/**
* Edit a unit of content, or create a new one.
*/
public function editcontent($contenttypeslug, $id, Silex\Application $app, Request $request)
{
// Make sure the user is allowed to see this page, based on 'allowed contenttypes'
// for Editors.
if (empty($id)) {
$perm = "contenttype:{$contenttypeslug}:create";
} else {
$perm = "contenttype:{$contenttypeslug}:edit:{$id}";
}
if (!$app['users']->isAllowed($perm)) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.'));
return redirect('dashboard');
}
// set the editreferrer in twig if it was not set yet.
$tmpreferrer = getReferrer($app['request']);
if (strpos($tmpreferrer, '/overview/') !== false || $tmpreferrer == $app['paths']['bolt']) {
$app['twig']->addGlobal('editreferrer', $tmpreferrer);
}
$contenttype = $app['storage']->getContentType($contenttypeslug);
if ($request->getMethod() == "POST") {
if (!$app['users']->checkAntiCSRFToken()) {
$app->abort(400, __("Something went wrong"));
}
if (!empty($id)) {
// Check if we're allowed to edit this content..
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$id}")) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.'));
return redirect('dashboard');
}
} else {
// Check if we're allowed to create content..
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to create a new record.'));
return redirect('dashboard');
}
}
if ($id) {
$content = $app['storage']->getContent($contenttype['slug'], array('id' => $id));
$oldStatus = $content['status'];
$newStatus = $content['status'];
} else {
$content = $app['storage']->getContentObject($contenttypeslug);
$oldStatus = '';
}
// Add non successfull control values to request values
// http://www.w3.org/TR/html401/interact/forms.html#h-17.13.2
$request_all = $request->request->all();
foreach ($contenttype['fields'] as $key => $values) {
if (!isset($request_all[$key])) {
switch ($values['type']) {
case 'select':
if (isset($values['multiple']) and $values['multiple'] == true) {
$request_all[$key] = array();
}
break;
case 'checkbox':
$request_all[$key] = 0;
break;
}
}
}
// To check whether the status is allowed, we act as if a status
// *transition* were requested.
$content->setFromPost($request_all, $contenttype);
$newStatus = $content['status'];
$statusOK = $app['users']->isContentStatusTransitionAllowed($oldStatus, $newStatus, $contenttype['slug'], $id);
// Don't try to spoof the $id..
if (!empty($content['id']) && $id != $content['id']) {
$app['session']->getFlashBag()->set('error', "Don't try to spoof the id!");
return redirect('dashboard');
}
// Save the record, and return to the overview screen, or to the record (if we clicked 'save and continue')
if ($statusOK && $app['storage']->saveContent($content, $contenttype['slug'])) {
if (!empty($id)) {
$app['session']->getFlashBag()->set('success', __('The changes to this %contenttype% have been saved.', array('%contenttype%' => $contenttype['singular_name'])));
} else {
$app['session']->getFlashBag()->set('success', __('The new %contenttype% has been saved.', array('%contenttype%' => $contenttype['singular_name'])));
}
$app['log']->add($content->getTitle(), 3, $content, 'save content');
// If 'returnto is set', we return to the edit page, with the correct anchor.
if ($app['request']->get('returnto')) {
// We must 'return to' the edit page. In which case we must know the Id, so let's fetch it.
$id = $app['storage']->getLatestId($contenttype['slug']);
return redirect('editcontent', array('contenttypeslug' => $contenttype['slug'], 'id' => $id), "#" . $app['request']->get('returnto'));
}
// No returnto, so we go back to the 'overview' for this contenttype.
// check if a pager was set in the referrer - if yes go back there
$editreferrer = $app['request']->get('editreferrer');
if ($editreferrer) {
return simpleredirect($editreferrer);
} else {
return redirect('overview', array('contenttypeslug' => $contenttype['slug']));
}
} else {
$app['session']->getFlashBag()->set('error', __('There was an error saving this %contenttype%.', array('%contenttype%' => $contenttype['singular_name'])));
$app['log']->add("Save content error", 3, $content, 'error');
}
}
if (!empty($id)) {
$content = $app['storage']->getContent($contenttype['slug'], array('id' => $id));
if (empty($content)) {
$app->abort(404, __('The %contenttype% you were looking for does not exist. It was probably deleted, or it never existed.', array('%contenttype%' => $contenttype['singular_name'])));
}
// Check if we're allowed to edit this content..
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$content['id']}")) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.'));
return redirect('dashboard');
}
$title = sprintf("<strong>%s</strong> ยป %s", __('Edit %contenttype%', array('%contenttype%' => $contenttype['singular_name'])), htmlencode($content->getTitle()));
$app['log']->add("Edit content", 1, $content, 'edit');
} else {
// Check if we're allowed to create content..
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to create a new record.'));
return redirect('dashboard');
}
$content = $app['storage']->getEmptyContent($contenttype['slug']);
$title = sprintf("<strong>%s</strong>", __('New %contenttype%', array('%contenttype%' => $contenttype['singular_name'])));
$app['log']->add("New content", 1, $content, 'edit');
}
$oldStatus = $content['status'];
$allStatuses = array('published', 'held', 'draft', 'timed');
$allowedStatuses = array();
foreach ($allStatuses as $status) {
if ($app['users']->isContentStatusTransitionAllowed($oldStatus, $status, $contenttype['slug'], $id)) {
$allowedStatuses[] = $status;
}
}
$app['twig']->addGlobal('title', $title);
$duplicate = $app['request']->query->get('duplicate');
if (!empty($duplicate)) {
$content->setValue('id', "");
$content->setValue('slug', "");
$content->setValue('datecreated', "");
$content->setValue('datepublish', "");
$content->setValue('datedepublish', "1900-01-01 00:00:00");
// Not all DB-engines can handle a date like '0000-00-00'
$content->setValue('datechanged', "");
$content->setValue('username', "");
$content->setValue('ownerid', "");
$app['session']->getFlashBag()->set('info', __("Content was duplicated. Click 'Save %contenttype%' to finalize.", array('%contenttype%' => $contenttype['singular_name'])));
}
// Set the users and the current owner of this content.
// For brand-new items, the creator becomes the owner.
// For existing items, we'll just keep the current owner.
if (empty($id)) {
// A new one!
$contentowner = $app['users']->getCurrentUser();
} else {
$contentowner = $app['users']->getUser($content['ownerid']);
}
return $app['render']->render('editcontent.twig', array('contenttype' => $contenttype, 'content' => $content, 'allowedStatuses' => $allowedStatuses, 'contentowner' => $contentowner));
}
/**
* Delete help topic action
*/
public function actionDelete()
{
// Check Access
checkAccessThrowException('op_personalmessages_delete');
if (isset($_GET['id']) && ($model = PersonalMessageTopic::model()->findByPk($_GET['id']))) {
alog(at("Deleted Personal Message '{name}'.", array('{name}' => $model->title)));
// Make sure we are allowed to delete this
if ($model->author_id != Yii::app()->user->id) {
ferror(at('Sorry, You are not the author of this personal message so you can not delete it.'));
alog(at("Tried Deleting a Personal Message '{name}' When he is not the author.", array('{name}' => $model->title)));
$this->redirect(getReferrer('personalmessages/index'));
}
$model->delete();
fok(at('Personal Message Deleted.'));
$this->redirect(array('personalmessages/index'));
} else {
$this->redirect(array('personalmessages/index'));
}
}
<?php
require 'vendor/autoload.php';
include_once 'functions.php';
// Set the default referrer here
$referrer = getReferrer() ?: '';
// Set variables to render website
$excludedFiles = ['.', '..', '_layout.html'];
// Initialize templates and render website
$twig = new Twig_Environment(new Twig_Loader_Filesystem('templates'));
echo $twig->render('index.html', ['modals' => array_diff(scandir(__DIR__ . '/templates/landing/modals'), $excludedFiles), 'notifications' => array_diff(scandir(__DIR__ . '/templates/landing/notifications'), $excludedFiles), 'referrer' => trim($referrer, '/'), 'campaign' => date('W'), 'key' => $_REQUEST['key'], 'tag' => $_REQUEST['tag']]);
/**
* Edit a unit of content, or create a new one.
*/
public function editContent($contenttypeslug, $id, Silex\Application $app, Request $request)
{
// Make sure the user is allowed to see this page, based on 'allowed contenttypes'
// for Editors.
if (empty($id)) {
$perm = "contenttype:{$contenttypeslug}:create";
$new = true;
} else {
$perm = "contenttype:{$contenttypeslug}:edit:{$id}";
$new = false;
}
if (!$app['users']->isAllowed($perm)) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.'));
return redirect('dashboard');
}
// set the editreferrer in twig if it was not set yet.
$tmpreferrer = getReferrer($app['request']);
if (strpos($tmpreferrer, '/overview/') !== false || $tmpreferrer == $app['paths']['bolt']) {
$app['twig']->addGlobal('editreferrer', $tmpreferrer);
}
$contenttype = $app['storage']->getContentType($contenttypeslug);
if ($request->getMethod() == "POST") {
if (!$app['users']->checkAntiCSRFToken()) {
$app->abort(400, __("Something went wrong"));
}
if (!empty($id)) {
// Check if we're allowed to edit this content..
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$id}")) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.'));
return redirect('dashboard');
}
} else {
// Check if we're allowed to create content..
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to create a new record.'));
return redirect('dashboard');
}
}
// If we have an ID now, this is an existing record
if ($id) {
$content = $app['storage']->getContent($contenttype['slug'], array('id' => $id));
$oldStatus = $content['status'];
$newStatus = $content['status'];
} else {
$content = $app['storage']->getContentObject($contenttypeslug);
$oldStatus = '';
}
// Add non successfull control values to request values
// http://www.w3.org/TR/html401/interact/forms.html#h-17.13.2
$request_all = $request->request->all();
foreach ($contenttype['fields'] as $key => $values) {
if (!isset($request_all[$key])) {
switch ($values['type']) {
case 'select':
if (isset($values['multiple']) and $values['multiple'] == true) {
$request_all[$key] = array();
}
break;
case 'checkbox':
$request_all[$key] = 0;
break;
}
}
}
// To check whether the status is allowed, we act as if a status
// *transition* were requested.
$content->setFromPost($request_all, $contenttype);
$newStatus = $content['status'];
// Don't try to spoof the $id..
if (!empty($content['id']) && $id != $content['id']) {
$app['session']->getFlashBag()->set('error', "Don't try to spoof the id!");
return redirect('dashboard');
}
// Save the record, and return to the overview screen, or to the record (if we clicked 'save and continue')
$statusOK = $app['users']->isContentStatusTransitionAllowed($oldStatus, $newStatus, $contenttype['slug'], $id);
if ($statusOK) {
// Get the associate record change comment
$comment = $request->request->get('changelog-comment');
// Save the record
$id = $app['storage']->saveContent($content, $comment);
// Log the change
$app['log']->add($content->getTitle(), 3, $content, 'save content');
if ($new) {
$app['session']->getFlashBag()->set('success', __('The new %contenttype% has been saved.', array('%contenttype%' => $contenttype['singular_name'])));
} else {
$app['session']->getFlashBag()->set('success', __('The changes to this %contenttype% have been saved.', array('%contenttype%' => $contenttype['singular_name'])));
}
/*
* Bolt 2:
* We now only get a returnto parameter if we are saving a new
* record and staying on the same page, i.e. "Save {contenttype}"
*/
if ($app['request']->get('returnto')) {
if ($app['request']->get('returnto') == "new") {
return redirect('editcontent', array('contenttypeslug' => $contenttype['slug'], 'id' => $id), "#" . $app['request']->get('returnto'));
} elseif ($app['request']->get('returnto') == "ajax") {
/*
* Flush any buffers from saveConent() dispatcher hooks
* and make sure our JSON output is clean.
*
* Currently occurs due to a 404 exception being generated
* in \Bolt\Storage::saveContent() dispatchers:
* $this->app['dispatcher']->dispatch(StorageEvents::PRE_SAVE, $event);
* $this->app['dispatcher']->dispatch(StorageEvents::POST_SAVE, $event);
*/
if (ob_get_length()) {
ob_end_clean();
}
// Get our record after POST_SAVE hooks are dealt with and return the JSON
$content = $app['storage']->getContent($contenttype['slug'], array('id' => $id, 'returnsingle' => true));
return new JsonResponse($content->values);
}
}
// No returnto, so we go back to the 'overview' for this contenttype.
// check if a pager was set in the referrer - if yes go back there
$editreferrer = $app['request']->get('editreferrer');
if ($editreferrer) {
simpleredirect($editreferrer);
} else {
return redirect('overview', array('contenttypeslug' => $contenttype['slug']));
}
} else {
$app['session']->getFlashBag()->set('error', __('There was an error saving this %contenttype%.', array('%contenttype%' => $contenttype['singular_name'])));
$app['log']->add("Save content error", 3, $content, 'error');
}
}
// We're doing a GET
if (!empty($id)) {
$content = $app['storage']->getContent($contenttype['slug'], array('id' => $id));
if (empty($content)) {
$app->abort(404, __('The %contenttype% you were looking for does not exist. It was probably deleted, or it never existed.', array('%contenttype%' => $contenttype['singular_name'])));
}
// Check if we're allowed to edit this content..
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$content['id']}")) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to edit that record.'));
return redirect('dashboard');
}
$app['log']->add("Edit content", 1, $content, 'edit');
} else {
// Check if we're allowed to create content..
if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) {
$app['session']->getFlashBag()->set('error', __('You do not have the right privileges to create a new record.'));
return redirect('dashboard');
}
$content = $app['storage']->getEmptyContent($contenttype['slug']);
$app['log']->add("New content", 1, $content, 'edit');
}
$oldStatus = $content['status'];
$allStatuses = array('published', 'held', 'draft', 'timed');
$allowedStatuses = array();
foreach ($allStatuses as $status) {
if ($app['users']->isContentStatusTransitionAllowed($oldStatus, $status, $contenttype['slug'], $id)) {
$allowedStatuses[] = $status;
}
}
$duplicate = $app['request']->query->get('duplicate');
if (!empty($duplicate)) {
$content->setValue('id', "");
$content->setValue('slug', "");
$content->setValue('datecreated', "");
$content->setValue('datepublish', "");
$content->setValue('datedepublish', "1900-01-01 00:00:00");
// Not all DB-engines can handle a date like '0000-00-00'
$content->setValue('datechanged', "");
$content->setValue('username', "");
$content->setValue('ownerid', "");
$app['session']->getFlashBag()->set('info', __("Content was duplicated. Click 'Save %contenttype%' to finalize.", array('%contenttype%' => $contenttype['singular_name'])));
}
// Set the users and the current owner of this content.
if (empty($id)) {
// For brand-new items, the creator becomes the owner.
$contentowner = $app['users']->getCurrentUser();
} else {
// For existing items, we'll just keep the current owner.
$contentowner = $app['users']->getUser($content['ownerid']);
}
$context = array('contenttype' => $contenttype, 'content' => $content, 'allowed_status' => $allowedStatuses, 'contentowner' => $contentowner, 'fields' => $app['config']->fields->fields());
return $app['render']->render('editcontent/editcontent.twig', array('context' => $context));
}
/**
* Delete setting action
*/
public function actiondeletesetting()
{
// Check Access
checkAccessThrowException('op_settings_delete_settings');
if (isset($_GET['id'])) {
$model = Setting::model()->findByPk($_GET['id']);
// Make sure the setting is not protected as we can't edit protected settings
if (!YII_DEBUG && $model->is_protected) {
// Log Message
alog(at("Tried Deleting Protected Setting '{name}'", array('{name}' => $model->title)));
ferror(at("Can't delete that setting as it's a protected setting."));
$this->redirect(getReferrer('setting/index'));
}
// Log Message
alog(at("Deleted Setting '{name}'", array('{name}' => $model->title)));
Setting::model()->deleteByPk($_GET['id']);
// Clear cache
Yii::app()->settings->clearCache();
fok(at('Setting deleted.'));
if ($model) {
$this->redirect(array('setting/viewgroup', 'id' => $model->category));
}
$this->redirect(array('setting/index'));
} else {
$this->redirect(array('setting/index'));
}
}
// Agent ID
$agent_id = 0;
if (isset($_REQUEST['AGENTID'])) {
$agent_id = (int) $_REQUEST['AGENTID'];
}
if (isset($_REQUEST['LANGUAGE'])) {
$language = htmlspecialchars((string) $_REQUEST['LANGUAGE'], ENT_QUOTES);
}
if (isset($_REQUEST['oUSERID'])) {
$_REQUEST['oUSERID'] = (int) $_REQUEST['oUSERID'];
$query = "SELECT id_domain FROM " . $table_prefix . "domain_user WHERE id_user = "******" Limit 1";
$rows = $SQL->selectquery($query);
$row = mysql_fetch_array($rows);
$domain_id = $rows["id_domain"];
}
$refDomain = getReferrer();
//$refDomain = $_REQUEST['URL'] == "" ? $_SERVER['HTTP_REFERER'] : $_REQUEST['URL'];
$cookieName = str_replace(".", "", $refDomain);
// new condition and refresh value from 5 to 30 in order to support safari third-party cookies restriction
if (!isset($_COOKIE[$cookieName])) {
$domainIsValid = false;
if (isset($domain_id) && $domain_id != '') {
$query = "SELECT name FROM " . $table_prefix . "domains WHERE id_domain = '" . $domain_id . "'";
$row = $SQL->selectquery($query);
$domainName = $row['name'];
if (!(strripos($domainName, $refDomain) === false)) {
$domainIsValid = true;
}
}
if (isset($domain_id) && !(strripos($domainName, $refDomain) === false)) {
if (!isset($_REQUEST['WIDTH'])) {
