/** * Do a batch send */ function send($total = 100) { $mailqModel = CFactory::getModel('mailq'); $userModel = CFactory::getModel('user'); $mails = $mailqModel->get($total); $jconfig = JFactory::getConfig(); $mailer = JFactory::getMailer(); $config = CFactory::getConfig(); $senderEmail = $jconfig->getValue('mailfrom'); $senderName = $jconfig->getValue('fromname'); if (empty($mails)) { return; } CFactory::load('helpers', 'string'); foreach ($mails as $row) { // @rule: only send emails that is valid. // @rule: make sure recipient is not blocked! $userid = $userModel->getUserFromEmail($row->recipient); $user = CFactory::getUser($userid); if (!$user->isBlocked() && !JString::stristr($row->recipient, 'foo.bar')) { $mailer->setSender(array($senderEmail, $senderName)); $mailer->addRecipient($row->recipient); $mailer->setSubject($row->subject); $tmpl = new CTemplate(); $raw = isset($row->params) ? $row->params : ''; $params = new JParameter($row->params); $base = $config->get('htmlemail') ? 'email.html' : 'email.text'; if ($config->get('htmlemail')) { $row->body = JString::str_ireplace(array("\r\n", "\r", "\n"), '<br />', $row->body); $mailer->IsHTML(true); } else { //@rule: Some content might contain 'html' tags. Strip them out since this mail should never contain html tags. $row->body = CStringHelper::escape(strip_tags($row->body)); } $tmpl->set('content', $row->body); $tmpl->set('template', rtrim(JURI::root(), '/') . '/components/com_community/templates/' . $config->get('template')); $tmpl->set('sitename', $config->get('sitename')); $row->body = $tmpl->fetch($base); // Replace any occurences of custom variables within the braces scoe { } if (!empty($row->body)) { preg_match_all("/{(.*?)}/", $row->body, $matches, PREG_SET_ORDER); foreach ($matches as $val) { $replaceWith = $params->get($val[1], null); //if the replacement start with 'index.php', we can CRoute it if (strpos($replaceWith, 'index.php') === 0) { $replaceWith = CRoute::getExternalURL($replaceWith); } if (!is_null($replaceWith)) { $row->body = JString::str_ireplace($val[0], $replaceWith, $row->body); } } } unset($tmpl); $mailer->setBody($row->body); $mailer->send(); } $mailqModel->markSent($row->id); $mailer->ClearAllRecipients(); } }
public static function ejaxPostToArray($params) { $post = array(); foreach($params as $item) { $pair = explode('=', $item); if( isset( $pair[ 0 ] ) && isset( $pair[ 1 ] ) ) { $key = $pair[0]; $value = KomentoStringHelper::ejaxUrlDecode( $pair[ 1 ] ); if( JString::stristr( $key , '[]' ) !== false ) { $key = JString::str_ireplace( '[]' , '' , $key ); $post[ $key ][] = $value; } else { $post[ $key ] = $value; } } } return $post; }
public function toFormat( $format='%Y-%m-%d %H:%M:%S' ) { if( Komento::joomlaVersion() >= '3.0' ) { if( JString::stristr( $format, '%' ) !== false ) { Komento::import( 'helper', 'date' ); $format = KomentoDateHelper::strftimeToDate( $format ); } return $this->date->format( $format, true ); } else { // There is no way to have cross version working, except for detecting % in the format if( JString::stristr( $format , '%' ) === false ) { if( Komento::isJoomla15() ) { // forced fallback for Joomla 15 if format doesn't have % $format = '%c'; } else { return $this->date->format( $format , true ); } } return $this->date->toFormat( $format, true ); } }
public function setImage($path, $type = 'thumb') { CError::assert($path, '', '!empty', __FILE__, __LINE__); $db = $this->getDBO(); // Fix the back quotes $path = CString::str_ireplace('\\', '/', $path); $type = JString::strtolower($type); // Test if the record exists. $oldFile = $this->{$type}; if ($db->getErrorNum()) { JError::raiseError(500, $db->stderr()); } if ($oldFile) { // File exists, try to remove old files first. $oldFile = CString::str_ireplace('/', '/', $oldFile); // If old file is default_thumb or default, we should not remove it. // // Need proper way to test it if (!JString::stristr($oldFile, 'group.jpg') && !JString::stristr($oldFile, 'group_thumb.jpg') && !JString::stristr($oldFile, 'default.jpg') && !JString::stristr($oldFile, 'default_thumb.jpg')) { jimport('joomla.filesystem.file'); JFile::delete($oldFile); } } $this->{$type} = $path; $this->store(); }
public function ajaxChangeTemplate($templateName) { $response = new JAXResponse(); if ($templateName == 'none') { // Previously user might already selected a template, hide the files $response->addScriptCall('azcommunity.resetTemplateFiles();'); // Close all files if it is already editing $response->addScriptCall('azcommunity.resetTemplateForm();'); } else { $html = '<div id="template-files">'; $html .= '<h3>' . JText::_('COM_COMMUNITY_SELECT_FILE') . '</h3>'; $templatePath = COMMUNITY_BASE_PATH . '/templates/' . JString::strtolower($templateName); $files = array(); if ($handle = @opendir($templatePath)) { while (false !== ($file = readdir($handle))) { $filePath = $templatePath . '/' . $file; // Do not get '.' or '..' or '.svn' since we only want folders. if ($file != '.' && $file != '..' && $file != '.svn' && !JString::stristr($file, '.js') && !is_dir($filePath)) { $files[] = $file; } } } sort($files); $html .= '<select name="file" onchange="azcommunity.editTemplate(\'' . $templateName . '\',this.value);">'; $html .= '<option value="none" selected="true">' . JText::_('COM_COMMUNITY_SELECT_FILE') . '</option>'; for ($i = 0; $i < count($files); $i++) { $html .= '<option value="' . $files[$i] . '">' . $files[$i] . '</option>'; } $html .= '</select>'; $html .= '</div>'; $response->addAssign('templates-files-container', 'innerHTML', $html); } return $response->sendResponse(); }
function Quick2cartParseRoute($segments) { $site = JFactory::getApplication(); $vars = array(); $menu = $site->getMenu(); $selectedMenu = $menu->getActive(); $storeURL_text = JText::_('QTC_VANITY_PAGE'); // We need to grab the store id first see if the first segment is a store $count = count($segments); if (!empty($count)) { $alias = $segments[0]; $storeid = ''; if (!empty($alias)) { // Check if this store exists in the alias $storeid = Quick2cartGetStoreId($alias); // Joomla converts ':' to '-' when encoding and during decoding, // it converts '-' to ':' back for the query string which will break things // if the alias has '-'. So we do not have any choice apart from // testing both this values until Joomla tries to fix this if (!$storeid && JString::stristr($alias, ':')) { $storeid = Quick2cartGetStoreId($alias); //CString::str_ireplace(':', '-', $alias)); } } if (!$storeid) { if (isset($segments[1]) && $segments[1] == $storeURL_text) { return JError::raiseError(404, JText::_('QTC_STORE_NOT_FOUND')); } } if ($storeid != 0) { array_shift($segments); $vars['store_id'] = $storeid; // if empty, we should display the user's profile if (empty($segments)) { $vars['view'] = 'vendor'; $vars['layout'] = 'store'; } } } $count = count($segments); if ($storeid != 0 && isset($selectedMenu) && $selectedMenu->query['view'] == 'category') { // We know this is a frontpage view in the menu, try to get the // view from the segments instead. if ($count > 0) { $vars['view'] = 'vendor'; if ($segments[0] == $storeURL_text) { $vars['layout'] = 'store'; } else { $vars['layout'] = $selectedMenu->query['layout']; } if (!empty($segments[1])) { $vars['task'] = $segments[1]; } } } return $vars; }
/** * Method to test for a valid color in hexadecimal. * * @param SimpleXMLElement &$element The SimpleXMLElement object representing the <field /> tag for the form field object. * @param mixed $value The form field value to validate. * @param string $group The field name group control value. This acts as as an array container for the field. * For example if the field has name="foo" and the group value is set to "bar" then the * full field name would end up being "bar[foo]". * @param object &$input An optional JRegistry object with the entire data set to validate against the entire form. * @param object &$form The form object for which the field is being tested. * * @return boolean True if the value is valid, false otherwise. */ public function test(&$element, $value, $group = null, &$input = null, &$form = null) { $params = JComponentHelper::getParams('com_contact'); $banned = $params->get('banned_subject'); foreach (explode(';', $banned) as $item) { if (JString::stristr($item, $value) !== false) { return false; } } return true; }
public function toFormat($format = '%Y-%m-%d %H:%M:%S') { if (DiscussHelper::getJoomlaVersion() >= '1.6') { if (JString::stristr($format, '%') !== false) { $format = DiscussHelper::getHelper('date')->strftimeToDate($format); } return $this->date->format($format); } else { return $this->date->toFormat($format); } }
public static function getInstance() { $suffix = JString::stristr(XiptHelperJomsocial::get_js_version(), 2.0) ? "Js20" : "Js18"; $classname = "XiptFieldsTemplates" . JString::ucfirst($suffix); if (class_exists($classname, true) === false) { XiptError::raiseError(__CLASS__ . '.' . __LINE__, XiptText::_("{$className} : CLASS_NOT_FOUND")); return false; } $instance = new $classname(); return $instance; }
/** * Method to test for a banned subject * * @param SimpleXMLElement $element The SimpleXMLElement object representing the <field /> tag for the form field object. * @param mixed $value The form field value to validate. * @param string $group The field name group control value. This acts as as an array container for the field. * For example if the field has name="foo" and the group value is set to "bar" then the * full field name would end up being "bar[foo]". * @param JRegistry $input An optional JRegistry object with the entire data set to validate against the entire form. * @param JForm $form The form object for which the field is being tested. * * @return boolean True if the value is valid, false otherwise */ public function test(SimpleXMLElement $element, $value, $group = null, JRegistry $input = null, JForm $form = null) { $params = JComponentHelper::getParams('com_contact'); $banned = $params->get('banned_subject'); if ($banned) { foreach (explode(';', $banned) as $item) { if ($item != '' && JString::stristr($value, $item) !== false) { return false; } } } return true; }
function checkAclApplicable(&$data) { $session = JFactory::getSession(); $permission = $this->aclparams->get('upload_avatar_at_registration', false); $post = JRequest::get('post'); // When user login then force to upload avatar $userId = JFactory::getUser()->id; if (!empty($userId) && $data['task'] === 'logout') { $session->clear('uploadAvatar', 'XIPT'); return false; } if (!empty($userId) && $data['task'] !== 'uploadavatar') { //get login user avatar $userAvatar = CFactory::getUser($userId)->_avatar; //if avatar is deafaul then force to upload avatar if (JString::stristr($userAvatar, 'components/com_community/assets/default.jpg') || empty($userAvatar)) { $session->set('uploadAvatar', true, 'XIPT'); return true; } else { return false; } } if ($permission && $session->get('uploadAvatar', false, 'XIPT') && isset($post['action']) && $post['action'] === 'doUpload') { $session->clear('uploadAvatar', 'XIPT'); $session->clear('sessionpt', 'XIPT'); } //if user login and have a avatar then not apply if ($userId && $permission) { return false; } //On Registeration Time:: if user come to uoload avatr then all link are disable untill user not upload avatar if ($permission && $session->get('uploadAvatar', false, 'XIPT') && $data['task'] !== 'registeravatar') { return true; } // When not registered than dont follow this rule until reach at upload avatar page through ragistration if ('com_community' != $data['option'] && 'community' != $data['option']) { return false; } // Set session variable at registration time if ('register' == $data['view'] && $data['task'] === 'registeravatar') { if (!isset($post['action']) || isset($post['action']) && $post['action'] != 'doUpload') { $session->set('uploadAvatar', true, 'XIPT'); } //XiTODO::add javascript for Click on upload button with image path.(without image-path does nt submit form) } // if you click on "SKIP" url then apply rule and not redirect to success if ($permission && 'register' == $data['view'] && $data['task'] == 'registersucess' && $session->get('uploadAvatar', false, 'XIPT')) { return true; } return false; }
public function test(&$element, $value, $group = null, &$input = null, &$form = null) { if (!parent::test($element, $value, $group, $input, $form)) { return false; } $params = JComponentHelper::getParams('com_contact'); $banned = $params->get('banned_email'); foreach (explode(';', $banned) as $item) { if ($item != '' && JString::stristr($value, $item) !== false) { return false; } } return true; }
protected function do_filter($var) { if (is_string($this->strings)) { $this->strings = array($this->strings); } foreach ($this->strings as $word) { // Check for custom replacement $customReplacement = ''; if (JString::stristr($word, '=')) { $tmp = explode('=', $word); $customReplacement = JString::trim($tmp[1]); $word = JString::trim($tmp[0]); } // $word = preg_replace('#[^A-Za-z0-9\*\$\^]#', '', JString::trim($word)); $replacement = ''; if (JString::stristr($word, '*') === false && JString::stristr($word, '$') === false && JString::stristr($word, '^') === false) { $str = JString::strlen($word); $first = $this->keep_first_last ? $word[0] : ''; $str = $this->keep_first_last ? $str - 2 : $str; $last = $this->keep_first_last ? $word[JString::strlen($word) - 1] : ''; if ($customReplacement == '') { $replacement = str_repeat('*', $str); } else { $replacement = $customReplacement; } if ($this->replace_matches_inside_words) { $var = JString::str_replace($word, $first . $replacement . $last, $var); } else { $var = preg_replace('/\\b' . $word . '\\b/ui', $first . $replacement . $last, $var); } } else { // Rebuiling the regex $keySearch = array('/\\*/ms', '/\\$/ms'); $keyReplace = array('%', '#'); $word = preg_replace($keySearch, $keyReplace, $word); $keySearch = array('/\\%/ms', '/\\#/ms'); $keyReplace = array('.?', '.*?'); $word = preg_replace($keySearch, $keyReplace, $word); if ($customReplacement != '') { $replacement = str_repeat('*', JString::strlen($word)); } else { $replacement = $customReplacement; } $var = preg_replace('/\\b' . $word . '\\b/uims', $replacement, $var); } } return $var; }
/** * Method to test for banned e-mail addresses * * @param SimpleXMLElement $element The SimpleXMLElement object representing the <field /> tag for the form field object. * @param mixed $value The form field value to validate. * @param string $group The field name group control value. This acts as as an array container for the field. * For example if the field has name="foo" and the group value is set to "bar" then the * full field name would end up being "bar[foo]". * @param Registry $input An optional Registry object with the entire data set to validate against the entire form. * @param JForm $form The form object for which the field is being tested. * * @return boolean True if the value is valid, false otherwise. */ public function test(SimpleXMLElement $element, $value, $group = null, Registry $input = null, JForm $form = null) { if (!parent::test($element, $value, $group, $input, $form)) { return false; } $params = JComponentHelper::getParams('com_proveedor'); $banned = $params->get('banned_email'); if ($banned) { foreach (explode(';', $banned) as $item) { if ($item != '' && JString::stristr($value, $item) !== false) { return false; } } } return true; }
public static function valid($permalink, $params) { if (empty($permalink) || preg_match("#[<>\"'%;()\\!&_@\\. ]#i", $permalink)) { return false; } $forbidden = $params->get('forbidden'); if (!empty($forbidden)) { $words = explode(',', $forbidden); foreach ($words as $word) { $word = trim($word); if (JString::stristr($permalink, $word) !== false) { return false; } } } return true; }
/** * Display the button * * @return array A two element array of ( imageName, textToInsert ) */ function onDisplay($name) { JHTML::_('behavior.modal'); $doc =& JFactory::getDocument(); $lang =& JFactory::getLanguage(); // Button image $base = JURI::root(); $inAdmin = JString::stristr($base, 'administrator/') !== false; $assets = $inAdmin ? 'components/com_linkr/assets/' : 'administrator/components/com_linkr/assets/'; $assets = $base . $assets; $button = $lang->get('rtl', 0) == 1 ? $assets . 'button-rtl.png' : $assets . 'button.png'; $doc->addStyleDeclaration('.button2-left .linkr{background:url(' . $button . ') 100% 0 no-repeat;}'); $link = 'index.php?option=com_linkr&view=articles&tmpl=component&e_name=' . $name; $button = new JObject(); $button->set('modal', true); $button->set('link', $link); $button->set('text', JText::_('Link Article')); $button->set('name', 'linkr'); $button->set('options', "{handler:'iframe',size:{x:570,y:350}}"); return $button; }
/** * Shares a new content on LinkedIn **/ public function share($blog, $message = '', $oauth, $useSystem = false) { $message = $this->processMessage($message, $blog); $content = $blog->intro . $blog->content; $content = EasyBlogHelper::getHelper('Videos')->strip($content); if ($blog->getImage()) { $image = $blog->getImage()->getSource('frontpage'); } if (empty($image)) { $pattern = '/<\\s*img [^\\>]*src\\s*=\\s*[\\""\']?([^\\""\'\\s>]*)/i'; preg_match($pattern, $content, $matches); $image = ''; if (isset($matches[1])) { $image = $matches[1]; if (JString::stristr($matches[1], 'http://') === false && !empty($image)) { $image = rtrim(JURI::root(), '/') . '/' . ltrim($image, '/'); } } } $text = strip_tags($content); // Linkedin now restricts the message and text size. $message = JString::substr($message, 0, 700); $text = JString::substr($text, 0, 256); $content = array('title' => $blog->title, 'comment' => $message, 'submitted-url' => EasyBlogRouter::getRoutedURL('index.php?option=com_easyblog&view=entry&id=' . $blog->id, false, true), 'submitted-image-url' => $image, 'description' => $text, 'visibility' => 'anyone'); // Share to the person's account $status = parent::sharePost('new', $content, true, false); // Let's determine if we should auto post to company pages. $config = EasyBlogHelper::getConfig(); $companies = trim($config->get('integrations_linkedin_company')); if (!empty($companies) && $useSystem) { $companies = explode(',', $companies); // Share to company pages. foreach ($companies as $company) { $status = parent::sharePost('new', $content, true, false, array($company)); } } return true; }
/** * Checks an object for search terms (after stripping fields of HTML) * * @param object The object to check * @param string Search words to check for * @param array List of object variables to check against * @returns boolean True if searchTerm is in object, false otherwise */ function checkNoHtml($object, $searchTerm, $fields) { $searchRegex = array('#<script[^>]*>.*?</script>#si', '#<style[^>]*>.*?</style>#si', '#<!.*?(--|]])>#si', '#<[^>]*>#i'); $terms = explode(' ', $searchTerm); if (empty($fields)) { return false; } foreach ($fields as $field) { if (!isset($object->{$field})) { continue; } $text = $object->{$field}; foreach ($searchRegex as $regex) { $text = preg_replace($regex, '', $text); } foreach ($terms as $term) { if (JString::stristr($text, $term) !== false) { return true; } } } return false; }
function parseRRULE($value, $parent) { $result = array(); $parts = explode(';', $value); foreach ($parts as $part) { if (JString::strlen($part) == 0) { continue; } $portion = explode('=', $part); if (JString::stristr($portion[0], "UNTIL")) { $untilArray = $this->handleDate($portion[0], $portion[1]); $result[$untilArray[0]] = $untilArray[1]; $result[$untilArray[2]] = $untilArray[3]; } else { $result[$portion[0]] = $portion[1]; } } return $result; }
/** * format guess link type * * @param string $value * @param array data * @param int repeat counter */ function _guessLinkType(&$value, $data, $repeatCounter = 0) { $params = $this->getParams(); $guessed = false; if ($params->get('guess_linktype') == '1') { jimport('joomla.mail.helper'); $target = $this->guessLinkTarget(); if (JMailHelper::isEmailAddress($value)) { $value = JHTML::_('email.cloak', $value); $guessed = true; } else { if (JString::stristr($value, 'http')) { $value = '<a href="' . $value . '"' . $target . '>' . $value . '</a>'; $guessed = true; } else { if (JString::stristr($value, 'www.')) { $value = '<a href="http://' . $value . '"' . $target . '>' . $value . '</a>'; $guessed = true; } } } } // $$$ hugh - this gets done in $listModel->_addLink(), called from element parent::renderListData() /* if (!$guessed) { $this->addCustomLink($value, $data, $repeatCounter); } */ }
public static function wordFilter($text) { $config = DiscussHelper::getConfig(); if (empty($text)) { return $text; } if (trim($text) == '') { return $text; } if ($config->get('main_filterbadword', 1) && $config->get('main_filtertext', '') != '') { require_once DISCUSS_HELPERS . '/filter.php'; // filter out bad words. $bwFilter = new BadWFilter(); $textToBeFilter = explode(',', $config->get('main_filtertext')); // lets do some AI here. for each string, if there is a space, // remove the space and make it as a new filter text. if (count($textToBeFilter) > 0) { $newFilterSet = array(); foreach ($textToBeFilter as $item) { if (JString::stristr($item, ' ') !== false) { $newKeyWord = JString::str_ireplace(' ', '', $item); $newFilterSet[] = $newKeyWord; } } // foreach if (count($newFilterSet) > 0) { $tmpNewFitler = array_merge($textToBeFilter, $newFilterSet); $textToBeFilter = array_unique($tmpNewFitler); } } //end if $bwFilter->strings = $textToBeFilter; //to be filtered text $bwFilter->text = $text; $new_text = $bwFilter->filter(); $text = $new_text; } return $text; }
public function getReferences() { if (!isset($this->_data['references'])) { $references = array(); $pattern = '/params_references[0-9]=(.*)/i'; preg_match_all($pattern, $this->params, $matches); if (!empty($matches[1])) { foreach ($matches[1] as $reference) { $reference = JString::str_ireplace('"', '', $reference); $reference = JString::stristr($reference, 'http') === false ? 'http://' . $reference : $reference; $references[] = $reference; } } $this->_data['references'] = $references; } return $this->_data['references']; }
function onAfterInitialise() { // Determine Joomla! version if (version_compare(JVERSION, '3.0', 'ge')) { define('K2_JVERSION', '30'); } else { if (version_compare(JVERSION, '2.5', 'ge')) { define('K2_JVERSION', '25'); } else { define('K2_JVERSION', '15'); } } // Define the DS constant under Joomla! 3.0 if (!defined('DS')) { define('DS', DIRECTORY_SEPARATOR); } // Import Joomla! classes jimport('joomla.filesystem.file'); jimport('joomla.filesystem.folder'); jimport('joomla.application.component.controller'); jimport('joomla.application.component.model'); jimport('joomla.application.component.view'); // Get application $mainframe = JFactory::getApplication(); // Load the K2 classes JLoader::register('K2Table', JPATH_ADMINISTRATOR . '/components/com_k2/tables/table.php'); JLoader::register('K2Controller', JPATH_BASE . '/components/com_k2/controllers/controller.php'); JLoader::register('K2Model', JPATH_ADMINISTRATOR . '/components/com_k2/models/model.php'); if ($mainframe->isSite()) { K2Model::addIncludePath(JPATH_SITE . DS . 'components' . DS . 'com_k2' . DS . 'models'); } else { // Fix warning under Joomla! 1.5 caused by conflict in model names if (K2_JVERSION != '15' || K2_JVERSION == '15' && JRequest::getCmd('option') != 'com_users') { K2Model::addIncludePath(JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'models'); } } JLoader::register('K2View', JPATH_ADMINISTRATOR . '/components/com_k2/views/view.php'); JLoader::register('K2HelperHTML', JPATH_ADMINISTRATOR . '/components/com_k2/helpers/html.php'); // Community Builder integration $componentParams = JComponentHelper::getParams('com_k2'); if ($componentParams->get('cbIntegration') && JFile::exists(JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_comprofiler' . DS . 'plugin.foundation.php')) { define('K2_CB', true); global $_CB_framework; require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_comprofiler' . DS . 'plugin.foundation.php'; cbimport('cb.html'); cbimport('language.front'); } else { define('K2_CB', false); } // Define the default Itemid for users and tags. Defined here instead of the K2HelperRoute for performance reasons. // UPDATE : Removed. All K2 links without Itemid now use the anyK2Link defined in the router helper. // define('K2_USERS_ITEMID', $componentParams->get('defaultUsersItemid')); // define('K2_TAGS_ITEMID', $componentParams->get('defaultTagsItemid')); // Define JoomFish compatibility version. if (JFile::exists(JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_joomfish' . DS . 'joomfish.php')) { if (K2_JVERSION == '15') { $db = JFactory::getDBO(); $config = JFactory::getConfig(); $prefix = $config->getValue('config.dbprefix'); if (array_key_exists($prefix . '_jf_languages_ext', $db->getTableList())) { define('K2_JF_ID', 'lang_id'); } else { define('K2_JF_ID', 'id'); } } else { define('K2_JF_ID', 'lang_id'); } } /* if(JRequest::getCmd('option')=='com_k2' && JRequest::getCmd('task')=='save' && !$mainframe->isAdmin()){ $dispatcher = JDispatcher::getInstance(); foreach($dispatcher->_observers as $observer){ if($observer->_name=='jfdatabase' || $observer->_name=='jfrouter' || $observer->_name=='missing_translation'){ $dispatcher->detach($observer); } } } */ // Use K2 to make Joomla! Varnish-friendly // For more checkout: https://snipt.net/fevangelou/the-perfect-varnish-configuration-for-joomla-websites/ $user = JFactory::getUser(); if (!$user->guest) { JResponse::setHeader('X-Logged-In', 'True', true); } else { JResponse::setHeader('X-Logged-In', 'False', true); } if (!$mainframe->isAdmin()) { return; } $option = JRequest::getCmd('option'); $task = JRequest::getCmd('task'); $type = JRequest::getCmd('catid'); if ($option != 'com_joomfish') { return; } if (!JFile::exists(JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'lib' . DS . 'JSON.php')) { return; } JPlugin::loadLanguage('com_k2', JPATH_ADMINISTRATOR); JTable::addIncludePath(JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'tables'); require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_k2' . DS . 'lib' . DS . 'JSON.php'; // Joom!Fish if ($option == 'com_joomfish' && ($task == 'translate.apply' || $task == 'translate.save') && $type == 'k2_items') { $language_id = JRequest::getInt('select_language_id'); $reference_id = JRequest::getInt('reference_id'); $objects = array(); $variables = JRequest::get('post'); foreach ($variables as $key => $value) { if ((bool) JString::stristr($key, 'K2ExtraField_')) { $object = new JObject(); $object->set('id', JString::substr($key, 13)); $object->set('value', $value); unset($object->_errors); $objects[] = $object; } } $json = new Services_JSON(); $extra_fields = $json->encode($objects); $extra_fields_search = ''; foreach ($objects as $object) { $extra_fields_search .= $this->getSearchValue($object->id, $object->value); $extra_fields_search .= ' '; } $user = JFactory::getUser(); $db = JFactory::getDBO(); $query = "SELECT COUNT(*) FROM #__jf_content WHERE reference_field = 'extra_fields' AND language_id = {$language_id} AND reference_id = {$reference_id} AND reference_table='k2_items'"; $db->setQuery($query); $result = $db->loadResult(); if ($result > 0) { $query = "UPDATE #__jf_content SET value=" . $db->Quote($extra_fields) . " WHERE reference_field = 'extra_fields' AND language_id = {$language_id} AND reference_id = {$reference_id} AND reference_table='k2_items'"; $db->setQuery($query); $db->query(); } else { $modified = date("Y-m-d H:i:s"); $modified_by = $user->id; $published = JRequest::getVar('published', 0); $query = "INSERT INTO #__jf_content (`id`, `language_id`, `reference_id`, `reference_table`, `reference_field` ,`value`, `original_value`, `original_text`, `modified`, `modified_by`, `published`) VALUES (NULL, {$language_id}, {$reference_id}, 'k2_items', 'extra_fields', " . $db->Quote($extra_fields) . ", '','', " . $db->Quote($modified) . ", {$modified_by}, {$published} )"; $db->setQuery($query); $db->query(); } $query = "SELECT COUNT(*) FROM #__jf_content WHERE reference_field = 'extra_fields_search' AND language_id = {$language_id} AND reference_id = {$reference_id} AND reference_table='k2_items'"; $db->setQuery($query); $result = $db->loadResult(); if ($result > 0) { $query = "UPDATE #__jf_content SET value=" . $db->Quote($extra_fields_search) . " WHERE reference_field = 'extra_fields_search' AND language_id = {$language_id} AND reference_id = {$reference_id} AND reference_table='k2_items'"; $db->setQuery($query); $db->query(); } else { $modified = date("Y-m-d H:i:s"); $modified_by = $user->id; $published = JRequest::getVar('published', 0); $query = "INSERT INTO #__jf_content (`id`, `language_id`, `reference_id`, `reference_table`, `reference_field` ,`value`, `original_value`, `original_text`, `modified`, `modified_by`, `published`) VALUES (NULL, {$language_id}, {$reference_id}, 'k2_items', 'extra_fields_search', " . $db->Quote($extra_fields_search) . ", '','', " . $db->Quote($modified) . ", {$modified_by}, {$published} )"; $db->setQuery($query); $db->query(); } } if ($option == 'com_joomfish' && ($task == 'translate.edit' || $task == 'translate.apply') && $type == 'k2_items') { if ($task == 'translate.edit') { $cid = JRequest::getVar('cid'); $array = explode('|', $cid[0]); $reference_id = $array[1]; } if ($task == 'translate.apply') { $reference_id = JRequest::getInt('reference_id'); } $item = JTable::getInstance('K2Item', 'Table'); $item->load($reference_id); $category_id = $item->catid; $language_id = JRequest::getInt('select_language_id'); $category = JTable::getInstance('K2Category', 'Table'); $category->load($category_id); $group = $category->extraFieldsGroup; $db = JFactory::getDBO(); $query = "SELECT * FROM #__k2_extra_fields WHERE `group`=" . $db->Quote($group) . " AND published=1 ORDER BY ordering"; $db->setQuery($query); $extraFields = $db->loadObjectList(); $json = new Services_JSON(); $output = ''; if (count($extraFields)) { $output .= '<h1>' . JText::_('K2_EXTRA_FIELDS') . '</h1>'; $output .= '<h2>' . JText::_('K2_ORIGINAL') . '</h2>'; foreach ($extraFields as $extrafield) { $extraField = $json->decode($extrafield->value); $output .= trim($this->renderOriginal($extrafield, $reference_id)); } } if (count($extraFields)) { $output .= '<h2>' . JText::_('K2_TRANSLATION') . '</h2>'; foreach ($extraFields as $extrafield) { $extraField = $json->decode($extrafield->value); $output .= trim($this->renderTranslated($extrafield, $reference_id)); } } $pattern = '/\\r\\n|\\r|\\n/'; // *** Mootools Snippet *** $js = "\n\t\t\twindow.addEvent('domready', function(){\n\t\t\t\tvar target = \$\$('table.adminform');\n\t\t\t\ttarget.setProperty('id', 'adminform');\n\t\t\t\tvar div = new Element('div', {'id': 'K2ExtraFields'}).setHTML('" . preg_replace($pattern, '', $output) . "').injectInside(\$('adminform'));\n\t\t\t});\n\t\t\t"; if (K2_JVERSION == '15') { JHTML::_('behavior.mootools'); } else { JHTML::_('behavior.framework'); } $document = JFactory::getDocument(); $document->addScriptDeclaration($js); // *** Embedded CSS Snippet *** $document->addCustomTag(' <style type="text/css" media="all"> #K2ExtraFields { color:#000; font-size:11px; padding:6px 2px 4px 4px; text-align:left; } #K2ExtraFields h1 { font-size:16px; height:25px; } #K2ExtraFields h2 { font-size:14px; } #K2ExtraFields strong { font-style:italic; } </style> '); } if ($option == 'com_joomfish' && ($task == 'translate.apply' || $task == 'translate.save') && $type == 'k2_extra_fields') { $language_id = JRequest::getInt('select_language_id'); $reference_id = JRequest::getInt('reference_id'); $extraFieldType = JRequest::getVar('extraFieldType'); $objects = array(); $values = JRequest::getVar('option_value'); $names = JRequest::getVar('option_name'); $target = JRequest::getVar('option_target'); for ($i = 0; $i < sizeof($values); $i++) { $object = new JObject(); $object->set('name', $names[$i]); if ($extraFieldType == 'select' || $extraFieldType == 'multipleSelect' || $extraFieldType == 'radio') { $object->set('value', $i + 1); } elseif ($extraFieldType == 'link') { if (substr($values[$i], 0, 7) == 'http://') { $values[$i] = $values[$i]; } else { $values[$i] = 'http://' . $values[$i]; } $object->set('value', $values[$i]); } else { $object->set('value', $values[$i]); } $object->set('target', $target[$i]); unset($object->_errors); $objects[] = $object; } $json = new Services_JSON(); $value = $json->encode($objects); $user = JFactory::getUser(); $db = JFactory::getDBO(); $query = "SELECT COUNT(*) FROM #__jf_content WHERE reference_field = 'value' AND language_id = {$language_id} AND reference_id = {$reference_id} AND reference_table='k2_extra_fields'"; $db->setQuery($query); $result = $db->loadResult(); if ($result > 0) { $query = "UPDATE #__jf_content SET value=" . $db->Quote($value) . " WHERE reference_field = 'value' AND language_id = {$language_id} AND reference_id = {$reference_id} AND reference_table='k2_extra_fields'"; $db->setQuery($query); $db->query(); } else { $modified = date("Y-m-d H:i:s"); $modified_by = $user->id; $published = JRequest::getVar('published', 0); $query = "INSERT INTO #__jf_content (`id`, `language_id`, `reference_id`, `reference_table`, `reference_field` ,`value`, `original_value`, `original_text`, `modified`, `modified_by`, `published`) VALUES (NULL, {$language_id}, {$reference_id}, 'k2_extra_fields', 'value', " . $db->Quote($value) . ", '','', " . $db->Quote($modified) . ", {$modified_by}, {$published} )"; $db->setQuery($query); $db->query(); } } if ($option == 'com_joomfish' && ($task == 'translate.edit' || $task == 'translate.apply') && $type == 'k2_extra_fields') { if ($task == 'translate.edit') { $cid = JRequest::getVar('cid'); $array = explode('|', $cid[0]); $reference_id = $array[1]; } if ($task == 'translate.apply') { $reference_id = JRequest::getInt('reference_id'); } $extraField = JTable::getInstance('K2ExtraField', 'Table'); $extraField->load($reference_id); $language_id = JRequest::getInt('select_language_id'); if ($extraField->type == 'multipleSelect' || $extraField->type == 'select' || $extraField->type == 'radio') { $subheader = '<strong>' . JText::_('K2_OPTIONS') . '</strong>'; } else { $subheader = '<strong>' . JText::_('K2_DEFAULT_VALUE') . '</strong>'; } $json = new Services_JSON(); $objects = $json->decode($extraField->value); $output = '<input type="hidden" value="' . $extraField->type . '" name="extraFieldType" />'; if (count($objects)) { $output .= '<h1>' . JText::_('K2_EXTRA_FIELDS') . '</h1>'; $output .= '<h2>' . JText::_('K2_ORIGINAL') . '</h2>'; $output .= $subheader . '<br />'; foreach ($objects as $object) { $output .= '<p>' . $object->name . '</p>'; if ($extraField->type == 'textfield' || $extraField->type == 'textarea') { $output .= '<p>' . $object->value . '</p>'; } } } $db = JFactory::getDBO(); $query = "SELECT `value` FROM #__jf_content WHERE reference_field = 'value' AND language_id = {$language_id} AND reference_id = {$reference_id} AND reference_table='k2_extra_fields'"; $db->setQuery($query); $result = $db->loadResult(); $translatedObjects = $json->decode($result); if (count($objects)) { $output .= '<h2>' . JText::_('K2_TRANSLATION') . '</h2>'; $output .= $subheader . '<br />'; foreach ($objects as $key => $value) { if (isset($translatedObjects[$key])) { $value = $translatedObjects[$key]; } if ($extraField->type == 'textarea') { $output .= '<p><textarea name="option_name[]" cols="30" rows="15"> ' . $value->name . '</textarea></p>'; } else { $output .= '<p><input type="text" name="option_name[]" value="' . $value->name . '" /></p>'; } $output .= '<p><input type="hidden" name="option_value[]" value="' . $value->value . '" /></p>'; $output .= '<p><input type="hidden" name="option_target[]" value="' . $value->target . '" /></p>'; } } $pattern = '/\\r\\n|\\r|\\n/'; // *** Mootools Snippet *** $js = "\n\t\t\twindow.addEvent('domready', function(){\n\t\t\t\tvar target = \$\$('table.adminform');\n\t\t\t\ttarget.setProperty('id', 'adminform');\n\t\t\t\tvar div = new Element('div', {'id': 'K2ExtraFields'}).setHTML('" . preg_replace($pattern, '', $output) . "').injectInside(\$('adminform'));\n\t\t\t});\n\t\t\t"; JHTML::_('behavior.mootools'); $document = JFactory::getDocument(); $document->addScriptDeclaration($js); } return; }
/** * Creates a new stream for new comments in EasyBlog * * @since 1.0 * @access public * @param string * @return */ public function addIndexerNewBlog($blog) { if (!class_exists('Foundry')) { return; } $config = EasyBlogHelper::getConfig(); $indexer = Foundry::get('Indexer', 'com_easyblog'); $template = $indexer->getTemplate(); // getting the blog content $content = $blog->intro . $blog->content; $image = ''; // @rule: Try to get the blog image. if ($blog->getImage()) { $image = $blog->getImage()->getSource('small'); } if (empty($image)) { // @rule: Match images from blog post $pattern = '/<\\s*img [^\\>]*src\\s*=\\s*[\\""\']?([^\\""\'\\s>]*)/i'; preg_match($pattern, $content, $matches); $image = ''; if ($matches) { $image = isset($matches[1]) ? $matches[1] : ''; if (JString::stristr($matches[1], 'https://') === false && JString::stristr($matches[1], 'http://') === false && !empty($image)) { $image = rtrim(JURI::root(), '/') . '/' . ltrim($image, '/'); } } } if (!$image) { $image = rtrim(JURI::root(), '/') . '/components/com_easyblog/assets/images/default_facebook.png'; } // @task: Strip out video tags $content = EasyBlogHelper::getHelper('Videos')->strip($content); // @task: Strip out audio tags $content = EasyBlogHelper::getHelper('Audio')->strip($content); // @task: Strip out gallery tags $content = EasyBlogHelper::getHelper('Gallery')->strip($content); // @task: Strip out album tags $content = EasyBlogHelper::getHelper('Album')->strip($content); // @rule: Once the gallery is already processed above, we will need to strip out the gallery contents since it may contain some unwanted codes // @2.0: <input class="easyblog-gallery" // @3.5: {ebgallery:'name'} $content = EasyBlogHelper::removeGallery($content); $content = strip_tags($content); if (JString::strlen($content) > $config->get('integrations_easysocial_indexer_newpost_length', 250)) { $content = JString::substr($content, 0, $config->get('integrations_easysocial_indexer_newpost_length', 250)); } // lets include the title as the search snapshot. $content = $blog->title . ' ' . $content; $template->setContent($blog->title, $content); $url = EasyBlogRouter::_('index.php?option=com_easyblog&view=entry&id=' . $blog->id); // Remove /administrator/ from the url. $url = JString::str_ireplace('administrator/', '', $url); $template->setSource($blog->id, 'blog', $blog->created_by, $url); $template->setThumbnail($image); $template->setLastUpdate($blog->modified); $state = $indexer->index($template); return $state; }
/** * Checks $text for values contained in the array $array, and sets error message if true... * * @param String $text Text to search against * @param String $list semicolon (;) seperated list of banned values * @return Boolean * @access protected * @since 1.5.4 */ function _checkText($text, $list) { if (empty($list) || empty($text)) { return true; } $array = explode(';', $list); foreach ($array as $value) { $value = trim($value); if (empty($value)) { continue; } if (JString::stristr($text, $value) !== false) { return false; } } return true; }
$jaxFuncNames[] = 'files,ajaxFileDownload'; $jaxFuncNames[] = 'files,ajaxgetFileList'; $jaxFuncNames[] = 'files,ajaxviewMore'; /** * @since 3.2 */ $jaxFuncNames[] = 'location,ajaxGetCoordsByIp'; $jaxFuncNames[] = 'location,ajaxGetAddressFromCoords'; $jaxFuncNames[] = 'location,ajaxGetCoordsByAddress'; /** * @since 3.3 */ $jaxFuncNames[] = 'search,ajaxSearch'; $jaxFuncNames[] = 'system,ajaxGetAdagency'; $jaxFuncNames[] = 'system,ajaxAdagencyGetImpression'; $jaxFuncNames[] = 'profile,ajaxFetchCard'; $jaxFuncNames[] = 'videos,ajaxConfirmRemoveVideo'; $jaxFuncNames[] = 'videos,ajaxGetInfo'; $jaxFuncNames[] = 'profile,ajaxRotateAvatar'; $jaxFuncNames[] = 'videos,ajaxSaveDescription'; $jaxFuncNames[] = 'system,ajaxModuleCall'; $jaxFuncNames[] = 'register,ajaxCheckPass'; $jaxFuncNames[] = 'system,ajaxGetLoginFormToken'; $jaxFuncNames[] = 'files,ajaxUpdateHit'; // Dont process other plugin ajax definitions for back end if (!JString::stristr(JPATH_COMPONENT, 'administrator/components/com_community') && !JString::stristr(JPATH_COMPONENT, 'administrator\\components\\com_community')) { // Include CAppPlugins library require_once JPATH_ROOT . '/components/com_community/libraries/apps.php'; // Load Ajax plugins jax file. CAppPlugins::loadAjaxPlugins(); }
/** * Create a table to store the forms' data depending upon what groups are assigned to the form * * @param string $dbTableName Taken from the table object linked to the form * @param array $fields List of default elements to add. (key = element name, value = plugin * @param array $opts Additional options, e.g. collation * * @return mixed false if fail otherwise array of primary keys */ public function createDBTable($dbTableName = null, $fields = array('id' => 'internalid', 'date_time' => 'date'), $opts = array()) { $db = FabrikWorker::getDbo(true); $fabrikDb = $this->getDb(); $formModel = $this->getFormModel(); if (is_null($dbTableName)) { $dbTableName = $this->getTable()->db_table_name; } $sql = 'CREATE TABLE IF NOT EXISTS ' . $db->qn($dbTableName) . ' ('; $input = $this->app->input; $jForm = $input->get('jform', array(), 'array'); if ($jForm['id'] == 0 && array_key_exists('current_groups', $jForm)) { // Saving a new form $groupIds = $jForm['current_groups']; } else { $query = $db->getQuery(true); $formId = (int) $this->get('form.id', $this->getFormModel()->id); $query->select('group_id')->from('#__{package}_formgroup')->where('form_id = ' . $formId); $db->setQuery($query); $groupIds = $db->loadColumn(); } $i = 0; foreach ($fields as $name => $plugin) { // $$$ hugh - testing corner case where we are called from form model's updateDatabase, // and the underlying table has been deleted. So elements already exist. $element = $formModel->getElement($name); if ($element === false) { // Installation demo data sets 2 group ids if (is_string($plugin)) { $plugin = array('plugin' => $plugin, 'group_id' => $groupIds[0]); } $plugin['ordering'] = $i; $element = $this->makeElement($name, $plugin); if (!$element) { return false; } } $elementModels[] = clone $element; $i++; } $arAddedObj = array(); $keys = array(); $lines = array(); foreach ($elementModels as $elementModel) { $element = $elementModel->getElement(); // Replace all non alphanumeric characters with _ $objName = FabrikString::dbFieldName($element->name); if ($element->get('primary_key') || $element->get('plugin') === 'internalid') { $keys[] = $objName; } // Any elements that are names the same (eg radio buttons) can not be entered twice into the database if (!in_array($objName, $arAddedObj)) { $arAddedObj[] = $objName; $objType = $elementModel->getFieldDescription(); if ($objName != '' && !is_null($objType)) { if (JString::stristr($objType, 'not null')) { $lines[] = $fabrikDb->qn($objName) . ' ' . $objType; } else { $lines[] = $fabrikDb->qn($objName) . ' ' . $objType . ' null'; } } } } $func = create_function('$value', '$db = FabrikWorker::getDbo(true);;return $db->qn($value);'); $sql .= implode(', ', $lines); if (!empty($keys)) { $sql .= ', PRIMARY KEY (' . implode(',', array_map($func, $keys)) . '))'; } else { $sql .= ')'; } foreach ($opts as $k => $v) { if ($v != '') { $sql .= ' ' . $k . ' ' . $v; } } $sql .= ' ENGINE = MYISAM '; $fabrikDb->setQuery($sql); $fabrikDb->execute(); return $keys; }
/** * return formated string from the fields value * * @since 1.0 * @access public * @param userfielddata * @return array array of objects with two attribute, ffriend_id, score * * @author Jason Rey <*****@*****.**> */ public function onIndexerSearch($itemCreatorId, $keywords, $userFieldData) { if (!$this->field->searchable) { return false; } $data = trim($userFieldData); $content = ''; if (JString::stristr($data, $keywords) !== false) { $content = $data; } if ($content) { $my = FD::user(); $privacyLib = FD::privacy($my->id); if (!$privacyLib->validate('core.view', $this->field->id, SOCIAL_TYPE_FIELD, $itemCreatorId)) { return -1; } else { // okay this mean the user can view this fields. let hightlight the content. // building the pattern for regex replace $searchworda = preg_replace('#\\xE3\\x80\\x80#s', ' ', $keywords); $searchwords = preg_split("/\\s+/u", $searchworda); $needle = $searchwords[0]; $searchwords = array_unique($searchwords); $pattern = '#('; $x = 0; foreach ($searchwords as $k => $hlword) { $pattern .= $x == 0 ? '' : '|'; $pattern .= preg_quote($hlword, '#'); $x++; } $pattern .= ')#iu'; $content = preg_replace($pattern, '<span class="search-highlight">\\0</span>', $content); $content = JText::sprintf('PLG_FIELDS_JOOMLA_EMAIL_SEARCH_RESULT', $content); } } if ($content) { return $content; } else { return false; } }
/** * Wrapper for JHTML::Script() loading with require.js * If not debugging will replace file names .js => -min.js * * @param mixed $file String or array of files to load, relative path to root for local files * e.g. 'administrator/components/com_fabrik/models/fields/tables.js' * @param string $onLoad Optional js to run once the Js file has been loaded * @param string $minSuffix The minimised file suffix to use, replaces '.js' * * @return void */ public static function script($file, $onLoad = '', $minSuffix = '-min.js') { if (empty($file)) { return; } if (is_array($onLoad)) { $onLoad = implode("\n", $onLoad); } $ext = self::isDebug() ? '.js' : $minSuffix; $paths = self::requirePaths(); $files = (array) $file; // Replace with minified files if found foreach ($files as &$file) { if (!(JString::stristr($file, 'http://') || JString::stristr($file, 'https://'))) { /** * Fix for new media compressed JS paths, which we switched from ./js/foo-mins.js to ./js/dist/foo.js. * Some code feeds us the new dist path, but some still uses just media/com_fabrik/js. So, if we're * not in debug mode, and the path is media/com_fabrik/js and doesn't have /dist, add it. **/ if (!self::isDebug()) { if (strpos($file, 'media/com_fabrik/js/') !== false) { if (strpos($file, 'media/com_fabrik/js/lib/') === false) { if (strpos($file, 'media/com_fabrik/js/dist/') === false) { $file = str_replace('media/com_fabrik/js/', 'media/com_fabrik/js/dist/', $file); } } } } if (JFile::exists(COM_FABRIK_BASE . $file)) { $compressedFile = str_replace('.js', $ext, $file); if (JFile::exists(COM_FABRIK_BASE . $compressedFile) || JFile::exists($compressedFile)) { $file = $compressedFile; } } } // Set file name based on requirejs basePath $pathMatched = false; foreach ($paths as $requireKey => $path) { if (strstr($file, $path)) { $file = str_replace($path, '', $file); $file = str_replace('.js', '', $file); $file = $requireKey . $file; $pathMatched = true; } } if (!$pathMatched) { if (!(JString::stristr($file, 'http://') || JString::stristr($file, 'https://'))) { $file = COM_FABRIK_LIVESITE . $file; } } } // Need to load element for ajax popup forms in IE. $needed = array(); if (!FabrikWorker::j3()) { $needed[] = self::isDebug() ? 'fab/icongen' : 'fab/icongen-min'; $needed[] = self::isDebug() ? 'fab/icons' : 'fab/icons-min'; } foreach ($needed as $need) { if (!in_array($need, $files)) { array_unshift($files, $need); } } $files = array_unique($files); // Set names from $files keys if assoc array. In general it is for require js files $names = array_keys($files) !== range(0, count($files) - 1) ? array_keys($files) : array(); $files = "['" . implode("', '", $files) . "']"; $require[] = 'requirejs(' . $files . ', function (' . implode(", ", $names) . ') {'; $require[] = $onLoad; $require[] = '});'; $require[] = "\n"; $require = implode("\n", $require); self::addToSessionScripts($require); }
/** * Checks if the file can be uploaded * * @param array File information * @param string An error message to be returned * @return boolean */ function canUpload($file, &$err, &$params) { if (empty($file['name'])) { $err = 'Please input a file for upload'; return false; } if (!is_uploaded_file($file['tmp_name'])) { //handle potential malicous attack $err = JText::_('File has not been uploaded'); return false; } jimport('joomla.filesystem.file'); $format = strtolower(JFile::getExt($file['name'])); $allowable = explode(',', strtolower($params->get('ul_file_types'))); $format = FabrikString::ltrimword($format, '.'); $format2 = ".{$format}"; if (!in_array($format, $allowable) && !in_array($format2, $allowable)) { $err = 'WARNFILETYPE'; return false; } $maxSize = (int) $params->get('upload_maxsize', 0); if ($maxSize > 0 && (int) $file['size'] > $maxSize) { $err = 'WARNFILETOOLARGE'; return false; } $ignored = array(); $user = JFactory::getUser(); $imginfo = null; if ($params->get('restrict_uploads', 1)) { $images = explode(',', $params->get('image_extensions')); if (in_array($format, $images)) { // if its an image run it through getimagesize if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $err = 'WARNINVALIDIMG'; return false; } } else { if (!in_array($format, $ignored)) { // if its not an image...and we're not ignoring it /*$allowed_mime = explode(',', $upload_mime); $illegal_mime = explode(',', $upload_mime_illegal); if (function_exists('finfo_open') && $params->get('check_mime',1)) { // We have fileinfo $finfo = finfo_open(FILEINFO_MIME); $type = finfo_file($finfo, $file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'WARNINVALIDMIME'; return false; } finfo_close($finfo); } else if (function_exists('mime_content_type') && $params->get('check_mime',1)) { // we have mime magic $type = mime_content_type($file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $err = 'WARNINVALIDMIME'; return false; } }*/ } } } $xss_check = JFile::read($file['tmp_name'], false, 256); $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--'); foreach ($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if (JString::stristr($xss_check, '<' . $tag . ' ') || JString::stristr($xss_check, '<' . $tag . '>')) { $err = 'WARNIEXSS'; return false; } } return true; }