public function save()
{
// check for request forgeries
YRequest::checkToken() or jexit('Invalid Token');
// init vars
$post = YRequest::get('post');
try {
// bind post
$this->application->bind($post, array('params'));
// set params
$params = $this->application->getParams()->remove('global.')->set('group', @$post['group'])->set('template', @$post['template'])->set('global.config.', @$post['params']['config'])->set('global.template.', @$post['params']['template']);
if (isset($post['addons']) && is_array($post['addons'])) {
foreach ($post['addons'] as $addon => $value) {
$params->set("global.{$addon}.", $value);
}
}
$this->application->params = $params->toString();
// save application
YTable::getInstance('application')->save($this->application);
// set redirect
$msg = JText::_('Application Saved');
$link = $this->link_base . '&changeapp=' . $this->application->id;
} catch (YException $e) {
// raise notice on exception
JError::raiseNotice(0, JText::_('Error Saving Application') . ' (' . $e . ')');
// set redirect
$msg = null;
$link = $this->baseurl . '&task=add';
}
$this->setRedirect($link, $msg);
}
public function save()
{
// check for request forgeries
YRequest::checkToken() or jexit('Invalid Token');
// init vars
$post = YRequest::get('post');
$post['description'] = YRequest::getVar('description', '', 'post', 'string', JREQUEST_ALLOWRAW);
try {
// bind post
$this->application->bind($post, array('params'));
// set params
$this->application->params = $this->application->getParams()->remove('content.')->remove('config.')->remove('template.')->set('content.', @$post['params']['content'])->set('config.', @$post['params']['config'])->set('template.', @$post['params']['template'])->toString();
// save application
YTable::getInstance('application')->save($this->application);
// set redirect message
$msg = JText::_('Frontpage Saved');
} catch (YException $e) {
// raise notice on exception
JError::raiseNotice(0, JText::_('Error Saving Frontpage') . ' (' . $e . ')');
$msg = null;
}
$this->setRedirect($this->baseurl, $msg);
}
public function doExport()
{
// check for request forgeries
YRequest::checkToken() or jexit('Invalid Token');
$group = $this->application->getGroup();
require_once JPATH_ROOT . '/administrator/includes/pcl/pclzip.lib.php';
$filepath = JPATH_ROOT . '/tmp/' . $group . '.zip';
$read_directory = ZOO_APPLICATION_PATH . '/' . $group . '/';
$zip = new PclZip($filepath);
$files = YFile::readDirectoryFiles($read_directory, $read_directory, '', '/^[^\\.]/');
$zip->create($files, PCLZIP_OPT_ADD_PATH, '../', PCLZIP_OPT_REMOVE_PATH, $read_directory);
if (is_readable($filepath) && JFile::exists($filepath)) {
YFile::output($filepath);
if (!JFile::delete($filepath)) {
JError::raiseNotice(0, JText::_('Unable to delete file') . ' (' . $filepath . ')');
$this->setRedirect($this->baseurl . '&task=info');
}
} else {
JError::raiseNotice(0, JText::_('Unable to create file') . ' (' . $filepath . ')');
$this->setRedirect($this->baseurl . '&task=info');
}
}
protected function _editTrustedMode($enabled)
{
// check for request forgeries
YRequest::checkToken() or jexit('Invalid Token');
// init vars
$cid = YRequest::getArray('cid', array(), 'int');
if (count($cid) < 1) {
JError::raiseError(500, JText::_('Select a submission to enable/disable Trusted Mode'));
}
try {
// get item table
$table = YTable::getInstance('submission');
// update item state
foreach ($cid as $id) {
$submission = $table->get($id);
$submission->params = $submission->getParams()->set('trusted_mode', $enabled)->toString();
$table->save($submission);
}
} catch (YException $e) {
// raise notice on exception
JError::raiseNotice(0, JText::_('Error enabling/disabling Submission Trusted Mode') . ' (' . $e . ')');
}
$this->setRedirect($this->baseurl);
}
protected function _editState($state)
{
// check for request forgeries
YRequest::checkToken() or jexit('Invalid Token');
// init vars
$cid = YRequest::getArray('cid', array(), 'int');
if (count($cid) < 1) {
JError::raiseError(500, JText::_('Select a comment to edit state'));
}
try {
// get comment table
$table = YTable::getInstance('comment');
// update comment state
foreach ($cid as $id) {
$comment = $table->get($id);
$comment->state = $state;
$table->save($comment);
}
} catch (YException $e) {
// raise notice on exception
JError::raiseNotice(0, JText::_('Error editing Comment State') . ' (' . $e . ')');
}
$this->setRedirect($this->baseurl);
}
protected function _editComments($enabled)
{
// check for request forgeries
YRequest::checkToken() or jexit('Invalid Token');
// init vars
$cid = YRequest::getArray('cid', array(), 'int');
if (count($cid) < 1) {
JError::raiseError(500, JText::_('Select a item to enable/disable comments'));
}
try {
// get item table
$table = YTable::getInstance('item');
// update item state
foreach ($cid as $id) {
$item = $table->get($id);
$item->params = $item->getParams()->set('config.enable_comments', $enabled)->toString();
$table->save($item);
}
} catch (YException $e) {
// raise notice on exception
JError::raiseNotice(0, JText::_('Error enabling/disabling Item Comments') . ' (' . $e . ')');
}
$this->setRedirect($this->baseurl);
}
public function save()
{
// check for request forgeries
YRequest::checkToken() or jexit('Invalid Token');
// init vars
$post = JRequest::get('post');
$db = YDatabase::getInstance();
$tzoffset = JFactory::getConfig()->getValue('config.offset');
$now = JFactory::getDate();
$now->setOffset($tzoffset);
$msg = '';
try {
$this->_init();
// is this an item edit?
$edit = (int) $this->item->id;
// is current user the item owner and does the user have sufficient user rights
if ($edit && (!$this->item->canAccess($this->user) || $this->item->created_by != $this->user->id)) {
throw new YControllerException('You are not allowed to make changes to this item.');
}
// get default category - only in none trusted mode
$categories = array();
if (!$this->submission->isInTrustedMode() && ($category = $this->submission->getForm($this->type->id)->get('category'))) {
$categories[] = $category;
}
// get element data from post
if (isset($post['elements'])) {
// filter element data
if (!$this->submission->isInTrustedMode() && !UserHelper::isJoomlaAdmin($this->user)) {
JRequest::setVar('elements', SubmissionHelper::filterData($post['elements']));
$post = JRequest::get('post');
}
// merge elements into post
$post = array_merge($post, $post['elements']);
}
// fix publishing dates in trusted mode
if ($this->submission->isInTrustedMode()) {
// set publish up date
if (isset($post['publish_up'])) {
if (empty($post['publish_up'])) {
$post['publish_up'] = $now->toMySQL(true);
}
}
// set publish down date
if (isset($post['publish_down'])) {
if (trim($post['publish_down']) == JText::_('Never') || trim($post['publish_down']) == '') {
$post['publish_down'] = $db->getNullDate();
}
}
}
// sanatize tags
if (!isset($post['tags'])) {
$post['tags'] = array();
}
// build new item form and bind it with post data
$form = new ItemForm(array('submission' => $this->submission, 'item' => $this->item, 'elements_config' => $this->elements_config));
$form->bind($post);
// save item if form is valid
if ($form->isValid()) {
// set name
$this->item->name = $form->getValue('name');
// bind elements
foreach ($this->elements_config as $data) {
if (($element = $this->item->getElement($data->element)) && ($field = $form->getFormField($data->element))) {
if ($field_data = $field->hasError() ? $field->getTaintedValue() : $field->getValue()) {
$element->bindData($field_data);
} else {
$element->bindData();
}
// perform submission uploads
if ($element instanceof iSubmissionUpload) {
$element->doUpload();
}
}
}
// set alias
$this->item->alias = ItemHelper::getUniqueAlias($this->item->id, YString::sluggify($this->item->name));
// set modified
$this->item->modified = $now->toMySQL();
$this->item->modified_by = $this->user->get('id');
// creating new item
if (!$edit) {
// set state
$this->item->state = 0;
// set created date
$this->item->created = $now->toMySQL();
$this->item->created_by = $this->user->get('id');
$this->item->created_by_alias = '';
// set publish up - publish down
$this->item->publish_up = $now->toMySQL();
$this->item->publish_down = $db->getNullDate();
// set access
$this->item->access = 0;
// set searchable
$this->item->searchable = 1;
}
if ($this->submission->isInTrustedMode()) {
// set state
$this->item->state = $form->getValue('state');
// set publish up
if (($publish_up = $form->getValue('publish_up')) && !empty($publish_up)) {
$date = JFactory::getDate($publish_up, $tzoffset);
$publish_up = $date->toMySQL();
}
$this->item->publish_up = $publish_up;
// set publish down
if (($publish_down = $form->getValue('publish_down')) && !empty($publish_down) && !($publish_down == $db->getNullDate())) {
$date = JFactory::getDate($publish_down, $tzoffset);
$publish_down = $date->toMySQL();
}
$this->item->publish_down = $publish_down;
// set searchable
$this->item->searchable = $form->getValue('searchable');
// set comments enabled
$this->item->params = $this->item->getParams()->set('config.enable_comments', $form->getValue('enable_comments'))->toString();
// set frontpage
if ($form->getValue('frontpage')) {
$categories[] = 0;
}
// set categories
$tmp_categories = $form->getValue('categories');
if (!empty($tmp_categories)) {
foreach ($form->getValue('categories') as $category) {
$categories[] = $category;
}
}
// set tags
$tags = $form->hasError('tags') ? $form->getTaintedValue('tags') : $form->getValue('tags');
$this->item->setTags($tags);
} else {
// spam protection - user may only submit items every SubmissionController::TIME_BETWEEN_PUBLIC_SUBMISSIONS seconds
if (!$edit) {
$timestamp = $this->session->get('ZOO_LAST_SUBMISSION_TIMESTAMP');
$now = time();
if ($now < $timestamp + SubmissionController::TIME_BETWEEN_PUBLIC_SUBMISSIONS) {
throw new SubmissionControllerException('You are submitting to fast, please try again in a few moments.');
}
$this->session->set('ZOO_LAST_SUBMISSION_TIMESTAMP', $now);
}
}
// save item
YTable::getInstance('item')->save($this->item);
// save category relations - only if editing in trusted mode
if (!$edit || $this->submission->isInTrustedMode()) {
CategoryHelper::saveCategoryItemRelations($this->item->id, $categories);
}
// set redirect message
$msg = $this->submission->isInTrustedMode() ? JText::_('Thanks for your submission.') : JText::_('Thanks for your submission. It will be reviewed before being posted on the site.');
// add form to session if form is not valid
} else {
$this->addFormToSession($form);
}
} catch (SubmissionControllerException $e) {
// raise warning on exception
JError::raiseWarning(0, (string) $e);
} catch (YException $e) {
// raise warning on exception
JError::raiseWarning(0, JText::_('There was an error saving your submission, please try again later.'));
// add exception details, for super administrators only
if ($this->user->superadmin) {
JError::raiseWarning(0, (string) $e);
}
}
// redirect to mysubmissions
if ($this->redirect == 'mysubmissions' && $form && $form->isValid()) {
$link = RouteHelper::getMySubmissionsRoute($this->submission);
// redirect to edit form
} else {
$link = RouteHelper::getSubmissionRoute($this->submission, $this->type->id, $this->hash, $this->item_id, $this->redirect);
}
$link = JRoute::_($link, false);
$this->setRedirect($link, $msg);
}
public function _editPublished($published, $msg)
{
// check for request forgeries
YRequest::checkToken() or jexit('Invalid Token');
// init vars
$cid = YRequest::getArray('cid', array(), 'int');
if (count($cid) < 1) {
JError::raiseError(500, $msg);
}
try {
// get category table
$table = YTable::getInstance('category');
// update published state
foreach ($cid as $id) {
$category = $table->get($id);
$category->setPublished($published);
$table->save($category);
}
} catch (YException $e) {
// raise notice on exception
JError::raiseNotice(0, JText::_('Error editing Item Published State') . ' (' . $e . ')');
$msg = null;
}
$this->setRedirect($this->baseurl);
}
public function save()
{
// check for request forgeries
YRequest::checkToken() or jexit('Invalid Token');
// set currently active author
$this->author = CommentHelper::activeAuthor();
// init vars
$redirect = YRequest::getString('redirect');
$login = YRequest::getString(CommentHelper::COOKIE_PREFIX . 'login', '', 'cookie');
if ($this->author->getUserType() == $login) {
if ($this->params->get('enable_comments', false)) {
// init vars
$content = YRequest::getVar('content', null, '', 'string', JREQUEST_ALLOWRAW);
$item_id = YRequest::getInt('item_id', 0);
$parent_id = YRequest::getInt('parent_id', 0);
// filter content
$content = CommentHelper::filterContentInput($content);
// set content in session
$this->session->set('com_zoo.comment.content', $content);
// set author name, email and url, if author is guest
if ($this->author->isGuest()) {
$this->author->name = YRequest::getString('author');
$this->author->email = YRequest::getString('email');
$this->author->url = YRequest::getString('url');
// save cookies
CommentHelper::saveCookies($this->author->name, $this->author->email, $this->author->url);
}
try {
// get comment table
$table = YTable::getInstance('comment');
// get parent
$parent = $table->get($parent_id);
$parent_id = $parent && $parent->item_id == $item_id ? $parent->id : 0;
// create comment
$comment = new Comment();
$comment->parent_id = $parent_id;
$comment->item_id = $item_id;
$comment->ip = CommentHelper::getClientIP();
$comment->created = JFactory::getDate()->toMySQL();
$comment->content = $content;
$comment->state = Comment::STATE_UNAPPROVED;
// auto approve comment
$approved = $this->params->get('approved', 0);
if ($this->author->isJoomlaAdmin()) {
$comment->state = Comment::STATE_APPROVED;
} else {
if ($approved == 1) {
$comment->state = Comment::STATE_APPROVED;
} else {
if ($approved == 2 && $table->getApprovedCommentCount($this->author)) {
$comment->state = Comment::STATE_APPROVED;
}
}
}
// bind Author
$comment->bindAuthor($this->author);
// validate comment, if not an administrator
if (!$this->author->isJoomlaAdmin()) {
$this->_validate($comment);
}
// save comment
$table->save($comment);
// remove content from session, if comment was saved
$this->session->set('com_zoo.comment.content', '');
} catch (CommentControllerException $e) {
// raise warning on exception
JError::raiseWarning(0, (string) $e);
} catch (YException $e) {
// raise warning on exception
JError::raiseWarning(0, JText::_('ERROR_SAVING_COMMENT'));
// add exception details, for super administrators only
if ($this->user->superadmin) {
JError::raiseWarning(0, (string) $e);
}
}
// add anchor to redirect, if comment was saved
if ($comment->id) {
$redirect .= '#comment-' . $comment->id;
}
} else {
// raise warning on comments not enabled
JError::raiseWarning(0, JText::_('Comments are not enabled.'));
}
} else {
// raise warning on exception
JError::raiseWarning(0, JText::_('ERROR_SAVING_COMMENT'));
// add exception details, for super administrators only
if ($this->user->superadmin) {
JError::raiseWarning(0, JText::_('User types didn\'t match.'));
}
}
$this->setRedirect($redirect);
}
