/** * Method to catch the onAfterInitialise event. * * @return boolean True on success * */ public function onAfterInitialise() { $input = JFactory::getApplication()->input; $task = $input->get('task', $input->get('typeaheadtask', '', 'cmd'), 'cmd'); // in frontend SEF if ($task != "gwejson") { return true; } $file = $input->get('file', '', 'cmd'); // Library file MUST start with "gwejson_" for security reasons to stop other files being included maliciously if ($file == "") { return true; } if (strpos($file, "gwejson_") !== 0) { $file = "gwejson_" . $file; } $path = $input->get('path', 'site', 'cmd'); $paths = array("site" => JPATH_SITE, "admin" => JPATH_ADMINISTRATOR, "plugin" => JPATH_SITE . "/plugins", "module" => JPATH_SITE . "/modules"); if (!in_array($path, array_keys($paths))) { return true; } $folder = $input->get('folder', '', 'string'); if ($path == "plugin") { $plugin = $input->get('plugin', '', 'string'); if ($folder == "" || $plugin == "") { return true; } $path = $paths[$path] . "/{$folder}/{$plugin}/"; } else { if ($path == "module") { if ($folder == "") { return true; } $path = $paths[$path] . "/{$folder}/"; } else { $extension = $input->get('option', $input->get('ttoption', '', 'cmd'), 'cmd'); if ($extension == "") { return true; } if ($folder == "") { $path = $paths[$path] . "/components/{$extension}/libraries/"; } else { $path = $paths[$path] . "/components/{$extension}/{$folder}/"; } } } jimport('joomla.filesystem.file'); if (!JFile::exists($path . $file . ".php")) { return true; } include_once $path . $file . ".php"; if (!function_exists("gwejson_skiptoken") || !gwejson_skiptoken()) { $token = JSession::getFormToken(); if ($token != $input->get('token', '', 'string')) { PlgSystemGwejson::throwerror("There was an error - bad token. Please refresh the page and try again."); } } // we don't want any modules etc. //$input->set('tmpl', 'component'); $input->set('format', 'json'); ini_set("display_errors", 0); // When setting typeahead in the post it overrides the GET value which the prepare function doesn't replace for some reason :( if ($input->get('typeahead', '', 'string') != "" || $input->get('prefetch', 0, 'int')) { try { $requestObject = new stdClass(); $requestObject->typeahead = $input->get('typeahead', '', 'string'); $data = null; $data = ProcessJsonRequest($requestObject, $data); } catch (Exception $e) { //PlgSystemGwejson::throwerror("There was an exception ".$e->getMessage()." ".var_export($e->getTrace())); PlgSystemGwejson::throwerror("There was an exception " . $e->getMessage()); } } else { if ($input->get('json', '', 'raw')) { // Create JSON data structure $data = new stdClass(); $data->error = 0; $data->result = "ERROR"; $data->user = ""; $requestData = $input->get('json', '', 'raw'); if (isset($requestData)) { try { if (ini_get("magic_quotes_gpc")) { $requestData = stripslashes($requestData); } $requestObject = json_decode($requestData, 0); if (!$requestObject) { $requestObject = json_decode(utf8_encode($requestData), 0); } } catch (Exception $e) { PlgSystemGwejson::throwerror("There was an exception"); } if (!$requestObject) { //file_put_contents(dirname(__FILE__) . "/cache/error.txt", var_export($requestData, true)); PlgSystemGwejson::throwerror("There was an error - no request object "); } else { if ($requestObject->error) { PlgSystemGwejson::throwerror("There was an error - Request object error " . $requestObject->error); } else { try { $data = ProcessJsonRequest($requestObject, $data); } catch (Exception $e) { //PlgSystemGwejson::throwerror("There was an exception ".$e->getMessage()." ".var_export($e->getTrace())); PlgSystemGwejson::throwerror("There was an exception " . $e->getMessage()); } } } } else { PlgSystemGwejson::throwerror("Invalid Input"); } } else { PlgSystemGwejson::throwerror("There was an error - no request data"); } } header("Content-Type: application/javascript; charset=utf-8"); if (is_object($data)) { if (defined('_SC_START')) { list($usec, $sec) = explode(" ", microtime()); $time_end = (double) $usec + (double) $sec; $data->timing = round($time_end - _SC_START, 4); } else { $data->timing = 0; } } // Must suppress any error messages @ob_end_clean(); echo json_encode($data); exit; }
function simulateSaveRepeat($requestObject) { include_once JPATH_SITE . "/components/com_jevents/jevents.defines.php"; if (!JEVHelper::isEventCreator()) { PlgSystemGwejson::throwerror(JText::_('ALERTNOTAUTH')); } // Convert formdata to array $formdata = array(); foreach (get_object_vars($requestObject->formdata) as $k => $v) { $k = str_replace("[]", "", $k); $formdata[$k] = $v; } //$array = JRequest::_cleanVar($formdata, JREQUEST_ALLOWHTML); $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1); $array = $safeHtmlFilter->clean($formdata, null); if (!array_key_exists("rp_id", $array) || intval($array["rp_id"]) <= 0) { PlgSystemGwejson::throwerror(JText::_("Not a repeat", true)); } $rp_id = intval($array["rp_id"]); $dataModel = new JEventsDataModel("JEventsAdminDBModel"); $queryModel = new JEventsDBModel($dataModel); // I should be able to do this in one operation but that can come later $event = $queryModel->listEventsById(intval($rp_id), 1, "icaldb"); if (!JEVHelper::canEditEvent($event)) { PlgSystemGwejson::throwerror(JText::_('ALERTNOTAUTH')); } $db = JFactory::getDBO(); $rpt = new iCalRepetition($db); $rpt->load($rp_id); $query = "SELECT detail_id FROM #__jevents_vevent WHERE ev_id={$rpt->eventid}"; $db->setQuery($query); $eventdetailid = $db->loadResult(); $data["UID"] = valueIfExists($array, "uid", md5(uniqid(rand(), true))); $data["X-EXTRAINFO"] = valueIfExists($array, "extra_info", ""); $data["LOCATION"] = valueIfExists($array, "location", ""); $data["allDayEvent"] = valueIfExists($array, "allDayEvent", "off"); $data["CONTACT"] = valueIfExists($array, "contact_info", ""); // allow raw HTML (mask =2) $data["DESCRIPTION"] = valueIfExists($array, "jevcontent", "", 'request', 'html', 2); $data["publish_down"] = valueIfExists($array, "publish_down", "2006-12-12"); $data["publish_up"] = valueIfExists($array, "publish_up", "2006-12-12"); if (isset($array["publish_down2"]) && $array["publish_down2"]) { $data["publish_down"] = $array["publish_down2"]; } if (isset($array["publish_up2"]) && $array["publish_up2"]) { $data["publish_up"] = $array["publish_up2"]; } $interval = valueIfExists($array, "rinterval", 1); $data["SUMMARY"] = valueIfExists($array, "title", ""); $data["MULTIDAY"] = intval(valueIfExists($array, "multiday", "1")); $data["NOENDTIME"] = intval(valueIfExists($array, "noendtime", 0)); $ics_id = valueIfExists($array, "ics_id", 0); if ($data["allDayEvent"] == "on") { $start_time = "00:00"; } else { $start_time = valueIfExists($array, "start_time", "08:00"); } $publishstart = $data["publish_up"] . ' ' . $start_time . ':00'; $data["DTSTART"] = JevDate::strtotime($publishstart); if ($data["allDayEvent"] == "on") { $end_time = "23:59"; $publishend = $data["publish_down"] . ' ' . $end_time . ':59'; } else { $end_time = valueIfExists($array, "end_time", "15:00"); $publishend = $data["publish_down"] . ' ' . $end_time . ':00'; } $data["DTEND"] = JevDate::strtotime($publishend); // iCal for whole day uses 00:00:00 on the next day JEvents uses 23:59:59 on the same day list($h, $m, $s) = explode(":", $end_time . ':00'); if ($h + $m + $s == 0 && $data["allDayEvent"] == "on" && $data["DTEND"] > $data["DTSTART"]) { $publishend = JevDate::strftime('%Y-%m-%d 23:59:59', $data["DTEND"] - 86400); $data["DTEND"] = JevDate::strtotime($publishend); } $data["X-COLOR"] = valueIfExists($array, "color", ""); // Add any custom fields into $data array foreach ($array as $key => $value) { if (strpos($key, "custom_") === 0) { $data[$key] = $value; } } // populate rpt with data $start = $data["DTSTART"]; $end = $data["DTEND"]; $rpt->startrepeat = JevDate::strftime('%Y-%m-%d %H:%M:%S', $start); $rpt->endrepeat = JevDate::strftime('%Y-%m-%d %H:%M:%S', $end); $rpt->duplicatecheck = md5($rpt->eventid . $start); $rpt->rp_id = $rp_id; $rpt->event = $event; return $rpt; }
/** * @copyright Copyright (C) 2015-2015 GWE Systems Ltd. All rights reserved. * @license By negoriation with author via http://www.gwesystems.com */ function ProcessJsonRequest(&$requestObject, $returnData) { $returnData->titles = array(); $returnData->exactmatch = false; ini_set("display_errors", 0); include_once JPATH_SITE . "/components/com_jevents/jevents.defines.php"; $token = JSession::getFormToken(); if (isset($requestObject->token) && $requestObject->token != $token || JFactory::getApplication()->input->get('token', '', 'string') != $token) { PlgSystemGwejson::throwerror("There was an error - bad token. Please refresh the page and try again."); } $user = JFactory::getUser(); if ($user->id == 0) { PlgSystemGwejson::throwerror("There was an error"); } // If user is jevents can deleteall or has backend access then allow them to specify the creator $jevuser = JEVHelper::getAuthorisedUser(); $user = JFactory::getUser(); //$access = JAccess::check($user->id, "core.deleteall", "com_jevents"); $access = $user->authorise('core.admin', 'com_jevents') || $user->authorise('core.deleteall', 'com_jevents'); $db = JFactory::getDBO(); if (!($jevuser && $jevuser->candeleteall) && !$access) { PlgSystemGwejson::throwerror("There was an error - no access"); } if ($requestObject->error) { return "Error"; } if (isset($requestObject->typeahead) && trim($requestObject->typeahead) !== "") { $returnData->result = "title is " . $requestObject->typeahead; } else { PlgSystemGwejson::throwerror("There was an error - no valid argument"); } $db = JFactory::getDBO(); $title = JFilterInput::getInstance()->clean($requestObject->typeahead, "string"); $text = $db->Quote('%' . $db->escape($title, true) . '%', false); // Remove any dodgy characters from fields // Only allow a to z , 0 to 9, ', " space (\\040), hyphen (\\-), underscore (\\_) /* $regex = '/[^a-zA-Z0-9_\'\"\'\\40\\-\\_]/'; $title = preg_replace($regex, "", $title); $title = JString::substr($title." ",0,4); */ if (trim($title) == "" && trim($title) == "") { PlgSystemGwejson::throwerror("There was an error - no valid argument"); } $params = JComponentHelper::getParams(JEV_COM_COMPONENT); $authorisedonly = $params->get("authorisedonly", 0); // if authorised only then load from database if ($authorisedonly) { $sql = "SELECT ju.* FROM #__jev_users AS tl "; $sql .= " LEFT JOIN #__users as ju ON tl.user_id=ju.id "; $sql .= " WHERE tl.cancreate=1 and ju.username LIKE ({$text}) OR ju.name LIKE ({$text}) "; $sql .= " ORDER BY ju.name ASC"; $sql .= " LIMIT 500"; $db->setQuery($sql); $matches = $db->loadObjectList(); } else { $rules = JAccess::getAssetRules("com_jevents", true); $creatorgroups = $rules->getData(); // need to merge the arrays because of stupid way Joomla checks super user permissions //$creatorgroups = array_merge($creatorgroups["core.admin"]->getData(), $creatorgroups["core.create"]->getData()); // use union orf arrays sincee getData no longer has string keys in the resultant array //$creatorgroups = $creatorgroups["core.admin"]->getData()+ $creatorgroups["core.create"]->getData(); // use union orf arrays sincee getData no longer has string keys in the resultant array $creatorgroupsdata = $creatorgroups["core.admin"]->getData(); // take the higher permission setting foreach ($creatorgroups["core.create"]->getData() as $creatorgroup => $permission) { if ($permission) { $creatorgroupsdata[$creatorgroup] = $permission; } } $userids = array(0); foreach ($creatorgroupsdata as $creatorgroup => $permission) { if ($permission == 1) { $userids = array_merge(JAccess::getUsersByGroup($creatorgroup, true), $userids); } } $sql = "SELECT * FROM #__users " . "where id IN (" . implode(",", array_values($userids)) . ") and username LIKE ({$text}) OR name LIKE ({$text}) and block=0 " . "ORDER BY name asc LIMIT 500"; $db->setQuery($sql); $matches = $db->loadObjectList(); } if (count($matches) == 0) { $returnData = array(); } else { $returnData = array(); foreach ($matches as $match) { $result = new stdClass(); $result->title = $match->name . " (" . $match->username . ")"; $result->creator_id = $match->id; $returnData[] = $result; } } return $returnData; }