function _save($params)
 {
     $this->action = 'index';
     $isNew = Sanitize::getInt($this->data['FieldOption'], 'optionid') ? false : true;
     $text = Sanitize::getString($this->data['FieldOption'], 'text');
     $value = Sanitize::stripAll($this->data['FieldOption'], 'value');
     $field_id = Sanitize::getInt($this->data['FieldOption'], 'fieldid');
     $location = Sanitize::getString($this->data, 'location', 'content');
     $limit = $this->limit;
     $limitstart = $this->offset;
     $total = 0;
     // Begin validation
     $validation_ids = array();
     $text == '' and $validation_ids[] = "option_text";
     $value == '' and $validation_ids[] = "option_value";
     if (!empty($validation_ids)) {
         return json_encode(compact('validation_ids'));
     }
     // Begin save
     $result = $this->FieldOption->save($this->data);
     if ($result != 'success') {
         $msg = "An option with this value already exists for this field.";
         return $this->ajaxError($msg);
     }
     // Begin update display
     $option_id = $this->data['FieldOption']['optionid'];
     $field_id = $this->data['FieldOption']['fieldid'];
     $rows = $this->FieldOption->getList($field_id, $limitstart, $limit, $total);
     $this->_db->setQuery("\n            SELECT \n                fieldid,type,name,title,groupid,location \n            FROM \n                #__jreviews_fields \n            WHERE \n                fieldid = " . $field_id);
     $field = current($this->_db->loadAssocList());
     // Reloads the whole list to display the new/updated record
     $page = Sanitize::stripWhitespace($this->listViewTable($rows, $total, $field));
     $action = 'success';
     return json_encode(compact('action', 'page', 'option_id'));
 }
Ejemplo n.º 2
0
 function _addOption()
 {
     $this->autoRender = false;
     $this->autoLayout = false;
     $response = array();
     $option = $this->data['FieldOption']['text'] = Sanitize::getString($this->data, 'text');
     $value = $this->data['FieldOption']['value'] = Sanitize::stripAll($this->data, 'text');
     $fieldid = $this->data['FieldOption']['fieldid'] = Sanitize::getInt($this->data, 'field_id');
     $fieldName = Sanitize::getString($this->data, 'name');
     // Begin validation
     if ($value == '') {
         $validation = __t("The field is empty.", true);
         $response[] = "jQuery('#jr_fieldOption{$fieldid}').siblings('.jr_loadingSmall').after('<span class=\"jr_validation\">&nbsp;" . $validation . "</span>');";
         return $this->ajaxResponse($response);
     }
     // Save
     $result = $this->FieldOption->save($this->data);
     switch ($result) {
         case 'success':
             // Begin update display
             $option = $this->data['FieldOption']['text'];
             $value = $this->data['FieldOption']['value'];
             $response = "\n                        jQuery('#{$fieldName}').addOption('{$value}','" . addslashes($option) . "');\n                        jQuery('#jr_fieldOption{$fieldid}').val('');            \n                        jQuery('#submitButton{$fieldid}').removeAttr('disabled');\n                    ";
             return $this->ajaxResponse($response);
         case 'duplicate':
             $validation = sprintf(__t("%s already exists", true), $value);
             break;
         case 'db_error':
             $validation = s2Messages::submitErrorGeneric();
             break;
     }
     $response[] = "jQuery('#{$fieldName}').selectOptions('" . addslashes($option) . "');";
     $response[] = "jQuery('#jr_fieldOption{$fieldid}').siblings('.jr_loadingSmall').after('<span class=\"jr_validation\">&nbsp;" . $validation . "</span>');";
     return $this->ajaxResponse($response);
 }
 public function tmp1()
 {
     $this->modelClass = null;
     if ($this->request->data) {
         $result = Sanitize::stripAll($this->request->data['text1']);
     } else {
         $result = "no data.";
     }
     $this->set("result", $result);
 }
 public function search()
 {
     if ($this->request->is('post')) {
         $date = Sanitize::stripAll($this->request->data["SanmaData"]['date']);
         $company = Sanitize::stripAll($this->request->data['SanmaData']['company']);
         $person_c = Sanitize::stripAll($this->request->data['SanmaData']['person_c']);
         $contact = Sanitize::stripAll($this->request->data['SanmaData']['contact']);
         $person_m = Sanitize::stripAll($this->request->data['SanmaData']['person_m']);
         $this->redirect("./table/" . $company . "/" . $person_c . "/" . $contact . "/" . $person_m);
     } else {
         $result = "no data.";
     }
     $this->set("result", $result);
 }
 public function index()
 {
     $details = false;
     $mstr = @$this->request->query['mstr'];
     $mid = @$this->request->query['mid'];
     $kod = @$this->request->query['kod'];
     $this->set('mstr', $mstr);
     $this->set('mid', $mid);
     $this->set('kod', $kod);
     if ($kod) {
         $code = $this->Dataobject->find('all', array('conditions' => array('dataset' => 'kody_pocztowe', 'kody_pocztowe.kod' => $kod)));
         if ($code && $code[0]) {
             return $this->redirect('/dane/kody_pocztowe/' . $code[0]->getId());
         } else {
             $this->Session->setFlash('Podany kod pocztowy nie zostały odnaleziony');
         }
     } elseif ($mid) {
         $details = true;
         $miejscowosc = $this->API->Dane()->getObject('miejscowosci', $mid);
         $this->set('miejscowosc', $miejscowosc->getData());
         $ustr = @$this->request->query['ustr'];
         $this->set('ustr', $ustr);
         if ($miejscowosc) {
             $this->addStatusbarCrumb(array('text' => $miejscowosc->getData('nazwa')));
             $adresy = $this->API->searchAddresses($miejscowosc->getId(), $ustr);
             $this->set('adresy', $adresy);
         }
     } elseif ($mstr) {
         $details = true;
         $this->paginate = array('conditions' => array('dataset' => 'miejscowosci', 'q' => Sanitize::stripAll($mstr)), 'paramType' => 'querystring');
         $miejscowosci = $this->Paginator->paginate('Dataobject');
         $pagination = $this->Dataobject->pagination;
         $total = $this->Dataobject->total;
         if (!$total) {
             $this->Session->setFlash('Podana miejscowość nie została odnaleziona');
         } elseif ($total === 1 && ($mid = $miejscowosci[0]['Dataobject']->object_id)) {
             $this->redirect('/kody_pocztowe?mstr=' . $mstr . '&mid=' . $mid);
         } else {
             $this->set('miejscowosci', $miejscowosci);
         }
         $this->set(compact('pagination', 'total'));
     }
     $this->set('details', $details);
     $application = $this->getApplication();
     $this->set('title_for_layout', $application['name']);
 }
Ejemplo n.º 6
0
 /**
  * testStripAll method
  *
  * @return void
  */
 public function testStripAll()
 {
     $string = '<img """><script>alert("xss")</script>"/>';
     $expected = '"/>';
     $result = Sanitize::stripAll($string);
     $this->assertEquals($expected, $result);
     $string = '<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>';
     $expected = '';
     $result = Sanitize::stripAll($string);
     $this->assertEquals($expected, $result);
     $string = '<<script>alert("XSS");//<</script>';
     $expected = '<';
     $result = Sanitize::stripAll($string);
     $this->assertEquals($expected, $result);
     $string = '<img src="http://google.com/images/logo.gif" onload="window.location=\'http://sam.com/\'" />' . "\n" . "<p>This is ok      \t\n   text</p>\n" . '<link rel="stylesheet" href="/css/master.css" type="text/css" media="screen" title="my sheet" charset="utf-8">' . "\n" . '<script src="xss.js" type="text/javascript" charset="utf-8"></script>';
     $expected = '<p>This is ok text</p>';
     $result = Sanitize::stripAll($string);
     $this->assertEquals($expected, $result);
 }
Ejemplo n.º 7
0
 /**
  * [ADMIN] 検索インデックス登録
  * 
  * TODO 2013/8/8 ryuring
  * この機能は、URLより、baserCMSで管理されたコンテンツのタイトルとコンテンツ本体を取得し、検索インデックスに登録する為の機能だったが、
  * CakePHP2より、Viewの扱いが変更となった(ClassRegistryで管理されなくなった)為、requestAction 時のタイトルを取得できなくなった。
  * よって機能自体を一旦廃止する事とする。
  * 実装の際は、自動取得ではなく、手動で、タイトルとコンテンツ本体等を取得する仕様に変更する。
  * 
  * @return	void
  * @access 	public
  */
 public function admin_add()
 {
     $this->pageTitle = '検索インデックス登録';
     if ($this->request->data) {
         $url = $this->request->data['Content']['url'];
         $url = str_replace(FULL_BASE_URL . $this->request->base, '', $url);
         if (!$this->Content->find('count', array('conditions' => array('Content.url' => $url)))) {
             // ルーティングのデフォルト設定を再読み込み(requestActionでルーティング設定がダブって登録されてしまう為)
             Router::reload();
             // URLのデータを取得
             try {
                 $content = $this->requestAction($url, array('return' => 1));
             } catch (Exception $e) {
                 $content = $e;
             }
             Router::reload();
             // 元の設定を復元
             Router::setRequestInfo($this->request);
             if (!is_a($content, 'Exception')) {
                 $content = preg_replace('/<!-- BaserPageTagBegin -->.*?<!-- BaserPageTagEnd -->/is', '', $content);
             } elseif (preg_match('/\\.html/', $url)) {
                 App::uses('HttpSocket', 'Network/Http');
                 $socket = new HttpSocket();
                 // ※ Router::url() では、スマートURLオフの場合、/app/webroot/ 内のURLが正常に取得できない
                 $HttpSocketResponse = $socket->get(siteUrl() . preg_replace('/^\\//', '', $url));
                 $code = $HttpSocketResponse->code;
                 if ($code != 200) {
                     unset($content);
                 } else {
                     if (preg_match('/<body>(.*?)<\\/body>/is', $HttpSocketResponse->body, $matches)) {
                         $content = $matches[1];
                     } else {
                         $content = '';
                     }
                 }
             } else {
                 unset($content);
             }
             if (isset($content)) {
                 $content = Sanitize::stripAll($content);
                 $content = strip_tags($content);
                 $data = array('Content' => array('title' => $this->request->data['Content']['title'], 'detail' => $content, 'url' => $url, 'type' => 'その他', 'status' => true, 'priority' => 0.5));
                 $this->Content->create($data);
                 if ($this->Content->save()) {
                     $this->setMessage('検索インデックスに ' . $url . ' を追加しました。');
                     $this->redirect(array('action' => 'index'));
                 } else {
                     $this->setMessage('保存中にエラーが発生しました。', true);
                 }
             } else {
                 $this->Content->invalidate('url', '入力したURLは存在しないか、検索インデックスに登録できるURLではありません。');
                 $this->setMessage('保存中にエラーが発生しました。', true);
             }
         } else {
             $this->Content->invalidate('url', '既に登録済のURLです。');
             $this->setMessage('入力エラーです。内容を修正してください。', true);
         }
     }
     $this->help = 'contents_add';
 }
Ejemplo n.º 8
0
 function onBeforeDisplayContent(&$article, &$params)
 {
     if (!class_exists('cmsFramework')) {
         return;
     }
     // Make sure this is a Joomla article page
     $option = Sanitize::getString($_REQUEST, 'option', '');
     $view = Sanitize::getString($_REQUEST, 'view', '');
     $layout = Sanitize::getString($_REQUEST, 'layout', '');
     $id = Sanitize::getInt($_REQUEST, 'id');
     if (!($option == 'com_content' && $view == 'article' && $id)) {
         return;
     }
     /**
      * Retrieve $listing array from memory 
      */
     $_this =& cmsFramework::getInstance();
     $Config = Configure::read('JreviewsSystem.Config');
     $title = trim(Sanitize::getString($Config, 'type_metatitle'));
     $keywords = trim(Sanitize::getString($Config, 'type_metakey'));
     $description = trim(Sanitize::getString($Config, 'type_metadesc'));
     $listing =& $_this->listing;
     // Has all the data that's also available in the detail.thtml theme file so you can create any sort of conditionals with it
     if ($title != '' || $keywords != '' || $description != '') {
         if (isset($_this->listing) && is_array($_this->listing)) {
             // Instantiate the CustomFields helper class
             $CustomFields =& RegisterClass::getInstance('CustomFieldsHelper');
             // Get and process all tags
             $tags = plgContentJreviews::extractTags($title . $keywords . $description);
             $tags_array = array();
             foreach ($tags as $tag) {
                 switch ($tag) {
                     case 'title':
                         $tags_array['{title}'] = Sanitize::stripAll($listing['Listing'], 'title');
                         break;
                     case 'section':
                         $tags_array['{section}'] = Sanitize::stripAll($listing['Section'], 'title');
                         break;
                     case 'category':
                         $tags_array['{category}'] = Sanitize::stripAll($listing['Category'], 'title');
                         break;
                     case 'metakey':
                         $tags_array['{metakey}'] = Sanitize::stripAll($listing['Listing'], 'metakey');
                         break;
                     case 'metadesc':
                         $tags_array['{metadesc}'] = Sanitize::stripAll($listing['Listing'], 'metadesc');
                         break;
                     default:
                         if (substr($tag, 0, 3) == 'jr_') {
                             $field = $CustomFields->fieldText($tag, $listing, false, false, ',');
                             $tags_array['{' . $tag . '}'] = !empty($field) ? $field : '';
                         }
                         break;
                 }
             }
             # Process title
             $title != '' and $title = str_replace(array_keys($tags_array), $tags_array, $title) and cmsFramework::meta('title', $title);
             # Process description
             $description != '' and $description = str_replace(array_keys($tags_array), $tags_array, $description) and cmsFramework::meta('description', $description);
             # Process keywords
             $keywords != '' and $keywords = str_replace(array_keys($tags_array), $tags_array, $keywords) and cmsFramework::meta('keywords', $keywords);
         }
     } elseif (isset($article->parameters) && $article->parameters->get('show_page_title') && $article->parameters->get('num_leading_articles') == '' && $article->parameters->get('filter_type') == '') {
         $title = $article->parameters->get('page_title');
         $title != '' and cmsFramework::meta('title', $title);
     }
     if (isset($_this->crumbs) && !empty($_this->crumbs)) {
         cmsFramework::setPathway($_this->crumbs);
     }
     unset($_this);
 }
Ejemplo n.º 9
0
 /**
  * [ADMIN] 検索インデックス登録
  * 
  * @return	void
  * @access 	public
  */
 function admin_add()
 {
     $this->pageTitle = '検索インデックス コンテンツ登録';
     if ($this->data) {
         $url = $this->data['Content']['url'];
         $url = str_replace(FULL_BASE_URL . $this->base, '', $url);
         if (!$this->Content->find('count', array('conditions' => array('Content.url' => $url)))) {
             // ルーティングのデフォルト設定を再読み込み(requestActionでルーティング設定がダブって登録されてしまう為)
             Router::reload();
             // URLのデータを取得
             $content = $this->requestAction($url, array('return' => 1));
             $View =& ClassRegistry::getObject('View');
             // requestActionでインスタンス化されたViewを削除
             // (管理システムではなく公開ページのView情報になっている可能性がある為)
             ClassRegistry::removeObject('View');
             // ルーティングのデフォルト設定を再読み込み(元の設定に復元する為)
             Router::reload();
             // 元の設定を復元
             Router::setRequestInfo(array($this->params, array('base' => $this->base, 'webroot' => $this->webroot)));
             $title = '';
             if (!is_a($content, 'ErrorHandler')) {
                 $content = preg_replace('/<!-- BaserPageTagBegin -->.*?<!-- BaserPageTagEnd -->/is', '', $content);
                 $title = $View->pageTitle;
             } elseif (preg_match('/\\.html/', $url)) {
                 App::import('Core', 'HttpSocket');
                 $socket = new HttpSocket();
                 // ※ Router::url() では、スマートURLオフの場合、/app/webroot/ 内のURLが正常に取得できない
                 $content = $socket->get(siteUrl() . $url);
                 $code = $socket->response['status']['code'];
                 if ($code != 200) {
                     unset($content);
                 } else {
                     if (preg_match('/<title>([^<]+)<\\/title>/', $content, $matches)) {
                         $title = $matches[1];
                         $content = preg_replace('/<title>[^<]+<\\/title>/', '', $content);
                     }
                 }
             } else {
                 unset($content);
             }
             if (isset($content)) {
                 $content = Sanitize::stripAll($content);
                 $content = strip_tags($content);
                 $data = array('Content' => array('title' => $title, 'detail' => $content, 'url' => $url, 'type' => 'その他', 'status' => true, 'priority' => 0.5));
                 $this->Content->create($data);
                 if ($this->Content->save()) {
                     $this->Session->setFlash('検索インデックスに ' . $url . ' を追加しました。');
                     $this->redirect('index');
                 } else {
                     $this->Session->setFlash('保存中にエラーが発生しました。');
                 }
             } else {
                 $this->Content->invalidate('url', '入力したURLは存在しないか、検索インデックスに登録できるURLではありません。');
                 $this->Session->setFlash('保存中にエラーが発生しました。');
             }
         } else {
             $this->Content->invalidate('url', '既に登録済のURLです。');
             $this->Session->setFlash('入力エラーです。内容を修正してください。');
         }
     }
 }
Ejemplo n.º 10
0
 function _save()
 {
     /*******************************************************************
      * This method is processed inside an iframe
      * To access any of the DOM elements via jQuery it's necessary to prepend
      * all jQuery calls with $parentFrame (i.e. $parentFrame.jQuery)
      ********************************************************************/
     $this->autoRender = false;
     $this->autoLayout = false;
     $response = array();
     $parentFrame = 'window.parent';
     $validation = '';
     $listing_id = Sanitize::getInt($this->data['Listing'], 'id', 0);
     $isNew = $this->Listing->isNew = $listing_id == 0 ? true : false;
     $this->data['email'] = Sanitize::getString($this->data, 'email');
     $this->data['name'] = Sanitize::getString($this->data, 'name');
     $this->data['categoryid_hidden'] = Sanitize::getInt($this->data['Listing'], 'categoryid_hidden');
     $cat_id = Sanitize::getVar($this->data['Listing'], 'catid');
     $this->data['Listing']['catid'] = is_array($cat_id) ? (int) array_pop(array_filter($cat_id)) : (int) $cat_id;
     /*J16*/
     $this->data['Listing']['title'] = Sanitize::getString($this->data['Listing'], 'title', '');
     $this->data['Listing']['created_by_alias'] = Sanitize::getString($this->data, 'name', '');
     if ($this->cmsVersion == CMS_JOOMLA15) {
         $this->data['sectionid_hidden'] = Sanitize::getInt($this->data['Listing'], 'sectionid_hidden');
         $this->data['Listing']['sectionid'] = Sanitize::getInt($this->data['Listing'], 'sectionid');
     } else {
         $this->data['Listing']['language'] = '*';
         $this->data['Listing']['access'] = 1;
     }
     $category_id = $this->data['Listing']['catid'] ? $this->data['Listing']['catid'] : $this->data['categoryid_hidden'];
     # Get criteria info
     $criteria = $this->Criteria->findRow(array('conditions' => array('Criteria.id = 
             (SELECT criteriaid FROM #__jreviews_categories WHERE id = ' . (int) $category_id . ' AND `option` = "com_content")
         ')));
     if (!$criteria) {
         $validation = __t("The category selected is invalid.", true, true);
         $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
         $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
         $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
         return $this->makeJS($response);
     }
     $this->data['Criteria']['id'] = $criteria['Criteria']['criteria_id'];
     # Override global configuration
     isset($criteria['ListingType']) and $this->Config->override($criteria['ListingType']['config']);
     # Perform access checks
     if ($isNew && !$this->Access->canAddListing()) {
         return $this->makeJS("{$parentFrame}.s2Alert('" . __t("You are not allowed to submit listings in this category.", true, true) . "')");
     } elseif (!$isNew) {
         $query = "SELECT created_by FROM #__content WHERE id = " . $listing_id;
         $this->_db->setQuery($query);
         $listing_owner = $this->_db->loadResult();
         if (!$this->Access->canEditListing($listing_owner)) {
             return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::accessDenied() . "')");
         }
     }
     # Load the notifications observer model component and initialize it.
     # Done here so it only loads on save and not for all controlller actions.
     $this->components = array('security', 'notifications');
     $this->__initComponents();
     if ($this->invalidToken == true) {
         return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::invalidToken() . "')");
     }
     # Override configuration
     $category = $this->Category->findRow(array('conditions' => array('Category.id = ' . $this->data['Listing']['catid'])));
     $this->Config->override($category['ListingType']['config']);
     if ($this->Access->loadWysiwygEditor()) {
         $this->data['Listing']['introtext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'introtext')));
         $this->data['Listing']['fulltext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'fulltext')));
         $this->data['Listing']['introtext'] = html_entity_decode($this->data['Listing']['introtext'], ENT_QUOTES, cmsFramework::getCharset());
         $this->data['Listing']['fulltext'] = html_entity_decode($this->data['Listing']['fulltext'], ENT_QUOTES, cmsFramework::getCharset());
     } else {
         $this->data['Listing']['introtext'] = Sanitize::stripAll($this->data['Listing'], 'introtext', '');
         if (isset($this->data['Listing']['fulltext'])) {
             $this->data['Listing']['fulltext'] = Sanitize::stripAll($this->data['Listing'], 'fulltext', '');
         } else {
             $this->data['Listing']['fulltext'] = '';
         }
     }
     $this->data['Listing']['introtext'] = str_replace('<br>', '<br />', $this->data['Listing']['introtext']);
     $this->data['Listing']['fulltext'] = str_replace('<br>', '<br />', $this->data['Listing']['fulltext']);
     if ($this->Access->canAddMeta()) {
         $this->data['Listing']['metadesc'] = Sanitize::getString($this->data['Listing'], 'metadesc');
         $this->data['Listing']['metakey'] = Sanitize::getString($this->data['Listing'], 'metakey');
     }
     // Title alias handling
     $slug = '';
     $alias = Sanitize::getString($this->data['Listing'], 'alias');
     if ($isNew && $alias == '') {
         $slug = S2Router::sefUrlEncode($this->data['Listing']['title']);
         if (trim(str_replace('-', '', $slug)) == '') {
             $slug = date("Y-m-d-H-i-s");
         }
     } elseif ($alias != '') {
         // Alias filled in so we convert it to a valid alias
         $slug = S2Router::sefUrlEncode($alias);
         if (trim(str_replace('-', '', $slug)) == '') {
             $slug = date("Y-m-d-H-i-s");
         }
     }
     $slug != '' and $this->data['Listing']['alias'] = $slug;
     # Check for duplicates
     switch ($this->Config->content_title_duplicates) {
         case 'category':
             // Checks for duplicates in the same category
             $query = "\r\n                        SELECT \r\n                            count(*) \r\n                        FROM \r\n                            #__content AS Listing WHERE Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n                            AND Listing.state >= 0 \r\n                            AND Listing.catid = " . $this->data['Listing']['catid'] . (!$isNew ? " AND Listing.id <> " . $listing_id : '');
             $this->_db->setQuery($query);
             $titleExists = $this->_db->loadResult();
             break;
         case 'no':
             // Checks for duplicates all over the place
             $query = "\r\n                        SELECT \r\n                            count(*) \r\n                        FROM \r\n                            #__content AS Listing\r\n                        WHERE \r\n                            Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n                           AND Listing.state >= 0\r\n                           " . (!$isNew ? " AND Listing.id <> " . $listing_id : '');
             $this->_db->setQuery($query);
             $titleExists = $this->_db->loadResult();
             break;
         case 'yes':
             // Duplicates are allowed, no checking necessary
             $titleExists = false;
             break;
     }
     if ($titleExists && $this->data['Listing']['title'] != '') {
         // if listing exists
         $validation = '<span>' . __t("A listing with that title already exists.", true, true) . "</span>";
         $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
         $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
         $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
         return $this->makeJS($response);
     }
     // Review form display check logic used several times below
     $revFormSetting = $this->Config->content_show_reviewform;
     if ($revFormSetting == 'noteditors' && !$this->Config->author_review) {
         $revFormSetting = 'all';
     }
     $revFormEnabled = !isset($this->data['review_optional']) && $this->Access->canAddReview() && $isNew && ($revFormSetting == 'all' && ($this->Config->author_review || $this->Config->user_reviews) || $revFormSetting == 'authors' && $this->Access->isJreviewsEditor($this->_user->id) || $revFormSetting == 'noteditors' && !$this->Access->isJreviewsEditor($this->_user->id));
     // Validation of content default input fields
     if ($this->cmsVersion == CMS_JOOMLA15) {
         if (!$this->data['Listing']['catid'] || !$this->data['Listing']['sectionid']) {
             $this->Listing->validateSetError("sec_cat", __t("You need to select both a section and a category.", true));
         }
     } else {
         !$this->data['Listing']['catid'] and $this->Listing->validateSetError("sec_cat", __t("You need to select a category.", true));
     }
     // Validate only if it's a new listing
     if ($isNew) {
         if (!$this->_user->id) {
             $this->Listing->validateInput($this->data['name'], "name", "text", __t("You must fill in your name.", true), $this->Config->content_name == "required" ? 1 : 0);
             $this->Listing->validateInput($this->data['email'], "email", "email", __t("You must fill in a valid email address.", true), $this->Config->content_email == "required" ? 1 : 0);
             $this->data['name'] = Sanitize::getString($this->data, 'name', '');
             $this->data['email'] = Sanitize::getString($this->data, 'email', '');
         } else {
             $this->data['name'] = $this->_user->name;
             $this->data['email'] = $this->_user->email;
         }
     }
     $this->Listing->validateInput($this->data['Listing']['title'], "title", "text", __t("You must fill in a title for the new listing.", true, true), 1);
     # Validate listing custom fields
     $listing_valid_fields =& $this->Field->validate($this->data, 'listing', $this->Access);
     $this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors);
     $this->Listing->validateInput($this->data['Listing']['introtext'], "introtext", "text", __t("You must fill in a summary for the new listing.", true, true), $this->Config->content_summary == "required" ? 1 : 0);
     $this->Listing->validateInput($this->data['Listing']['fulltext'], "fulltext", "text", __t("You must fill in a description for the new listing.", true, true), $this->Config->content_description == "required" ? 1 : 0);
     # Validate review custom fields
     if ($revFormEnabled && $criteria['Criteria']['state']) {
         // Review inputs
         $this->data['Review']['userid'] = $this->_user->id;
         $this->data['Review']['email'] = $this->data['email'];
         $this->data['Review']['name'] = $this->data['name'];
         $this->data['Review']['username'] = Sanitize::getString($this->data, 'name', '');
         $this->data['Review']['title'] = Sanitize::getString($this->data['Review'], 'title');
         $this->data['Review']['location'] = Sanitize::getString($this->data['Review'], 'location');
         // deprecated
         $this->data['Review']['comments'] = Sanitize::getString($this->data['Review'], 'comments');
         // Review standard fields
         $this->Listing->validateInput($this->data['Review']['title'], "rev_title", "text", __t("You must fill in a title for the review.", true, true), $this->Config->reviewform_title == 'required' ? true : false);
         if ($criteria['Criteria']['state'] == 1) {
             $criteria_qty = $criteria['Criteria']['quantity'];
             $ratingErr = 0;
             if (!isset($this->data['Rating'])) {
                 $ratingErr = $criteria_qty;
             } else {
                 for ($i = 0; $i < $criteria_qty; $i++) {
                     if (!isset($this->data['Rating']['ratings'][$i]) || (empty($this->data['Rating']['ratings'][$i]) || $this->data['Rating']['ratings'][$i] == 'undefined' || (double) $this->data['Rating']['ratings'][$i] > $this->Config->rating_scale)) {
                         $ratingErr++;
                     }
                 }
             }
             $this->Listing->validateInput('', "rating", "text", sprintf(__t("You are missing a rating in %s criteria.", true, true), $ratingErr), $ratingErr);
         }
         // Review custom fields
         $this->Field->validateErrors = array();
         // Clear any previous validation errors
         $review_valid_fields = $this->Field->validate($this->data, 'review', $this->Access);
         $this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors);
         $this->Listing->validateInput($this->data['Review']['comments'], "comments", "text", __t("You must fill in your comment.", true, true), $this->Config->reviewform_comment == 'required' ? true : false);
     }
     // if ($revFormEnabled && $criteria['Criteria']['state'])
     # Validate image fields
     $this->Uploads->validateImages();
     # Validate Captcha security code
     if ($isNew && $this->Access->showCaptcha()) {
         if (!isset($this->data['Captcha']['code'])) {
             $this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true));
         } elseif ($this->data['Captcha']['code'] == '') {
             $this->Listing->validateInput($this->data['Captcha']['code'], "code", "text", __t("You must fill in the security code.", true), 1);
         } else {
             if (!$this->Captcha->checkCode($this->data['Captcha']['code'], $this->ipaddress)) {
                 $this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true));
             }
         }
     }
     # Get all validation messages
     $validation = $this->Listing->validateGetError() . $this->Uploads->getMsg();
     # Validation failed
     if ($validation != '') {
         $response[] = "var parentForm = {$parentFrame}.jQuery('#jr_listingForm');";
         $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
         $response[] = "parentForm.find('.button').removeAttr('disabled');";
         // Transform textareas into wysiwyg editors
         if ($this->Access->loadWysiwygEditor()) {
             App::import('Helper', 'Editor', 'jreviews');
             $Editor = new EditorHelper();
             $response[] = $parentFrame . '.' . $Editor->transform(true);
         }
         // Replace captcha with new instance
         if ($this->Access->in_groups($this->Config->security_image)) {
             $captcha = $this->Captcha->displayCode();
             $response[] = "{$parentFrame}.jQuery('#captcha').attr('src','{$captcha['src']}');";
             $response[] = "{$parentFrame}.jQuery('#jr_captchaCode').val('');";
         }
         $response[] = "parentForm.find('.jr_loadingSmall').hide();";
         return $this->makeJS($response);
         // Can't use ajaxResponse b/c we are in an iframe
     }
     # Validation passed, continue...
     if ($isNew) {
         $this->data['Listing']['created'] = _CURRENT_SERVER_TIME;
         //gmdate('Y-m-d H:i:s');
         $this->data['Listing']['publish_up'] = _CURRENT_SERVER_TIME;
         //gmdate('Y-m-d H:i:s');
         $this->data['Listing']['created_by'] = $this->_user->id;
         $this->data['Listing']['publish_down'] = NULL_DATE;
         $this->data['Field']['Listing']['email'] = $this->data['email'];
         // If visitor, assign name field to content Alias
         if (!$this->_user->id) {
             $this->data['Listing']['created_by_alias'] = $this->data['name'];
         }
         // Check moderation settings
         $this->data['Listing']['state'] = (int) (!$this->Access->moderateListing());
         // If listing moderation is enabled, then the review is also moderated
         if (!$this->data['Listing']['state']) {
             $this->Config->moderation_reviews = $this->Config->moderation_editor_reviews = $this->Config->moderation_item;
         }
     } else {
         if ($this->Config->moderation_item_edit) {
             $this->data['Listing']['state'] = (int) (!$this->Access->moderateListing());
         }
         $this->data['Listing']['modified'] = _CURRENT_SERVER_TIME;
         //gmdate('Y-m-d H:i:s');
         $this->data['Listing']['modified_by'] = $this->_user->id;
         $query = 'SELECT images FROM #__content WHERE id = ' . $this->data['Listing']['id'];
         $this->_db->setQuery($query);
         $this->data['Listing']['images'] = $this->_db->loadResult();
         // Check total number of images
         if (!$this->Uploads->checkImageCount($this->data['Listing']['images'])) {
             $validation .= '<span>' . sprintf(__t("The total number of images is limited to %s", true, true), $this->Config->content_images) . '</span><br />';
             $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
             $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
             $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
             return $this->makeJS($response);
         }
     }
     // Process images and update data array
     if ($this->Uploads->success) {
         $imageUploadPath = PATH_ROOT . _JR_PATH_IMAGES . 'jreviews' . DS;
         $this->Uploads->uploadImages($this->data['Listing']['id'], $imageUploadPath);
         if ($isNew) {
             // New item
             $currImages = $this->Uploads->images;
         } elseif ($this->data['Listing']['images'] != '') {
             // Editing and there are existing images
             $currImages = array_merge(explode("\n", $this->data['Listing']['images']), $this->Uploads->images);
         } else {
             // Editing and there are no existing images
             $currImages = $this->Uploads->images;
         }
         $this->data['Listing']['images'] = implode("\n", $currImages);
     }
     # Save listing
     $savedListing = $this->Listing->store($this->data);
     $listing_id = $this->data['Listing']['id'];
     if (!$savedListing) {
         $validation .= __t("The was a problem saving the listing", true, true);
     }
     // Error on listing save
     if ($validation != '') {
         $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
         $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
         $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
         return $this->makeJS($response);
     }
     # Save listing custom fields
     $this->data['Field']['Listing']['contentid'] = $this->data['Listing']['id'];
     $this->Field->save($this->data, 'listing', $isNew, $listing_valid_fields);
     # Begin insert review in table
     if ($revFormEnabled && $criteria['Criteria']['state']) {
         // Get reviewer type, for now editor reviews don't work in Everywhere components
         $this->data['Review']['author'] = (int) $this->Access->isJreviewsEditor($this->_user->id);
         $this->data['Review']['mode'] = 'com_content';
         $this->data['Review']['pid'] = (int) $this->data['Listing']['id'];
         // Force plugin loading on Review model
         $this->_initPlugins('Review');
         $this->Review->isNew = true;
         $savedReview = $this->Review->save($this->data, $this->Access, $review_valid_fields);
     }
     # Before render callback
     if ($isNew && isset($this->Listing->plgBeforeRenderListingSaveTrigger)) {
         $plgBeforeRenderListingSave = $this->Listing->plgBeforeRenderListingSave();
         switch ($plgBeforeRenderListingSave) {
             case '0':
                 $this->data['Listing']['state'] = 1;
                 break;
             case '1':
                 $this->data['Listing']['state'] = 0;
                 break;
             case '':
                 break;
             default:
                 return $plgBeforeRenderListingSave;
                 break;
         }
     }
     # Moderation disabled
     if (!isset($this->data['Listing']['state']) || $this->data['Listing']['state']) {
         $fields = array('Criteria.criteria AS `Criteria.criteria`', 'Criteria.tooltips AS `Criteria.tooltips`');
         $listing = $this->Listing->findRow(array('fields' => $fields, 'conditions' => array('Listing.id = ' . $listing_id)), array('afterFind'));
         # Facebook wall integration
         $fb_checkbox = Sanitize::getBool($this->data, 'fb_publish');
         $facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_listings') && $fb_checkbox;
         $token = cmsFramework::getCustomToken($listing_id);
         $facebook_integration and $response[] = $parentFrame . '.jQuery.get(' . $parentFrame . '.s2AjaxUri+' . $parentFrame . '.jreviews.ajax_params()+\'&url=facebook/_postListing/id:' . $listing_id . '&' . $token . '=1\');
             ';
         $url = cmsFramework::route($listing['Listing']['url']);
         $update_text = $isNew ? __t("Thank you for your submission.", true, true) : __t("The listing was successfully saved.", true, true);
         //JOEYG CODE
         //THE FOLLOWING GETS THE LISTING TYPE FROM THE DB FOR THE NEWLY SAVED LISTING
         //IF THE TYPE IS BUSINESS PROFILE OR PROJECT LISTING THEN DISPLAY THE after_submit.thtml file
         //ELSE DISPLAY NORMAL MESSAGE
         //IF WE ONLY WANT TO ADD THE after_submit.thtml if the listing is new then add
         if ($isNew) {
             $query = "SELECT `listing_type` FROM `jos_vpbd_content_criteria` WHERE `jos_vpbd_content_criteria`.`listing_id` = " . $this->data['Listing']['id'];
             $this->_db->setQuery($query);
             $jg_listing_type = $this->_db->loadResult();
             if ($jg_listing_type == 2 || $jg_listing_type == 7) {
                 $update_html = $this->render('listings', 'after_submit');
             } else {
                 $update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>";
             }
             //ends if/else
         } else {
             //not new
             $update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>";
         }
         //ends if($isNew)
         //ENDS JOEYG ALTER CODE
         $jsonObject = json_encode(compact('target_id', 'update_text', 'update_html'));
         $response[] = '
                 var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\');
                 $parentForm.scrollTo({duration:400,offset:-100});
                 $parentForm.s2ShowUpdate(' . $jsonObject . ');                                                       
             ';
         return $this->makeJS($response);
     }
     # Moderation enabled
     $update_text = __t("Thank you for your submission. It will be published once it is verified.", true);
     $update_html = '<div id=\\"s2Msgjr_listingForm\\" class=\\"jr_postUpdate\\">' . $update_text . '</div>';
     $response[] = '
         var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\');
         $parentForm.scrollTo({duration:400,offset:-100},function(){
             $parentForm.fadeOut(250,function(){$parentForm.html("' . $update_html . '").show();});
         });
     ';
     return $this->makeJS($response);
 }
Ejemplo n.º 11
0
 /**
  * Facebook Open Graph implementation
  * 
  * @param mixed $listing
  * @param mixed $meta
  */
 function facebookOpenGraph(&$listing, $meta)
 {
     // http://developers.facebook.com/docs/opengraph/
     $option = Sanitize::getString($_REQUEST, 'option', '');
     $view = Sanitize::getString($_REQUEST, 'view', '');
     $id = Sanitize::getInt($_REQUEST, 'id');
     // Make sure this is a Joomla article page
     if (!($option == 'com_content' && $view == 'article' && $id)) {
         return;
     }
     $Config = Configure::read('JreviewsSystem.Config');
     if (empty($Config)) {
         $cache_file = 'jreviews_config_' . md5(cmsFramework::getConfig('secret'));
         $Config = S2Cache::read($cache_file);
     }
     $facebook_xfbml = Sanitize::getBool($Config, 'facebook_opengraph') && Sanitize::getBool($Config, 'facebook_appid');
     // Make sure FB is enabled and we have an FB App Id
     if (!$facebook_xfbml) {
         return;
     }
     extract($meta);
     $title == '' and $title = $listing['Listing']['title'];
     $description == '' and $description = Sanitize::htmlClean(Sanitize::stripAll($listing['Listing'], 'summary'));
     $image = isset($listing['Listing']['images'][0]) ? cmsFramework::makeAbsUrl(_DS . _JR_WWW_IMAGES . $listing['Listing']['images'][0]['path']) : null;
     if (!$image) {
         $img_src = '/<img[^>]+src[\\s=\'"]+([^"\'>\\s]+(jpg)+)/is';
         preg_match($img_src, $listing['Listing']['summary'], $matches);
         if (isset($matches[1])) {
             $image = $matches[1];
         }
     }
     $url = cmsFramework::makeAbsUrl($listing['Listing']['url'], array('sef' => true, 'ampreplace' => true));
     $fields = $listing['Field']['pairs'];
     // You can add other Open Graph meta tags by adding the attribute, custom field pair to the array below
     $tags = array('title' => $title, 'url' => $url, 'image' => $image, 'site_name' => cmsFramework::getConfig('sitename'), 'description' => $description, 'type' => Sanitize::getString($listing['ListingType']['config'], 'facebook_opengraph_type'), 'latitude' => Sanitize::getString($Config, 'geomaps.latitude'), 'longitude' => Sanitize::getString($Config, 'geomaps.longitude'), 'street-address' => Sanitize::getString($Config, 'geomaps.address1'), 'locality' => Sanitize::getString($Config, 'geomaps.city'), 'region' => Sanitize::getString($Config, 'geomaps.state'), 'postal-code' => Sanitize::getString($Config, 'geomaps.postal_code'), 'country-name' => Sanitize::getString($Config, 'geomaps.country', Sanitize::getString($Config, 'geomaps.default_country')));
     cmsFramework::addScript('<meta property="fb:app_id" content="' . Sanitize::getString($Config, 'facebook_appid') . '"/>');
     Sanitize::getString($Config, 'facebook_admins') != '' and cmsFramework::addScript('<meta property="fb:admins" content="' . str_replace(' ', '', $Config->facebook_admins) . '"/>');
     //        cmsFramework::addScript('<meta property="fb:admins" content="YOUR-ADMIN-ID"/>'); // It's app_id or this, not both
     # Loop through the tags array to add the additional FB meta tags
     foreach ($tags as $attr => $fname) {
         $content = '';
         if (substr($fname, 0, 3) == 'jr_') {
             // It's a custom field
             $content = isset($fields[$fname]) ? htmlspecialchars($fields[$fname]['text'][0], ENT_QUOTES, 'utf-8') : '';
         } elseif ($fname != '') {
             // It's a static text, not a custom field
             $content = htmlspecialchars($fname);
         }
         $content != '' and cmsFramework::addScript('<meta property="og:' . $attr . '" content="' . $content . '"/>');
     }
 }
Ejemplo n.º 12
0
 function processNewFieldOptions($options, $field)
 {
     $processedOptions = array();
     // Process new field options and modify the $data array
     $FieldOption = ClassRegistry::getClass('FieldOptionModel');
     $click2add = Sanitize::getBool($field['_params'], 'click2add');
     !is_array($options) and $options = array($options);
     foreach ($options as $option) {
         if ($click2add && strstr($option, '|click2add')) {
             $data = array();
             $option_parts = explode('|', $option);
             // Build array to pass to the FieldOptions model
             $data['FieldOption']['fieldid'] = Sanitize::getInt($field, 'fieldid');
             $data['FieldOption']['value'] = Sanitize::stripAll($option_parts, 0);
             $data['FieldOption']['text'] = trim(Sanitize::getString($option_parts, 0));
             // If it's a dependent field add the relevant control field data
             if (count($option_parts) == 4) {
                 $option_parts[3] == 'null' and $option_parts[3] = '';
                 $controlledBy = $data['FieldOption']['controlledBy'] = array($option_parts[2] => $option_parts[3]);
                 $control_field = key($controlledBy);
                 $control_value = is_array(current($controlledBy)) ? array_values(current($controlledBy)) : array(current($controlledBy));
                 if ($control_field != '' && $control_value != '**') {
                     $data['FieldOption']['control_field'] = $control_field;
                     $data['FieldOption']['control_value'] = $control_value;
                 }
             }
             if (in_array($FieldOption->save($data), array('success', 'duplicate'))) {
                 $processedOptions[] = $data['FieldOption']['value'];
             }
         } else {
             $processedOptions[] = $option;
         }
     }
     return $processedOptions;
 }