {
$errmsg = JText::_('ATTACH_ERROR_INVALID_SAVE_PARAMETERS') . ' (ERR 8)';
JError::raiseError(500, $errmsg);
}
// If this is an update, get the attachment id
$attachment_id = false;
if ($save_type == 'update') {
$attachment_id = JRequest::getInt('id');
}
// Bind the info from the form
JTable::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_attachments/tables');
$attachment = JTable::getInstance('Attachment', 'AttachmentsTable');
if ($attachment_id && !$attachment->load($attachment_id)) {
$errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_UPDATE_ATTACHMENT_INVALID_ID_N', $id) . ' (ERR 9)';
JError::raiseError(500, $errmsg);
}
if (!$attachment->bind(JRequest::get('post'))) {
$errmsg = $attachment->getError() . ' (ERR 10)';
JError::raiseError(500, $errmsg);
}
// Note what the old uri type is, if updating
$old_uri_type = null;
if ($save_type == 'update') {
$old_uri_type = $attachment->uri_type;
}
// Figure out what the new URI is
if ($save_type == 'upload') {
// See if we are uploading a file or URL
$new_uri_type = JRequest::getWord('uri_type');
if ($new_uri_type && !in_array($new_uri_type, AttachmentsDefines::$LEGAL_URI_TYPES)) {
// Make sure only legal values are entered
$new_uri_type = '';
}
// Fix the access level
if (!$params->get('allow_frontend_access_editing', false)) {
$attachment->access = $params->get('default_access_level', AttachmentsDefines::$DEFAULT_ACCESS_LEVEL_ID);
}
} elseif ($save_type == 'update') {
// See if we are updating a file or URL
$new_uri_type = JRequest::getWord('update');
if ($new_uri_type && !in_array($new_uri_type, AttachmentsDefines::$LEGAL_URI_TYPES)) {
// Make sure only legal values are entered
$new_uri_type = '';
}
// Since URLs can be edited, we always evaluate them from scratch
if ($new_uri_type == '' && $old_uri_type == 'url') {
$new_uri_type = 'url';
}
// Double-check to see if the URL changed
$old_url = JRequest::getString('old_url');
if (!$new_uri_type && $old_url && $old_url != $attachment->url) {
$new_uri_type = 'url';
}
}
// Get more info about the type of upload/update
$verify_url = false;
$relative_url = false;
if ($new_uri_type == 'url') {
if (JRequest::getWord('verify_url') == 'verify') {
$verify_url = true;
}
if (JRequest::getWord('relative_url') == 'relative') {
$relative_url = true;
}
}
// Handle the various ways this function might get invoked
if ($save_type == 'upload') {
$attachment->created_by = $user->get('id');
$attachment->parent_id = $parent_id;
}
// Update the modified info
$now = JFactory::getDate();
$attachment->modified_by = $user->get('id');
$attachment->modified = $now->toSql();
// Set up a couple of items that the upload function may need
$parent->new = $new_parent;
if ($new_parent) {
$attachment->parent_id = null;
$parent->title = '';
} else {
$attachment->parent_id = $parent_id;
$parent->title = $parent->getTitle($parent_id, $parent_entity);
}
// Upload new file/url and create/update the attachment
if ($new_uri_type == 'file') {
// Upload a new file
$msg = AttachmentsHelper::upload_file($attachment, $parent, $attachment_id, $save_type);
// NOTE: store() is not needed if upload_file() is called since it does it
} elseif ($new_uri_type == 'url') {
$attachment->url_relative = $relative_url;
$attachment->url_verify = $verify_url;
// Upload/add the new URL
$msg = AttachmentsHelper::add_url($attachment, $parent, $verify_url, $relative_url, $old_uri_type, $attachment_id);
// NOTE: store() is not needed if add_url() is called since it does it
} else {
// Save the updated attachment info
if (!$attachment->store()) {
$errmsg = $attachment->getError() . ' (ERR 11)';
JError::raiseError(500, $errmsg);
}
$lang = JFactory::getLanguage();
$lang->load('com_attachments', JPATH_SITE);
$msg = JText::_('ATTACH_ATTACHMENT_UPDATED');
}
// If we are supposed to close this iframe, do it now.
if (in_array($from, $parent->knownFroms())) {
// If there is no parent_id, the parent is being created, use the username instead
if ($new_parent) {
$pid = 0;
} else {
$pid = (int) $parent_id;
}
// Close the iframe and refresh the attachments list in the parent window
$base_url = $uri->root(true);
$lang = JRequest::getCmd('lang', '');
AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $pid, $lang, $from);
exit;
}
$this->setRedirect($redirect_to, $msg);
}
function save()
{
// Check for request forgeries
JRequest::checkToken() or die('Invalid Token');
// Make sure that the caller is logged in
$user =& JFactory::getUser();
if ($user->get('username') == '') {
$errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT');
JError::raiseError(500, $errmsg);
}
// Make sure we have a valid article ID
$article_id = AttachmentsHelper::valid_article_id(JRequest::getVar('article_id', null, 'POST'));
// Verify that this user may add attachments to this article
require_once JPATH_COMPONENT . DS . 'permissions.php';
if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) {
$errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD');
JError::raiseError(500, $errmsg);
}
// Get the Itemid
$Itemid = JRequest::getVar('Itemid', null, 'POST');
if ($Itemid && is_numeric($Itemid)) {
$Itemid = intval($Itemid);
} else {
$Itemid = 1;
}
// How to redirect?
$from = JRequest::getVar('from', false, 'POST');
if ($from) {
if ($from == 'frontpage') {
$redirect_to = JURI::base();
} elseif ($from == 'article') {
$redirect_to = JRoute::_("index.php?option=com_content&view=article&id={$article_id}", False);
} else {
$redirect_to = JURI::base();
}
} else {
$redirect_to = JURI::base();
}
// See if we should cancel
if ($_POST['submit'] == JText::_('CANCEL')) {
$msg = JText::_('UPLOAD CANCELED');
$this->setRedirect($redirect_to, $msg);
return;
}
// If this is an update, get the attachment id
$update = JRequest::getVar('update', false, 'POST');
$attachment_id = false;
if ($update) {
$attachment_id = JRequest::getVar('id', false, 'POST');
}
// Bind the info from the form
$row =& JTable::getInstance('Attachments', 'Table');
if ($attachment_id && !$row->load($attachment_id)) {
$errmsg = JText::_('ERROR CANNOT UPDATE ATTACHMENT INVALID ID') . " ({$id})";
JError::raiseError(500, $errmsg);
exit;
}
if (!$row->bind(JRequest::get('post'))) {
JError::raiseError(500, $row->getError());
}
if (!$update) {
$row->uploader_id = $user->get('id');
$row->article_id = $article_id;
}
// Upload the file
$tmp_name = $_FILES['upload']['tmp_name'];
if ($update) {
$update_file = JRequest::getVar('update_file', false, 'POST');
if ($update_file) {
$msg = AttachmentsHelper::upload_file($row, $article_id, $update, $attachment_id);
// NOTE: store() is not needed if upload_file() is called since it does it
} else {
// Save the updated attachment
if (!$row->store()) {
JError::raiseError(500, $row->getError());
}
$msg = "Attachment updated!";
}
} else {
$msg = AttachmentsHelper::upload_file($row, $article_id, $update);
}
// If we are supposed to close this iframe, do it now.
if ($from == 'closeme') {
// Queue the message
AttachmentsHelper::enqueueSystemMessage($msg);
// Now do the Javascript to close this pop-up window and reload the parent
echo "<script language=\"javascript\" type=\"text/javascript\">\r\n window.parent.document.getElementById('sbox-window').close();\r\n window.parent.location.reload();\r\n </script>";
exit;
}
$this->setRedirect($redirect_to, $msg);
}
