if (!Guardian::happy(1) && Guardian::get('author') !== $post->author) {
Shield::abort();
}
Config::set(array('page_title' => $speak->deleting . ': ' . $post->title . $config->title_separator . $config->manager->title, 'page' => $post, 'cargo' => 'kill.post.php'));
$G = array('data' => Mecha::A($post));
if ($request = Request::post()) {
Guardian::checkToken($request['token']);
File::open($post->path)->delete();
// Deleting response(s) ...
if ($responses = call_user_func('Get::' . $response . 's', 'DESC', 'post:' . $id, 'txt,hold')) {
foreach ($responses as $v) {
File::open($v)->delete();
}
}
$P = array('data' => $request);
include __DIR__ . DS . 'task.kill.substance.php';
// Deleting custom CSS and JavaScript file of post ...
File::open(CUSTOM . DS . Date::slug($id) . '.txt')->delete();
File::open(CUSTOM . DS . Date::slug($id) . '.draft')->delete();
Weapon::fire(array('on_custom_update', 'on_custom_destruct'), array($G, $P));
// Deleting custom PHP file of post ...
File::open(File::D($post->path) . DS . $post->slug . '.php')->delete();
Notify::success(Config::speak('notify_success_deleted', $post->title));
Weapon::fire(array('on_' . $segment . '_update', 'on_' . $segment . '_destruct'), array($G, $G));
Guardian::kick($config->manager->slug . '/' . $segment);
} else {
Notify::warning(Config::speak('notify_confirm_delete_', '<strong>' . $post->title . '</strong>'));
Notify::warning(Config::speak('notify_confirm_delete_page', strtolower($speak->{$segment}), strtolower($speak->{$response . 's'})));
}
Shield::lot(array('segment' => $segment))->attach('manager');
});
/**
* Remove one or more entries
*
* @return void
*/
public function removeTask()
{
// Check for request forgeries
Request::checkToken();
$ids = Request::getVar('id', array());
$ids = !is_array($ids) ? array($ids) : $ids;
// Make sure we have an ID
if (empty($ids)) {
Notify::warning(Lang::txt('COM_GROUPS_ERROR_NO_ITEMS_SELECTED'));
return $this->cancelTask();
}
$i = 0;
foreach ($ids as $id) {
// Remove the entry
$model = Role::oneOrFail(intval($id));
if (!$model->destroy()) {
Notify::error($model->getError());
continue;
}
$i++;
}
if ($i) {
Notify::success(Lang::txt('COM_GROUPS_ROLE_REMOVED'));
}
$this->cancelTask();
}
/**
* Unapprove a group
*
* @return void
*/
public function unapproveTask()
{
// Incoming
$ids = Request::getVar('id', array());
// Get the single ID we're working with
if (!is_array($ids)) {
$ids = array($ids);
}
// Do we have any IDs?
if (!empty($ids)) {
// foreach group id passed in
foreach ($ids as $id) {
// Load the group page
$group = new Group();
$group->read($id);
// Ensure we found the group info
if (!$group) {
continue;
}
// Set the group to be published and update
$group->set('approved', 0);
$group->update();
// log publishing
Log::log(array('gidNumber' => $group->get('gidNumber'), 'action' => 'group_unapproved', 'comments' => 'unapproved by administrator'));
}
Notify::success(Lang::txt('COM_GROUPS_UNAPPROVED'));
}
// Output messsage and redirect
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false));
}
} else {
$deletes = array($name);
}
}
Config::set(array('page_title' => $speak->deleting . ': ' . (count($deletes) === 1 ? File::B($name) : $speak->assets) . $config->title_separator . $config->manager->title, 'files' => $deletes, 'cargo' => DECK . DS . 'workers' . DS . 'kill.asset.php'));
if ($request = Request::post()) {
Guardian::checkToken($request['token']);
$info_path = array();
$is_folder_or_file = count($deletes) === 1 && is_dir(ASSET . DS . $deletes[0]) ? 'folder' : 'file';
foreach ($deletes as $file_to_delete) {
$_path = ASSET . DS . $file_to_delete;
$info_path[] = $_path;
File::open($_path)->delete();
}
$P = array('data' => array('files' => $info_path));
Notify::success(Config::speak('notify_' . $is_folder_or_file . '_deleted', '<code>' . implode('</code>, <code>', $deletes) . '</code>'));
Weapon::fire('on_asset_update', array($P, $P));
Weapon::fire('on_asset_destruct', array($P, $P));
Guardian::kick($config->manager->slug . '/asset/1' . $p);
} else {
Notify::warning(count($deletes) === 1 ? Config::speak('notify_confirm_delete_', '<code>' . File::path($name) . '</code>') : $speak->notify_confirm_delete);
}
Shield::lot('segment', 'asset')->attach('manager', false);
});
/**
* Multiple Asset Killer
* ---------------------
*/
Route::accept($config->manager->slug . '/asset/kill', function ($path = "") use($config, $speak) {
if ($request = Request::post()) {
Guardian::checkToken($request['token']);
<?php
/**
* Shortcode Manager
* -----------------
*/
Route::accept($config->manager->slug . '/shortcode', function () use($config, $speak) {
if (!Guardian::happy(1)) {
Shield::abort();
}
$shortcodes = Get::state_shortcode(null, array(), false);
$G = array('data' => $shortcodes);
Config::set(array('page_title' => $speak->shortcodes . $config->title_separator . $config->manager->title, 'cargo' => 'cargo.shortcode.php'));
if ($request = Request::post()) {
$request = Filter::apply('request:__shortcode', $request);
Guardian::checkToken($request['token']);
$data = array();
for ($i = 0, $keys = $request['key'], $count = count($keys); $i < $count; ++$i) {
if (trim($keys[$i]) !== "") {
$data[$keys[$i]] = $request['value'][$i];
}
}
$P = array('data' => $data);
File::serialize($data)->saveTo(STATE . DS . 'shortcode.txt', 0600);
Notify::success(Config::speak('notify_success_updated', $speak->shortcode));
Weapon::fire('on_shortcode_update', array($G, $P));
Guardian::kick($config->url_current);
}
Shield::lot(array('segment' => 'shortcode', 'files' => Mecha::O($shortcodes)))->attach('manager');
});
return Extend::where('key', '=', $str)->where('type', '=', $input['type'])->where('id', '<>', $id)->count() == 0;
});
$validator->check('key')->is_max(1, __('extend.key_missing'))->is_valid_key(__('extend.key_exists'));
$validator->check('label')->is_max(1, __('extend.label_missing'));
if ($errors = $validator->errors()) {
Input::flash();
Notify::error($errors);
return Response::redirect('admin/extend/fields/edit/' . $id);
}
if ($input['field'] == 'image') {
$attributes = Json::encode($input['attributes']);
} elseif ($input['field'] == 'file') {
$attributes = Json::encode(array('attributes' => array('type' => $input['attributes']['type'])));
} else {
$attributes = '';
}
Extend::update($id, array('type' => $input['type'], 'pagetype' => $input['pagetype'], 'field' => $input['field'], 'key' => $input['key'], 'label' => $input['label'], 'attributes' => $attributes));
Notify::success(__('extend.field_updated'));
return Response::redirect('admin/extend/fields/edit/' . $id);
});
/*
Delete Field
*/
Route::get('admin/extend/fields/delete/(:num)', function ($id) {
$field = Extend::find($id);
Query::table(Base::table($field->type . '_meta'))->where('extend', '=', $field->id)->delete();
$field->delete();
Notify::success(__('extend.field_deleted'));
return Response::redirect('admin/extend/fields');
});
});
<?php
foreach ($field as $k => $v) {
$f = $v['type'] === 'file' || $v['type'] === 'f';
// Remove asset field value and data
if (isset($v['remove']) && $f) {
File::open(SUBSTANCE . DS . $v['remove'])->delete();
Weapon::fire(array('on_substance_update', 'on_substance_destruct'), array($G, $P));
Notify::success(Config::speak('notify_file_deleted', '<code>' . $v['remove'] . '</code>'));
unset($field[$k]);
}
// Remove empty field value
if (!isset($v['value']) || $v['value'] === "") {
unset($field[$k]);
} else {
$e = File::E($v['value']);
if (!file_exists(SUBSTANCE . DS . $e . DS . $v['value']) && $f) {
unset($field[$k]);
} else {
$field[$k] = $v['value'];
}
}
}
<?php
/**
* Menu Manager
* ------------
*/
Route::accept($config->manager->slug . '/menu', function () use($config, $speak) {
if (Guardian::get('status') !== 'pilot') {
Shield::abort();
}
$menus = Get::state_menu();
Config::set(array('page_title' => $speak->menus . $config->title_separator . $config->manager->title, 'cargo' => DECK . DS . 'workers' . DS . 'cargo.menu.php'));
$G = array('data' => array('content' => $menus));
if ($request = Request::post()) {
Guardian::checkToken($request['token']);
// Check for invalid input
if (preg_match('#(^|\\n)(\\t| {1,3})(?:[^ ])#', $request['content'])) {
Notify::error($speak->notify_invalid_indent_character);
Guardian::memorize($request);
}
$P = array('data' => $request);
if (!Notify::errors()) {
File::write($request['content'])->saveTo(STATE . DS . 'menu.txt', 0600);
Notify::success(Config::speak('notify_success_updated', $speak->menu));
Weapon::fire('on_menu_update', array($G, $P));
Guardian::kick($config->url_current);
}
}
Shield::lot(array('segment' => 'menu', 'the_content' => $menus))->attach('manager', false);
});
public function update_permissions()
{
//return Input::all();
//
// create the validation rules ------------------------
$rules = array('group_name' => 'required', 'permissions' => 'required');
$messages = array('required' => 'The :attribute required.', 'permissions.required' => 'permissions.required');
// do the validation ----------------------------------
// validate against the inputs from our form
$validator = Validator::make(Input::all(), $rules, $messages);
// check if the validator failed -----------------------
if ($validator->fails()) {
// get the error messages from the validator
$messages = $validator->messages();
// redirect our user back to the form with the errors from the validator
return Redirect::to('settings/user-management/user-groups')->withErrors($validator)->withInput();
} else {
// validation successful ---------------------------
$permissionArray = array();
// Creating permission array
foreach (Input::get('permissions') as $permission) {
$permissionArray[$permission] = 1;
}
$is_group_exists = DB::table('groups')->where('name', '=', urldecode(Input::get('group_name')))->get();
if ($is_group_exists) {
$sucsess = DB::table('groups')->where('name', '=', urldecode(Input::get('group_name')))->update(array('permissions' => json_encode($permissionArray)));
if ($sucsess == 1) {
Notify::success('Permissions Successfully Updated');
return Redirect::to('settings/user-management/user-groups');
}
} else {
try {
// Create the group
$group = Sentry::createGroup(array('name' => Input::get('group_name'), 'permissions' => $permissionArray));
} catch (Cartalyst\Sentry\Groups\NameRequiredException $e) {
echo 'Name field is required';
} catch (Cartalyst\Sentry\Groups\GroupExistsException $e) {
//echo 'Group already exists';
Notify::error('Group already exists');
return Redirect::to('settings/user-management/user-groups')->withErrors('Group already exists');
}
}
// redirect ----------------------------------------
return Redirect::to('settings/user-management/user-groups');
}
}
$id = (int) time();
$parent = Request::post('parent');
$P = array('data' => $request);
$name = strip_tags($request['name']);
$email = Text::parse($request['email'], '->broken_entity');
$url = isset($request['url']) ? $request['url'] : false;
$parser = strip_tags(Request::post('content_type', $config->html_parser));
$message = $request['message'];
$field = Request::post('fields', array());
include DECK . DS . 'workers' . DS . 'task.field.1.php';
// Temporarily disallow image(s) in comment to prevent XSS
$message = strip_tags($message, '<br><img>' . ($parser === 'HTML' ? '<a><abbr><b><blockquote><code><del><dfn><em><i><ins><p><pre><span><strong><sub><sup><time><u><var>' : ""));
$message = preg_replace('#(\\!\\[.*?\\]\\(.*?\\))#', '`$1`', $message);
$message = preg_replace('#<img(\\s[^<>]*?)>#', '<img$1>', $message);
Page::header(array('Name' => $name, 'Email' => $email, 'URL' => $url, 'Status' => Guardian::happy() ? 'pilot' : 'passenger', 'Content Type' => $parser, 'Fields' => !empty($field) ? Text::parse($field, '->encoded_json') : false, 'UA' => Get::UA(), 'IP' => Get::IP()))->content($message)->saveTo(RESPONSE . DS . $post . '_' . Date::format($id, 'Y-m-d-H-i-s') . '_' . ($parent ? Date::format($parent, 'Y-m-d-H-i-s') : '0000-00-00-00-00-00') . $extension);
Notify::success(Config::speak('notify_success_submitted', $speak->comment));
if ($extension === '.hold') {
Notify::info($speak->notify_info_comment_moderation);
}
Weapon::fire('on_comment_update', array($P, $P));
Weapon::fire('on_comment_construct', array($P, $P));
if ($config->comment_notification_email) {
$mail = '<p>' . Config::speak('comment_notification', $article->url . '#' . sprintf($comment_id, Date::format($id, 'U'))) . '</p>';
$mail .= '<p><strong>' . $name . ':</strong></p>';
$mail .= $parser !== 'HTML' ? Text::parse($message, '->html') : $message;
$mail .= '<p>' . Date::format($id, 'Y/m/d H:i:s') . '</p>';
// Sending email notification ...
if (!Guardian::happy()) {
if (Notify::send($request['email'], $config->author_email, $speak->comment_notification_subject, $mail, 'comment:')) {
Weapon::fire('on_comment_notification_construct', array($request, $config->author_email, $speak->comment_notification_subject, $mail));
}
* Login Page
* ----------
*
* [1]. manager/login
*
*/
Route::accept($config->manager->slug . '/login', function () use($config, $speak) {
if (!File::exist(File::D(__DIR__) . DS . 'launch.php')) {
Shield::abort('404-manager');
}
if (Guardian::happy()) {
Guardian::kick($config->manager->slug . '/article');
}
Config::set(array('page_title' => $speak->log_in . $config->title_separator . $config->title, 'cargo' => 'cargo.login.php'));
include __DIR__ . DS . 'cargo.php';
if ($request = Request::post()) {
Guardian::authorize()->kick(isset($request['kick']) ? $request['kick'] : $config->manager->slug . '/article');
}
Shield::attach('manager-login');
}, 20);
/**
* Logout Page
* -----------
*
* [1]. manager/logout
*
*/
Route::accept($config->manager->slug . '/logout', function () use($config, $speak) {
Notify::success(ucfirst(strtolower($speak->logged_out)) . '.');
Guardian::reject()->kick($config->manager->slug . '/login');
}, 21);
return Page::where('slug', '=', $str)->count() == 0;
});
$validator->check('title')->is_max(3, __('pages.title_missing'));
$validator->check('slug')->is_max(3, __('pages.slug_missing'))->is_duplicate(__('pages.slug_duplicate'))->not_regex('#^[0-9_-]+$#', __('pages.slug_invalid'));
if ($input['redirect']) {
$validator->check('redirect')->is_url(__('pages.redirect_missing'));
}
if ($errors = $validator->errors()) {
Input::flash();
Notify::error($errors);
return Response::redirect('admin/pages/add');
}
if (empty($input['name'])) {
$input['name'] = $input['title'];
}
$input['show_in_menu'] = is_null($input['show_in_menu']) ? 0 : 1;
$page = Page::create($input);
Extend::process('page', $page->id);
Notify::success(__('pages.created'));
return Response::redirect('admin/pages');
});
/*
Delete Page
*/
Route::get('admin/pages/delete/(:num)', function ($id) {
Page::find($id)->delete();
Query::table(Base::table('page_meta'))->where('page', '=', $id)->delete();
Notify::success(__('pages.deleted'));
return Response::redirect('admin/pages');
});
});
/**
* Sets the state of one or more entries
*
* @return void
*/
public function stateTask()
{
// Check for request forgeries
Request::checkToken('get');
$id = Request::getInt('id', 0, 'get');
switch ($this->_task) {
case 'publish':
case 'unpublish':
$publish = $this->_task == 'publish' ? 1 : 0;
// Check for an ID
if (!$id) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_STORE_ALERT_SELECT_ITEM') . ' ' . ($publish == 1 ? 'published' : 'unpublished'), 'error');
return;
}
// Update record(s)
$obj = new Store($this->database);
$obj->load($id);
$obj->published = $publish;
if (!$obj->store()) {
throw new Exception($obj->getError(), 500);
}
// Set message
if ($publish == '1') {
Notify::success(Lang::txt('COM_STORE_MSG_ITEM_ADDED'));
} else {
if ($publish == '0') {
Notify::success(Lang::txt('COM_STORE_MSG_ITEM_DELETED'));
}
}
break;
case 'available':
case 'unavailable':
$avail = $this->_task == 'available' ? 1 : 0;
// Check for an ID
if (!$id) {
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_STORE_ALERT_SELECT_ITEM') . ' ' . ($avail == 1 ? 'available' : 'unavailable'), 'error');
return;
}
// Update record(s)
$obj = new Store($this->database);
$obj->load($id);
$obj->available = $avail;
if (!$obj->store()) {
throw new Exception($obj->getError(), 500);
}
// Set message
if ($avail == '1') {
Notify::success(Lang::txt('COM_STORE_MSG_ITEM_AVAIL'));
} else {
if ($avail == '0') {
Notify::success(Lang::txt('COM_STORE_MSG_ITEM_UNAVAIL'));
}
}
break;
}
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false));
}
/**
* Update the associated resource page for this tool
*
* @param integer $rid Resource ID
* @param array $status Fields to update
* @param integer $published Published state
* @param integer $newtool Updating for a new tool?
* @return boolean True if no errors
*/
public function updatePage($rid, $status = array(), $published = 0, $newtool = 0)
{
if ($rid === NULL) {
return false;
}
$resource = new \Components\Resources\Tables\Resource($this->database);
$resource->load($rid);
if (count($status) > 0) {
$resource->fulltxt = addslashes($status['fulltxt']);
$resource->introtext = $status['description'];
$resource->title = preg_replace('/\\s+/', ' ', $status['title']);
$resource->modified = Date::toSql();
$resource->modified_by = User::get('id');
}
if ($published) {
$resource->published = $published;
}
if ($newtool && $published == 1) {
$resource->publish_up = Date::toSql();
}
if (!$resource->store()) {
$this->setError($row->getError());
return false;
} else {
if ($newtool) {
\Notify::success(Lang::txt('COM_TOOLS_NOTICE_RES_PUBLISHED'), 'tools');
} else {
\Notify::success(Lang::txt('COM_TOOLS_NOTICE_RES_UPDATED'), 'tools');
}
}
return true;
}
<?php
// The `__launch.php` file will be included only in the backend
Route::accept($config->manager->slug . '/plugin/' . File::B(__DIR__) . '/update', function () use($config, $speak) {
if ($request = Request::post()) {
Guardian::checkToken($request['token']);
// [2]
File::write('test!')->saveTo(__DIR__ . DS . 'states' . DS . 'config.txt', 0600);
Notify::success(Config::speak('notify_success_updated', $speak->plugin));
// [3]
Guardian::kick(File::D($config->url_current));
// [4]
}
});
$input = Input::get(array('key', 'value'));
$input['key'] = slug($input['key'], '_');
$validator = new Validator($input);
$validator->add('valid_key', function ($str) use($key) {
// no change
if ($str == $key) {
return true;
}
// check the new key $str is available
return Query::table(Base::table('pagetypes'))->where('key', '=', $str)->count() == 0;
});
$validator->check('key')->is_max(2, __('extend.key_missing'))->is_valid_key(__('extend.key_exists'));
$validator->check('value')->is_max(1, __('extend.name_missing'));
if ($errors = $validator->errors()) {
Input::flash();
Notify::error($errors);
return Response::redirect('admin/extend/pagetypes/edit/' . $key);
}
Query::table(Base::table('pagetypes'))->where('key', '=', $key)->update($input);
Notify::success(__('extend.pagetype_updated'));
return Response::redirect('admin/extend/pagetypes');
});
/*
Delete Var
*/
Route::get('admin/extend/pagetypes/delete/(:any)', function ($key) {
Query::table(Base::table('pagetypes'))->where('key', '=', $key)->delete();
Notify::success(__('extend.pagetype_deleted'));
return Response::redirect('admin/extend/pagetypes');
});
});
$input['comments'] = 0;
}
if (empty($input['html'])) {
$input['status'] = 'draft';
}
$post = Post::create($input);
Extend::process('post', $post->id);
Notify::success(__('posts.created'));
return Response::redirect('admin/posts');
});
/*
Preview post
*/
Route::post('admin/posts/preview', function () {
$html = Input::get('html');
// apply markdown processing
$md = new Markdown();
$output = Json::encode(array('html' => $md->transform($html)));
return Response::create($output, 200, array('content-type' => 'application/json'));
});
/*
Delete post
*/
Route::get('admin/posts/delete/(:num)', function ($id) {
Post::find($id)->delete();
Comment::where('post', '=', $id)->delete();
Query::table(Base::table('post_meta'))->where('post', '=', $id)->delete();
Notify::success(__('posts.deleted'));
return Response::redirect('admin/posts');
});
});
$vars['themes'] = Themes::all();
return View::create('extend/metadata/edit', $vars)->partial('header', 'partials/header')->partial('footer', 'partials/footer');
});
/*
Update Metadata
*/
Route::post('admin/extend/metadata', function () {
$input = Input::get(array('sitename', 'description', 'home_page', 'posts_page', 'posts_per_page', 'auto_published_comments', 'theme', 'comment_notifications', 'comment_moderation_keys', 'show_all_posts', 'dashboard_page'));
foreach ($input as $key => $value) {
$input[$key] = eq($value);
}
$validator = new Validator($input);
$validator->check('sitename')->is_max(3, __('metadata.sitename_missing'));
$validator->check('description')->is_max(3, __('metadata.sitedescription_missing'));
$validator->check('posts_per_page')->is_regex('#^[0-9]+$#', __('metadata.missing_posts_per_page', 'Please enter a number for posts per page'));
if ($errors = $validator->errors()) {
Input::flash();
Notify::error($errors);
return Response::redirect('admin/extend/metadata');
}
// convert double quotes so we dont break html
$input['sitename'] = e($input['sitename'], ENT_COMPAT);
$input['description'] = e($input['description'], ENT_COMPAT);
foreach ($input as $key => $v) {
$v = is_null($v) ? 0 : $v;
Query::table(Base::table('meta'))->where('key', '=', $key)->update(array('value' => $v));
}
Notify::success(__('metadata.updated'));
return Response::redirect('admin/extend/metadata');
});
});
public static function upload($file, $destination = ROOT, $callback = null)
{
$config = Config::get();
$speak = Config::speak();
$destination = self::path($destination);
$errors = Mecha::A($speak->notify_file);
// Create a safe file name
$file['name'] = Text::parse($file['name'], '->safe_file_name');
$extension = self::E($file['name']);
// Something goes wrong
if ($file['error'] > 0 && isset($errors[$file['error']])) {
Notify::error($errors[$file['error']]);
} else {
// Destination not found
if (!file_exists($destination)) {
self::pocket($destination);
}
// Unknown file type
if (!isset($file['type']) || empty($file['type'])) {
Notify::error($speak->notify_error_file_type_unknown);
}
// Bad file extension
$extension_allow = ',' . implode(',', self::$config['file_extension_allow']) . ',';
if (strpos($extension_allow, ',' . $extension . ',') === false) {
Notify::error(Config::speak('notify_error_file_extension', $extension));
}
// Too small
if ($file['size'] < self::$config['file_size_min_allow']) {
Notify::error(Config::speak('notify_error_file_size_min', self::size(self::$config['file_size_min_allow'], 'KB')));
}
// Too large
if ($file['size'] > self::$config['file_size_max_allow']) {
Notify::error(Config::speak('notify_error_file_size_max', self::size(self::$config['file_size_max_allow'], 'KB')));
}
}
if (!Notify::errors()) {
// Move the uploaded file to the destination folder
if (!file_exists($destination . DS . $file['name'])) {
move_uploaded_file($file['tmp_name'], $destination . DS . $file['name']);
} else {
Notify::error(Config::speak('notify_file_exist', '<code>' . $file['name'] . '</code>'));
}
if (!Notify::errors()) {
// Create public asset link to show on file uploaded
$link = self::url($destination) . '/' . $file['name'];
Notify::success(Config::speak('notify_file_uploaded', '<code>' . $file['name'] . '</code>'));
self::$open = $destination . DS . $file['name'];
if (is_callable($callback)) {
call_user_func($callback, $file['name'], $file['type'], $file['size'], $link);
}
}
return new static();
}
return false;
}
/**
* Process import selections
*
* @return void
*/
private function processAction()
{
// Check if they're logged in
if (User::isGuest()) {
return $this->loginAction();
}
if (!$this->params->get('access-manage')) {
throw new Exception(Lang::txt('PLG_MEMBERS_CITATIONS_NOT_AUTHORIZED'), 403);
}
Request::checkToken();
$cites_require_attention = $this->importer->readRequiresAttention();
$cites_require_no_attention = $this->importer->readRequiresNoAttention();
// action for citations needing attention
$citations_action_attention = Request::getVar('citation_action_attention', array());
// action for citations needing no attention
$citations_action_no_attention = Request::getVar('citation_action_no_attention', array());
// check to make sure we have citations
if (!$cites_require_attention && !$cites_require_no_attention) {
App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=import'), Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_MISSING_FILE_CONTINUE'), 'error');
return;
}
// vars
$allow_tags = "yes";
$allow_badges = "yes";
$this->importer->set('user', User::get('id'));
$this->importer->setTags($allow_tags == 'yes');
$this->importer->setBadges($allow_badges == 'yes');
$this->importer->set('scope_id', $this->member->get('uidNumber'));
$this->importer->set('scope', 'member');
// Process
$results = $this->importer->process($citations_action_attention, $citations_action_no_attention);
// success message a redirect
Notify::success(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVED', count($results['saved'])), 'plg_citations');
// if we have citations not getting saved
if (count($results['not_saved']) > 0) {
Notify::warning(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_NOT_SAVED', count($results['not_saved'])), 'plg_citations');
}
if (count($results['error']) > 0) {
Notify::error(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVE_ERROR', count($results['error'])), 'plg_citations');
}
//get the session object
$session = App::get('session');
//ids of sessions saved and not saved
$session->set('citations_saved', $results['saved']);
$session->set('citations_not_saved', $results['not_saved']);
$session->set('citations_error', $results['error']);
//delete the temp files that hold citation data
$this->importer->cleanup(true);
//redirect
App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=saved'));
}
/**
* Method to save the form data.
*
* @param array The form data.
* @return boolean True on success.
*/
public function save($data)
{
// Detect disabled extension
$extension = JTable::getInstance('Extension');
if ($extension->load(array('enabled' => 0, 'type' => 'template', 'element' => $data['template'], 'client_id' => $data['client_id']))) {
$this->setError(Lang::txt('COM_TEMPLATES_ERROR_SAVE_DISABLED_TEMPLATE'));
return false;
}
// Initialise variables;
$table = $this->getTable();
$pk = !empty($data['id']) ? $data['id'] : (int) $this->getState('style.id');
$isNew = true;
// Load the row if saving an existing record.
if ($pk > 0) {
$table->load($pk);
$isNew = false;
}
if (Request::getVar('task') == 'save2copy') {
$data['title'] = $this->generateNewTitle(null, null, $data['title']);
$data['home'] = 0;
$data['assigned'] = '';
}
// Bind the data.
if (!$table->bind($data)) {
$this->setError($table->getError());
return false;
}
// Prepare the row for saving
$this->prepareTable($table);
// Check the data.
if (!$table->check()) {
$this->setError($table->getError());
return false;
}
// Trigger the onExtensionBeforeSave event.
$result = Event::trigger('extension.onExtensionBeforeSave', array('com_templates.style', &$table, $isNew));
if (in_array(false, $result, true)) {
$this->setError($table->getError());
return false;
}
// Store the data.
if (!$table->store()) {
$this->setError($table->getError());
return false;
}
if (User::authorise('core.edit', 'com_menus') && $table->client_id == 0) {
$n = 0;
$db = App::get('db');
if (!empty($data['assigned']) && is_array($data['assigned'])) {
\Hubzero\Utility\Arr::toInteger($data['assigned']);
// Update the mapping for menu items that this style IS assigned to.
$query = $db->getQuery(true);
$query->update('#__menu');
$query->set('template_style_id=' . (int) $table->id);
$query->where('id IN (' . implode(',', $data['assigned']) . ')');
$query->where('template_style_id!=' . (int) $table->id);
$query->where('checked_out in (0,' . (int) User::get('id') . ')');
$db->setQuery($query);
$db->query();
$n += $db->getAffectedRows();
}
// Remove style mappings for menu items this style is NOT assigned to.
// If unassigned then all existing maps will be removed.
$query = $db->getQuery(true);
$query->update('#__menu');
$query->set('template_style_id=0');
if (!empty($data['assigned'])) {
$query->where('id NOT IN (' . implode(',', $data['assigned']) . ')');
}
$query->where('template_style_id=' . (int) $table->id);
$query->where('checked_out in (0,' . (int) User::get('id') . ')');
$db->setQuery($query);
$db->query();
$n += $db->getAffectedRows();
if ($n > 0) {
Notify::success(Lang::txts('COM_TEMPLATES_MENU_CHANGED', $n));
}
}
// Clean the cache.
$this->cleanCache();
// Trigger the onExtensionAfterSave event.
Event::trigger('extension.onExtensionAfterSave', array('com_templates.style', &$table, $isNew));
$this->setState('style.id', $table->id);
return true;
}
/**
* Vote on a comment
*
* @return void
*/
protected function _vote()
{
// Ensure the user is logged in
if (User::isGuest()) {
return $this->_login();
}
$no_html = Request::getInt('no_html', 0);
// Record the vote
if ($item_id = Request::getInt('voteup', 0)) {
$how = 1;
} else {
if ($item_id = Request::getInt('votedown', 0)) {
$how = -1;
}
}
$item = \Plugins\Hubzero\Comments\Models\Comment::oneOrFail($item_id);
if (!$item->vote($how)) {
$this->setError($item->getError());
}
if (!$no_html) {
if ($this->getError()) {
Notify::error($this->getError());
} else {
Notify::success(Lang::txt('PLG_HUBZERO_COMMENTS_VOTE_SAVED'));
}
App::redirect($this->url);
}
$item->set('vote', $how);
$this->view->setLayout('vote');
$this->view->set('item', $item);
$this->view->setErrors($this->getErrors());
// Ugly brute force method of cleaning output
ob_clean();
echo $this->view->loadTemplate();
exit;
}
Notify::error($errors);
return Response::redirect('admin/categories/add');
}
if (empty($input['slug'])) {
$input['slug'] = $input['title'];
}
$input['slug'] = slug($input['slug']);
$category = Category::create($input);
Extend::process('category', $category->id);
Notify::success(__('categories.created'));
return Response::redirect('admin/categories');
});
/*
Delete Category
*/
Route::get('admin/categories/delete/(:num)', function ($id) {
$total = Category::count();
if ($total == 1) {
Notify::error(__('categories.delete_error'));
return Response::redirect('admin/categories/edit/' . $id);
}
// move posts
$category = Category::where('id', '<>', $id)->fetch();
// delete selected
Category::find($id)->delete();
// update posts
Post::where('category', '=', $id)->update(array('category' => $category->id));
Notify::success(__('categories.deleted'));
return Response::redirect('admin/categories');
});
});
function do_comment_construct()
{
$config = Config::get();
$speak = Config::speak();
if ($config->page_type === 'article') {
$comment_id = 'comment-%d';
// Your comment ID
$comment_form_id = 'comment-form';
// Your comment form ID
$article = isset($config->article->path) ? $config->article : false;
$G = array('data' => array('article' => Mecha::A($article), 'comment_id' => $comment_id, 'comment_form_id' => $comment_form_id));
if ($article !== false && ($request = Request::post())) {
if ($task = File::exist(SHIELD . DS . $config->shield . DS . 'workers' . DS . 'task.comment.php')) {
require $task;
// Custom comment constructor
} else {
// Check token
Guardian::checkToken($request['token'], $article->url . '#' . $comment_form_id);
$extension = $config->comments->moderation && !Guardian::happy() ? '.hold' : '.txt';
// Check name
if (trim($request['name']) === "") {
Notify::error(Config::speak('notify_error_empty_field', $speak->name));
}
// Check email
if (trim($request['email']) !== "") {
if (!Guardian::check($request['email'], '->email')) {
Notify::error($speak->notify_invalid_email);
} else {
// Disallow passenger(s) from entering your email address in the comment email field
if (!Guardian::happy() && $request['email'] === $config->author->email) {
Notify::warning(Config::speak('notify_warning_forbidden_input', array('<em>' . $request['email'] . '</em>', strtolower($speak->email))));
}
}
} else {
Notify::error(Config::speak('notify_error_empty_field', $speak->email));
}
// Check URL
if (trim($request['url']) !== "" && !Guardian::check($request['url'], '->url')) {
Notify::error($speak->notify_invalid_url);
}
// Check message
if (trim($request['message']) === "") {
Notify::error(Config::speak('notify_error_empty_field', $speak->message));
}
// Check challenge
if (!Guardian::checkMath($request['math'])) {
Notify::error($speak->notify_invalid_math_answer);
}
// Check name length
if (Guardian::check($request['name'], '->too_long', 100)) {
Notify::error(Config::speak('notify_error_too_long', $speak->name));
}
// Check email length
if (Guardian::check($request['email'], '->too_long', 100)) {
Notify::error(Config::speak('notify_error_too_long', $speak->email));
}
// Check URL length
if (Guardian::check($request['url'], '->too_long', 100)) {
Notify::error(Config::speak('notify_error_too_long', $speak->url));
}
// Check message length
if (Guardian::check($request['message'], '->too_long', 1700)) {
Notify::error(Config::speak('notify_error_too_long', $speak->message));
}
// Check for spam keyword(s) in comment
$fucking_words = explode(',', $config->keywords_spam);
foreach ($fucking_words as $spam) {
if ($f**k = trim($spam)) {
if ($request['email'] === $f**k || strpos(strtolower($request['message']), strtolower($f**k)) !== false) {
Notify::warning($speak->notify_warning_intruder_detected . ' <strong class="text-error pull-right">' . $f**k . '</strong>');
break;
}
}
}
if (!Notify::errors()) {
$post = Date::slug($article->time);
$id = (int) time();
$parent = Request::post('parent');
$P = array('data' => $request);
$P['data']['id'] = $id;
$name = strip_tags($request['name']);
$email = Text::parse($request['email'], '->broken_entity');
$url = isset($request['url']) && trim($request['url']) !== "" ? $request['url'] : false;
$parser = strip_tags(Request::post('content_type', $config->html_parser->active));
$message = Text::parse($request['message'], '->text', WISE_CELL . '<img>', false);
$field = Request::post('fields', array());
include File::D(__DIR__, 2) . DS . 'task.fields.php';
// Temporarily disallow image(s) in comment to prevent XSS
$message = preg_replace('#<img(\\s[^<>]*?)>#i', '<img$1>', $message);
Page::header(array('Name' => $name, 'Email' => $email, 'URL' => $url, 'Status' => Guardian::happy() ? 1 : 2, 'Content Type' => $parser, 'Fields' => !empty($field) ? Text::parse($field, '->encoded_json') : false))->content($message)->saveTo(COMMENT . DS . $post . '_' . Date::slug($id) . '_' . ($parent ? Date::slug($parent) : '0000-00-00-00-00-00') . $extension);
Notify::success(Config::speak('notify_success_submitted', $speak->comment));
if ($extension === '.hold') {
Notify::info($speak->notify_info_comment_moderation);
}
Weapon::fire(array('on_comment_update', 'on_comment_construct'), array($G, $P));
Guardian::kick($config->url_current . $config->ur_query . (!Guardian::happy() && $config->comments->moderation ? '#' . $comment_form_id : '#' . sprintf($comment_id, Date::format($id, 'U'))));
} else {
Guardian::kick($config->url_current . $config->url_query . '#' . $comment_form_id);
}
}
}
}
}
<?php
/**
* Error Log
* ---------
*/
Route::accept($config->manager->slug . '/error', function () use($config, $speak) {
Config::set(array('page_title' => $speak->errors . $config->title_separator . $config->manager->title, 'cargo' => 'cargo.error.php'));
Shield::lot(array('segment' => 'error', 'content' => File::open(ini_get('error_log'))->read(false)))->attach('manager');
});
/**
* Error Log Killer
* ----------------
*/
Route::accept($config->manager->slug . '/error/kill', function () use($config, $speak) {
if (!Guardian::happy(1)) {
Shield::abort();
}
$errors = LOG . DS . 'errors.log';
$G = array('data' => array('content' => File::open($errors)->read()));
File::open($errors)->delete();
Weapon::fire('on_error_destruct', array($G, $G));
Notify::success(Config::speak('notify_success_deleted', $speak->file));
Guardian::kick(File::D($config->url_current));
});
if ($errors = $validator->errors()) {
Input::flash();
Notify::error($errors);
return Response::redirect($posts_page->slug . '/' . $slug . '#comment');
}
$input['post'] = Post::slug($slug)->id;
$input['date'] = Date::mysql('now');
$input['status'] = Config::meta('auto_published_comments') ? 'approved' : 'pending';
// remove bad tags
$input['text'] = strip_tags($input['text'], '<a>,<b>,<blockquote>,<code>,<em>,<i>,<p>,<pre>');
// check if the comment is possibly spam
if ($spam = Comment::spam($input)) {
$input['status'] = 'spam';
}
$comment = Comment::create($input);
Notify::success(__('comments.created'));
// dont notify if we have marked as spam
if (!$spam and Config::meta('comment_notifications')) {
$comment->notify();
}
return Response::redirect($posts_page->slug . '/' . $slug . '#comment');
});
/**
* Rss feed
*/
Route::get(array('rss', 'feeds/rss'), function () {
$uri = 'http://' . $_SERVER['HTTP_HOST'];
$rss = new Rss(Config::meta('sitename'), Config::meta('description'), $uri, Config::app('language'));
$query = Post::where('status', '=', 'published')->sort(Base::table('posts.created'), 'desc');
foreach ($query->get() as $article) {
$rss->item($article->title, Uri::full(Registry::get('posts_page')->slug . '/' . $article->slug), $article->description, $article->created);
} else {
Notify::warning(Config::speak('notify_confirm_delete_', $path ? '<code>' . File::path($path) . '</code>' : '<strong>' . $info['title'] . '</strong>'));
}
Shield::lot(array('segment' => 'shield', 'the_shield' => $folder, 'the_name' => $path, 'the_info' => $info))->attach('manager', false);
});
/**
* Shield Attacher
* ---------------
*/
Route::accept($config->manager->slug . '/shield/(attach|eject)/id:(:any)', function ($path = "", $slug = "") use($config, $speak) {
$new_config = Get::state_config();
$new_config['shield'] = $path === 'attach' ? $slug : 'normal';
File::serialize($new_config)->saveTo(STATE . DS . 'config.txt', 0600);
$G = array('data' => array('id' => $slug, 'action' => $path));
$mode = $path === 'eject' ? 'eject' : 'mount';
Notify::success(Config::speak('notify_success_updated', $speak->shield));
Weapon::fire('on_shield_update', array($G, $G));
Weapon::fire('on_shield_' . $mode, array($G, $G));
Weapon::fire('on_shield_' . md5($slug) . '_update', array($G, $G));
Weapon::fire('on_shield_' . md5($slug) . '_' . $mode, array($G, $G));
foreach (glob(SYSTEM . DS . 'log' . DS . 'asset.*.log', GLOB_NOSORT) as $asset_cache) {
File::open($asset_cache)->delete();
}
Guardian::kick($config->manager->slug . '/shield/' . $slug);
});
/**
* Shield Backup
* -------------
*/
Route::accept($config->manager->slug . '/shield/backup/id:(:any)', function ($folder = "") use($config, $speak) {
$name = $folder . '.zip';
if (trim($request['name']) === "") {
$request['name'] = $id . '.txt';
// empty file name
}
$_path = Text::parse(sprintf($request['name'], $id), '->safe_path_name');
$e = File::E($_path, false);
if ($e !== 'txt' && $e !== 'php') {
$e = 'txt';
$_path .= '.txt';
}
$_path_ = File::path($_path);
$file = ASSET . DS . '__snippet' . DS . $e . DS . $_path;
if (File::exist($file)) {
// file already exists
Notify::error(Config::speak('notify_file_exist', '<code>' . $_path_ . '</code>'));
}
if (trim($request['content']) === "") {
// empty file content
Notify::error($speak->notify_error_content_empty);
}
if (!Notify::errors()) {
$recent = array_slice(File::open(CACHE . DS . 'plugin.snippet.cache')->unserialize(), 0, $config->per_page);
File::serialize(array_merge(array($_path), $recent))->saveTo(CACHE . DS . 'plugin.snippet.cache', 0600);
$url = $config->manager->slug . '/asset/repair/file:__snippet/' . $e . '/' . File::url($_path) . '?path=' . urlencode(rtrim('__snippet/' . $e . '/' . File::D(File::url($_path)), '/'));
File::write($request['content'])->saveTo($file, 0600);
Notify::success(Config::speak('notify_file_created', '<code>' . $_path_ . '</code>' . (!isset($request['redirect']) ? ' <a class="pull-right" href="' . $config->url . '/' . $url . '" target="_blank">' . Jot::icon('pencil') . ' ' . $speak->edit . '</a>' : "")));
Notify::info('<strong>' . $speak->shortcode . ':</strong> <code>{{' . ($e === 'php' ? 'include' : 'print') . ':' . str_replace('.' . $e . X, "", File::url($_path) . X) . '}}</code>');
Guardian::kick(isset($request['redirect']) ? $url : File::D($config->url_current));
}
Guardian::kick(File::D($config->url_current));
});
});
Route::post('admin/users/add', function () {
$input = Input::get(array('username', 'email', 'real_name', 'password', 'bio', 'status', 'role'));
$validator = new Validator($input);
$validator->check('username')->is_max(3, __('users.username_missing', 2));
$validator->check('email')->is_email(__('users.email_missing'));
$validator->check('password')->is_max(6, __('users.password_too_short', 6));
if ($errors = $validator->errors()) {
Input::flash();
Notify::error($errors);
return Response::redirect('admin/users/add');
}
$input['password'] = Hash::make($input['password']);
User::create($input);
Notify::success(__('users.created'));
return Response::redirect('admin/users');
});
/*
Delete user
*/
Route::get('admin/users/delete/(:num)', function ($id) {
$self = Auth::user();
if ($self->id == $id) {
Notify::error(__('users.delete_error'));
return Response::redirect('admin/users/edit/' . $id);
}
User::where('id', '=', $id)->delete();
Notify::success(__('users.deleted'));
return Response::redirect('admin/users');
});
});
/**
* Delete Import
*
* @return void
*/
public function removeTask()
{
// check token
Session::checkToken();
// get request vars
$ids = Request::getVar('id', array());
$ids = !is_array($ids) ? array($ids) : $ids;
// loop through all ids posted
$i = 0;
foreach ($ids as $id) {
// make sure we have an object
$import = Import::oneOrFail($id);
if (!$import->get('id')) {
continue;
}
// attempt to delete import
if (!$import->destroy()) {
Notify::error($import->getError());
continue;
}
$i++;
}
if ($i) {
Notify::success(Lang::txt('COM_MEMBERS_IMPORT_REMOVED'));
}
//inform user & redirect
$this->cancelTask();
}
