/**
* Delete attachment(s)
*/
public function delete()
{
// Check for request forgeries
JSession::checkToken() or die(JText::_('JINVALID_TOKEN'));
// Get ready
$app = JFactory::getApplication();
jimport('joomla.filesystem.file');
require_once JPATH_SITE . '/components/com_attachments/helper.php';
// Get the attachments parent manager
JPluginHelper::importPlugin('attachments');
$apm = getAttachmentsPluginManager();
// Get attachments to remove from the request
$cid = JRequest::getVar('cid', array(), '', 'array');
$deleted_ids = array();
if (count($cid)) {
$model = $this->getModel('Attachment');
$attachment = $model->getTable();
// Loop through the attachments and delete them one-by-one
foreach ($cid as $attachment_id) {
// Load the attachment object
$id = (int) $attachment_id;
if ($id == 0 or !$attachment->load($id)) {
$errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_ATTACHMENT_ID_N', $id) . ' (ERR 166)';
JError::raiseError(500, $errmsg);
}
$parent_id = $attachment->parent_id;
$parent_type = $attachment->parent_type;
$parent_entity = $attachment->parent_entity;
// Get the article/parent handler
JPluginHelper::importPlugin('attachments');
$apm = getAttachmentsPluginManager();
if (!$apm->attachmentsPluginInstalled($parent_type)) {
$errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 167)';
JError::raiseError(500, $errmsg);
}
$parent = $apm->getAttachmentsPlugin($parent_type);
// If we may not delete it, complain!
if ($parent->userMayDeleteAttachment($attachment)) {
// Delete the actual file
if (JFile::exists($attachment->filename_sys)) {
JFile::delete($attachment->filename_sys);
AttachmentsHelper::clean_directory($attachment->filename_sys);
}
$deleted_ids[] = $id;
} else {
$parent_entity = $parent->getCanonicalEntityId($parent_entity);
$errmsg = JText::sprintf('ATTACH_ERROR_NO_PERMISSION_TO_DELETE_S_ATTACHMENT_S_ID_N', $parent_entity, $attachment->filename, $id);
$app->enqueueMessage($errmsg, 'warning');
}
}
// Delete entries in the attachments table for deleted attachments
if (!empty($deleted_ids)) {
$db = JFactory::getDBO();
$query = $db->getQuery(true);
$query->delete('#__attachments')->where("id IN (" . implode(',', $deleted_ids) . ")");
$db->setQuery($query);
if (!$db->query()) {
$errmsg = $db->getErrorMsg() . ' (ERR 168)';
JError::raiseError(500, $errmsg);
}
}
}
// Figure out how to redirect
$from = JRequest::getWord('from');
$known_froms = array('frontpage', 'article', 'editor', 'closeme');
if (in_array($from, $known_froms)) {
// Get the parent info from the last attachment
$parent_id = $attachment->parent_id;
$parent_type = $attachment->parent_type;
$parent_entity = $attachment->parent_entity;
// Get the article/parent handler
if (!$apm->attachmentsPluginInstalled($parent_type)) {
$errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 169)';
JError::raiseError(500, $errmsg);
}
$parent = $apm->getAttachmentsPlugin($parent_type);
$parent_entity = $parent->getCanonicalEntityId($parent_entity);
// Make sure the parent exists
// NOTE: $parent_id===null means the parent is being created
if ($parent_id !== null && !$parent->parentExists($parent_id, $parent_entity)) {
$parent_entity_name = JText::_('ATTACH_' . $parent_entity);
$errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_S_ID_N', $parent_entity_name, $parent_id) . ' (ERR 170)';
JError::raiseError(500, $errmsg);
}
// If there is no parent_id, the parent is being created, use the username instead
if (!$parent_id) {
$pid = 0;
} else {
$pid = (int) $parent_id;
}
// Close the iframe and refresh the attachments list in the parent window
require_once JPATH_SITE . '/components/com_attachments/javascript.php';
$uri = JFactory::getURI();
$base_url = $uri->base(true);
$lang = JRequest::getCmd('lang', '');
AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $pid, $lang, $from);
exit;
}
$this->setRedirect('index.php?option=' . $this->option);
}
/**
* Save an attachment (from editing)
*/
public function save($key = null, $urlVar = null)
{
// Check for request forgeries
JSession::checkToken() or die(JText::_('JINVALID_TOKEN'));
// Access check.
$user = JFactory::getUser();
if (!($user->authorise('core.edit', 'com_attachments') or $user->authorise('core.edit.own', 'com_attachments'))) {
return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 134)');
}
$model = $this->getModel();
$attachment = $model->getTable();
// Make sure the article ID is valid
$attachment_id = JRequest::getInt('id');
if (!$attachment->load($attachment_id)) {
$errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_UPDATE_ATTACHMENT_INVALID_ID_N', $id) . ' (ERR 135)';
JError::raiseError(500, $errmsg);
}
// Note the old uri type
$old_uri_type = $attachment->uri_type;
// Get the data from the form
if (!$attachment->bind(JRequest::get('post'))) {
$errmsg = $attachment->getError() . ' (ERR 136)';
JError::raiseError(500, $errmsg);
}
// Get the parent handler for this attachment
JPluginHelper::importPlugin('attachments');
$apm = getAttachmentsPluginManager();
if (!$apm->attachmentsPluginInstalled($attachment->parent_type)) {
$errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $attachment->parent_type) . ' (ERR 135B)';
JError::raiseError(500, $errmsg);
}
$parent = $apm->getAttachmentsPlugin($attachment->parent_type);
// See if the parent ID has been changed
$parent_changed = false;
$old_parent_id = JRequest::getString('old_parent_id');
if ($old_parent_id == '') {
$old_parent_id = null;
} else {
$old_parent_id = JRequest::getInt('old_parent_id');
}
// Handle new parents (in process of creation)
if ($parent->newParent($attachment)) {
$attachment->parent_id = null;
}
// Deal with updating an orphaned attachment
if ($old_parent_id == null && is_numeric($attachment->parent_id)) {
$parent_changed = true;
}
// Check for normal parent changes
if ($old_parent_id && $attachment->parent_id != $old_parent_id) {
$parent_changed = true;
}
// See if we are updating a file or URL
$new_uri_type = JRequest::getWord('update');
if ($new_uri_type && !in_array($new_uri_type, AttachmentsDefines::$LEGAL_URI_TYPES)) {
// Make sure only legal values are entered
$new_uri_type = '';
}
// See if the parent type has changed
$new_parent_type = JRequest::getCmd('new_parent_type');
$new_parent_entity = JRequest::getCmd('new_parent_entity');
$old_parent_type = JRequest::getCmd('old_parent_type');
$old_parent_entity = JRequest::getCmd('old_parent_entity');
if ($new_parent_type && ($new_parent_type != $old_parent_type || $new_parent_entity != $old_parent_entity)) {
$parent_changed = true;
}
// If the parent has changed, make sure they have selected the new parent
if ($parent_changed && (int) $attachment->parent_id == -1) {
$errmsg = JText::sprintf('ATTACH_ERROR_MUST_SELECT_PARENT');
echo "<script type=\"text/javascript\"> alert('{$errmsg}'); window.history.go(-1); </script>\n";
exit;
}
// If the parent has changed, switch the parent, rename files if necessary
if ($parent_changed) {
if ($new_uri_type == 'url' && $old_uri_type == 'file') {
// If we are changing parents and converting from file to URL, delete the old file
jimport('joomla.filesystem.file');
// Load the attachment so we can get its filename_sys
$db = JFactory::getDBO();
$query = $db->getQuery(true);
$query->select('filename_sys, id')->from('#__attachments')->where('id=' . (int) $attachment->id);
$db->setQuery($query, 0, 1);
$filename_sys = $db->loadResult();
JFile::delete($filename_sys);
AttachmentsHelper::clean_directory($filename_sys);
} else {
// Otherwise switch the file/url to the new parent
if ($old_parent_id == null) {
$old_parent_id = 0;
// NOTE: When attaching a file to an article during creation,
// the article_id (parent_id) is initially null until
// the article is saved (at that point the
// parent_id/article_id updated). If the attachment is
// added and creating the article is canceled, the
// attachment exists but is orhpaned since it does not
// have a parent. It's article_id is null, but it is
// saved in directory as if its article_id is 0:
// article/0/file.txt. Therefore, if the parent has
// changed, we pretend the old_parent_id=0 for file
// renaming/moving.
}
$error_msg = AttachmentsHelper::switch_parent($attachment, $old_parent_id, $attachment->parent_id, $new_parent_type, $new_parent_entity);
if ($error_msg != '') {
$errmsg = JText::_($error_msg) . ' (ERR 137)';
$link = 'index.php?option=com_attachments';
$this->setRedirect($link, $errmsg, 'error');
return;
}
}
}
// Update parent type/entity, if needed
if ($new_parent_type && $new_parent_type != $old_parent_type) {
$attachment->parent_type = $new_parent_type;
}
if ($new_parent_type && $new_parent_entity != $old_parent_entity) {
$attachment->parent_entity = $new_parent_entity;
}
// Get the article/parent handler
if ($new_parent_type) {
$parent_type = $new_parent_type;
$parent_entity = $new_parent_entity;
} else {
$parent_type = JRequest::getCmd('parent_type', 'com_content');
$parent_entity = JRequest::getCmd('parent_entity', 'default');
}
$parent = $apm->getAttachmentsPlugin($parent_type);
$parent_entity = $parent->getCanonicalEntityId($parent_entity);
// Get the title of the article/parent
$new_parent = JRequest::getBool('new_parent', false);
$parent->new = $new_parent;
if ($new_parent) {
$attachment->parent_id = null;
$parent->title = '';
} else {
$parent->title = $parent->getTitle($attachment->parent_id, $parent_entity);
}
// Check to make sure the user has permissions to edit the attachment
if (!$parent->userMayEditAttachment($attachment)) {
// ??? Add better error message
return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 139)');
}
// Double-check to see if the URL changed
$old_url = JRequest::getString('old_url');
if (!$new_uri_type && $old_url && $old_url != $attachment->url) {
$new_uri_type = 'url';
}
// If this is a URL, get settings
$verify_url = false;
$relative_url = false;
if ($new_uri_type == 'url') {
// See if we need to verify the URL (if applicable)
if (JRequest::getWord('verify_url') == 'verify') {
$verify_url = true;
}
// Allow relative URLs?
if (JRequest::getWord('url_relative') == 'relative') {
$relative_url = true;
}
}
// Compute the update time
$now = JFactory::getDate();
// Update create/modify info
$attachment->modified_by = $user->get('id');
$attachment->modified = $now->toSql();
// Upload new file/url and create/update the attachment
$msg = null;
$msgType = 'message';
if ($new_uri_type == 'file') {
// Upload a new file
$result = AttachmentsHelper::upload_file($attachment, $parent, $attachment_id, 'update');
if (is_object($result)) {
$msg = $result->error_msg . ' (ERR 140)';
$msgType = 'error';
} else {
$msg = $result;
}
// NOTE: store() is not needed if upload_file() is called since it does it
} elseif ($new_uri_type == 'url') {
// Upload/add the new URL
$result = AttachmentsHelper::add_url($attachment, $parent, $verify_url, $relative_url, $old_uri_type, $attachment_id);
// NOTE: store() is not needed if add_url() is called since it does it
if (is_object($result)) {
$msg = $result->error_msg . ' (ERR 141)';
$msgType = 'error';
} else {
$msg = $result;
}
} else {
// Extra handling for checkboxes for URLs
if ($attachment->uri_type == 'url') {
// Update the url_relative field
$attachment->url_relative = $relative_url;
$attachment->url_verify = $verify_url;
}
// Remove any extraneous fields
if (isset($attachment->parent_entity_name)) {
unset($attachment->parent_entity_name);
}
// Save the updated attachment info
if (!$attachment->store()) {
$errmsg = $attachment->getError() . ' (ERR 142)';
JError::raiseError(500, $errmsg);
}
}
switch ($this->getTask()) {
case 'apply':
if (!$msg) {
$msg = JText::_('ATTACH_CHANGES_TO_ATTACHMENT_SAVED');
}
$link = 'index.php?option=com_attachments&task=attachment.edit&cid[]=' . (int) $attachment->id;
break;
case 'save':
default:
if (!$msg) {
$msg = JText::_('ATTACH_ATTACHMENT_UPDATED');
}
$link = 'index.php?option=com_attachments';
break;
}
// If invoked from an iframe popup, close it and refresh the attachments list
$from = JRequest::getWord('from');
$known_froms = $parent->knownFroms();
if (in_array($from, $known_froms)) {
// If there has been a problem, alert the user and redisplay
if ($msgType == 'error') {
$errmsg = $msg;
if (DIRECTORY_SEPARATOR == "\\") {
// Fix filename on Windows system so alert can display it
$errmsg = str_replace(DIRECTORY_SEPARATOR, "\\\\", $errmsg);
}
$errmsg = str_replace("'", "\\'", $errmsg);
$errmsg = str_replace("<br />", "\\n", $errmsg);
echo "<script type=\"text/javascript\"> alert('{$errmsg}'); window.history.go(-1); </script>";
exit;
}
// Can only refresh the old parent
if ($parent_changed) {
$parent_type = $old_parent_type;
$parent_entity = $old_parent_entity;
$parent_id = $old_parent_id;
} else {
$parent_id = (int) $attachment->parent_id;
}
// Close the iframe and refresh the attachments list in the parent window
$uri = JFactory::getURI();
$base_url = $uri->base(true);
$lang = JRequest::getCmd('lang', '');
AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $parent_id, $lang, $from);
exit;
}
$this->setRedirect($link, $msg, $msgType);
}
/**
* Delete an attachment
*/
public function delete()
{
$db = JFactory::getDBO();
// Make sure we have a valid attachment ID
$id = JRequest::getInt('id');
if (is_numeric($id)) {
$id = (int) $id;
} else {
$errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_ATTACHMENT_ID_N', $id) . ' (ERR 13)';
JError::raiseError(500, $errmsg);
}
// Get the attachment info
require_once JPATH_COMPONENT_SITE . '/models/attachment.php';
$model = new AttachmentsModelAttachment();
$model->setId($id);
$attachment = $model->getAttachment();
if (!$attachment) {
$errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_ATTACHMENT_ID_N', $id) . ' (ERR 14)';
JError::raiseError(500, $errmsg);
}
$filename_sys = $attachment->filename_sys;
$filename = $attachment->filename;
$parent_id = $attachment->parent_id;
$parent_type = $attachment->parent_type;
$parent_entity = $attachment->parent_entity;
// Get the article/parent handler
JPluginHelper::importPlugin('attachments');
$apm = getAttachmentsPluginManager();
if (!$apm->attachmentsPluginInstalled($parent_type)) {
$errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 15)';
JError::raiseError(500, $errmsg);
}
$parent = $apm->getAttachmentsPlugin($parent_type);
$parent_entity_name = JText::_('ATTACH_' . $parent_entity);
// Check to make sure we can edit it
if (!$parent->userMayDeleteAttachment($attachment)) {
return JError::raiseError(404, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 16)');
}
// Make sure the parent exists
// NOTE: $parent_id===null means the parent is being created
if ($parent_id !== null && !$parent->parentExists($parent_id, $parent_entity)) {
$errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_S_ID_N', $parent_entity_name, $parent_id) . ' (ERR 17)';
JError::raiseError(500, $errmsg);
}
// See if this user can edit (or delete) the attachment
if (!$parent->userMayDeleteAttachment($attachment)) {
$errmsg = JText::sprintf('ATTACH_ERROR_NO_PERMISSION_TO_DELETE_S', $parent_entity_name) . ' (ERR 18)';
JError::raiseError(500, $errmsg);
}
// First delete the actual attachment files (if any)
if ($filename_sys) {
jimport('joomla.filesystem.file');
if (JFile::exists($filename_sys)) {
JFile::delete($filename_sys);
}
}
// Delete the entries in the attachments table
$query = $db->getQuery(true);
$query->delete('#__attachments')->where('id = ' . (int) $id);
$db->setQuery($query);
if (!$db->query()) {
$errmsg = $db->getErrorMsg() . ' (ERR 19)';
JError::raiseError(500, $errmsg);
}
// Clean up after ourselves
AttachmentsHelper::clean_directory($filename_sys);
// Get the Itemid
$Itemid = JRequest::getInt('Itemid', 1);
$msg = JText::_('ATTACH_DELETED_ATTACHMENT') . " '{$filename}'";
// Figure out how to redirect
$from = JRequest::getWord('from', 'closeme');
$uri = JFactory::getURI();
if (in_array($from, $parent->knownFroms())) {
// If there is no parent_id, the parent is being created, use the username instead
if (!$parent_id) {
$pid = 0;
} else {
$pid = (int) $parent_id;
}
// Close the iframe and refresh the attachments list in the parent window
$base_url = $uri->root(true);
$lang = JRequest::getCmd('lang', '');
AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $pid, $lang, $from);
exit;
} else {
$redirect_to = $uri->root(true);
}
$this->setRedirect($redirect_to, $msg);
}
