/** * Main filtering loop also sets up global vars GET POST COOKIE and some $_SERVER keys */ public function process() { global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_REQUEST_VARS; if ($this->currentUserHaveRightsForSkip()) { if ($_SERVER["REQUEST_METHOD"] === "POST" && check_bitrix_sessid() && empty($_POST['____SECFILTER_CONVERT_JS'])) { return; } } //Do not touch those variables who did not come from REQUEST $this->cleanGlobals(); $originalPostVars = $_POST; $_GET = $this->safeizeArray($_GET, '$_GET'); $_POST = $this->safeizeArray($_POST, '$_POST', '/^File\\d+_\\d+$/'); $_COOKIE = $this->safeizeArray($_COOKIE, '$_COOKIE'); $_SERVER = $this->safeizeServerArray($_SERVER); $_REQUEST = $_GET; foreach ($_POST as $k => $v) { $_REQUEST[$k] = $v; } foreach ($_COOKIE as $k => $v) { $_REQUEST[$k] = $v; } $HTTP_GET_VARS = $_GET; $HTTP_POST_VARS = $_POST; $HTTP_COOKIE_VARS = $_COOKIE; $HTTP_REQUEST_VARS = $_REQUEST; $this->restoreGlobals(); $this->doPostProccessActions($originalPostVars); }
/** * @return $this */ protected function checkToken() { if (!check_bitrix_sessid('token_sid')) { $this->sendJsonResponse(array('status' => 'error_token_sid', 'token_sid' => bitrix_sessid()), 403); } return $this; }
protected function checkRequest() { if (!$this->getUser() || !$this->getUser()->getId() || !$this->getUser()->IsAuthorized() || $_SERVER['REQUEST_METHOD'] !== 'POST' || !check_bitrix_sessid() || !$this->helper->checkRights()) { $this->sendJsonAccessDeniedResponse(); } $action = isset($_REQUEST['action']) && is_string($_REQUEST['action']) ? strtolower($_REQUEST['action']) : ''; if (empty($action)) { $this->errors[] = array('code' => 0, 'message' => GetMessage('CRM_PRODUCT_SECTION_TREE_AJAX_ERROR_EMPTY_ACTION')); } if (!$this->errors) { switch ($action) { case 'getinitialtree': case 'getsubsections': $this->action = $action; $catalogId = isset($_REQUEST['catalogId']) ? intval($_REQUEST['catalogId']) : 0; if ($catalogId <= 0) { $this->errors[] = array('code' => 0, 'message' => GetMessage('CRM_PRODUCT_SECTION_TREE_AJAX_ERROR_REQUIRED_PARAMETER', array('#PARAM#' => 'catalogId'))); } $this->catalogId = $catalogId; $sectionId = isset($_REQUEST['sectionId']) ? intval($_REQUEST['sectionId']) : 0; if ($sectionId <= 0) { $this->errors[] = array('code' => 0, 'message' => GetMessage('CRM_PRODUCT_SECTION_TREE_AJAX_ERROR_REQUIRED_PARAMETER', array('#PARAM#' => 'sectionId'))); } $this->sectionId = $sectionId; break; default: $this->errors[] = array('code' => 0, 'message' => GetMessage('CRM_PRODUCT_SECTION_TREE_AJAX_ERROR_UNKNOWN_ACTION', array('#ACTION#' => $_REQUEST['action']))); } } if ($this->errors) { $this->sendJsonErrorResponse(); } }
/** * @return array */ protected function toEdit() { /** @global CUser $USER */ global $USER; if (!$USER->IsAuthorized()) { return array('status' => 'error', 'error' => 'auth_error'); } if (!check_bitrix_sessid()) { return array('status' => 'error', 'error' => 'sessid_check_failed'); } if ($this->request['action'] !== 'otp_check_activate') { return array('status' => 'error', 'error' => 'unknown_action'); } if (!CModule::includeModule('security')) { return array('status' => 'error', 'error' => 'security_not_installed'); } try { $otp = Otp::getByUser($USER->getid()); $binarySecret = pack('H*', $this->request->getPost('secret')); $otp->regenerate($binarySecret)->syncParameters($this->request->getPost('sync1'), $this->request->getPost('sync2'))->save(); return array('status' => 'ok'); } catch (\Bitrix\Security\Mfa\OtpException $e) { return array('status' => 'error', 'error' => $e->getMessage()); } }
public static function OnBeforeProlog() { if (CSecuritySystemInformation::isCliMode()) return; if(CSecurityFilterMask::Check(SITE_ID, $_SERVER["REQUEST_URI"])) return; if(self::currentUserHaveRightsForSkip()) { if( check_bitrix_sessid() && ( !isset($_POST['____SECFILTER_CONVERT_JS']) || !$_POST['____SECFILTER_CONVERT_JS'] ) ) { return; } } $filter = new CSecurityFilter; $filter->process(); }
public static function execute() { global $USER; $result = array(); $error = false; if (!CModule::IncludeModule('voximplant')) { $error = 'Module voximplant is not installed.'; } else { if (!is_object($USER) || !$USER->IsAuthorized()) { $error = GetMessage('ACCESS_DENIED'); } else { if (!CVoxImplantMain::CheckAccess()) { $error = GetMessage('ACCESS_DENIED'); } else { if (!check_bitrix_sessid()) { $error = GetMessage('ACCESS_DENIED'); } else { if ($_REQUEST["act"] == "edit") { $result = self::executeEditPhones($error); } else { if ($_REQUEST["act"] == "getInfo") { $result = self::executeGetInfo($error); } else { if ($_REQUEST["act"] == "option") { $result = self::executeSaveOption($error); } } } } } } } self::returnJson(array_merge(array('result' => $error === false ? 'ok' : 'error', 'error' => CharsetConverter::ConvertCharset($error, SITE_CHARSET, 'UTF-8')), $result)); }
/** * проверяет заполнение обязательных параметров * @throws SystemException */ protected function checkParams() { if ($this -> arParams['IBLOCK_ID'] <= 0) throw new Main\ArgumentNullException('IBLOCK_ID'); if (check_bitrix_sessid()) { return false; } }
public function __construct($title, $iblockId) { global $APPLICATION; $this->iblock_id = intVal($iblockId); \CModule::IncludeModule("iblock"); if ($_REQUEST['work_start'] && check_bitrix_sessid()) { $this->lastID = intVal($_REQUEST['lastid']); } $this->arSelect = array("ID", "NAME", "CODE", "IBLOCK_ID"); $this->title = $title; $APPLICATION->SetTitle($this->title); }
function ShowPanel() { global $USER, $APPLICATION; if (defined("ADMIN_SECTION") && ADMIN_SECTION == true) { return; } if ($USER->IsAdmin()) { if ($_REQUEST['add_new_site_sol'] == 'sol' && check_bitrix_sessid()) { $dbrSites = CSite::GetList($by, $ord); $arSitesID = array(); $arSitesPath = array(); $siteCnt = 0; while ($arSite = $dbrSites->Fetch()) { if ($arSite["ACTIVE"] == "Y") { $siteCnt++; } $arSitesID[] = strtolower($arSite["ID"]); $arSitesPath[] = strtolower($arSite["PATH"]); } $newSiteID = ""; while (true) { $newSiteID = chr(rand(ord("a"), ord("z"))) . chr(rand(ord("a"), ord("z"))); if (!in_array($newSiteID, $arSitesID) && !in_array("/site" . $newSiteID . "/", $arSitesPath) && !file_exists($_SERVER['DOCUMENT_ROOT'] . "/site" . $newSiteID)) { break; } } $culture = CultureTable::getRow(array('filter' => array("=FORMAT_DATE" => FORMAT_DATE, "=FORMAT_DATETIME" => FORMAT_DATETIME, "=FORMAT_NAME" => CSite::GetDefaultNameFormat(), "=CHARSET" => SITE_CHARSET))); if ($culture) { $cultureId = $culture["ID"]; } else { $addResult = CultureTable::add(array("NAME" => $newSiteID, "CODE" => $newSiteID, "FORMAT_DATE" => FORMAT_DATE, "FORMAT_DATETIME" => FORMAT_DATETIME, "FORMAT_NAME" => CSite::GetDefaultNameFormat(), "CHARSET" => SITE_CHARSET)); $cultureId = $addResult->getId(); } $arFields = array("LID" => $newSiteID, "ACTIVE" => "Y", "SORT" => 100, "DEF" => "N", "NAME" => $newSiteID, "DIR" => "/site_" . $newSiteID . "/", "SITE_NAME" => $newSiteID, "SERVER_NAME" => $_SERVER["SERVER_NAME"], "EMAIL" => COption::GetOptionString("main", "email_from"), "LANGUAGE_ID" => LANGUAGE_ID, "DOC_ROOT" => "", "CULTURE_ID" => $cultureId); $obSite = new CSite(); $result = $obSite->Add($arFields); if ($result) { LocalRedirect("/bitrix/admin/wizard_install.php?lang=" . LANGUAGE_ID . "&wizardName=bitrix:portal&wizardSiteID=" . $newSiteID . "&" . bitrix_sessid_get()); } else { echo $obSite->LAST_ERROR; } } $arMenu = array(array("ACTION" => "jsUtils.Redirect([], '" . CUtil::JSEscape(SITE_DIR) . "?add_new_site_sol=sol&" . bitrix_sessid_get() . "')", "TEXT" => "<b>" . GetMessage("SOL_BUTTON_TEST_TEXT", array("#BR#" => " ")) . "</b>", "TITLE" => GetMessage("SOL_BUTTON_TEST_TITLE"))); $arSites = array(); $dbrSites = CSite::GetList($by, $ord, array("ACTIVE" => "Y")); while ($arSite = $dbrSites->GetNext()) { $arSites[] = array("ACTION" => "jsUtils.Redirect([], '" . CUtil::JSEscape($arSite["DIR"]) . "');", "ICON" => $arSite["LID"] == SITE_ID ? "checked" : "", "TEXT" => $arSite["NAME"], "TITLE" => GetMessage("SOL_BUTTON_GOTOSITE") . " " . $arSite["NAME"]); } $arMenu[] = array("SEPARATOR" => true); $arMenu[] = array("TEXT" => GetMessage("SOL_BUTTON_GOTOSITE"), "MENU" => $arSites); $APPLICATION->AddPanelButton(array("HREF" => SITE_DIR . "?add_new_site_sol=sol&" . bitrix_sessid_get(), "ID" => "solutions_wizard", "ICON" => "bx-panel-install-solution-icon", "TYPE" => "BIG", "ALT" => GetMessage("SOL_BUTTON_TEST_TITLE"), "TEXT" => GetMessage("SOL_BUTTON_TEST_TEXT"), "MAIN_SORT" => 2520, "SORT" => 20, "MENU" => $arMenu, 'HINT' => array('TITLE' => str_replace('#BR#', ' ', GetMessage("SOL_BUTTON_TEST_TEXT")), 'TEXT' => GetMessage('SOL_BUTTON_TEST_TEXT_HINT')), 'HINT_MENU' => array('TITLE' => str_replace('#BR#', ' ', GetMessage("SOL_BUTTON_TEST_TEXT")), 'TEXT' => GetMessage('SOL_BUTTON_TEST_MENU_HINT')))); } }
public function DoUninstall() { if (!check_bitrix_sessid()) { return false; } UnRegisterModule($this->MODULE_ID); $modPath = $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/" . $this->MODULE_ID . "/install/components"; $comPath = $_SERVER["DOCUMENT_ROOT"] . "/bitrix/components"; DeleteDirFiles($modPath, $comPath); DeleteDirFiles($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/" . $this->MODULE_ID . "/install/images", $_SERVER["DOCUMENT_ROOT"] . "/bitrix/images/maxposter"); LocalRedirect("partner_modules.php?lang=" . LANGUAGE_ID); return true; }
public function Run() { if ($_REQUEST['work_start'] && check_bitrix_sessid()) { if ($this->bCallback) { call_user_func($this->callback, $this); } else { $this->executeStep(); } echo $this->getCurrentStatusString(); die; } $GLOBALS['assistant_filter'] = $this->getFilterHtml(); }
function OnBeforePrologHandler(){ global $USER_FIELD_MANAGER; if (isset($_REQUEST['action_button']) && !isset($_REQUEST['action'])) { $_REQUEST['action'] = $_REQUEST['action_button']; } if (!isset($_REQUEST['action'])) { return; } $BID = (isset($_REQUEST['ID']) ? (int)$_REQUEST['ID'] : 0); if ($_REQUEST['action']=='parsing_in_list' && check_bitrix_sessid() && \CModule::IncludeModule('iblock')) { ParserActions::doParsing($BID,$_REQUEST['IBLOCK_ID']); } }
public function executeComponent() { /** @global CMain $APPLICATION */ global $APPLICATION; $action = $this->request['action']; $isEdit = $this->request->isPost() && $action && check_bitrix_sessid(); if ($isEdit) { $this->arResult = $this->toEdit($action); } else { $APPLICATION->SetTitle(Loc::getMessage("SECURITY_USER_RECOVERY_CODES_TITLE")); $this->arResult = $this->toView($action); } $this->doPostAction($isEdit, $action); }
public function CModuleOptions($module_id, $arTabs, $arGroups, $arOptions, $need_access_tab = false) { $this->module_id = $module_id; $this->arTabs = $arTabs; $this->arGroups = $arGroups; $this->arOptions = $arOptions; $this->need_access_tab = $need_access_tab; if ($need_access_tab) { $this->arTabs[] = array('DIV' => 'edit_access_tab', 'TAB' => 'Права доступа', 'ICON' => '', 'TITLE' => 'Настройка прав доступа'); } if ($_REQUEST['update'] == 'Y' && check_bitrix_sessid()) { $this->SaveOptions(); if ($this->need_access_tab) { $this->SaveGroupRight(); } } $this->GetCurOptionValues(); }
public function executeComponent() { /** @global CMain $APPLICATION */ global $APPLICATION; $action = $this->request['action']; $isEdit = $this->request->isPost() && $action && check_bitrix_sessid(); if ($isEdit) { $result = $this->toEdit($action); $result = CSecurityJsonHelper::encode($result); $APPLICATION->RestartBuffer(); header('Content-Type: application/json', true); echo $result; die; } else { $APPLICATION->SetTitle(Loc::getMessage("SECURITY_USER_RECOVERY_CODES_TITLE")); $this->arResult = $this->toView($action); $this->IncludeComponentTemplate($this->templatePage); } }
private function processGridActions($gridId) { $postAction = 'action_button_' . $gridId; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST[$postAction]) && check_bitrix_sessid()) { $userId = $this->getUser()->getID(); if ($_POST[$postAction] == 'restore') { if (empty($_POST['ID'])) { return; } foreach ($_POST['ID'] as $targetId) { /** @var Folder|File $object */ $object = BaseObject::loadById($targetId); if (!$object) { continue; } if (!$object->canRestore($object->getStorage()->getCurrentUserSecurityContext())) { continue; } $object->restore($userId); } } elseif ($_POST[$postAction] == 'delete' || $_POST[$postAction] == 'destroy') { if (empty($_POST['ID'])) { return; } foreach ($_POST['ID'] as $targetId) { /** @var Folder|File $object */ $object = BaseObject::loadById($targetId); if (!$object) { continue; } if (!$object->canDelete($object->getStorage()->getCurrentUserSecurityContext())) { continue; } if ($object instanceof Folder) { $object->deleteTree($userId); } else { $object->delete($userId); } } } } }
/** * @param string $name */ public function executeAction($name, $params = array()) { global $USER; $actionDesc = $this->getAction($name); if ($actionDesc) { $isSessidValid = true; if ($actionDesc["needBitrixSessid"] == true || array_key_exists("sessid", $_REQUEST) && strlen($_REQUEST["sessid"]) > 0) { $isSessidValid = check_bitrix_sessid(); } if (!isset($actionDesc["fireInitMobileEvent"]) || $actionDesc["fireInitMobileEvent"] != true) { if (!defined("MOBILE_INIT_EVENT_SKIP")) { define("MOBILE_INIT_EVENT_SKIP", true); } } if ($actionDesc["no_check_auth"] !== true && (!$USER->IsAuthorized() || !$isSessidValid)) { header("HTTP/1.0 401 Not Authorized"); header("Content-Type: application/x-javascript"); header("BX-Authorize: " . bitrix_sessid()); echo json_encode(array("status" => "failed", "bitrix_sessid" => bitrix_sessid())); } elseif ($actionDesc["file"]) { if ($actionDesc["json"] === true) { header("Content-Type: application/x-javascript"); $data = (include $actionDesc["file"]); if ($data) { echo json_encode($data); } } else { include $actionDesc["file"]; } } } else { if (!defined("MOBILE_INIT_EVENT_SKIP")) { define("MOBILE_INIT_EVENT_SKIP", true); } header("Content-Type: application/x-javascript"); echo json_encode(array("error" => "unknown action for data request")); } }
private function processGridActions($gridId) { $postAction = 'action_button_' . $gridId; if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST[$postAction]) && check_bitrix_sessid()) { if ($_POST[$postAction] == 'delete') { if (empty($_POST['ID'])) { return; } foreach ($_POST['ID'] as $targetId) { /** @var ExternalLink $externalLink */ $externalLink = ExternalLink::loadById($targetId, array('FILE.STORAGE')); if (!$externalLink) { continue; } //todo perf we can use getModelList and filter by SimpleRights with ID in (...). Also at once we make so quickly if (!$externalLink->getFile()->canRead($externalLink->getFile()->getStorage()->getCurrentUserSecurityContext())) { continue; } $externalLink->delete(); } } } }
protected function checkRequest() { if (!$this->getUser() || !$this->getUser()->getId() || !$this->getUser()->IsAuthorized() || $_SERVER['REQUEST_METHOD'] !== 'POST' || !check_bitrix_sessid()) { $this->sendJsonAccessDeniedResponse(); } $action = isset($_REQUEST['action']) && is_string($_REQUEST['action']) ? strtolower($_REQUEST['action']) : ''; if (empty($action)) { $this->errors[] = array('code' => 0, 'message' => GetMessage('CRM_PRODUCT_AJAX_ERROR_EMPTY_ACTION')); } if (!$this->errors) { switch ($action) { case 'saveviewoptions': $this->action = $action; $rightSideWidth = isset($_REQUEST['rightSideWidth']) ? intval($_REQUEST['rightSideWidth']) : 0; if ($rightSideWidth <= 0) { $this->errors[] = array('code' => 0, 'message' => GetMessage('CRM_PRODUCT_AJAX_ERROR_REQUIRED_PARAMETER', array('#PARAM#' => 'rightSideWidth'))); } $this->rightSideWidth = $rightSideWidth; $rightSideClosed = isset($_REQUEST['rightSideClosed']) ? strval($_REQUEST['rightSideClosed']) : ''; if ($rightSideClosed === '') { $this->errors[] = array('code' => 0, 'message' => GetMessage('CRM_PRODUCT_AJAX_ERROR_REQUIRED_PARAMETER', array('#PARAM#' => 'rightSideClosed'))); } $this->rightSideClosed = $rightSideClosed === 'Y' ? 'Y' : 'N'; $viewOptionId = isset($_REQUEST['viewOptionId']) ? strval($_REQUEST['viewOptionId']) : ''; if ($viewOptionId === '' || !in_array($viewOptionId, self::$allowedViewOptions, true)) { $this->errors[] = array('code' => 0, 'message' => GetMessage('CRM_PRODUCT_AJAX_ERROR_REQUIRED_PARAMETER', array('#PARAM#' => 'viewOptionId'))); } $this->viewOptionId = $viewOptionId; break; default: $this->errors[] = array('code' => 0, 'message' => GetMessage('CRM_PRODUCT_AJAX_AJAX_ERROR_UNKNOWN_ACTION', array('#ACTION#' => $_REQUEST['action']))); } } if ($this->errors) { $this->sendJsonErrorResponse(); } }
function DoUninstall() { global $APPLICATION; $this->errors = array(); if (!check_bitrix_sessid()) { return false; } if (Option::get('webdav', 'process_converted', false) === 'Y' || Option::get('disk', 'process_converted', false) === 'Y') { $this->errors[] = GetMessage("WD_UNINSTALL_ERROR_MIGRATE_PROCESS"); $GLOBALS["webdav_installer_errors"] = $this->errors; $APPLICATION->IncludeAdminFile(GetMessage("WD_UNINSTALL_TITLE"), $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/webdav/install/unstep1.php"); return; } $this->UnInstallDB(); $this->UnInstallEvents(); $this->UnInstallFiles(); }
protected function processActionCheckDataElementCreation() { if ($_POST["save"] != "Y" && $_POST["changePostFormTab"] != "lists" && !check_bitrix_sessid()) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_SEAC_CONNECTION_MODULE_IBLOCK')))); } if (!Loader::IncludeModule('bizproc')) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_SEAC_CONNECTION_MODULE_BIZPROC')))); } if (!Loader::includeModule('iblock')) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_SEAC_CONNECTION_MODULE_IBLOCK')))); } $this->iblockId = intval($this->request->getPost('IBLOCK_ID')); $this->iblockTypeId = COption::GetOptionString("lists", "livefeed_iblock_type_id"); $this->checkPermissionElement(); if ($this->errorCollection->hasErrors()) { $this->sendJsonErrorResponse(); } $templateId = intval($_POST['TEMPLATE_ID']); $documentType = BizprocDocument::generateDocumentComplexType(COption::GetOptionString("lists", "livefeed_iblock_type_id"), $this->iblockId); if (!empty($templateId)) { if (CModule::IncludeModule('bizproc')) { if (!CBPWorkflowTemplateLoader::isConstantsTuned($templateId)) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_IS_CONSTANTS_TUNED_NEW')))); $this->sendJsonErrorResponse(); } } } else { if (CModule::IncludeModule("bizproc")) { $templateObject = CBPWorkflowTemplateLoader::getTemplatesList(array('ID' => 'DESC'), array('DOCUMENT_TYPE' => $documentType, 'AUTO_EXECUTE' => CBPDocumentEventType::Create), false, false, array('ID')); $template = $templateObject->fetch(); if (!empty($template)) { if (!CBPWorkflowTemplateLoader::isConstantsTuned($template["ID"])) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_IS_CONSTANTS_TUNED_NEW')))); $this->sendJsonErrorResponse(); } } else { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_NOT_BIZPROC_TEMPLATE')))); $this->sendJsonErrorResponse(); } } } $list = new CList($this->iblockId); $fields = $list->getFields(); $elementData = array("IBLOCK_ID" => $this->iblockId, "NAME" => $_POST["NAME"]); $props = array(); foreach ($fields as $fieldId => $field) { if ($fieldId == "PREVIEW_PICTURE" || $fieldId == "DETAIL_PICTURE") { $elementData[$fieldId] = $_FILES[$fieldId]; if (isset($_POST[$fieldId . "_del"]) && $_POST[$fieldId . "_del"] == "Y") { $elementData[$fieldId]["del"] = "Y"; } } elseif ($fieldId == "PREVIEW_TEXT" || $fieldId == "DETAIL_TEXT") { if (isset($field["SETTINGS"]) && is_array($field["SETTINGS"]) && $field["SETTINGS"]["USE_EDITOR"] == "Y") { $elementData[$fieldId . "_TYPE"] = "html"; } else { $elementData[$fieldId . "_TYPE"] = "text"; } $elementData[$fieldId] = $_POST[$fieldId]; } elseif ($fieldId == 'ACTIVE_FROM' || $fieldId == 'ACTIVE_TO') { $elementData[$fieldId] = array_shift($_POST[$fieldId]); } elseif ($list->is_field($fieldId)) { $elementData[$fieldId] = $_POST[$fieldId]; } elseif ($field["PROPERTY_TYPE"] == "F") { if (isset($_POST[$fieldId . "_del"])) { $deleteArray = $_POST[$fieldId . "_del"]; } else { $deleteArray = array(); } $props[$field["ID"]] = array(); $files = $this->unEscape($_FILES); CFile::ConvertFilesToPost($files[$fieldId], $props[$field["ID"]]); foreach ($props[$field["ID"]] as $fileId => $file) { if (isset($deleteArray[$fileId]) && (!is_array($deleteArray[$fileId]) && $deleteArray[$fileId] == "Y" || is_array($deleteArray[$fileId]) && $deleteArray[$fileId]["VALUE"] == "Y")) { if (isset($props[$field["ID"]][$fileId]["VALUE"])) { $props[$field["ID"]][$fileId]["VALUE"]["del"] = "Y"; } else { $props[$field["ID"]][$fileId]["del"] = "Y"; } } } } elseif ($field["PROPERTY_TYPE"] == "N") { if (is_array($_POST[$fieldId]) && !array_key_exists("VALUE", $_POST[$fieldId])) { $props[$field["ID"]] = array(); foreach ($_POST[$fieldId] as $key => $value) { if (is_array($value)) { if (strlen($value["VALUE"])) { $value = str_replace(" ", "", str_replace(",", ".", $value["VALUE"])); if (!is_numeric($value)) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_IS_VALIDATE_FIELD_ERROR', array('#NAME#' => $field['NAME']))))); $this->sendJsonErrorResponse(); } $props[$field["ID"]][$key] = doubleval($value); } } else { if (strlen($value)) { $value = str_replace(" ", "", str_replace(",", ".", $value)); if (!is_numeric($value)) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_IS_VALIDATE_FIELD_ERROR', array('#NAME#' => $field['NAME']))))); $this->sendJsonErrorResponse(); } $props[$field["ID"]][$key] = doubleval($value); } } } } else { if (is_array($_POST[$fieldId])) { if (strlen($_POST[$fieldId]["VALUE"])) { $value = str_replace(" ", "", str_replace(",", ".", $_POST[$fieldId]["VALUE"])); if (!is_numeric($value)) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_IS_VALIDATE_FIELD_ERROR', array('#NAME#' => $field['NAME']))))); $this->sendJsonErrorResponse(); } $props[$field["ID"]] = doubleval($value); } } else { if (strlen($_POST[$fieldId])) { $value = str_replace(" ", "", str_replace(",", ".", $_POST[$fieldId])); if (!is_numeric($value)) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_IS_VALIDATE_FIELD_ERROR', array('#NAME#' => $field['NAME']))))); $this->sendJsonErrorResponse(); } $props[$field["ID"]] = doubleval($value); } } } } else { $props[$field["ID"]] = $_POST[$fieldId]; } } $elementData["MODIFIED_BY"] = $this->getUser()->getID(); unset($elementData["TIMESTAMP_X"]); if (!empty($props)) { $elementData["PROPERTY_VALUES"] = $props; } $documentStates = CBPDocument::GetDocumentStates($documentType, null); $userId = $this->getUser()->getId(); $write = CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $userId, $documentType, array('AllUserGroups' => array(), 'DocumentStates' => $documentStates)); if (!$write) { $this->errorCollection->add(array(new Error(Loc::getMessage('LISTS_IS_ACCESS_DENIED_STATUS')))); $this->sendJsonErrorResponse(); } $bizprocParametersValues = array(); foreach ($documentStates as $documentState) { if (strlen($documentState["ID"]) <= 0) { $errors = array(); $bizprocParametersValues[$documentState['TEMPLATE_ID']] = CBPDocument::StartWorkflowParametersValidate($documentState['TEMPLATE_ID'], $documentState['TEMPLATE_PARAMETERS'], $documentType, $errors); $stringError = ''; foreach ($errors as $e) { $stringError .= $e['message'] . '<br />'; } } } if (!empty($stringError)) { $this->errorCollection->add(array(new Error($stringError))); $this->sendJsonErrorResponse(); } $objectElement = new CIBlockElement(); $idElement = $objectElement->Add($elementData, false, true, true); if ($idElement) { $bizProcWorkflowId = array(); foreach ($documentStates as $documentState) { if (strlen($documentState["ID"]) <= 0) { $errorsTmp = array(); $bizProcWorkflowId[$documentState['TEMPLATE_ID']] = CBPDocument::StartWorkflow($documentState['TEMPLATE_ID'], array('lists', 'BizprocDocument', $idElement), array_merge($bizprocParametersValues[$documentState['TEMPLATE_ID']], array('TargetUser' => 'user_' . intval($this->getUser()->getID()))), $errorsTmp); } } if (!empty($errorsTmp)) { $documentStates = null; CBPDocument::AddDocumentToHistory(array('lists', 'BizprocDocument', $idElement), $elementData['NAME'], $this->getUser()->getID()); } } else { $this->errorCollection->add(array(new Error($objectElement->LAST_ERROR))); $this->sendJsonErrorResponse(); } $this->sendJsonSuccessResponse(array()); }
$arFilter["~NAME"] = "%" . $filter_name . "%"; } if (strlen($filter_descr) > 0) { $arFilter["~DESCRIPTION"] = "%" . $filter_descr . "%"; } if (!empty($filter_status)) { if ($filter_status == 2) { unset($arFilter['USER_STATUS']); } else { $arFilter['USER_STATUS'] = array(CBPTaskUserStatus::Ok, CBPTaskUserStatus::Yes, CBPTaskUserStatus::No); } } if (!empty($filter_workflow_template_id)) { $arFilter['WORKFLOW_TEMPLATE_ID'] = (int) $filter_workflow_template_id; } if ($allowAdminAccess && !empty($_REQUEST['action']) && check_bitrix_sessid()) { $ids = isset($_REQUEST['ID']) && is_array($_REQUEST['ID']) ? $_REQUEST['ID'] : array(); if ($ids) { $errors = array(); $action = $_REQUEST['action']; $status = 0; if (strpos($action, 'set_status_') === 0) { $status = substr($action, strlen('set_status_')); $action = 'set_status'; } foreach ($ids as $id) { list($taskId, $userId) = explode('_', $id); if ($action == 'set_status' && $status > 0) { CBPDocument::setTasksUserStatus($userId, $status, $taskId, $errors); } elseif ($action == 'delegate' && !empty($_REQUEST['delegate_to'])) { CBPDocument::delegateTasks($userId, $_REQUEST['delegate_to'], $taskId, $errors);
$isNewGroup = true; if (array_key_exists('ID', $_REQUEST) && (int) $_REQUEST['ID'] > 0) { $varsGroup = new UserVars\VarsGroup(); $dataGroup = $varsGroup->findOneById($_REQUEST['ID'])->fetch(); if (!empty($dataGroup)) { $isOldGroup = true; $isNewGroup = false; } } else { $dataGroup = array_fill_keys(array('ID', 'NAME', 'CODE'), ''); } if ($isOldGroup && $request->getQuery('action') == 'delete' && check_bitrix_sessid()) { Model\VarsGroupTable::delete($dataGroup['ID']); LocalRedirect(sprintf('user_vars.php?lang=%s', LANGUAGE_ID)); } if ($request->isPost() && check_bitrix_sessid()) { $postData = array_map('strip_tags', $request->getPostList()->toArray()); $postData = array_intersect_key($postData, array('NAME' => null, 'CODE' => null)); if ($isNewGroup) { $result = Model\VarsGroupTable::add($postData); $groupId = $result->getId(); } else { $result = Model\VarsGroupTable::update($dataGroup['ID'], $postData); $groupId = $dataGroup['ID']; } if (!$result->isSuccess()) { $errorsList = $result->getErrorMessages(); } else { if ($submitTypeApply) { $redirectPath = sprintf('user_vars_group_edit.php?ID=%dlang=%s', $groupId, LANGUAGE_ID); } else {
<?php if (!defined("B_PROLOG_INCLUDED") || B_PROLOG_INCLUDED !== true) { die; } $requiredModules = array('report'); foreach ($requiredModules as $requiredModule) { if (!CModule::IncludeModule($requiredModule)) { ShowError(GetMessage("F_NO_MODULE")); return 0; } } $isPost = $_SERVER['REQUEST_METHOD'] === 'POST'; if ($isPost && !check_bitrix_sessid()) { LocalRedirect($arParams['PATH_TO_REPORT_LIST']); } $helperClassName = $arResult['HELPER_CLASS'] = isset($arParams['REPORT_HELPER_CLASS']) ? $arParams['REPORT_HELPER_CLASS'] : ''; if ($isPost && isset($_POST['HELPER_CLASS'])) { $helperClassName = $arResult['HELPER_CLASS'] = $_POST['HELPER_CLASS']; } $ownerId = $arResult['OWNER_ID'] = call_user_func(array($helperClassName, 'getOwnerId')); // auto create fresh default reports only if some reports alredy exist $userReportVersion = CUserOptions::GetOption('report', '~U_' . $ownerId, call_user_func(array($helperClassName, 'getFirstVersion'))); $sysReportVersion = call_user_func(array($helperClassName, 'getCurrentVersion')); if ($sysReportVersion !== $userReportVersion && CheckVersion($sysReportVersion, $userReportVersion)) { CUserOptions::SetOption('report', '~U_' . $ownerId, $sysReportVersion); if (CReport::GetCountInt($ownerId) > 0) { $dReports = call_user_func(array($helperClassName, 'getDefaultReports')); foreach ($dReports as $moduleVer => $vReports) { if ($moduleVer !== $userReportVersion && CheckVersion($moduleVer, $userReportVersion)) { // add fresh vReports
<?php if (!check_bitrix_sessid()) { return; } IncludeModuleLangFile($_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/form/install/install.php"); if (is_array($errors) && count($errors) > 0) { foreach ($errors as $val) { $alErrors .= $val . "<br>"; } echo CAdminMessage::ShowMessage(array("TYPE" => "ERROR", "MESSAGE" => GetMessage("MOD_INST_ERR"), "DETAILS" => $alErrors, "HTML" => true)); } else { echo CAdminMessage::ShowNote(GetMessage("MOD_INST_OK")); } /* if (strlen($public_dir)>0) : ?> <p><?=GetMessage("MOD_DEMO_DIR")?></p> <table border="0" cellspacing="0" cellpadding="3"> <tr> <td align="center"><p><b><?=GetMessage("MOD_DEMO_SITE")?></b></p></td> <td align="center"><p><b><?=GetMessage("MOD_DEMO_LINK")?></b></p></td> </tr> <? $sites = CSite::GetList($by, $order, Array("ACTIVE"=>"Y")); while($site = $sites->Fetch()) { ?> <tr> <td width="0%"><p>[<?=$site["ID"]?>] <?=$site["NAME"]?></p></td> <td width="0%"><p><a href="<?if(strlen($site["SERVER_NAME"])>0) echo "http://".$site["SERVER_NAME"];?><?=$site["DIR"].$public_dir?>/result_list.php?WEB_FORM_NAME=ANKETA"><?=$site["DIR"].$public_dir?>/result_list.php?WEB_FORM_NAME=ANKETA</a></p></td>
<?php require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_before.php"; require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/support/include.php"; require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/support/prolog.php"; IncludeModuleLangFile(__FILE__); if (!check_bitrix_sessid("b_sessid")) { die; } if (isset($_REQUEST["action"]) && $_REQUEST["action"] === 'reindex' && isset($_REQUEST["data"]) && is_array($_REQUEST["data"])) { $interval = intval($_REQUEST["data"]["interval"]); $firstID = $_REQUEST["data"]["firstID"]; $lastID = CSupportSearch::reindexAllTickets($firstID, $interval ?: 10); // build progress bar $maxID = CTicket::getMaxId(); $progressBar = new CAdminMessage(array("DETAILS" => str_replace(array('#LAST_ID#', '#MAX_ID#'), array($lastID, $maxID), GetMessage('SUP_SEARCH_NDX_PROGRESS_BAR')), "HTML" => true, "TYPE" => "PROGRESS", "PROGRESS_TOTAL" => $maxID, "PROGRESS_VALUE" => $lastID)); $progressBarHtml = $progressBar->Show(); echo CUtil::PhpToJSObject(array('LAST_ID' => $lastID, 'BAR' => $progressBarHtml)); } elseif ($_REQUEST['MY_AJAX'] == 'restartAgentsAJAX') { CTicketReminder::StartAgent(); echo json_encode(array("ALL_OK" => "OK")); } else { echo '{};'; }
function getData(&$arResult) { global $APPLICATION, $USER; //$arResult = $this->__prepareDataForTpl(); $arResult["WEB_FORM_ID"] = $this->WEB_FORM_ID; $arResult["WEB_FORM_NAME"] = $this->WEB_FORM_NAME; if ($this->RESULT_ID > 0) { $arResult["RESULT_ID"] = $this->RESULT_ID; } $arResult["F_RIGHT"] = $this->F_RIGHT; if (strlen($_REQUEST["web_form_submit"]) > 0 || strlen($_REQUEST["web_form_apply"]) > 0) { $this->arrVALUES = $_REQUEST; if ($this->RESULT_ID) { $this->__form_validate_errors = CForm::Check($this->WEB_FORM_ID, $this->arrVALUES, $this->RESULT_ID); } else { $this->__form_validate_errors = CForm::Check($this->WEB_FORM_ID, $this->arrVALUES); } if (!$this->isFormErrors()) { if (check_bitrix_sessid()) { $return = false; if ($this->RESULT_ID) { CFormResult::Update($this->RESULT_ID, $this->arrVALUES, $this->arParams["EDIT_ADDITIONAL"]); $this->strFormNote = GetMessage("FORM_DATA_SAVED"); if (strlen($_REQUEST["web_form_submit"]) > 0 && !(defined("ADMIN_SECTION") && ADMIN_SECTION === true)) { if ($this->arParams["SEF_MODE"] == "Y") { LocalRedirect($this->arParams["LIST_URL"] . "?strFormNote=" . urlencode($this->strFormNote)); } else { LocalRedirect($this->arParams["LIST_URL"] . (strpos($this->arParams["LIST_URL"], "?") === false ? "?" : "&") . "WEB_FORM_ID=" . $this->WEB_FORM_ID . "&strFormNote=" . urlencode($this->strFormNote)); } die; } if (strlen($_REQUEST["web_form_apply"]) > 0 && !(defined("ADMIN_SECTION") && ADMIN_SECTION === true) && $this->arParams["SEF_MODE"] == "Y") { // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! LocalRedirect($this->arParams["EDIT_URL"] . (strpos($this->arParams["EDIT_URL"], "?") === false ? "?" : "&") . "strFormNote=" . urlencode($this->strFormNote)); die; } if (defined("ADMIN_SECTION") && ADMIN_SECTION === true) { if (strlen($_REQUEST["web_form_submit"]) > 0) { LocalRedirect(BX_ROOT . "/admin/form_result_list.php?lang=" . LANG . "&WEB_FORM_ID=" . $this->WEB_FORM_ID . "&strFormNote=" . urlencode($this->strFormNote)); } elseif (strlen($_REQUEST["web_form_apply"]) > 0) { LocalRedirect(BX_ROOT . "/admin/form_result_edit.php?lang=" . LANG . "&WEB_FORM_ID=" . $this->WEB_FORM_ID . "&RESULT_ID=" . $this->RESULT_ID . "&strFormNote=" . urlencode($this->strFormNote)); } die; } } else { if ($this->RESULT_ID = CFormResult::Add($this->WEB_FORM_ID, $this->arrVALUES)) { $this->strFormNote = GetMessage("FORM_DATA_SAVED1") . $this->RESULT_ID . GetMessage("FORM_DATA_SAVED2"); CFormResult::SetEvent($this->RESULT_ID); CFormResult::Mail($this->RESULT_ID); if ($this->F_RIGHT >= 15) { if (strlen($_REQUEST["web_form_submit"]) > 0 && strlen($this->arParams["LIST_URL"]) > 0) { if ($this->arParams["SEF_MODE"] == "Y") { LocalRedirect($this->arParams["LIST_URL"] . "?strFormNote=" . urlencode($this->strFormNote)); } else { LocalRedirect($this->arParams["LIST_URL"] . (strpos($this->arParams["LIST_URL"], "?") === false ? "?" : "&") . "WEB_FORM_ID=" . $this->WEB_FORM_ID . "&RESULT_ID=" . $this->RESULT_ID . "&strFormNote=" . urlencode($this->strFormNote)); } die; } elseif (strlen($_REQUEST["web_form_apply"]) > 0 && strlen($this->arParams["EDIT_URL"]) > 0) { if ($this->arParams["SEF_MODE"] == "Y") { LocalRedirect(str_replace("#RESULT_ID#", $this->RESULT_ID . $this->arParams["EDIT_URL"]) . "?strFormNote=" . urlencode($this->strFormNote)); } else { LocalRedirect($this->arParams["EDIT_URL"] . (strpos($this->arParams["EDIT_URL"], "?") === false ? "?" : "&") . "RESULT_ID=" . $this->RESULT_ID . "&strFormNote=" . urlencode($this->strFormNote)); } die; } $arResult["return"] = true; } else { LocalRedirect($APPLICATION->GetCurPage() . "?WEB_FORM_ID=" . $this->WEB_FORM_ID . "&strFormNote=" . urlencode($this->strFormNote)); die; } } else { $this->__form_validate_errors = $GLOBALS["strError"]; } } } } } return $arResult; }
", 'url' : "<?php echo POST_FORM_ACTION_URI; ?> ", 'voteId' : <?php echo $arParams["VOTE_ID"]; ?> , 'startCheck' : <?php echo $lastVote; ?> }); } ); } } window.__vote<?php echo $uid; ?> (); </script> <?php if ($_REQUEST["VOTE_ID"] == $arParams["VOTE_ID"] && $_REQUEST["AJAX_POST"] == "Y" && check_bitrix_sessid()) { $res = ob_get_clean(); $APPLICATION->RestartBuffer(); echo $res; die; } ?> </div>
require_once $_SERVER["DOCUMENT_ROOT"] . "/bitrix/modules/main/include/prolog_admin_before.php"; if (!\Bitrix\Main\Loader::includeModule("sender")) { ShowError(\Bitrix\Main\Localization\Loc::getMessage("MAIN_MODULE_NOT_INSTALLED")); } IncludeModuleLangFile(__FILE__); $POST_RIGHT = $APPLICATION->GetGroupRight("sender"); if ($POST_RIGHT == "D") { $APPLICATION->AuthForm(GetMessage("ACCESS_DENIED")); } $aTabs = array(array("DIV" => "edit1", "TAB" => GetMessage("sender_mailing_edit_tab_main"), "ICON" => "main_user_edit", "TITLE" => GetMessage("sender_mailing_edit_tab_main_title")), array("DIV" => "edit2", "TAB" => GetMessage("sender_mailing_edit_tab_grp"), "ICON" => "main_user_edit", "TITLE" => GetMessage("sender_mailing_edit_tab_grp_title"))); $tabControl = new CAdminTabControl("tabControl", $aTabs); $ID = intval($ID); // Id of the edited record $message = null; $bVarsFromForm = false; if ($REQUEST_METHOD == "POST" && ($save != "" || $apply != "") && $POST_RIGHT == "W" && check_bitrix_sessid()) { $arError = array(); $NAME = trim($NAME); $arFields = array("ACTIVE" => $ACTIVE != "Y" ? "N" : "Y", "TRACK_CLICK" => $TRACK_CLICK != "Y" ? "N" : "Y", "SORT" => $SORT, "IS_PUBLIC" => $IS_PUBLIC != "Y" ? "N" : "Y", "NAME" => $NAME, "DESCRIPTION" => $DESCRIPTION, "SITE_ID" => $SITE_ID); if ($ID > 0) { $mailingUpdateDb = \Bitrix\Sender\MailingTable::update($ID, $arFields); $res = $mailingUpdateDb->isSuccess(); if (!$res) { $arError = $mailingUpdateDb->getErrorMessages(); } } else { $mailingAddDb = \Bitrix\Sender\MailingTable::add($arFields); if ($mailingAddDb->isSuccess()) { $ID = $mailingAddDb->getId(); $res = $ID > 0; } else {
/** * Main filtering loop also sets up global vars GET POST COOKIE and some $_SERVER keys */ public function process() { global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS, $HTTP_REQUEST_VARS; if($this->currentUserHaveRightsForSkip()) { if( $_SERVER["REQUEST_METHOD"] === "POST" && check_bitrix_sessid() && empty($_POST['____SECFILTER_CONVERT_JS']) ) { return; } } //Do not touch those variables who did not come from REQUEST self::cleanGlobals(); $originalPostVars = $_POST; $_GET = $this->safeizeArray($_GET, "\$_GET"); $_POST = $this->safeizeArray($_POST, "\$_POST", "/^File\d+_\d+$/"); $_COOKIE = $this->safeizeArray($_COOKIE, "\$_COOKIE"); $_SERVER = $this->safeizeServerArray($_SERVER); $HTTP_GET_VARS = $_GET; $HTTP_POST_VARS = $_POST; $HTTP_COOKIE_VARS = $_COOKIE; $HTTP_REQUEST_VARS = $_REQUEST; self::reconstructRequest(); self::restoreGlobals(); $this->doPostProccessActions($originalPostVars); }