public function eventPreSaveFilter(array $context) { if (!in_array('xss-fail', $context['event']->eParamFILTERS) && !in_array('validate-xsrf', $context['event']->eParamFILTERS)) { return; } $contains_xss = FALSE; // Loop over the fields to check for XSS, this loop will // break as soon as XSS is detected foreach ($context['fields'] as $field => $value) { if (is_array($value)) { if (self::detectXSSInArray($value) === FALSE) { continue; } $contains_xss = TRUE; break; } else { if (self::detectXSS($value) === FALSE) { continue; } $contains_xss = TRUE; break; } } // Detect XSS filter if (in_array('xss-fail', $context['event']->eParamFILTERS) && $contains_xss === TRUE) { $context['messages'][] = array('xss', FALSE, __("Possible XSS attack detected in submitted data")); } // Validate XSRF token filter if (in_array('validate-xsrf', $context['event']->eParamFILTERS)) { if (Symphony::Engine()->isXSRFEnabled() && is_session_empty() === false && XSRF::validateRequest(true) === false) { $context['messages'][] = array('xsrf', FALSE, __("Request was rejected for having an invalid cross-site request forgery token.")); } } }
public function __viewEdit($new = false) { $this->setPageType('form'); $this->setTitle(sprintf(__("Symphony - Newsletter Recipient Groups - %s", array(), false), ucfirst($this->_context[1]))); $errors = new XMLElement('errors'); $context = new XMLElement('context'); General::array_to_xml($context, $this->_context); $this->_XML->appendChild($context); // Fix for 2.4 and XSRF if (Symphony::Configuration()->get("enable_xsrf", "symphony") == "yes" && class_exists('XSRF')) { $xsrf_input = new XMLElement('xsrf_input'); $xsrf_input->appendChild(XSRF::formToken()); $this->_XML->appendChild($xsrf_input); } $section_xml = new XMLElement('sections'); $sectionManager = new SectionManager($this); $sections = $sectionManager->fetch(); foreach ($sections as $section) { $entry = new XMLElement('entry'); General::array_to_xml($entry, $section->get()); foreach ($section->fetchFields() as $field) { $field_xml = new XMLElement('field'); General::array_to_xml($field_xml, $field->get()); $filter_html = new XMLElement('filter_html'); $field->displayDatasourceFilterPanel($filter_html, NULL, $errors, $section->get('id')); $field_xml->appendChild($filter_html); $field_elements = new XMLElement('elements'); General::array_to_xml($field_elements, $field->fetchIncludableElements()); $field_xml->appendChild($field_elements); $entry->appendChild($field_xml); } $section_xml->appendChild($entry); } $this->_XML->appendChild($section_xml); $title = __('New Group'); $breadcrumbs = array(Widget::Anchor(__('Email Newsletter Recipients'), SYMPHONY_URL . '/extension/email_newsletter_manager/recipientgroups/')); $recipientgroups = new XMLElement('recipientgroups'); if ($this->_context[2] == 'saved' || $this->_context[3] == 'saved') { $this->pageAlert(__(__('Email Recipient updated at %1$s. <a href="%2$s" accesskey="c">Create another?</a> <a href="%3$s" accesskey="a">View all Recipient Groups</a>'), array(Widget::Time()->generate(), SYMPHONY_URL . '/extension/email_newsletter_manager/recipientgroups/new/', SYMPHONY_URL . '/extension/email_newsletter_manager/recipientgroups/')), Alert::SUCCESS); } if ($new == false) { /* TODO add POST values to XML */ $group = RecipientgroupManager::create($this->_context[1]); if (is_object($group)) { $entry = new XMLElement('entry'); $properties = $group->getProperties(); $about = $group->about(); $title = $about['name']; General::array_to_xml($entry, $about); $source = new XMLElement('source', $properties['source']); $entry->appendChild($source); // Section Only if (is_numeric($properties['source'])) { $fields = new XMLElement('fields'); $email = new XMLElement('email', $properties['email']); $fields->appendChild($email); $name = new XMLElement('name'); General::array_to_xml($name, $properties['name']); $fields->appendChild($name); $entry->appendChild($fields); } // Hack to make sure filter data is preserved in the UI when there is an error in the form. // For next versions: always do the local/user differentiation in php, rather than xslt. // This will make the xslt cleaner and easier to understand and debug. if (!empty($_POST['fields'])) { $properties['filters'] = $_POST['fields']['filter'][0]; } if (!empty($properties['filters'])) { $filters = new XMLElement('filters'); foreach ($properties['filters'] as $filter => $val) { // Section and Author if ($filter == 'id') { $title = new XMLElement('h4', 'System ID'); $label = Widget::Label(__('Value')); $label->appendChild(Widget::Input('fields[filter][' . $properties['source'] . '][id]', General::sanitize($val))); $filter_entry = new XMLElement('entry', NULL, array('id' => 'id', 'data-type' => 'id')); $filter_entry->appendChild($title); $filter_entry->appendChild($label); $filters->appendChild($filter_entry); } if ($filter == 'system:date') { $title = new XMLElement('h4', 'System Date'); $label = Widget::Label(__('Value')); $label->appendChild(Widget::Input('fields[filter][' . $properties['source'] . '][system:date]', General::sanitize($val))); $filter_entry = new XMLElement('entry', NULL, array('id' => 'id', 'data-type' => 'system:date')); $filter_entry->appendChild($title); $filter_entry->appendChild($label); $filters->appendChild($filter_entry); } // Section Only if (is_numeric($properties['source'])) { $section = SectionManager::fetch($properties['source']); if (is_object($section)) { $section_fields = $section->fetchFields(); foreach ($section_fields as $field) { $field_ids[] = $field->get('id'); } // only add filters to the duplicator if the field id // belongs to the current section if (is_numeric($filter) && in_array($filter, $field_ids)) { $filter_obj = FieldManager::fetch($filter); if (is_object($filter_obj)) { $filter_entry = new XMLElement('entry', NULL, array('id' => $filter, 'data-type' => FieldManager::fetchHandleFromID($filter))); $filter_obj->displayDatasourceFilterPanel($filter_entry, $val, $errors, is_numeric($properties['source']) ? $properties['source'] : 1); $filters->appendChild($filter_entry); } } } } // Author only if ($properties['source'] == 'authors') { $filter_names = array('username' => 'Username', 'first_name' => 'First Name', 'last_name' => 'Last Name', 'email' => 'Email Address', 'user_type' => 'User Type'); if (in_array($filter, array_keys($filter_names))) { $title = new XMLElement('h4', $filter_names[$filter]); $label = Widget::Label(__('Value')); $label->appendChild(Widget::Input('fields[filter][' . $properties['source'] . '][username]', General::sanitize($val))); $filter_entry = new XMLElement('entry', NULL, array('id' => 'id', 'data-type' => 'username')); $filter_entry->appendChild($title); $filter_entry->appendChild($label); $filters->appendChild($filter_entry); } } } $entry->appendChild($filters); $title = $about['name']; } if ($properties['source'] == 'static_recipients') { $entry->appendChild(new XMLElement('static_recipients', '<![CDATA[' . $group->recipients . ']]>')); } $recipientgroups->appendChild($entry); $this->_XML->appendChild($recipientgroups); } else { Administration::instance()->errorPageNotFound(); } } $this->insertBreadcrumbs($breadcrumbs); $this->appendSubheading($title); }
public function appendTokensToForms($context) { if (isset($context["oPage"])) { $context["oPage"]->Form->prependChild(XSRF::formToken()); } }
/** * Called by index.php, this function is responsible for rendering the current * page on the Frontend. Two delegates are fired, AdminPagePreGenerate and * AdminPagePostGenerate. This function runs the Profiler for the page build * process. * * @uses AdminPagePreGenerate * @uses AdminPagePostGenerate * @see core.Symphony#__buildPage() * @see boot.getCurrentPage() * @param string $page * The result of getCurrentPage, which returns the $_GET['symphony-page'] * variable. * @throws Exception * @throws SymphonyErrorPage * @return string * The HTML of the page to return */ public function display($page) { Symphony::Profiler()->sample('Page build process started'); $this->__buildPage($page); // Add XSRF token to form's in the backend if (self::isXSRFEnabled() && isset($this->Page->Form)) { $this->Page->Form->prependChild(XSRF::formToken()); } /** * Immediately before generating the admin page. Provided with the page object * @delegate AdminPagePreGenerate * @param string $context * '/backend/' * @param HTMLPage $oPage * An instance of the current page to be rendered, this will usually be a class that * extends HTMLPage. The Symphony backend uses a convention of contentPageName * as the class that extends the HTMLPage */ Symphony::ExtensionManager()->notifyMembers('AdminPagePreGenerate', '/backend/', array('oPage' => &$this->Page)); $output = $this->Page->generate(); /** * Immediately after generating the admin page. Provided with string containing page source * @delegate AdminPagePostGenerate * @param string $context * '/backend/' * @param string $output * The resulting backend page HTML as a string, passed by reference */ Symphony::ExtensionManager()->notifyMembers('AdminPagePostGenerate', '/backend/', array('output' => &$output)); Symphony::Profiler()->sample('Page built'); return $output; }
$xsl = @new SimpleXMLElement($xsl); $xsl->registerXPathNamespace("ext", "http://getsymphony.com/schemas/extension/1.0"); $result = $xsl->xpath("//ext:extension[@id = '" . $e->getAdditional()->name . "']"); if (!empty($result)) { $match = $extension->getFilename(); break; } } } // If we've found a similar folder if ($match != "" && $e->getAdditional()->rename_failed !== true) { $div->appendChild(new XMLElement('p', __('Often the cause of this error is a misnamed extension folder. You can try renaming %s to %s, or you can uninstall the extension to continue.', array('<code>extensions/' . $match . '</code>', '<code>extensions/' . $e->getAdditional()->name . '</code>')))); $form->appendChild(Widget::Input('existing-folder', $match, 'hidden')); $form->appendChild(Widget::Input('new-folder', $e->getAdditional()->name, 'hidden')); $button = new XMLElement('button', __('Rename folder')); $button->setAttributeArray(array('name' => 'action[rename]', 'class' => 'button', 'type' => 'submit', 'accesskey' => 's')); $actions->appendChild($button); } elseif ($e->getAdditional()->rename_failed) { $div->appendChild(new XMLElement('p', __('Sorry, but Symphony was unable to rename the folder. You can try renaming %s to %s yourself, or you can uninstall the extension to continue.', array('<code>extensions/' . $match . '</code>', '<code>extensions/' . $e->getAdditional()->name . '</code>')))); } else { $div->appendChild(new XMLElement('p', __('You can try uninstalling the extension to continue, or you might want to ask on the forums'))); } // Add XSRF token to form's in the backend if (Symphony::Engine()->isXSRFEnabled()) { $form->prependChild(XSRF::formToken()); } $div->appendChild($form); $Page->Body->appendChild($div); $output = $Page->generate(); echo $output; exit;
function __viewEdit($new = false) { $this->setPageType('form'); if ($this->_context[2] == 'saved' || $this->_context[3] == 'saved') { $this->pageAlert(__(__('Email Sender updated at %1$s. <a href="%2$s" accesskey="c">Create another?</a> <a href="%3$s" accesskey="a">View all Senders</a>'), array(Widget::Time()->generate(), SYMPHONY_URL . '/extension/email_newsletter_manager/senders/new/', SYMPHONY_URL . '/extension/email_newsletter_manager/senders/')), Alert::SUCCESS); } $senders = new XMLElement('senders'); $title = __('New Sender'); $breadcrumbs = array(Widget::Anchor(__('Email Newsletter Senders'), SYMPHONY_URL . '/extension/email_newsletter_manager/senders/')); // Fix for 2.4 and XSRF if (Symphony::Configuration()->get("enable_xsrf", "symphony") == "yes" && class_exists('XSRF')) { $xsrf_input = new XMLElement('xsrf_input'); $xsrf_input->appendChild(XSRF::formToken()); $this->_XML->appendChild($xsrf_input); } if (!$new) { $sender = SenderManager::create($this->_context[1]); // Make sure the POSTED values are always shown when present. // This will make sure the form is always up-to-date, even where there are errors. if (!empty($_POST['fields']) && !empty($_POST['settings'])) { $posted_array = $_POST['fields']; $posted_array[$_POST['settings']['gateway']] = $_POST['settings']['email_' . $_POST['settings']['gateway']]; } $about = empty($_POST['fields']) && empty($_POST['settings']) ? (array) $sender->about() : $posted_array; $about['handle'] = Lang::createHandle($about['name'], 225, '-'); $entry = new XMLElement('entry'); General::array_to_xml($entry, $about); $senders->appendChild($entry); $title = $about['name']; //$breadcrumbs[] = Widget::Anchor('hi', SYMPHONY_URL . '/extension/email_newsletter_manager/senders/edit/' . $sender->getHandle()); } $el_gateways = new XMLElement('gateways'); $gateways = EmailGatewayManager::listAll(); foreach ($gateways as $gateway) { // to be removed in later versions. Right now only smtp and sendmail are supported. if (in_array($gateway['handle'], array('smtp', 'sendmail', 'amazon_ses'))) { $gw = EmailGatewayManager::create($gateway['handle']); if (!empty($about[$gateway['handle']])) { $config = $about[$gateway['handle']]; if ($gateway['handle'] == 'smtp') { $gw->setFrom($config['from_address'], $config['from_name']); $gw->setHost($config['host']); $gw->setSecure($config['secure']); $gw->setPort($config['port']); $gw->setAuth($config['auth']); $gw->setUser($config['username']); $gw->setPass($config['password']); } if ($gateway['handle'] == 'amazon_ses') { $gw->setFrom($config['from_address'], $config['from_name']); $gw->setAwsKey($config['aws_key']); $gw->setAwsSecretKey($config['aws_secret_key']); $gw->setFallback($config['fallback']); $gw->setReturnPath($config['return_path']); } if ($gateway['handle'] == 'sendmail') { $gw->setFrom($config['from_address'], $config['from_name']); } } $entry = new XMLElement('entry'); General::array_to_xml($entry, $gateway); $config_panel = new XMLElement('config_panel'); $config_panel->appendChild($gw->getPreferencesPane()); $entry->appendChild($config_panel); $el_gateways->appendChild($entry); } } $senders->appendChild($el_gateways); $this->insertBreadcrumbs($breadcrumbs); $this->appendSubheading($title); $this->_XML->appendChild($senders); }
public function view() { if (isset($_POST['action']['submit'])) { $this->panelErrors = Extension_Dashboard::validatePanelOptions($this->panelType, $this->panelId); if (empty($this->panelErrors)) { $this->panelId = Extension_Dashboard::savePanel(array('id' => $this->panelId, 'label' => $this->panelLabel, 'placement' => $this->panelPlacement, 'type' => $this->panelType), $this->panelConfig); } } else { if (isset($_POST['action']['delete'])) { Extension_Dashboard::deletePanel($this->panelId); $this->_Result->setAttribute('id', $this->panelId); $this->_Result->setAttribute('placement', $this->panelPlacement); return; } } if (isset($this->panelId) && !empty($this->panelId)) { $this->panelConfig = Extension_Dashboard::getPanel($this->panelId); $this->panelLabel = $this->panelConfig['label']; $this->panelPlacement = $this->panelConfig['placement']; } if (isset($_POST['action']['submit']) && empty($this->panelErrors)) { $html = Extension_Dashboard::buildPanelHTML($this->panelConfig); $class = $html->getAttribute('class'); $html->setAttribute('class', $class . ' new-panel'); $this->_Result->setAttribute('id', $this->panelId); $this->_Result->setAttribute('placement', $this->panelPlacement); $this->_Result->setValue(sprintf('<![CDATA[%s]]>', $html->generate())); } else { $this->addHeaderToPage('Content-Type', 'text/html'); $container = new XMLElement('form'); $container->setAttribute('id', 'save-panel'); $container->appendChild(new XMLElement('div', NULL, array('class' => 'top'))); $heading = new XMLElement('h3', __('Configuration') . ' <span>' . (isset($this->panelLabel) ? $this->panelLabel : __('Untitled Panel')) . '<span>'); $container->appendChild($heading); $config_options = Extension_Dashboard::buildPanelOptions($this->panelType, $this->panelId, $this->panelErrors); $primary = new XMLElement('div', NULL, array('class' => 'panel-config')); $fieldset = new XMLElement('fieldset', NULL, array('class' => 'settings')); $legend = new XMLElement('legend', __('General')); $fieldset->appendChild($legend); $group = new XMLElement('div', NULL, array('class' => 'group')); $group->appendChild(Widget::Label(__('Name'), Widget::Input('label', $this->panelLabel))); $group->appendChild(Widget::Label(__('Placement'), Widget::Select('placement', array(array('primary', $this->panelPlacement == 'primary', __('Main content')), array('secondary', $this->panelPlacement == 'secondary', __('Sidebar')))))); $fieldset->appendChild($group); $primary->appendChild($fieldset); if ($config_options) { $primary->appendChild($config_options); } $actions = new XMLElement('div', NULL, array('class' => 'actions')); $actions->appendChild(Widget::Input('action[submit]', __('Save Panel'), 'submit', array('class' => 'button create'))); $actions->appendChild(Widget::Input('action[cancel]', __('Cancel'), 'submit')); if ($this->panelId) { $actions->appendChild(new XMLElement('button', __('Delete Panel'), array('class' => 'delete', 'name' => 'action[delete]'))); } $primary->appendChild($actions); $primary->appendChild(Widget::Input('id', $this->panelId, 'hidden')); $primary->appendChild(Widget::Input('type', $this->panelType, 'hidden')); $container->appendChild($primary); if (Symphony::isXSRFEnabled()) { $container->prependChild(XSRF::formToken()); } $this->_Result = $container; } }
public function view() { // Start building the page $this->setPageType('index'); $this->setTitle(__('%1$s – %2$s', array(__('Symphony'), __('Tracker Activity')))); // Add a button to clear all activity $clearform = Widget::Form(Symphony::Engine()->getCurrentPageURL(), 'post'); $button = new XMLElement('button', __('Clear All')); $button->setAttributeArray(array('name' => 'action[clear-all]', 'class' => 'button confirm delete', 'title' => __('Clear all activity'), 'accesskey' => 'd', 'data-message' => __('Are you sure you want to clear all activity?'))); $clearform->appendChild($button); if (Symphony::Engine()->isXSRFEnabled()) { $clearform->prependChild(XSRF::formToken()); } $this->appendSubheading(__('Tracker Activity'), $clearform); // Build pagination, sorting, and limiting info $current_page = isset($_REQUEST['pg']) && is_numeric($_REQUEST['pg']) ? max(1, intval($_REQUEST['pg'])) : 1; $start = (max(1, $current_page) - 1) * Symphony::Configuration()->get('pagination_maximum_rows', 'symphony'); $limit = Symphony::Configuration()->get('pagination_maximum_rows', 'symphony'); // Build filter info $filters = array(); if (isset($_REQUEST['filter'])) { list($column, $value) = explode(':', $_REQUEST['filter'], 2); $values = explode(',', $value); $filters[$column] = array(); foreach ($values as $value) { $filters[$column][] = rawurldecode($value); } } // Fetch activity logs $logs = Tracker::fetchActivities($filters, $limit, $start); // Build the table $thead = array(array(__('Activity'), 'col'), array(__('Date'), 'col'), array(__('Time'), 'col')); $tbody = array(); // If there are no logs, display default message if (!is_array($logs) or empty($logs)) { $tbody = array(Widget::TableRow(array(Widget::TableData(__('No data available.'), 'inactive', null, count($thead))))); } else { foreach ($logs as $activity) { // Format the date and time $date = DateTimeObj::get(__SYM_DATE_FORMAT__, strtotime($activity['timestamp'] . ' GMT')); $time = DateTimeObj::get(__SYM_TIME_FORMAT__, strtotime($activity['timestamp'] . ' GMT')); $description = Tracker::getDescription($activity); $description_class = ''; // Row class $row_class = null; if ($activity['action_type'] === 'created') { $row_class = 'status-ok'; } elseif ($activity['action_type'] === 'deleted') { $row_class = 'status-error'; } if (is_null($description)) { if (!empty($activity['fallback_description'])) { $description = $activity['fallback_description']; } else { $description = __('None found.'); $description_class = 'inactive'; } } // Assemble the columns $col_date = Widget::TableData($date); $col_time = Widget::TableData($time); $col_desc = Widget::TableData($description, $description_class); $col_desc->appendChild(Widget::Input("items[{$activity['id']}]", null, 'checkbox')); // Insert the row $tbody[] = Widget::TableRow(array($col_desc, $col_date, $col_time), $row_class, 'activity-' . $activity['id']); } } // Assemble the table $table = Widget::Table(Widget::TableHead($thead), null, Widget::TableBody($tbody), 'selectable', null, array('role' => 'directory', 'aria-labelledby' => 'symphony-subheading', 'data-interactive' => 'data-interactive')); $this->Form->appendChild($table); // Append table actions $options = array(array(null, false, __('With Selected...')), array('delete', false, __('Delete'))); $tableActions = new XMLElement('div'); $tableActions->setAttribute('class', 'actions'); $tableActions->appendChild(Widget::Apply($options)); $this->Form->appendChild($tableActions); // Append pagination $filter_sql = Tracker::buildFilterSQL($filters); $sql = ' SELECT count(id) as `count` FROM `tbl_tracker_activity`' . $filter_sql; $per_page = Symphony::Configuration()->get('pagination_maximum_rows', 'symphony'); $total_entries = Symphony::Database()->fetchVar('count', 0, $sql); $remaining_entries = max(0, $total_entries - ($start + $per_page)); $total_pages = max(1, ceil($total_entries * (1 / $per_page))); $remaining_pages = max(0, $total - pages - $current_page); if ($total_pages > 1) { $ul = new XMLElement('ul'); $ul->setAttribute('class', 'page'); // First $li = new XMLElement('li'); if ($current_page > 1) { $li->appendChild(Widget::Anchor(__('First'), Administration::instance()->getCurrentPageURL() . '?pg=1')); } else { $li->setValue(__('First')); } $ul->appendChild($li); // Previous $li = new XMLElement('li'); if ($current_page > 1) { $li->appendChild(Widget::Anchor(__('← Previous'), Administration::instance()->getCurrentPageURL() . '?pg=' . ($current_page - 1))); } else { $li->setValue(__('← Previous')); } $ul->appendChild($li); // Summary $li = new XMLElement('li', __('Page %1$s of %2$s', array($current_page, max($current_page, $total_pages)))); $li->setAttribute('title', __('Viewing %1$s - %2$s of %3$s entries', array($start, $current_page != $total_pages ? $current_page * Symphony::Configuration()->get('pagination_maximum_rows', 'symphony') : $total_entries, $total_entries))); $ul->appendChild($li); // Next $li = new XMLElement('li'); if ($current_page < $total_pages) { $li->appendChild(Widget::Anchor(__('Next →'), Administration::instance()->getCurrentPageURL() . '?pg=' . ($current_page + 1))); } else { $li->setValue(__('Next →')); } $ul->appendChild($li); // Last $li = new XMLElement('li'); if ($current_page < $total_pages) { $li->appendChild(Widget::Anchor(__('Last'), Administration::instance()->getCurrentPageURL() . '?pg=' . $total_pages)); } else { $li->setValue(__('Last')); } $ul->appendChild($li); $this->Form->appendChild($ul); } }