public static function rulePermissions($access)
{
$view = new Zikula_Request_Http();
$objectType = $view->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING);
$objectId = $view->getGet()->filter('id', 0, FILTER_SANITIZE_NUMBER_INT);
$permission = SecurityUtil::checkPermission($this->name . '::', '::', $access);
if ($objectType == 'category') {
$permission = SecurityUtil::checkPermission($this->name . ':Category:', $objectId, $access);
}
return $permission;
}
/**
* Retrieve identifier parameters for a given object type.
*
* @param Zikula_Request_Http $request Instance of Zikula_Request_Http.
* @param array $args List of arguments used as fallback if request does not contain a field.
* @param string $objectType Name of treated entity type.
* @param array $idFields List of identifier field names.
*
* @return array List of fetched identifiers.
*/
public static function retrieveIdentifier(Zikula_Request_Http $request, array $args, $objectType = '', array $idFields)
{
foreach ($idFields as $idField) {
$defaultValue = isset($args[$idField]) && is_numeric($args[$idField]) ? $args[$idField] : 0;
$id = $request->getGet()->filter($idField, $defaultValue);
if (!$id && $idField != 'id' && count($idFields) == 1) {
$defaultValue = isset($args['id']) && is_numeric($args['id']) ? $args['id'] : 0;
$id = (int) $request->getGet()->filter('id', $defaultValue, FILTER_VALIDATE_INT);
}
$idValues[$idField] = $id;
}
return $idValues;
}
/**
* Smarty function to wrap MUBoard_Form_View generated form controls with suitable form tags.
*
* @param array $params Parameters passed in the block tag.
* @param string $content Content of the block.
* @param Zikula_Form_View $view Reference to Zikula_Form_View object.
*
* @return string The rendered output.
*/
function smarty_block_muboardform($params, $content, $view)
{
if ($content) {
PageUtil::addVar('stylesheet', 'system/Theme/style/form/style.css');
$encodingHtml = array_key_exists('enctype', $params) ? " enctype=\"{$params['enctype']}\"" : '';
$action = htmlspecialchars(System::getCurrentUri());
$classString = '';
if (isset($params['cssClass'])) {
$classString = "class=\"{$params['cssClass']}\" ";
}
$request = new Zikula_Request_Http();
$id = $request->getGet()->filter('id', 0, FILTER_SANITIZE_NUMBER_INT);
$forumid = $request->getGet()->filter('forum', 0, FILTER_SANITIZE_NUMBER_INT);
// we check if the entrypoint is part of the url
$stripentrypoint = ModUtil::getVar('ZConfig', 'shorturlsstripentrypoint');
// get url name
$tables = DBUtil::getTables();
$modcolumn = $tables['modules_column'];
$module = 'MUBoard';
$where = "{$modcolumn['name']} = '" . DataUtil::formatForStore($module) . "'";
$module = DBUtil::selectObject('modules', $where);
$urlname = $module['url'];
if (ModUtil::getVar('ZConfig', 'shorturls') == 0) {
if (strpos($action, "func=display") !== false) {
$action = 'index.php?module=' . $urlname . '&type=user&func=edit&ot=posting&answer=1';
}
if (strpos($action, "func=edit&ot=posting") !== false && $forumid > 0) {
$action = 'index.php?module=' . $urlname . '&type=user&func=edit&ot=posting&forum' . $forumid;
}
} else {
if (strpos($action, $urlname . "/posting/id.") !== false) {
if ($stripentrypoint == 1) {
$action = $urlname . '/edit/ot/posting/answer/1';
} elseif ($stripentrypoint == 0) {
$action = 'index.php/' . $urlname . '/edit/ot/posting/answer/1';
}
}
if (strpos($action, "edit/ot/posting/forum/") !== false && $forumid > 0) {
if ($stripentrypoint == 1) {
$action = $urlname . '/edit/ot/posting/forum/' . $forumid;
} elseif ($stripentrypoint == 0) {
$action = 'index.php/' . $urlname . '/edit/ot/posting/forum/' . $forumid;
}
}
}
$view->postRender();
$formId = $view->getFormId();
$out = "\n <form id=\"{$formId}\" {$classString}action=\"{$action}\" method=\"post\"{$encodingHtml}>\n {$content}\n <div>\n {$view->getStateHTML()}\n {$view->getStateDataHTML()}\n {$view->getIncludesHTML()}\n {$view->getCsrfTokenHtml()}\n <input type=\"hidden\" name=\"__formid\" id=\"form__id\" value=\"{$formId}\" />\n <input type=\"hidden\" name=\"FormEventTarget\" id=\"FormEventTarget\" value=\"\" />\n <input type=\"hidden\" name=\"FormEventArgument\" id=\"FormEventArgument\" value=\"\" />\n <script type=\"text/javascript\">\n <!--\n function FormDoPostBack(eventTarget, eventArgument)\n {\n var f = document.getElementById('{$formId}');\n if (!f.onsubmit || f.onsubmit())\n {\n f.FormEventTarget.value = eventTarget;\n f.FormEventArgument.value = eventArgument;\n f.submit();\n }\n }\n // -->\n </script>\n </div>\n </form>\n ";
return $out;
}
}
protected function bootstrap($disableSessions = true, $loadZikulaCore = true, $fakeRequest = true)
{
define('_ZINSTALLVER', \Zikula_Core::VERSION_NUM);
$kernel = $this->getContainer()->get('kernel');
$loader = (require $kernel->getRootDir() . '/autoload.php');
\ZLoader::register($loader);
if ($loadZikulaCore && !$this->getContainer()->has('zikula')) {
$core = new Zikula_Core();
$core->setKernel($kernel);
$core->boot();
foreach ($GLOBALS['ZConfig'] as $config) {
$core->getContainer()->loadArguments($config);
}
$GLOBALS['ZConfig']['System']['temp'] = $core->getContainer()->getParameter('temp_dir');
$GLOBALS['ZConfig']['System']['datadir'] = $core->getContainer()->getParameter('datadir');
$GLOBALS['ZConfig']['System']['system.chmod_dir'] = $core->getContainer()->getParameter('system.chmod_dir');
\ServiceUtil::getManager($core);
\EventUtil::getManager($core);
}
if ($disableSessions) {
// Disable sessions.
$this->getContainer()->set('session.storage', new MockArraySessionStorage());
$this->getContainer()->set('session.handler', new NullSessionHandler());
}
if ($fakeRequest) {
// Fake request
$request = Request::create('http://localhost/install');
$this->getContainer()->set('request', $request);
}
}
/**
* Respond to a `module.users.ui.process_edit` event to store profile data gathered when editing or creating a user account.
*
* Parameters passed in via POST:
* ------------------------------
* array dynadata An array containing the profile items to store for the user.
*
* @param Zikula_Event $event The event that triggered this function call, containing the id of the user for which profile information should be stored.
*
* @return void
*/
public function processEdit(Zikula_Event $event)
{
if ($this->request->isPost()) {
if ($this->validation && !$this->validation->hasErrors()) {
$user = $event->getSubject();
$dynadata = $this->request->getPost()->has('dynadata') ? $this->request->getPost()->get('dynadata') : array();
foreach ($dynadata as $dudName => $dudItem) {
UserUtil::setVar($dudName, $dudItem, $user['uid']);
}
}
}
}
/**
* Build a generic Doctrine query supporting WHERE and ORDER BY
*
* @param string $where The where clause to use when retrieving the collection (optional) (default='').
* @param string $orderBy The order-by clause to use when retrieving the collection (optional) (default='').
* @param boolean $useJoins Whether to include joining related objects (optional) (default=true).
*
* @return Doctrine\ORM\Query query instance to be further processed
*/
protected function _intBaseQuery($where = '', $orderBy = '', $useJoins = true)
{
$view = new Zikula_Request_Http();
$ot = $view->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING);
$type = $view->getGet()->filter('type', 'user', FILTER_SANITIZE_STRING);
$func = $view->getGet()->filter('func', 'view', FILTER_SANITIZE_STRING);
$selection = 'tbl';
if ($useJoins === true) {
$selection .= $this->addJoinsToSelection();
}
$qb = $this->getEntityManager()->createQueryBuilder();
$qb->select($selection)->from('MUBoard_Entity_Posting', 'tbl');
if ($useJoins === true) {
$this->addJoinsToFrom($qb);
}
if ($func == 'view' && $ot == 'posting') {
if ($where != '') {
$where .= ' AND ';
}
$where .= 'tbl.parent_id IS NULL';
}
if (!empty($where)) {
$qb->where($where);
}
// add order by clause
if (!empty($orderBy)) {
$qb->add('orderBy', 'tbl.' . $orderBy);
}
$query = $qb->getQuery();
// TODO - see https://github.com/zikula/core/issues/118
// use FilterUtil to support generic filtering
//$fu = new FilterUtil('MUBoard', $this);
// you could set explicit filters at this point, something like
// $fu->setFilter('type:eq:' . $args['type'] . ',id:eq:' . $args['id']);
// supported operators: eq, ne, like, lt, le, gt, ge, null, notnull
// process request input filters and add them to the query.
//$fu->enrichQuery($query);
return $query;
}
/**
* Check Csrf token.
*
* @param string $token The token, if not set, will pull from $_POST['csrftoken'].
*
* @throws Zikula_Exception_Forbidden If check fails.
*
* @return void
*/
public function checkCsrfToken($token=null)
{
if (is_null($token)) {
$token = $this->request->getPost()->get('csrftoken', false);
}
$tokenValidator = $this->serviceManager->getService('token.validator');
if (System::getVar('sessioncsrftokenonetime') && $tokenValidator->validate($token, false, false)) {
return;
}
if ($tokenValidator->validate($token)) {
return;
}
// Should we expire the session also? drak.
throw new Zikula_Exception_Forbidden(__('Security token validation failed'));
}
<?php
/**
* Copyright Zikula Foundation 2009 - Zikula Application Framework
* This work is contributed to the Zikula Foundation under one or more
* Contributor Agreements and licensed to You under the following license:
*
* @license GNU/LGPLv3 (or at your option, any later version).
* @package Zikula
*
* Please see the NOTICE file distributed with this source code for further
* information regarding copyright and licensing.
*/
use Zikula_Request_Http as Request;
include 'lib/bootstrap.php';
$request = Request::createFromGlobals();
$core->init(Zikula_Core::STAGE_ALL, $request);
// this event for BC only. remove in 2.0.0
$core->getDispatcher()->dispatch('frontcontroller.predispatch', new \Zikula\Core\Event\GenericEvent());
$response = $kernel->handle($request);
$response->send();
$kernel->terminate($request, $response);
/**
* Check Csrf token.
*
* @param string $token The token, if not set, will pull from $_POST['csrftoken'].
*
* @throws AccessDeniedException If check fails.
*
* @return void
*/
public function checkCsrfToken($token = null)
{
if (is_null($token)) {
$token = $this->request->request->get('csrftoken', false);
}
$tokenValidator = $this->container->get('token.validator');
if (System::getVar('sessioncsrftokenonetime') && $tokenValidator->validate($token, false, false)) {
return;
}
if ($tokenValidator->validate($token)) {
return;
}
$this->throwForbidden(__f('Oops, something went wrong: security token validation failed. You might want to go to the <a href="%s">startpage</a>.', $this->request->getBaseUrl()));
}
/**
* Setup.
*
* @return void
*/
public function setup(Request $request)
{
$this->langRequested = preg_replace('#[^a-z-].#', '', FormUtil::getPassedValue('lang', null, 'GET'));
// language for this request
$this->detectLanguage();
$this->validate();
$this->fixLanguageToSession();
ModUtil::setupMultilingual();
$this->setLocale($this->languageCode);
$request->setLocale($this->languageCode);
$request->setDefaultLocale('en');
$this->bindCoreDomain();
$this->processErrors();
}
/**
*
* This method gets the state of the posting abo
*/
public static function getStateOfPostingAbo($postingid)
{
$request = new Zikula_Request_Http();
// get objecttype
$ot = $request->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING);
$forumid = $request->getGet()->filter('id', 0, FILTER_SANITIZE_NUMBER_INT);
// get repositoy for Categories
$repository = MUBoard_Util_Model::getAboRepository();
if (UserUtil::isLoggedIn() == true) {
// get actual userid
$userid = UserUtil::getVar('uid');
// look for abo
$where = 'tbl.postingid = \'' . DataUtil::formatForStore($postingid) . '\'';
$where .= ' AND ';
$where .= 'tbl.userid = \'' . DataUtil::formatForStore($userid) . '\'';
$abo = $repository->selectWhere($where);
if ($ot == 'posting') {
if (!$abo) {
$url = ModUtil::url('MUBoard', 'admin', 'take', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot));
$out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_post_to.png' />\n </a>";
}
if ($abo) {
$url = ModUtil::url('MUBoard', 'admin', 'quit', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot));
$out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_get.png' />\n </a>";
}
}
if ($ot == 'forum') {
if (!$abo) {
$url = ModUtil::url('MUBoard', 'admin', 'take', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot, 'forum' => $forumid));
$out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_post_to.png' />\n </a>";
}
if ($abo) {
$url = ModUtil::url('MUBoard', 'admin', 'quit', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot, 'forum' => $forumid));
$out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_get.png' />\n </a>";
}
}
} else {
$out = '';
}
return $out;
}
/**
* Initialise Zikula.
*
* Carries out a number of initialisation tasks to get Zikula up and
* running.
*
* @param integer $stage Stage to load.
* @param Zikula_Request_Http $request
*
* @return boolean True initialisation successful false otherwise.
*/
public function init($stage = self::STAGE_ALL, Request $request)
{
$GLOBALS['__request'] = $request;
// hack for pre 1.5.0 - drak
$coreInitEvent = new GenericEvent($this);
// store the load stages in a global so other API's can check whats loaded
$this->stage = $this->stage | $stage;
if ($stage & self::STAGE_PRE && $this->stage & ~self::STAGE_PRE) {
ModUtil::flushCache();
System::flushCache();
$args = !System::isInstalling() ? array('lazy' => true) : array();
$this->dispatcher->dispatch('core.preinit', new GenericEvent($this, $args));
}
// Initialise and load configuration
if ($stage & self::STAGE_CONFIG) {
// for BC only. remove this code in 2.0.0
if (!System::isInstalling()) {
$this->dispatcher->dispatch('setup.errorreporting', new GenericEvent(null, array('stage' => $stage)));
}
// initialise custom event listeners from config.php settings
$coreInitEvent->setArgument('stage', self::STAGE_CONFIG);
$this->dispatcher->dispatch('core.init', $coreInitEvent);
}
// create several booleans to test condition of request regrading install/upgrade
$installed = $this->getContainer()->getParameter('installed');
if ($installed) {
self::defineCurrentInstalledCoreVersion($this->getContainer());
}
$requiresUpgrade = $installed && version_compare(ZIKULACORE_CURRENT_INSTALLED_VERSION, self::VERSION_NUM, '<');
// can't use $request->get('_route') to get any of the following
// all these routes are hard-coded in xml files
$uriContainsInstall = strpos($request->getRequestUri(), '/install') !== false;
$uriContainsUpgrade = strpos($request->getRequestUri(), '/upgrade') !== false;
$uriContainsDoc = strpos($request->getRequestUri(), '/installdoc') !== false;
$uriContainsWdt = strpos($request->getRequestUri(), '/_wdt') !== false;
$uriContainsProfiler = strpos($request->getRequestUri(), '/_profiler') !== false;
$uriContainsRouter = strpos($request->getRequestUri(), '/js/routing?callback=fos.Router.setData') !== false;
$doNotRedirect = $uriContainsProfiler || $uriContainsWdt || $uriContainsRouter || $request->isXmlHttpRequest();
// check if Zikula Core is not installed
if (!$installed && !$uriContainsDoc && !$uriContainsInstall && !$doNotRedirect) {
$this->container->get('router')->getContext()->setBaseUrl($request->getBasePath());
// compensate for sub-directory installs
$url = $this->container->get('router')->generate('install');
$response = new RedirectResponse($url);
$response->send();
System::shutDown();
}
// check if Zikula Core requires upgrade
if ($requiresUpgrade && !$uriContainsDoc && !$uriContainsUpgrade && !$doNotRedirect) {
$this->container->get('router')->getContext()->setBaseUrl($request->getBasePath());
// compensate for sub-directory installs
$url = $this->container->get('router')->generate('upgrade');
$response = new RedirectResponse($url);
$response->send();
System::shutDown();
}
if (!$installed || $requiresUpgrade || $this->getContainer()->hasParameter('upgrading')) {
System::setInstalling(true);
}
if ($stage & self::STAGE_DB) {
try {
$dbEvent = new GenericEvent($this, array('stage' => self::STAGE_DB));
$this->dispatcher->dispatch('core.init', $dbEvent);
} catch (PDOException $e) {
if (!System::isInstalling()) {
header('HTTP/1.1 503 Service Unavailable');
require_once System::getSystemErrorTemplate('dbconnectionerror.tpl');
System::shutDown();
} else {
return false;
}
}
}
if ($stage & self::STAGE_TABLES) {
// Initialise dbtables
ModUtil::dbInfoLoad('ZikulaExtensionsModule', 'ZikulaExtensionsModule');
ModUtil::initCoreVars();
ModUtil::dbInfoLoad('ZikulaSettingsModule', 'ZikulaSettingsModule');
ModUtil::dbInfoLoad('ZikulaThemeModule', 'ZikulaThemeModule');
ModUtil::dbInfoLoad('ZikulaUsersModule', 'ZikulaUsersModule');
ModUtil::dbInfoLoad('ZikulaGroupsModule', 'ZikulaGroupsModule');
ModUtil::dbInfoLoad('ZikulaPermissionsModule', 'ZikulaPermissionsModule');
ModUtil::dbInfoLoad('ZikulaCategoriesModule', 'ZikulaCategoriesModule');
// Add AutoLoading for non-symfony 1.3 modules in /modules
if (!System::isInstalling()) {
ModUtil::registerAutoloaders();
}
$coreInitEvent->setArgument('stage', self::STAGE_TABLES);
$this->dispatcher->dispatch('core.init', $coreInitEvent);
}
if ($stage & self::STAGE_SESSIONS) {
// SessionUtil::requireSession();
$coreInitEvent->setArgument('stage', self::STAGE_SESSIONS);
$this->dispatcher->dispatch('core.init', $coreInitEvent);
}
// Have to load in this order specifically since we cant setup the languages until we've decoded the URL if required (drak)
// start block
if ($stage & self::STAGE_LANGS) {
$lang = ZLanguage::getInstance();
}
if ($stage & self::STAGE_DECODEURLS) {
System::queryStringDecode($request);
$coreInitEvent->setArgument('stage', self::STAGE_DECODEURLS);
$this->dispatcher->dispatch('core.init', $coreInitEvent);
}
if ($stage & self::STAGE_LANGS) {
$lang->setup($request);
$coreInitEvent->setArgument('stage', self::STAGE_LANGS);
$this->dispatcher->dispatch('core.init', $coreInitEvent);
}
// end block
if ($stage & self::STAGE_MODS) {
if (!System::isInstalling()) {
ModUtil::load('ZikulaSecurityCenterModule');
}
$coreInitEvent->setArgument('stage', self::STAGE_MODS);
$this->dispatcher->dispatch('core.init', $coreInitEvent);
}
if ($stage & self::STAGE_THEME) {
// register default page vars
PageUtil::registerVar('polyfill_features', true);
PageUtil::registerVar('title');
PageUtil::setVar('title', System::getVar('defaultpagetitle'));
PageUtil::registerVar('keywords', true);
PageUtil::registerVar('stylesheet', true);
PageUtil::registerVar('javascript', true);
PageUtil::registerVar('jsgettext', true);
PageUtil::registerVar('body', true);
PageUtil::registerVar('header', true);
PageUtil::registerVar('footer', true);
// set some defaults
// Metadata for SEO
$this->container->setParameter('zikula_view.metatags', array('description' => System::getVar('defaultmetadescription'), 'keywords' => System::getVar('metakeywords')));
$coreInitEvent->setArgument('stage', self::STAGE_THEME);
$this->dispatcher->dispatch('core.init', $coreInitEvent);
}
// check the users status, if not 1 then log him out
if (!System::isInstalling() && UserUtil::isLoggedIn()) {
$userstatus = UserUtil::getVar('activated');
if ($userstatus != Users_Constant::ACTIVATED_ACTIVE) {
UserUtil::logout();
// TODO - When getting logged out this way, the existing session is destroyed and
// then a new one is created on the reentry into index.php. The message
// set by the registerStatus call below gets lost.
LogUtil::registerStatus(__('You have been logged out.'));
System::redirect(ModUtil::url('ZikulaUsersModule', 'user', 'login'));
}
}
if ($stage & self::STAGE_POST && $this->stage & ~self::STAGE_POST) {
$this->dispatcher->dispatch('core.postinit', new GenericEvent($this, array('stages' => $stage)));
}
}
