public function Sort()
{
$this->_DeliveryType = DELIVERY_TYPE_BOOL;
$Success = FALSE;
if ($this->Form->AuthenticatedPostBack()) {
$TableID = GetPostValue('TableID', FALSE);
if ($TableID) {
$Rows = GetPostValue($TableID, FALSE);
if (is_array($Rows)) {
try {
$Table = str_replace('Table', '', $TableID);
$TableModel = new Model($Table);
foreach ($Rows as $Sort => $ID) {
$TableModel->Update(array('Sort' => $Sort), array($Table . 'ID' => $ID));
}
$Success = TRUE;
} catch (Exception $ex) {
$this->Form->AddError($ex->getMessage());
}
}
}
}
if (!$Success) {
$this->Form->AddError('ErrorBool');
}
$this->Render();
}
public function Sort() {
$Session = Gdn::Session();
$TransientKey = GetPostValue('TransientKey', '');
$Target = GetPostValue('Target', '');
if ($Session->ValidateTransientKey($TransientKey)) {
$TableID = GetPostValue('TableID', FALSE);
if ($TableID) {
$Rows = GetPostValue($TableID, FALSE);
if (is_array($Rows)) {
try {
$Table = str_replace('Table', '', $TableID);
$TableModel = new Gdn_Model($Table);
foreach ($Rows as $Sort => $ID) {
$TableModel->Update(array('Sort' => $Sort), array($Table.'ID' => $ID));
}
} catch (Exception $ex) {
$this->Form->AddError($ex->getMessage());
}
}
}
}
if ($this->DeliveryType() != DELIVERY_TYPE_BOOL)
Redirect($Target);
$this->Render();
}
public function Update($Reference = '', $PostBackKey = '')
{
$this->Permission('Candy.Chunks.Edit');
$Content = False;
$Session = Gdn::Session();
$this->AddJsFile('jquery.textpandable.js');
$this->AddJsFile('editform.js');
$this->Form->SetModel($this->ChunkModel);
if ($Reference != '') {
$Content = $this->ChunkModel->GetID($Reference);
if ($Content) {
$this->Form->AddHidden('ChunkID', $Content->ChunkID);
$this->Editing = True;
$this->Form->SetData($Content);
}
}
$IsFormPostBack = $this->Form->AuthenticatedPostBack();
$PostAuthenticatedByKey = $Session->ValidateTransientKey($PostBackKey) && $this->Form->IsPostBack();
if ($IsFormPostBack || $PostAuthenticatedByKey) {
if ($PostAuthenticatedByKey) {
// AJAX, set form values.
$this->Form->SetFormValue('ChunkID', $Content->ChunkID);
$this->Form->SetFormValue('Body', GetPostValue('Body'));
}
$SavedID = $this->Form->Save($Content);
if ($SavedID) {
$Message = T('Saved');
$this->InformMessage($Message, array('Sprite' => 'Check', 'CssClass' => 'Dismissable AutoDismiss'));
if ($this->DeliveryType() == DELIVERY_TYPE_BOOL) {
//$this->SetData('Content', $Content);
//$this->SetData('NewBody', Gdn_Format::To($this->Form->GetFormValue('Body'), $Content->Format));
$this->SetJson('NewBody', Gdn_Format::To($this->Form->GetFormValue('Body'), $Content->Format));
}
}
} else {
$this->SetData('Content', $Content);
$this->Form->SetData($Content);
}
$this->Title(ConcatSep(' - ', T('Chunk'), GetValue('Name', $Content)));
$this->Render();
}
public function SortCategories()
{
$this->Permission('Vanilla.Categories.Manage');
$this->_DeliveryType = DELIVERY_TYPE_BOOL;
$Success = FALSE;
if ($this->Form->AuthenticatedPostBack()) {
$TableID = GetPostValue('TableID', FALSE);
if ($TableID) {
$Rows = GetPostValue($TableID, FALSE);
if (is_array($Rows)) {
foreach ($Rows as $Sort => $ID) {
$this->CategoryModel->Update(array('Sort' => $Sort), array('CategoryID' => $ID));
}
// And now call the category model's organize method to make sure
// orphans appear in the correct place.
$this->CategoryModel->Organize();
$Success = TRUE;
}
}
}
if (!$Success) {
$this->Form->AddError('ErrorBool');
}
$this->Render();
}
$out .= '</ul>';
return $out;
}
/*
|--------------------------------------------------------------------------
| Global Initialize
|--------------------------------------------------------------------------
|
| Initialize
|
*/
// Base File Directory
$baseFileDir = $_SERVER["SCRIPT_NAME"];
// Base SiteName
$baseDir = substr($baseFileDir, 0, strrpos($baseFileDir, "/"));
//$baseDir = '/stock';
$postStr = GetPostValue();
$defenceCheck = CheckSQLInjection($postStr);
if (!$defenceCheck) {
exit("You are a bad man!!!");
}
$defenceCheck = CheckNumeric();
if (!$defenceCheck) {
exit("You are a bad man!!!");
}
$sess_info = new sess_info("");
if (isset($_SESSION["ADMSESS"])) {
$ADMSESS = $_SESSION["ADMSESS"];
}
$checkUser = $sess_info->checkUser();
$checkAdmin = $sess_info->checkAdmin();
/**
* Examines the posted fields, defines $this->_ValidationFields, and
* enforces the $this->Rules collection on them.
*
* @param array $PostedFields An associative array of posted fields to be validated.
* @param boolean $Insert A boolean value indicating if the posted fields are to be inserted or
* updated. If being inserted, the schema's required field rules will be
* enforced.
* @return boolean Whether or not the validation was successful.
*/
public function Validate($PostedFields, $Insert = FALSE)
{
$this->DefineValidationFields($PostedFields, $this->_Schema, $Insert);
// Create an array to hold validation result messages
if (!is_array($this->_ValidationResults)) {
$this->_ValidationResults = array();
}
// Check for a honeypot (anti-spam input)
$HoneypotName = Gdn::Config('Garden.Forms.HoneypotName', '');
$HoneypotContents = GetPostValue($HoneypotName, '');
if ($HoneypotContents != '') {
$this->AddValidationResult($HoneypotName, "You've filled our honeypot! We use honeypots to help prevent spam. If you're not a spammer or a bot, you should contact the application administrator for help.");
}
// Loop through the fields that should be validated
foreach ($this->_ValidationFields as $FieldName => $FieldValue) {
// If this field has rules to be enforced...
if (array_key_exists($FieldName, $this->_FieldRules) && is_array($this->_FieldRules[$FieldName])) {
// Enforce them...
$this->_FieldRules[$FieldName] = array_values($this->_FieldRules[$FieldName]);
$RuleCount = count($this->_FieldRules[$FieldName]);
for ($i = 0; $i < $RuleCount; ++$i) {
$RuleName = $this->_FieldRules[$FieldName][$i];
if (array_key_exists($RuleName, $this->_Rules)) {
$Rule = $this->_Rules[$RuleName];
// echo '<div>FieldName: '.$FieldName.'; Rule: '.$Rule.'</div>';
if (substr($Rule, 0, 9) == 'function:') {
$Function = substr($Rule, 9);
if (!function_exists($Function)) {
trigger_error(ErrorMessage('Specified validation function could not be found.', 'Validation', 'Validate', $Function), E_USER_ERROR);
}
// Call the function. Core-defined validation functions can
// be found in ./functions.validation.php
$FieldInfo = array('Name' => $FieldName);
if (is_array($this->_Schema) && array_key_exists($FieldName, $this->_Schema)) {
$FieldInfo = array_merge($FieldInfo, (array) $this->_Schema[$FieldName]);
}
$FieldInfo = (object) $FieldInfo;
$ValidationResult = $Function($FieldValue, $FieldInfo, $PostedFields);
if ($ValidationResult !== TRUE) {
// If $ValidationResult is not FALSE, assume it is an error message
$ErrorCode = $ValidationResult === FALSE ? $Function : $ValidationResult;
// If there is a custom error, use it above all else
$ErrorCode = ArrayValue($FieldName . '.' . $RuleName, $this->_CustomErrors, $ErrorCode);
// Add the result
$this->AddValidationResult($FieldName, $ErrorCode);
// Only add one error per field
$i = $RuleCount;
}
} else {
if (substr($Rule, 0, 6) == 'regex:') {
$Regex = substr($Rule, 6);
if (ValidateRegex($FieldValue, $Regex) !== TRUE) {
$ErrorCode = 'Regex';
// If there is a custom error, use it above all else
$ErrorCode = ArrayValue($FieldName . '.' . $RuleName, $this->_CustomErrors, $ErrorCode);
// Add the result
$this->AddValidationResult($FieldName, $ErrorCode);
}
}
}
}
}
}
}
return count($this->_ValidationResults) == 0 ? TRUE : FALSE;
}
/**
* Sorting display order of categories.
*
* Accessed by ajax so its default is to only output true/false.
*
* @since 2.0.0
* @access public
*/
public function SortCategories()
{
// Check permission
$this->Permission('Vanilla.Categories.Manage');
// Set delivery type to true/false
$this->_DeliveryType = DELIVERY_TYPE_BOOL;
$Success = FALSE;
if ($this->Form->AuthenticatedPostBack()) {
// Data submitted
$TableID = GetPostValue('TableID', FALSE);
if ($TableID) {
$Rows = GetPostValue($TableID, FALSE);
if (is_array($Rows)) {
// Assign each category its new position in sort order
foreach ($Rows as $Sort => $ID) {
$this->CategoryModel->Update(array('Sort' => $Sort), array('CategoryID' => $ID));
}
// And now call the category model's organize method to make sure
// orphans appear in the correct place.
$this->CategoryModel->Organize();
$Success = TRUE;
}
}
}
if (!$Success) {
$this->Form->AddError('ErrorBool');
}
// Renders true/false rather than template
$this->Render();
}
public function PluginController_ReceiveUpload_Create($Sender)
{
$IncomingTransientKey = GetPostValue('TransientKey', Gdn::Session()->TransientKey());
$IncomingUserID = GetPostValue('SessionUserID', Gdn::Session()->UserID);
$Folder = GetPostValue('Folder');
$User = Gdn::UserModel()->GetID($IncomingUserID);
$UserTransientKey = GetValueR('Attributes.TransientKey', $User);
if (!($IncomingTransientKey && $IncomingTransientKey == $UserTransientKey)) {
throw PermissionException();
}
if (!self::HasPermission($User)) {
throw PermissionException();
}
$Folder = trim($Folder, '/\\');
if (substr($Folder, 0, 7) == 'uploads') {
$Folder = trim(substr($Folder, 7), '/\\');
}
if (!$Folder || $Folder == 'false') {
$Folder = 'i';
$_POST['AddYear'] = True;
$_POST['AddMonth'] = True;
}
if (GetPostValue('Debug')) {
$DEBUG = array('$_POST' => $_POST, '$IncomingTransientKey' => $IncomingTransientKey, '$IncomingUserID' => $IncomingUserID, '$Sender->DeliveryType()' => $Sender->DeliveryType(), '$Sender->DeliveryMethod()' => $Sender->DeliveryMethod(), 'Uploadify' => GetPostValue('Uploadify'));
file_put_contents(__DIR__ . '/post_' . rand(0, 99999) . '.txt', var_export($DEBUG, True));
}
//$TargetFolder = PATH_UPLOADS . DS . $Folder;
$TargetFolder = 'uploads' . DS . $Folder;
if (GetPostValue('AddYear')) {
$TargetFolder .= DS . date('Y');
}
if (GetPostValue('AddMonth')) {
$TargetFolder .= DS . date('m');
}
$Result = UploadFile($TargetFolder, 'File', array('WebTarget' => True));
if (GetPostValue('Asset')) {
$Result = Asset($Result);
}
if (GetPostValue('Uploadify')) {
echo $Result;
return;
}
$Sender->SetData('Result', $Result);
$Sender->Render();
}
