function saveForm() { $limit = new stdClass(); $limit->limit_id = hikashop_getCID('limit_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['limit'] as $column => $value) { hikashop_secureField($column); if (is_array($value)) { $value = implode(',', $value); } $limit->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } if (!empty($limit->limit_start)) { $limit->limit_start = hikashop_getTime($limit->limit_start); } if (!empty($limit->limit_end)) { $limit->limit_end = hikashop_getTime($limit->limit_end); } if (empty($limit->limit_id)) { $limit->limit_created = time(); } $limit->limit_modified = time(); $status = $this->save($limit); return $status; }
function saveForm() { $entry = new stdClass(); $entry->entry_id = hikashop_getCID('entry_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['entry'] as $column => $value) { hikashop_secureField($column); $entry->{$column} = $safeHtmlFilter->clean($value, 'string'); } $status = $this->save($entry); if (JRequest::getVar('tmpl', '') == 'component') { if ($status) { $url = hikashop_completeLink('order&task=edit&cid=' . $entry->order_id, false, true); echo '<html><head><script type="text/javascript">parent.window.location.href=\'' . $url . '\';</script></head><body></body></html>'; exit; } else { $app = JFactory::getApplication(); if (version_compare(JVERSION, '1.6', '<')) { $session =& JFactory::getSession(); $session->set('application.queue', $app->_messageQueue); } echo '<html><head><script type="text/javascript">javascript: history.go(-1);</script></head><body></body></html>'; exit; } } return $status; }
function saveForm() { $discount = new stdClass(); $discount->discount_id = hikashop_getCID('discount_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); $nameboxes = array('discount_product_id', 'discount_category_id', 'discount_zone_id'); foreach ($formData['discount'] as $column => $value) { hikashop_secureField($column); if (in_array($column, $nameboxes)) { if ($column == 'discount_zone_id') { $discount->{$column} = array(); foreach ($value as $i => $v) { $discount->{$column}[] = $safeHtmlFilter->clean(strip_tags($v), 'string'); } } else { JArrayHelper::toInteger($value); } $discount->{$column} = $value; } else { $discount->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } } foreach ($nameboxes as $namebox) { if (!isset($discount->{$namebox})) { $discount->{$namebox} = ''; } } if (!empty($discount->discount_category_id) && !empty($discount->discount_product_id)) { $app = JFactory::getApplication(); $app->enqueueMessage('If you set both categories and products in a discount/coupon, only the products will be taken into account.', 'error'); } if (!empty($discount->discount_start)) { $discount->discount_start = hikashop_getTime($discount->discount_start); } if (!empty($discount->discount_end)) { $discount->discount_end = hikashop_getTime($discount->discount_end); } if (!empty($discount->discount_id) && !empty($discount->discount_code)) { $query = 'SELECT discount_id FROM ' . hikashop_table('discount') . ' WHERE discount_code = ' . $this->database->Quote($discount->discount_code) . ' LIMIT 1'; $this->database->setQuery($query); $res = $this->database->loadResult(); if (!empty($res) && $res != $discount->discount_id) { $app = JFactory::getApplication(); $app->enqueueMessage(JText::_('DISCOUNT_CODE_ALREADY_USED'), 'error'); JRequest::setVar('fail', $discount); return false; } } $status = $this->save($discount); if (!$status) { JRequest::setVar('fail', $discount); $app = JFactory::getApplication(); $app->enqueueMessage(JText::_('DISCOUNT_CODE_ALREADY_USED')); } return $status; }
function saveForm() { $element = new stdClass(); $element->warehouse_id = hikashop_getCID('warehouse_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['warehouse'] as $column => $value) { hikashop_secureField($column); $element->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } $class = hikashop_get('helper.translation'); $class->getTranslations($element); $status = $this->save($element); return $status; }
function saveForm() { $element = new stdClass(); $element->waitlist_id = hikashop_getCID('waitlist_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['waitlist'] as $column => $value) { hikashop_secureField($column); $element->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } if (!empty($element->date)) { $element->date = hikashop_getTime($element->date); } $result = $this->save($element); return $result; }
function saveForm() { $tax = new stdClass(); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['tax'] as $column => $value) { hikashop_secureField($column); if ($column == 'tax_rate') { $tax->{$column} = (double) strip_tags(str_replace('"', '', $value)) / 100.0; } else { $tax->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } } if (JRequest::getVar('task') != 'save2new') { JRequest::setVar('tax_namekey', $tax->tax_namekey); } return $this->save($tax); }
function saveForm() { $zone = new stdClass(); $zone->zone_id = hikashop_getCID('zone_id'); $formData = JRequest::getVar('data', array(), '', 'array'); $status = false; if (!empty($formData['zone'])) { jimport('joomla.filter.filterinput'); $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['zone'] as $column => $value) { hikashop_secureField($column); $zone->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } $status = $this->save($zone); if (!$status) { JRequest::setVar('fail', $zone); $app =& JFactory::getApplication(); $app->enqueueMessage(JText::_('DUPLICATE_ZONE'), 'error'); } } return $status; }
function saveForm() { $element = new stdClass(); $element->banner_id = hikashop_getCID('banner_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['banner'] as $column => $value) { hikashop_secureField($column); $element->{$column} = $safeHtmlFilter->clean($value); if ($column != 'banner_comment') { $element->{$column} = strip_tags($element->{$column}); } } $class = hikashop_get('helper.translation'); $class->getTranslations($element); $result = $this->save($element); if ($result) { $class->handleTranslations('banner', $result, $element); } return $result; }
function saveForm() { $taxation = new stdClass(); $taxation->taxation_id = hikashop_getCID('taxation_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['taxation'] as $column => $value) { hikashop_secureField($column); if (in_array($column, array('zone_namekey', 'taxation_type'))) { if (is_array($value)) { $value = implode(',', $value); if ($column == 'taxation_type' && !empty($value)) { $value = ',' . $value . ','; } } } $taxation->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } if (!isset($taxation->taxation_type)) { $taxation->taxation_type = ''; } if (!isset($taxation->zone_namekey)) { $taxation->zone_namekey = ''; } if (!empty($taxation->taxation_date_start)) { $taxation->taxation_date_start = hikashop_getTime($taxation->taxation_date_start); } if (!empty($taxation->taxation_date_end)) { $taxation->taxation_date_end = hikashop_getTime($taxation->taxation_date_end); } if (!empty($taxation->taxation_site_id) && $taxation->taxation_site_id == '[unselected]') { $taxation->taxation_site_id = ''; } return $this->save($taxation); }
function saveForm() { $element = new stdClass(); $element->characteristic_id = hikashop_getCID('characteristic_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['characteristic'] as $column => $value) { hikashop_secureField($column); $element->{$column} = $safeHtmlFilter->clean($value, 'string'); } $element->values = JRequest::getVar('characteristic', array(), '', 'array'); JArrayHelper::toInteger($element->values); $element->values_ordering = JRequest::getVar('characteristic_ordering', array(), '', 'array'); JArrayHelper::toInteger($element->values); JArrayHelper::toInteger($element->values_ordering); $status = $this->save($element); if (!$status) { JRequest::setVar('fail', $element); } elseif (@$element->characteristic_parent_id == 0) { $this->updateValues($element, $status); } return $status; }
function saveForm() { $element = new stdClass(); $element->badge_id = hikashop_getCID('badge_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1); $nameboxes = array('badge_discount_id', 'badge_category_id', 'badge_product_id'); foreach ($formData['badge'] as $column => $value) { hikashop_secureField($column); if (in_array($column, $nameboxes)) { JArrayHelper::toInteger($value); $element->{$column} = ',' . implode(',', $value) . ','; } else { $element->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } } foreach ($nameboxes as $namebox) { if (!isset($element->{$namebox})) { $element->{$namebox} = ''; } } if (!empty($element->badge_start)) { $element->badge_start = hikashop_getTime($element->badge_start); } if (!empty($element->badge_end)) { $element->badge_end = hikashop_getTime($element->badge_end); } $class = hikashop_get('class.file'); $element->badge_image = $class->saveFile(); if (empty($element->badge_image)) { unset($element->badge_image); } $status = $this->save($element); return $status; }
function add_waitlist() { JRequest::checkToken('request') || jexit('Invalid Token'); $element = new stdClass(); $formData = JRequest::getVar('data', array(), '', 'array'); foreach ($formData['register'] as $column => $value) { hikashop_secureField($column); $element->{$column} = strip_tags($value); } $user = JFactory::getUser(); $app = JFactory::getApplication(); if (empty($element->email) && $user->guest) { $app->enqueueMessage(JText::_('VALID_EMAIL')); return $this->waitlist(); } $config =& hikashop_config(); if (!$config->get('product_waitlist', 0)) { return $this->waitlist(); } $waitlist_subscribe_limit = $config->get('product_waitlist_sub_limit', 10); $product_id = 0; $itemId = JRequest::getVar('Itemid'); $url_itemid = ''; if (!empty($itemId)) { $url_itemid = '&Itemid=' . $itemId; } $alias = ''; if (!empty($element->product_id)) { $class = hikashop_get('class.product'); $product = $class->get((int) $element->product_id); if (!empty($product)) { if ($product->product_type == 'variant') { $db = JFactory::getDBO(); $db->setQuery('SELECT * FROM ' . hikashop_table('variant') . ' AS a LEFT JOIN ' . hikashop_table('characteristic') . ' AS b ON a.variant_characteristic_id=b.characteristic_id WHERE a.variant_product_id=' . (int) $element->product_id . ' ORDER BY a.ordering'); $product->characteristics = $db->loadObjectList(); $parentProduct = $class->get((int) $product->product_parent_id); $class->checkVariant($product, $parentProduct); } $product_id = (int) $product->product_id; $class->addAlias($product); $alias = $product->alias; } } if ($product_id == 0) { return $this->waitlist(); } $email = !empty($element->email) ? $element->email : ''; $name = !empty($element->name) ? $element->name : ''; $db = JFactory::getDBO(); $sql = 'SELECT waitlist_id FROM ' . hikashop_table('waitlist') . ' WHERE email=' . $db->quote($email) . ' AND product_id=' . (int) $product_id; $db->setQuery($sql); $subscription = $db->loadResult(); if (empty($subscription)) { $sql = 'SELECT count(*) FROM ' . hikashop_table('waitlist') . ' WHERE product_id=' . (int) $product_id; $db->setQuery($sql); $subscriptions = $db->loadResult(); if ($subscriptions < $waitlist_subscribe_limit || $waitlist_subscribe_limit <= 0) { $sql = 'INSERT IGNORE INTO ' . hikashop_table('waitlist') . ' (`product_id`,`date`,`email`,`name`,`product_item_id`) VALUES (' . (int) $product_id . ', ' . time() . ', ' . $db->quote($email) . ', ' . $db->quote($name) . ', ' . (int) $itemId . ');'; $db->setQuery($sql); $db->query(); $app->enqueueMessage(JText::_('WAITLIST_SUBSCRIBE')); $subject = JText::_('WAITLIST_REQUEST'); if (!empty($product->product_name)) { $subject = JText::sprintf('WAITLIST_REQUEST_FOR_PRODUCT', strip_tags($product->product_name)); } $mailClass = hikashop_get('class.mail'); $infos = new stdClass(); $infos->user =& $element; $infos->product =& $product; $mail = $mailClass->get('waitlist_admin_notification', $infos); $mail->subject = $subject; $mail->from_email = $config->get('from_email'); $mail->from_name = $config->get('from_name'); $mail->reply_email = $element->email; if (empty($mail->dst_email)) { $mail->dst_email = array($config->get('from_email')); } $status = $mailClass->sendMail($mail); } else { $app->enqueueMessage(JText::_('WAITLIST_FULL')); } } else { $app->enqueueMessage(JText::_('ALREADY_REGISTER_WAITLIST')); } $app->enqueueMessage(JText::sprintf('CLICK_HERE_TO_GO_BACK_TO_PRODUCT', hikashop_contentLink('product&task=show&cid=' . $product->product_id . '&name=' . $alias . $url_itemid, $product))); $url = JRequest::getVar('redirect_url'); if (!empty($url)) { $app->redirect($url); } else { $this->waitlist(); } }
public function saveForm($task = '') { $do = false; $forbidden = array(); $order_id = hikashop_getCID('order_id'); $addressClass = hikashop_get('class.address'); $fieldsClass = hikashop_get('class.field'); jimport('joomla.filter.filterinput'); $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1); $oldOrder = $this->get($order_id); $order = clone $oldOrder; $order->history = new stdClass(); $data = JRequest::getVar('data', array(), '', 'array'); if (empty($order_id) || empty($order->order_id)) { $this->sendEmailAfterOrderCreation = false; } else { $order->history->history_notified = false; } $currentTask = 'billing_address'; if ((empty($task) || $task == $currentTask) && !empty($data[$currentTask])) { $oldAddress = null; if (!empty($oldOrder->order_billing_address_id)) { $oldAddress = $addressClass->get($oldOrder->order_billing_address_id); } $billing_address = $fieldsClass->getInput(array($currentTask, 'address'), $oldAddress); if (!empty($billing_address) && !empty($order_id)) { $result = $addressClass->save($billing_address, $order_id, 'billing'); if ($result) { $order->order_billing_address_id = (int) $result; $do = true; } } } $currentTask = 'shipping_address'; if ((empty($task) || $task == $currentTask) && !empty($data[$currentTask])) { $oldAddress = null; if (!empty($oldOrder->order_shipping_address_id)) { $oldAddress = $addressClass->get($oldOrder->order_shipping_address_id); } $shipping_address = $fieldsClass->getInput(array($currentTask, 'address'), $oldAddress); if (!empty($shipping_address) && !empty($order_id)) { $result = $addressClass->save($shipping_address, $order_id, 'shipping'); if ($result) { $order->order_shipping_address_id = (int) $result; $result = $this->save($order); $do = true; } } } $currentTask = 'general'; if ((empty($task) || $task == $currentTask) && !empty($data[$currentTask])) { if (!empty($data['order']['order_status'])) { $order->order_status = $safeHtmlFilter->clean($data['order']['order_status'], 'string'); $do = true; } if (!empty($data['notify'])) { if (empty($order->history)) { $order->history = new stdClass(); } $order->history->history_notified = true; } } $currentTask = 'additional'; if ((empty($task) || $task == $currentTask) && !empty($data[$currentTask]) && !isset($forbidden[$currentTask])) { if (isset($data['order']['order_discount_code'])) { $order->order_discount_code = $safeHtmlFilter->clean($data['order']['order_discount_code'], 'string'); $do = true; } if (isset($data['order']['order_discount_price'])) { $order->order_discount_price = (double) hikashop_toFloat($data['order']['order_discount_price']); $do = true; } if (isset($data['order']['order_discount_tax'])) { $order->order_discount_tax = (double) hikashop_toFloat($data['order']['order_discount_tax']); $do = true; } if (isset($data['order']['order_discount_tax_namekey'])) { $order->order_discount_tax_namekey = $safeHtmlFilter->clean($data['order']['order_discount_tax_namekey'], 'string'); $do = true; } if (!empty($data['order']['shipping'])) { if (is_string($data['order']['shipping'])) { list($shipping_method, $shipping_id) = explode('_', $data['order']['shipping'], 2); $order->order_shipping_method = $safeHtmlFilter->clean($shipping_method, 'string'); $order->order_shipping_id = $safeHtmlFilter->clean($shipping_id, 'string'); $do = true; } if (is_array($data['order']['shipping'])) { $order->order_shipping_method = ''; $shippings = array(); $order->order_shipping_params->prices = array(); foreach ($data['order']['shipping'] as $shipping_group => $shipping_value) { list($shipping_method, $shipping_id) = explode('_', $shipping_value, 2); $n = $safeHtmlFilter->clean($shipping_id, 'string') . '@' . $safeHtmlFilter->clean($shipping_group, 'string'); $shippings[] = $n; $order->order_shipping_params->prices[$n] = new stdClass(); $order->order_shipping_params->prices[$n]->price_with_tax = @$data['order']['order_shipping_prices'][$shipping_group]; $order->order_shipping_params->prices[$n]->tax = @$data['order']['order_shipping_taxs'][$shipping_group]; } $order->order_shipping_id = implode(';', $shippings); $do = true; if (!empty($data['order']['warehouses'])) { $orderProductClass = hikashop_get('class.order_product'); $db = JFactory::getDBO(); $db->setQuery('SELECT * FROM ' . hikashop_table('order_product') . ' WHERE order_id = ' . (int) $order_id); $order_products = $db->loadObjectList('order_product_id'); foreach ($data['order']['warehouses'] as $pid => $w) { if (isset($order_products[$pid]) && isset($data['order']['shipping'][$w])) { $p = $order_products[$pid]; list($shipping_method, $shipping_id) = explode('_', $data['order']['shipping'][$w], 2); $p->order_product_shipping_id = $safeHtmlFilter->clean($shipping_id, 'string') . '@' . $safeHtmlFilter->clean($w, 'string'); $p->order_product_shipping_method = $safeHtmlFilter->clean($shipping_method, 'string'); $orderProductClass->update($p); } } } } } if (isset($data['order']['order_shipping_price'])) { $order->order_shipping_price = (double) hikashop_toFloat($data['order']['order_shipping_price']); $do = true; } if (isset($data['order']['order_shipping_tax'])) { $order->order_shipping_tax = (double) hikashop_toFloat($data['order']['order_shipping_tax']); $do = true; } if (isset($data['order']['order_shipping_tax_namekey'])) { $order->order_shipping_tax_namekey = $safeHtmlFilter->clean($data['order']['order_shipping_tax_namekey'], 'string'); $do = true; } if (!empty($data['order']['payment'])) { list($payment_method, $payment_id) = explode('_', $data['order']['payment'], 2); $order->order_payment_method = $safeHtmlFilter->clean($payment_method, 'string'); $order->order_payment_id = $safeHtmlFilter->clean($payment_id, 'string'); $do = true; } if (isset($data['order']['order_payment_price'])) { $order->order_payment_price = (double) hikashop_toFloat($data['order']['order_payment_price']); $do = true; } if (isset($data['order']['order_payment_tax'])) { $order->order_payment_tax = (double) hikashop_toFloat($data['order']['order_payment_tax']); $do = true; } if (isset($data['order']['order_payment_tax_namekey'])) { $order->order_payment_tax_namekey = $safeHtmlFilter->clean($data['order']['order_payment_tax_namekey'], 'string'); $do = true; } if (!empty($data['notify'])) { if (empty($order->history)) { $order->history = new stdClass(); } $order->history->history_notified = true; } } $currentTask = 'customfields'; $validTasks = array('customfields', 'additional'); if ((empty($task) || in_array($task, $validTasks)) && !empty($data[$currentTask])) { $old = null; $orderFields = $fieldsClass->getInput(array('orderfields', 'order'), $old, true, 'data', false, 'backend'); if (!empty($orderFields)) { $do = true; foreach ($orderFields as $key => $value) { if (!empty($value) || count($value) > 0) { $order->{$key} = $value; } } } } $currentTask = 'customer'; if (empty($task) || $task == $currentTask) { $order_user_id = (int) $data['order']['order_user_id']; if ($order_user_id > 0) { $order->order_user_id = $order_user_id; $do = true; $set_address = JRequest::getInt('set_user_address', 0); if ($set_address) { $db = JFactory::getDBO(); $db->setQuery('SELECT address_id FROM ' . hikashop_table('address') . ' WHERE address_user_id = ' . (int) $order_user_id . ' AND address_published = 1 ORDER BY address_default DESC, address_id ASC LIMIT 1'); $address_id = $db->loadResult(); if ($address_id) { $order->order_billing_address_id = (int) $address_id; $order->order_shipping_address_id = (int) $address_id; } } } } $currentTask = 'products'; $config = hikashop_config(); $createdStatus = $config->get('order_created_status', 'created'); $noUpdateQty = 0; if ($createdStatus == $order->order_status && $config->get('update_stock_after_confirm')) { $noUpdateQty = 1; } if ((empty($task) || $task == $currentTask) && !empty($data[$currentTask])) { $orderProductClass = hikashop_get('class.order_product'); $productData = $data['order']['product']; if (isset($productData['many']) && $productData['many'] == true) { unset($productData['many']); $product = new stdClass(); $order->product = array(); foreach ($productData as $singleProduct) { foreach ($singleProduct as $key => $value) { hikashop_secureField($key); $product->{$key} = $safeHtmlFilter->clean($value, 'string'); } if ($noUpdateQty) { $product->no_update_qty = true; } $orderProductClass->update($product); $order->product[] = $product; } } else { if (isset($productData['order_id'])) { $product = new stdClass(); $fieldClass = hikashop_get('class.field'); $oldData = null; $item_fields = $fieldClass->getData('backend', 'item'); $ret = $fieldClass->_checkOneInput($item_fields, $productData, $product, 'item', $oldData); foreach ($productData as $key => $value) { hikashop_secureField($key); if (isset($items_fields[$key])) { continue; } $product->{$key} = $safeHtmlFilter->clean($value, 'string'); } $product->order_id = (int) $order_id; if ($noUpdateQty) { $product->no_update_qty = true; } $orderProductClass->update($product); $order->product = array($product); } else { $order->product = array(); foreach ($productData as $data) { $product = new stdClass(); foreach ($data as $key => $value) { hikashop_secureField($key); $product->{$key} = $safeHtmlFilter->clean($value, 'string'); } $product->order_id = (int) $order_id; if ($noUpdateQty) { $product->no_update_qty = true; } $orderProductClass->update($product); $order->product[] = $product; } } } $this->recalculateFullPrice($order); $do = true; } if (!empty($task) && $task == 'product_delete') { $order_product_id = JRequest::getInt('order_product_id', 0); if ($order_product_id > 0) { $orderProductClass = hikashop_get('class.order_product'); $order_product = $orderProductClass->get($order_product_id); if (!empty($order_product) && $order_product->order_id == $order_id) { $order_product->order_product_quantity = 0; if ($noUpdateQty) { $order_product->no_update_qty = true; } $orderProductClass->update($order_product); $order->product[] = $order_product; $this->recalculateFullPrice($order); $do = true; } } } if ($do) { if (!empty($data['history']['store_data'])) { if (isset($data['history']['msg'])) { $order->history->history_data = $safeHtmlFilter->clean($data['history']['msg'], 'string'); } else { $order->history->history_data = $safeHtmlFilter->clean(@$data['history']['history_data'], 'string'); } } if (!empty($data['history']['usermsg_send'])) { if (isset($data['history']['usermsg'])) { $order->usermsg->usermsg = $safeHtmlFilter->clean($data['history']['usermsg'], 'string'); } } $result = $this->save($order); return $result; } return false; }
function saveForm() { $widget = new stdClass(); $table = new stdClass(); $formData = JRequest::getVar('data', array(), '', 'array'); $deleteRow = JRequest::getVar('delete_row'); $widget->widget_id = hikashop_getCID('widget_id'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); if (!empty($formData)) { if (isset($formData['edit_row'])) { $widget_id = $formData['widget']['widget_id']; $class = hikashop_get('class.widget'); if (!empty($widget_id)) { $widget = $class->get($widget_id); } $widget->widget_name = $safeHtmlFilter->clean(strip_tags($formData['widget']['widget_name']), 'string'); $widget->widget_published = (int) $formData['widget']['widget_published']; $widget->widget_access = $safeHtmlFilter->clean(strip_tags($formData['widget']['widget_access']), 'string'); if (!isset($widget->widget_params)) { $widget->widget_params = new stdClass(); } $widget->widget_params->display = 'table'; foreach ($formData['widget']['widget_params']['table'] as $key => $tab) { $theKey = $key; } foreach ($formData['widget']['widget_params']['table'][$theKey] as $column => $value) { hikashop_secureField($column); if (is_array($value)) { $table->{$column} = new stdClass(); foreach ($value as $k2 => $v2) { hikashop_secureField($k2); if ($k2 == 'start' || $k2 == 'end') { $v2 = hikashop_getTime($v2); } if (is_array($v2)) { if ($k2 == 'filters' || $k2 == "compares") { $v2 = serialize($v2); } else { $v2 = implode(',', $v2); } } $table->{$column}->{$k2} = $safeHtmlFilter->clean(strip_tags($v2), 'string'); } } else { $table->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } } $categories = JRequest::getVar('row_category', array(), '', 'array'); JArrayHelper::toInteger($categories); $cat = array(); foreach ($categories as $category) { $cat[] = $category; } if (empty($cat)) { $cat = 'all'; } else { $cat = implode(',', $cat); } $widget->widget_params->categories = $cat; $coupons = JRequest::getVar('row_coupon', array(), '', 'array'); JArrayHelper::toInteger($coupons); $coupons = serialize($coupons); $widget->widget_params->coupons = $coupons; $widget->widget_params->table[$theKey] = $table; } else { if ($formData['widget']['widget_params']['display'] == 'table') { $class = hikashop_get('class.widget'); if (!empty($widget->widget_id)) { $widget = $class->get($widget->widget_id); } if ($deleteRow >= 0) { unset($widget->widget_params->table[$deleteRow]); } else { $widget->widget_name = $safeHtmlFilter->clean(strip_tags($formData['widget']['widget_name']), 'string'); $widget->widget_published = (int) $formData['widget']['widget_published']; $widget->widget_access = $safeHtmlFilter->clean(strip_tags($formData['widget']['widget_access']), 'string'); } } else { if ($formData['widget']['widget_params']['periodType'] && isset($formData['widget']['widget_params']['proposedPeriod']) && $formData['widget']['widget_params']['proposedPeriod'] == 'all') { $formData['widget']['widget_params']['period_compare'] = 'none'; } foreach ($formData['widget'] as $column => $value) { hikashop_secureField($column); if (is_array($value)) { $widget->{$column} = new stdClass(); foreach ($value as $k2 => $v2) { hikashop_secureField($k2); if (is_array($v2)) { if ($k2 == 'filters' || $k2 == "compares") { $v2 = serialize($v2); } else { $v2 = implode(',', $v2); } } $widget->{$column}->{$k2} = $safeHtmlFilter->clean(strip_tags($v2), 'string'); } } else { $widget->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } } } } } if (!empty($widget->widget_params->start)) { $widget->widget_params->start = hikashop_getTime($widget->widget_params->start); } if (!empty($widget->widget_params->end)) { $widget->widget_params->end = hikashop_getTime($widget->widget_params->end); } if (isset($widget->widget_params->compare_with)) { if ($widget->widget_params->compare_with == 'periods') { $widget->widget_params->compares = null; } } $categories = JRequest::getVar('category', array(), '', 'array'); JArrayHelper::toInteger($categories); $cat = array(); foreach ($categories as $category) { $cat[] = $category; } if (empty($cat)) { $cat = 'all'; } else { $cat = implode(',', $cat); } $products = JRequest::getVar('widget', array(), '', 'array'); JArrayHelper::toInteger($products); $prods = serialize($products); $coupons = JRequest::getVar('coupon', array(), '', 'array'); JArrayHelper::toInteger($coupons); $coupons = serialize($coupons); if (isset($formData['edit_row'])) { $widget->widget_params->table[$theKey]->widget_params->categories = $cat; $widget->widget_params->table[$theKey]->widget_params->products = $prods; $widget->widget_params->table[$theKey]->widget_params->coupons = $coupons; } else { $widget->widget_params->categories = $cat; $widget->widget_params->products = $prods; $widget->widget_params->coupons = $coupons; } $status = $this->save($widget); if ($status) { $orderClass = hikashop_get('helper.order'); $orderClass->pkey = 'widget_id'; $orderClass->table = 'widget'; $orderClass->orderingMap = 'widget_ordering'; $orderClass->reOrder(); } return $status; }
function saveForm() { $legacy = JRequest::getInt('legacy', 0); if (!$legacy) { $subtask = JRequest::getCmd('subtask', ''); if ($subtask == 'variant') { return $this->backSaveVariantForm(); } return $this->backSaveForm(); } $oldProduct = null; $product_id = hikashop_getCID('product_id'); $categories = JRequest::getVar('category', array(), '', 'array'); $app = JFactory::getApplication(); JArrayHelper::toInteger($categories); $newCategories = array(); if (count($categories)) { foreach ($categories as $category) { $newCategory = new stdClass(); $newCategory->category_id = $category; $newCategories[] = $newCategory; } } if ($product_id) { $oldProduct = $this->get($product_id); $oldProduct->categories = $newCategories; } else { $oldProduct = new stdClass(); $oldProduct->categories = $newCategories; } $fieldsClass = hikashop_get('class.field'); $element = $fieldsClass->getInput('product', $oldProduct); $status = true; if (empty($element)) { $element = $_SESSION['hikashop_product_data']; $status = false; } if ($product_id) { $element->product_id = $product_id; } if (isset($element->product_price_percentage)) { $element->product_price_percentage = hikashop_toFloat($element->product_price_percentage); } $element->categories = $categories; if (empty($element->product_id) && !count($element->categories) && (empty($element->product_type) || $element->product_type == 'main')) { $id = $app->getUserState(HIKASHOP_COMPONENT . '.product.filter_id'); if (empty($id) || !is_numeric($id)) { $id = 'product'; $class = hikashop_get('class.category'); $class->getMainElement($id); } if (!empty($id)) { $element->categories = array($id); } } $element->related = array(); $related = JRequest::getVar('related', array(), '', 'array'); JArrayHelper::toInteger($related); if (!empty($related)) { $related_ordering = JRequest::getVar('related_ordering', array(), '', 'array'); JArrayHelper::toInteger($related_ordering); foreach ($related as $id) { $obj = new stdClass(); $obj->product_related_id = $id; $obj->product_related_ordering = $related_ordering[$id]; $element->related[$id] = $obj; } } $options = JRequest::getVar('options', array(), '', 'array'); $element->options = array(); JArrayHelper::toInteger($element->options); if (!empty($options)) { $related_ordering = JRequest::getVar('options_ordering', array(), '', 'array'); JArrayHelper::toInteger($related_ordering); foreach ($options as $id) { $obj = new stdClass(); $obj->product_related_id = $id; $obj->product_related_ordering = $related_ordering[$id]; $element->options[$id] = $obj; } } $element->images = JRequest::getVar('image', array(), '', 'array'); JArrayHelper::toInteger($element->images); $element->files = JRequest::getVar('file', array(), '', 'array'); JArrayHelper::toInteger($element->files); $element->imagesorder = JRequest::getVar('imageorder', array(), '', 'array'); JArrayHelper::toInteger($element->imagesorder); $element->tags = JRequest::getVar('tags', array(), '', 'array'); $priceData = JRequest::getVar('price', array(), '', 'array'); $element->prices = array(); foreach ($priceData as $column => $value) { hikashop_secureField($column); if ($column == 'price_access') { if (!empty($value)) { foreach ($value as $k => $v) { $value[$k] = preg_replace('#[^a-z0-9,]#i', '', $v); } } } elseif ($column == 'price_site_id') { jimport('joomla.filter.filterinput'); $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1); foreach ($value as $k => $v) { if (!is_null($safeHtmlFilter)) { $value[$k] = str_replace('[unselected]', '', $safeHtmlFilter->clean($v, 'string')); } } } elseif ($column == 'price_value') { $this->toFloatArray($value); } else { JArrayHelper::toInteger($value); } foreach ($value as $k => $val) { if ($column == 'price_min_quantity' && $val == 1) { $val = 0; } if (!isset($element->prices[$k])) { $element->prices[$k] = new stdClass(); } $element->prices[$k]->{$column} = $val; } } $element->oldCharacteristics = array(); if (isset($element->product_type) && $element->product_type == 'variant') { $characteristics = JRequest::getVar('characteristic', array(), '', 'array'); JArrayHelper::toInteger($characteristics); if (empty($characteristics)) { $element->characteristics = array(); } else { $this->database->setQuery('SELECT * FROM ' . hikashop_table('characteristic') . ' WHERE characteristic_id IN (' . implode(',', $characteristics) . ')'); $element->characteristics = $this->database->loadObjectList('characteristic_id'); } } else { $characteristics = JRequest::getVar('characteristic', array(), '', 'array'); JArrayHelper::toInteger($characteristics); if (!empty($element->product_id)) { $this->database->setQuery('SELECT b.characteristic_id FROM ' . hikashop_table('variant') . ' AS a LEFT JOIN ' . hikashop_table('characteristic') . ' AS b ON a.variant_characteristic_id=b.characteristic_id WHERE a.variant_product_id =' . $element->product_id . ' AND b.characteristic_parent_id=0'); if (!HIKASHOP_J25) { $element->oldCharacteristics = $this->database->loadResultArray(); } else { $element->oldCharacteristics = $this->database->loadColumn(); } } if (empty($element->oldCharacteristics)) { $element->oldCharacteristics = array(); } if (!empty($characteristics)) { $characteristics_ordering = JRequest::getVar('characteristic_ordering', array(), '', 'array'); JArrayHelper::toInteger($characteristics_ordering); $characteristics_default = JRequest::getVar('characteristic_default', array(), '', 'array'); JArrayHelper::toInteger($characteristics_default); $this->database->setQuery('SELECT * FROM ' . hikashop_table('characteristic') . ' WHERE characteristic_parent_id IN (' . implode(',', $characteristics) . ')'); $values = $this->database->loadObjectList(); $element->characteristics = array(); foreach ($characteristics as $k => $id) { $obj = new stdClass(); $obj->characteristic_id = $id; $obj->ordering = $characteristics_ordering[$k]; $obj->default_id = (int) @$characteristics_default[$k]; $obj->values = array(); foreach ($values as $value) { if ($value->characteristic_parent_id == $id) { $obj->values[$value->characteristic_id] = $value->characteristic_value; } } $element->characteristics[(int) $id] = $obj; } } } $class = hikashop_get('helper.translation'); $class->getTranslations($element); if (!empty($element->product_sale_start)) { $element->product_sale_start = hikashop_getTime($element->product_sale_start); } if (!empty($element->product_sale_end)) { $element->product_sale_end = hikashop_getTime($element->product_sale_end); } $element->product_max_per_order = (int) $element->product_max_per_order; $element->product_description = JRequest::getVar('product_description', '', '', 'string', JREQUEST_ALLOWRAW); if (!empty($element->product_id) && !empty($element->product_code)) { $query = 'SELECT product_id FROM ' . hikashop_table('product') . ' WHERE product_code = ' . $this->database->Quote($element->product_code) . ' AND product_id!=' . (int) $element->product_id . ' LIMIT 1'; $this->database->setQuery($query); if ($this->database->loadResult()) { $app->enqueueMessage(JText::_('DUPLICATE_PRODUCT'), 'error'); JRequest::setVar('fail', $element); return false; } } $config =& hikashop_config(); if ((empty($element->product_weight) || $element->product_weight == 0) && !$config->get('force_shipping', 0)) { $this->database->setQuery('SELECT shipping_id FROM ' . hikashop_table('shipping') . ' WHERE shipping_published=1'); if ($this->database->loadResult()) { $app->enqueueMessage(JText::_('SHIPPING_METHODS_WONT_DISPLAY_IF_NO_WEIGHT')); } } if ($config->get('alias_auto_fill', 1) && empty($element->product_alias)) { $this->addAlias($element); if ($config->get('sef_remove_id', 0)) { $int_at_the_beginning = (int) $element->alias; if ($int_at_the_beginning) { $element->alias = $config->get('alias_prefix', 'p') . $element->alias; } } $element->product_alias = $element->alias; unset($element->alias); } if (!empty($element->product_alias)) { $query = 'SELECT product_id FROM ' . hikashop_table('product') . ' WHERE product_alias=' . $this->database->Quote($element->product_alias); $this->database->setQuery($query); $product_with_same_alias = $this->database->loadResult(); if ($product_with_same_alias && (empty($element->product_id) || $product_with_same_alias != $element->product_id)) { $app->enqueueMessage(JText::_('ELEMENT_WITH_SAME_ALIAS_ALREADY_EXISTS'), 'error'); JRequest::setVar('fail', $element); return false; } } $autoKeyMeta = $config->get('auto_keywords_and_metadescription_filling', 0); if ($autoKeyMeta) { $helper = hikashop_get('helper.seo'); $helper->autoFillKeywordMeta($element, "product"); } if ($status) { $status = $this->save($element); } else { JRequest::setVar('fail', $element); return $status; } if ($status) { $this->updateCategories($element, $status); $this->updatePrices($element, $status); $this->updateFiles($element, $status, 'files'); $this->updateFiles($element, $status, 'images', $element->imagesorder); $this->updateRelated($element, $status, 'related'); $this->updateRelated($element, $status, 'options'); $this->updateCharacteristics($element, $status); $class->handleTranslations('product', $status, $element); } else { JRequest::setVar('fail', $element); if (empty($element->product_id) && empty($element->product_code) && empty($element->product_name)) { $app->enqueueMessage(JText::_('SPECIFY_NAME_AND_CODE'), 'error'); } else { $query = 'SELECT product_id FROM ' . hikashop_table('product') . ' WHERE product_code = ' . $this->database->Quote($element->product_code) . ' LIMIT 1'; $this->database->setQuery($query); if ($this->database->loadResult()) { $app->enqueueMessage(JText::_('DUPLICATE_PRODUCT'), 'error'); } } } return $status; }
function handleTranslations($table, $id, &$element, $table_prefix = 'hikashop_', $data = null) { if (!empty($table_prefix)) { $table = $table_prefix . $table; } else { $table = 'hikashop_' . $table; } if (empty($data) || $data === null) { $transArray = JRequest::getVar('translation', array(), '', 'array', JREQUEST_ALLOWRAW); } else { $transArray = $data; } $arrayToSearch = array(); $conditions = array(); foreach ($transArray as $field => $trans) { foreach ($trans as $lg => $value) { if (empty($value)) { continue; } $lg = (int) $lg; $field = hikashop_secureField($field); $arrayToSearch[] = array('value' => $value, 'language_id' => $lg, 'reference_field' => $field); $conditions[] = ' language_id = ' . (int) $lg . ' AND reference_field = ' . $this->database->Quote($field) . ' AND reference_table = ' . $this->database->Quote($table) . ' AND reference_id=' . (int) $id; } } if (empty($data) || $data === null) { foreach ($_POST as $name => $value) { if (!preg_match('#^translation_([a-z_]+)_([0-9]+)$#i', $name, $match)) { continue; } $html_element = JRequest::getVar($name, '', '', 'string', JREQUEST_ALLOWRAW); if (empty($html_element)) { continue; } $lg = (int) $match[2]; $field = hikashop_secureField($match[1]); $value = $html_element; $arrayToSearch[] = array('value' => $value, 'language_id' => $lg, 'reference_field' => $field); $conditions[] = ' language_id = ' . (int) $lg . ' AND reference_field = ' . $this->database->Quote($field) . ' AND reference_table = ' . $this->database->Quote($table) . ' AND reference_id=' . (int) $id; } } if (empty($arrayToSearch)) { return; } $this->isMulti(); $trans_table = 'jf_content'; if ($this->falang) { $trans_table = 'falang_content'; } $query = 'SELECT * FROM ' . hikashop_table($trans_table, false) . ' WHERE (' . implode(') OR (', $conditions) . ');'; $this->database->setQuery($query); $entries = $this->database->loadObjectList('id'); $user = JFactory::getUser(); $userId = $user->get('id'); $toInsert = array(); foreach ($arrayToSearch as $item) { $already = false; if (!empty($entries)) { foreach ($entries as $entry_id => $entry) { if ($item['language_id'] == $entry->language_id && $item['reference_field'] == $entry->reference_field) { $query = 'UPDATE ' . hikashop_table($trans_table, false) . ' SET value=' . $this->database->Quote($item['value']) . ', modified_by=' . (int) $userId . ', modified=NOW()' . ' WHERE id = ' . (int) $entry_id . ';'; $this->database->setQuery($query); $this->database->query(); $already = true; break; } } } if (!$already) { $toInsert[] = $item; } } if (empty($toInsert)) { return; } $conf =& hikashop_config(); $default_translation_publish = (int) $conf->get('default_translation_publish', 1); $rows = array(); foreach ($toInsert as $item) { $field = $item['reference_field']; $rows[] = (int) $id . ',' . (int) $item['language_id'] . ',' . $this->database->Quote($table) . ',' . $this->database->Quote($item['value']) . ',' . $this->database->Quote($field) . ',' . $this->database->Quote(md5($element->{$field})) . ',' . (int) $default_translation_publish . ',' . (int) $userId . ',\'\',NOW()'; } $query = 'INSERT IGNORE INTO ' . hikashop_table($trans_table, false) . ' (reference_id,language_id,reference_table,value,reference_field,original_value,published,modified_by,original_text,modified) VALUES (' . implode('),(', $rows) . ');'; $this->database->setQuery($query); $this->database->query(); }
function galleryselect() { $formData = JRequest::getVar('data', array(), '', 'array'); $filesData = JRequest::getVar('files', array(), '', 'array'); $fileClass = hikashop_get('class.file'); $file = new stdClass(); foreach ($formData['file'] as $column => $value) { hikashop_secureField($column); $file->{$column} = strip_tags($value); } $file->file_path = reset($filesData); if (isset($file->file_ref_id) && empty($file->file_ref_id)) { unset($file->file_ref_id); } $status = $fileClass->save($file); if (empty($file->file_id)) { $file->file_id = $status; } JRequest::setVar('cid', $file->file_id); JRequest::setVar('layout', 'addimage'); return parent::display(); }
function saveForm() { $element = new stdClass(); $element->vote_id = hikashop_getCID('vote_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['vote'] as $column => $value) { hikashop_secureField($column); $element->{$column} = $safeHtmlFilter->clean($value); if ($column != 'vote_comment') { $element->{$column} = strip_tags($element->{$column}); } } $result = $this->save($element); return $result; }
function saveForm() { $currency = new stdClass(); $currency->currency_id = hikashop_getCID('currency_id'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['currency'] as $column => $value) { hikashop_secureField($column); if ($column == 'currency_locale') { $tmp = array(); foreach ($value as $key => $val) { $key = hikashop_secureField($key); if ($key == 'mon_grouping') { $tmp[$key] = preg_replace('#[^0-9,]#', '', $val); } elseif ($key == 'rounding_increment') { $tmp[$key] = !empty($val) ? hikashop_toFloat($val) : ''; } elseif (!in_array($key, array('mon_thousands_sep', 'mon_decimal_point', 'negative_sign', 'positive_sign'))) { $tmp[$key] = intval($val); } else { $tmp[$key] = !empty($val) ? $val[0] : ''; } } $currency->{$column} = serialize($tmp); } elseif (in_array($column, array('currency_rate', 'currency_flat_fee', 'currency_percent_fee'))) { $currency->{$column} = hikashop_toFloat($value); } else { $currency->{$column} = $safeHtmlFilter->clean($value, 'string'); if ($column != 'currency_symbol') { $currency->{$column} = strip_tags($currency->{$column}); } } } $status = $this->save($currency); if (!$status) { $currency = new stdClass(); foreach ($formData['currency'] as $column => $value) { $currency->{$column} = $value; } JRequest::setVar('fail', $currency); } return $status; }
function saveForm() { $module = new stdClass(); $formData = JRequest::getVar('menu', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); if (!empty($formData)) { foreach ($formData as $column => $value) { hikashop_secureField($column); if (is_array($value)) { $module->{$column} = array(); foreach ($value as $k2 => $v2) { hikashop_secureField($k2); $module->{$column}[$k2] = $safeHtmlFilter->clean(strip_tags($v2), 'string'); } } else { $module->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } } if (in_array($module->content_type, array('category', 'manufacturer'))) { $module->link = 'index.php?option=com_hikashop&view=category&layout=listing'; } else { $module->link = 'index.php?option=com_hikashop&view=product&layout=listing'; } $content_type = $module->content_type; unset($module->content_type); } $new = false; if (empty($module->id)) { $new = true; if (empty($module->alias)) { if (version_compare(JVERSION, '1.6', '<')) { $module->alias = $module->name; } else { $module->alias = $module->title; } $module->alias = preg_replace('#[^a-z_0-9-]#i', '', $module->alias); } } $result = $this->save($module); if ($result) { $element = array(); $formData = JRequest::getVar('config', array(), '', 'array'); $params_name = 'menu_' . (int) $module->id; if ($new) { $post_name = 'menu_0'; } else { $post_name = $params_name; } if (!empty($formData[$post_name])) { foreach ($formData[$post_name] as $column => $value) { hikashop_secureField($column); $element[$column] = $safeHtmlFilter->clean(strip_tags($value), 'string'); } if (empty($element['selectparentlisting'])) { $cat = hikashop_get('class.category'); $mainProductCategory = 'product'; $cat->getMainElement($mainProductCategory); $element['selectparentlisting'] = $mainProductCategory; } } $element['content_type'] = $content_type; if (in_array($element['content_type'], array('category', 'manufacturer')) && empty($element['modules'])) { $this->displayErrors((int) $module->id); } $configClass =& hikashop_config(); $config = new stdClass(); $config->{$params_name} = $element; if ($configClass->save($config)) { $configClass->set($params_name, $element); } if (!empty($element['modules'])) { $modules = explode(',', $element['modules']); $class = hikashop_get('class.modules'); foreach ($modules as $moduleId) { $_REQUEST['moduleconfig']['params_' . $moduleId]['id'] = $moduleId; } foreach ($modules as $moduleId) { $status = $class->saveForm($moduleId); } } } return $result; }
function saveForm() { $field = new stdClass(); $field->field_id = hikashop_getCID('field_id'); $field->field_products = ''; $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['field'] as $column => $value) { hikashop_secureField($column); if ($column == 'field_default') { continue; } if ($column == 'field_products') { JArrayHelper::toInteger($value); $value = ',' . implode(',', $value) . ','; } elseif (is_array($value)) { $value = implode(',', $value); } $field->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } $fields = array(&$field); if (isset($field->field_namekey)) { $namekey = $field->field_namekey; } $field->field_namekey = 'field_default'; $fieldOptions = JRequest::getVar('field_options', array(), '', 'array'); foreach ($fieldOptions as $column => $value) { if (is_array($value)) { foreach ($value as $id => $val) { if ($column != 'parent_value') { hikashop_secureField($id); } $fieldOptions[$column][$id] = $safeHtmlFilter->clean($val, 'string'); } } else { $fieldOptions[$column] = $safeHtmlFilter->clean($value, 'string'); } } $field_required = $field->field_required; $field->field_required = false; $data = null; $oldData = null; if ($this->_checkOneInput($fields, $formData['field'], $data, '', $oldData)) { if (isset($formData['field']['field_default']) && is_array($formData['field']['field_default'])) { $defaultValue = ''; foreach ($formData['field']['field_default'] as $value) { if (empty($defaultValue)) { $defaultValue .= $value; } else { $defaultValue .= ',' . $value; } } } else { $defaultValue = @$formData['field']['field_default']; } if (isset($fieldOptions['filtering']) && $fieldOptions['filtering']) { $field->field_default = strip_tags($defaultValue); } else { jimport('joomla.filter.filterinput'); $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1); $field->field_default = $safeHtmlFilter->clean($defaultValue, 'string'); } } $field->field_required = $field_required; unset($field->field_namekey); if (isset($namekey)) { $field->field_namekey = $namekey; } $fieldtype = hikashop_get('type.fields'); $fieldtype->load($field->field_table); if (!empty($fieldtype->externalOptions) && isset($fieldtype->allValues[$field->field_type])) { $linkedOptions = $fieldtype->allValues[$field->field_type]['options']; foreach ($fieldtype->externalOptions as $key => $extraOption) { if (in_array($key, $linkedOptions)) { $o = is_array($extraOption) ? $extraOption['obj'] : $extraOption->obj; if (is_string($o)) { $o = new $o(); } if (method_exists($o, 'save')) { $o->save($fieldOptions); } } } } if ($field->field_type == "customtext") { $fieldOptions['customtext'] = JRequest::getVar('fieldcustomtext', '', '', 'string', JREQUEST_ALLOWRAW); if (empty($field->field_id)) { $field->field_namekey = 'customtext_' . date('z_G_i_s'); } else { $oldField = $this->get($field->field_id); if ($oldField->field_core) { $field->field_type = $oldField->field_type; } } } $field->field_options = serialize($fieldOptions); $fieldDisplay = JRequest::getVar('field_display', array(), '', 'array'); if (!empty($fieldDisplay)) { $field->field_display = ';'; foreach ($fieldDisplay as $k => $v) { $field->field_display .= $k . '=' . (int) $v . ';'; } } $fieldValues = JRequest::getVar('field_values', array(), '', 'array'); if (!empty($fieldValues)) { $field->field_value = array(); jimport('joomla.filter.filterinput'); $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1); foreach ($fieldValues['title'] as $i => $title) { if (strlen($title) < 1 && strlen($fieldValues['value'][$i]) < 1) { continue; } $value = strlen($fieldValues['value'][$i]) < 1 ? $title : $fieldValues['value'][$i]; $disabled = strlen($fieldValues['disabled'][$i]) < 1 ? '0' : $fieldValues['disabled'][$i]; $field->field_value[] = $safeHtmlFilter->clean($title, 'string') . '::' . $safeHtmlFilter->clean($value, 'string') . '::' . $safeHtmlFilter->clean($disabled, 'string'); } $field->field_value = implode("\n", $field->field_value); } if (empty($field->field_id) && $field->field_type != 'customtext') { if (empty($field->field_namekey)) { $field->field_namekey = $field->field_realname; } $field->field_namekey = preg_replace('#[^a-z0-9_]#i', '', strtolower($field->field_namekey)); if (empty($field->field_namekey)) { $this->errors[] = 'Please specify a namekey'; return false; } if ($field->field_namekey > 50) { $this->errors[] = 'Please specify a shorter column name'; return false; } if ($field->field_table != 'contact') { if (in_array(strtoupper($field->field_namekey), array('ACCESSIBLE', 'ADD', 'ALL', 'ALTER', 'ANALYZE', 'AND', 'AS', 'ASC', 'ASENSITIVE', 'BEFORE', 'BETWEEN', 'BIGINT', 'BINARY', 'BLOB', 'BOTH', 'BY', 'CALL', 'CASCADE', 'CASE', 'CHANGE', 'CHAR', 'CHARACTER', 'CHECK', 'COLLATE', 'COLUMN', 'CONDITION', 'CONSTRAINT', 'CONTINUE', 'CONVERT', 'CREATE', 'CROSS', 'CURRENT_DATE', 'CURRENT_TIME', 'CURRENT_TIMESTAMP', 'CURRENT_USER', 'CURSOR', 'DATABASE', 'DATABASES', 'DAY_HOUR', 'DAY_MICROSECOND', 'DAY_MINUTE', 'DAY_SECOND', 'DEC', 'DECIMAL', 'DECLARE', 'DEFAULT', 'DELAYED', 'DELETE', 'DESC', 'DESCRIBE', 'DETERMINISTIC', 'DISTINCT', 'DISTINCTROW', 'DIV', 'DOUBLE', 'DROP', 'DUAL', 'EACH', 'ELSE', 'ELSEIF', 'ENCLOSED', 'ESCAPED', 'EXISTS', 'EXIT', 'EXPLAIN', 'FALSE', 'FETCH', 'FLOAT', 'FLOAT4', 'FLOAT8', 'FOR', 'FORCE', 'FOREIGN', 'FROM', 'FULLTEXT', 'GRANT', 'GROUP', 'HAVING', 'HIGH_PRIORITY', 'HOUR_MICROSECOND', 'HOUR_MINUTE', 'HOUR_SECOND', 'IF', 'IGNORE', 'IN', 'INDEX', 'INFILE', 'INNER', 'INOUT', 'INSENSITIVE', 'INSERT', 'INT', 'INT1', 'INT2', 'INT3', 'INT4', 'INT8', 'INTEGER', 'INTERVAL', 'INTO', 'IS', 'ITERATE', 'JOIN', 'KEY', 'KEYS', 'KILL', 'LEADING', 'LEAVE', 'LEFT', 'LIKE', 'LIMIT', 'LINEAR', 'LINES', 'LOAD', 'LOCALTIME', 'LOCALTIMESTAMP', 'LOCK', 'LONG', 'LONGBLOB', 'LONGTEXT', 'LOOP', 'LOW_PRIORITY', 'MASTER_SSL_VERIFY_SERVER_CERT', 'MATCH', 'MAXVALUE', 'MEDIUMBLOB', 'MEDIUMINT', 'MEDIUMTEXT', 'MIDDLEINT', 'MINUTE_MICROSECOND', 'MINUTE_SECOND', 'MOD', 'MODIFIES', 'NATURAL', 'NOT', 'NO_WRITE_TO_BINLOG', 'NULL', 'NUMERIC', 'ON', 'OPTIMIZE', 'OPTION', 'OPTIONALLY', 'OR', 'ORDER', 'OUT', 'OUTER', 'OUTFILE', 'PRECISION', 'PRIMARY', 'PROCEDURE', 'PURGE', 'RANGE', 'READ', 'READS', 'READ_WRITE', 'REAL', 'REFERENCES', 'REGEXP', 'RELEASE', 'RENAME', 'REPEAT', 'REPLACE', 'REQUIRE', 'RESIGNAL', 'RESTRICT', 'RETURN', 'REVOKE', 'RIGHT', 'RLIKE', 'SCHEMA', 'SCHEMAS', 'SECOND_MICROSECOND', 'SELECT', 'SENSITIVE', 'SEPARATOR', 'SET', 'SHOW', 'SIGNAL', 'SMALLINT', 'SPATIAL', 'SPECIFIC', 'SQL', 'SQLEXCEPTION', 'SQLSTATE', 'SQLWARNING', 'SQL_BIG_RESULT', 'SQL_CALC_FOUND_ROWS', 'SQL_SMALL_RESULT', 'SSL', 'STARTING', 'STRAIGHT_JOIN', 'TABLE', 'TERMINATED', 'THEN', 'TINYBLOB', 'TINYINT', 'TINYTEXT', 'TO', 'TRAILING', 'TRIGGER', 'TRUE', 'UNDO', 'UNION', 'UNIQUE', 'UNLOCK', 'UNSIGNED', 'UPDATE', 'USAGE', 'USE', 'USING', 'UTC_DATE', 'UTC_TIME', 'UTC_TIMESTAMP', 'VALUES', 'VARBINARY', 'VARCHAR', 'VARCHARACTER', 'VARYING', 'WHEN', 'WHERE', 'WHILE', 'WITH', 'WRITE', 'XOR', 'YEAR_MONTH', 'ZEROFILL', 'GENERAL', 'IGNORE_SERVER_IDS', 'MASTER_HEARTBEAT_PERIOD', 'MAXVALUE', 'RESIGNAL', 'SIGNAL', 'SLOW', 'ALIAS', 'OPTIONS', 'RELATED', 'IMAGES', 'FILES', 'CATEGORIES', 'PRICES', 'VARIANTS', 'CHARACTERISTICS'))) { $this->errors[] = 'The column name "' . $field->field_namekey . '" is reserved. Please use another one.'; return false; } $tables = array($field->field_table); if ($field->field_table == 'item') { $tables = array('cart_product', 'order_product'); } foreach ($tables as $table_name) { if (!HIKASHOP_J30) { $columnsTable = $this->database->getTableFields($this->fieldTable($table_name)); $columns = reset($columnsTable); } else { $columns = $this->database->getTableColumns($this->fieldTable($table_name)); } if (isset($columns[$field->field_namekey])) { $this->errors[] = 'The field "' . $field->field_namekey . '" already exists in the table "' . $table_name . '"'; return false; } } foreach ($tables as $table_name) { $query = 'ALTER TABLE ' . $this->fieldTable($table_name) . ' ADD `' . $field->field_namekey . '` TEXT NULL'; $this->database->setQuery($query); $this->database->query(); } } } $categories = JRequest::getVar('category', array(), '', 'array'); JArrayHelper::toInteger($categories); $cat = ','; foreach ($categories as $category) { $cat .= $category . ','; } if ($cat == ',') { $cat = 'all'; } $field->field_categories = $cat; $field_id = $this->save($field); if (!$field_id) { return false; } if (empty($field->field_id)) { $orderClass = hikashop_get('helper.order'); $orderClass->pkey = 'field_id'; $orderClass->table = 'field'; $orderClass->groupMap = 'field_table'; $orderClass->groupVal = $field->field_table; $orderClass->orderingMap = 'field_ordering'; $orderClass->reOrder(); } JRequest::setVar('field_id', $field_id); return true; }
function store($new = false) { $this->plugin = JRequest::getCmd('name', 'manual'); $this->plugin_type = JRequest::getCmd('plugin_type', 'shipping'); if (!in_array($this->plugin_type, array('shipping', 'payment', 'plugin'))) { return false; } if ($this->plugin_type == 'plugin') { $data = hikashop_import('hikashop', $this->plugin); } else { $data = hikashop_import('hikashop' . $this->plugin_type, $this->plugin); } $element = new stdClass(); $id = hikashop_getCID($this->plugin_type . '_id'); $formData = JRequest::getVar('data', array(), '', 'array'); $params_name = $this->plugin_type . '_params'; if (!empty($formData[$this->plugin_type])) { $plugin_id = $this->plugin_type . '_id'; $element->{$plugin_id} = $id; foreach ($formData[$this->plugin_type] as $column => $value) { hikashop_secureField($column); if (is_array($value)) { if ($column == $params_name) { $element->{$params_name} = new stdClass(); foreach ($formData[$this->plugin_type][$column] as $key => $val) { hikashop_secureField($key); if (in_array($key, array('shipping_percentage', 'shipping_min_price', 'shipping_max_price', 'shipping_min_weight', 'shipping_max_weight', 'shipping_min_volume', 'shipping_max_volume'))) { $val = hikashop_toFloat($val); } if (is_array($val) || $key == 'information') { $element->{$params_name}->{$key} = $val; } elseif ($key == 'shipping_override_address_text' && $formData[$this->plugin_type][$column]['shipping_override_address'] == '4') { $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1); $element->{$params_name}->{$key} = $safeHtmlFilter->clean($val, 'string'); } else { $element->{$params_name}->{$key} = strip_tags($val); } } } elseif ($column == 'payment_shipping_methods' || $column == 'payment_currency' || $column == 'shipping_currency') { $element->{$column} = array(); foreach ($formData[$this->plugin_type][$column] as $key => $val) { $element->{$column}[(int) $key] = strip_tags($val); } } } else { $element->{$column} = strip_tags($value); } } if ($this->plugin_type == 'payment') { if (!isset($element->payment_shipping_methods)) { $element->payment_shipping_methods = array(); } if (!isset($element->payment_currency)) { $element->payment_currency = array(); } } elseif ($this->plugin_type == 'shipping') { if (!isset($element->shipping_currency)) { $element->shipping_currency = array(); } } $plugin_description = $this->plugin_type . '_description'; $plugin_description_data = JRequest::getVar($plugin_description, '', '', 'string', JREQUEST_ALLOWRAW); $element->{$plugin_description} = $plugin_description_data; $translationHelper = hikashop_get('helper.translation'); $translationHelper->getTranslations($element); } $function = 'on' . ucfirst($this->plugin_type) . 'ConfigurationSave'; if (method_exists($data, $function)) { $data->{$function}($element); } if (!empty($element)) { $pluginClass = hikashop_get('class.' . $this->plugin_type); $status = $pluginClass->save($element); if (!$status) { JRequest::setVar('fail', $element); } else { $translationHelper->handleTranslations($this->plugin_type, $status, $element); $app = JFactory::getApplication(); if (!HIKASHOP_J30) { $app->enqueueMessage(JText::_('HIKASHOP_SUCC_SAVED'), 'success'); } else { $app->enqueueMessage(JText::_('HIKASHOP_SUCC_SAVED')); } if (empty($id)) { JRequest::setVar($this->plugin_type . '_id', $status); } } } }
function saveForm() { $app = JFactory::getApplication(); $mail = new stdClass(); $config =& hikashop_config(); $mail->mail_name = JRequest::getString('mail_name'); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['mail'] as $column => $value) { hikashop_secureField($column); if (in_array($column, array('params', 'body', 'altbody', 'preload'))) { $mail->{$column} = $value; } else { $mail->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } } $mail->attach = array(); $old = $config->get($mail->mail_name . '.attach'); if (!empty($old)) { $oldAttachments = unserialize($old); foreach ($oldAttachments as $oldAttachment) { $mail->attach[] = $oldAttachment; } } $attachments = JRequest::getVar('attachments', array(), 'files', 'array'); if (!empty($attachments['name'][0]) || !empty($attachments['name'][1])) { jimport('joomla.filesystem.file'); $allowedFiles = explode(',', strtolower($config->get('allowedfiles'))); $uploadFolder = JPath::clean(html_entity_decode($config->get('uploadfolder'))); if (!preg_match('#^([A-Z]:)?/.*#', $uploadFolder)) { $uploadFolder = trim($uploadFolder, DS . ' ') . DS; $uploadFolder = JPath::clean(HIKASHOP_ROOT . $uploadFolder); } if (!is_dir($uploadFolder)) { jimport('joomla.filesystem.folder'); JFolder::create($uploadFolder); } if (!is_writable($uploadFolder)) { @chmod($uploadFolder, '0755'); if (!is_writable($uploadFolder)) { $app->enqueueMessage(JText::sprintf('WRITABLE_FOLDER', $uploadFolder), 'notice'); } } foreach ($attachments['name'] as $id => $filename) { if (empty($filename)) { continue; } $attachment = new stdClass(); $attachment->filename = strtolower(JFile::makeSafe($filename)); $attachment->size = $attachments['size'][$id]; if (!preg_match('#\\.(' . str_replace(array(',', '.'), array('|', '\\.'), $config->get('allowedfiles')) . ')$#Ui', $attachment->filename, $extension) || preg_match('#\\.(php.?|.?htm.?|pl|py|jsp|asp|sh|cgi)$#Ui', $attachment->filename)) { $app->enqueueMessage(JText::sprintf('ACCEPTED_TYPE', substr($attachment->filename, strrpos($attachment->filename, '.') + 1), $config->get('allowedfiles')), 'notice'); continue; } $attachment->filename = str_replace(array('.', ' '), '_', substr($attachment->filename, 0, strpos($attachment->filename, $extension[0]))) . $extension[0]; if (!move_uploaded_file($attachments['tmp_name'][$id], $uploadFolder . $attachment->filename)) { if (!JFile::upload($attachments['tmp_name'][$id], $uploadFolder . $attachment->filename)) { $app->enqueueMessage(JText::sprintf('FAIL_UPLOAD', $attachments['tmp_name'][$id], $uploadFolder . $attachment->filename), 'error'); continue; } } $mail->attach[] = $attachment; } } return $this->save($mail); }
function saveForm($id = null) { $module = new stdClass(); $formData = JRequest::getVar('module', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); if (!empty($formData)) { foreach ($formData as $column => $value) { hikashop_secureField($column); if (is_array($value)) { $module->{$column} = array(); foreach ($value as $k2 => $v2) { hikashop_secureField($k2); $module->{$column}[$k2] = $safeHtmlFilter->clean(strip_tags($v2), 'string'); } } else { $module->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } } } $element = array(); $formData = JRequest::getVar('config', array(), '', 'array'); if (isset($module->id) && empty($id)) { $params_name = 'params_' . (int) $module->id; } else { $params_name = 'params_' . (int) $id; } if (!empty($formData[$params_name])) { foreach ($formData[$params_name] as $column => $value) { hikashop_secureField($column); $element[$column] = $safeHtmlFilter->clean(strip_tags($value), 'string'); } if (empty($element['selectparentlisting'])) { $cat = hikashop_get('class.category'); $mainProductCategory = 'product'; $cat->getMainElement($mainProductCategory); $element['selectparentlisting'] = $mainProductCategory; } } $formData = JRequest::getVar('moduleconfig', array(), '', 'array'); if (!empty($formData[$params_name])) { foreach ($formData[$params_name] as $column => $value) { hikashop_secureField($column); $module->{$column} = $safeHtmlFilter->clean(strip_tags($value), 'string'); } } $module->hikashop_params =& $element; $result = $this->save($module); return $result; }
function convertQuery($as, $column, $operator, $value) { if ($operator == 'CONTAINS') { $operator = 'LIKE'; $value = '%' . $value . '%'; } elseif ($operator == 'BEGINS') { $operator = 'LIKE'; $value = $value . '%'; } elseif ($operator == 'END') { $operator = 'LIKE'; $value = '%' . $value; } elseif ($operator == 'NOTCONTAINS') { $operator = 'NOT LIKE'; $value = '%' . $value . '%'; } elseif (!in_array($operator, array('REGEXP', 'NOT REGEXP', 'IS NULL', 'IS NOT NULL', 'NOT LIKE', 'LIKE', '=', '!=', '>', '<', '>=', '<='))) { die('Operator not safe : ' . $operator); } if (strpos($value, '{time}') !== false) { $value = $this->_replaceDate($value); $value = strftime('%Y-%m-%d %H:%M:%S', $value); } $replace = array('{year}', '{month}', '{day}'); $replaceBy = array(date('Y'), date('m'), date('d')); $value = str_replace($replace, $replaceBy, $value); if (!is_numeric($value) or in_array($operator, array('REGEXP', 'NOT REGEXP', 'NOT LIKE', 'LIKE'))) { $value = $this->db->Quote($value); } if (in_array($operator, array('IS NULL', 'IS NOT NULL'))) { $value = ''; } return $as . '.`' . hikashop_secureField($column) . '` ' . $operator . ' ' . $value; }
function saveForm() { $app = JFactory::getApplication(); $filter = new stdClass(); $filter->filter_id = hikashop_getCID('filter_id'); $problem = false; $new = empty($filter->filter_id); $formData = JRequest::getVar('data', array(), '', 'array'); jimport('joomla.filter.filterinput'); $safeHtmlFilter =& JFilterInput::getInstance(null, null, 1, 1); foreach ($formData['filter'] as $column => $value) { hikashop_secureField($column); if (is_array($value)) { $value = implode(',', $value); } $filter->{$column} = $safeHtmlFilter->clean($value, 'string'); } if (empty($filter->filter_name)) { $app->enqueueMessage(JText::_('SPECIFY_A_NAME'), 'error'); $problem = true; } if (empty($filter->filter_id)) { $filter->filter_namekey = $filter->filter_name; $search = explode(",", "ç,æ,œ,á,é,í,ó,ú,à,è,ì,ò,ù,ä,ë,ï,ö,ü,ÿ,â,ê,î,ô,û,å,e,i,ø,u"); $replace = explode(",", "c,ae,oe,a,e,i,o,u,a,e,i,o,u,a,e,i,o,u,y,a,e,i,o,u,a,e,i,o,u"); $test = str_replace($search, $replace, $filter->filter_namekey); $filter->filter_namekey = preg_replace('#[^a-z0-9_-]#i', '', $test); if (empty($test)) { $filter->filter_namekey = 'filter'; } $query = 'SELECT MAX(`filter_id`) FROM ' . hikashop_table('filter'); $this->database->setQuery($query); $last_pid = (int) $this->database->loadResult() + 1; $filter->filter_namekey .= '_' . $last_pid; } if ($formData['filter']['filter_type'] == 'text') { $value = $safeHtmlFilter->clean(@$formData['filter']['filter_data_text'], 'array'); $filter->filter_data = serialize($value); } else { if ($formData['filter']['filter_type'] == 'cursor') { $value = $safeHtmlFilter->clean(@$formData['filter']['filter_data_cursor'], 'string'); $filter->filter_data = serialize($value); } else { $value = $safeHtmlFilter->clean(@$formData['filter']['filter_data'], 'string'); $filter->filter_data = serialize($value); } } if ($formData['filter']['filter_type'] == 'checkbox' && $formData['filter']['filter_data'] == 'sort') { $app->enqueueMessage(JText::sprintf('NOT_COMPAT_WITH_SORTING', JText::_('FIELD_CHECKBOX'), JText::_('FIELD_RADIO'))); $filter->filter_type = 'radio'; } if ($formData['filter']['filter_type'] == 'multipledropdown' && $formData['filter']['filter_data'] == 'sort') { $app->enqueueMessage(JText::sprintf('NOT_COMPAT_WITH_SORTING', JText::_('FIELD_MULTIPLEDROPDOWN'), JText::_('FIELD_SINGLEDROPDOWN'))); $filter->filter_type = 'singledropdown'; } if (($formData['filter']['filter_type'] == 'checkbox' || $formData['filter']['filter_type'] == 'radio' || $formData['filter']['filter_type'] == 'cursor') && @$formData['filter']['title_position'] == 'inside') { $app->enqueueMessage(JText::_('NO_TITLE_INSIDE')); $filter->filter_options['title_position'] = 'top'; } else { $filter->filter_options['title_position'] = $safeHtmlFilter->clean(@$formData['filter']['title_position'], 'string'); } if (empty($formData['filter']['filter_currencies']) && $formData['filter']['filter_data'] == 'price' && $formData['filter']['filter_type'] != 'text' && $formData['filter']['filter_type'] != 'cursor') { $app->enqueueMessage(JText::_('NO_CURRENCY_SELECTED')); $formData['filter']['filter_currencies'] = array(0 => 1); } if (empty($formData['filter']['filter_category_id'])) { $filter->filter_category_id = ''; } if ($formData['filter']['filter_data'] == 'custom_field') { $found = false; if (!empty($formData['filter']['custom_field'])) { $filters = ''; if (!empty($formData['filter']['filter_category_id'])) { if ($formData['filter']['filter_category_childs']) { $categories_filter = array(); $categoryClass = hikashop_get('class.category'); $childs = $categoryClass->getChildren($formData['filter']['filter_category_id'], true); foreach ($childs as $cat) { $categories_filter[] = 'field_categories LIKE \'%,' . $cat->category_id . ',%\''; } $filters = implode(' OR ', $categories_filter); } if (!is_array($formData['filter']['filter_category_id'])) { $formData['filter']['filter_category_id'] = array($formData['filter']['filter_category_id']); } foreach ($formData['filter']['filter_category_id'] as $category_id) { if (!empty($filters)) { $filters .= 'OR '; } $filters .= 'field_categories LIKE \'%,' . (int) $category_id . ',%\''; } } if (!empty($filters)) { $filters .= ' OR '; } $database = JFactory::getDBO(); $database->setQuery('SELECT * FROM ' . hikashop_table('field') . ' WHERE (' . $filters . 'field_categories LIKE "all") AND field_table IN ("product") AND field_published=1'); $fields = $database->loadObjectList('field_realname'); if (!empty($fields)) { foreach ($fields as $field) { if ($field->field_namekey == $formData['filter']['custom_field']) { $filter->filter_options['custom_field'] = $safeHtmlFilter->clean($formData['filter']['custom_field'], 'string'); $found = true; break; } } } } if (!$found) { $app->enqueueMessage(JText::_('CUSTOM_FIELD_NOT_AVAILABLE_FOR_CATEGORY')); if (!empty($fields)) { $fields = reset($fields); $filter->filter_options['custom_field'] = $fields->field_namekey; } else { $filter->filter_options['custom_field'] = ''; } } } $filterValues = JRequest::getVar('filter_values', array(), '', 'array'); if (!empty($filterValues)) { $filterValuesFinal = array(); foreach ($filterValues['value'] as $key => $value) { if (is_numeric($value)) { $filterValuesFinal[] = $safeHtmlFilter->clean($key, 'string') . '::' . $safeHtmlFilter->clean($value, 'string'); } } $filter->filter_value = implode("\n", $filterValuesFinal); } $filter->filter_options['column_width'] = $safeHtmlFilter->clean($formData['filter']['column_width'], 'string'); if (!empty($formData['filter']['filter_size'])) { $filter->filter_options['filter_size'] = $safeHtmlFilter->clean($formData['filter']['filter_size'], 'string'); } else { $filter->filter_options['filter_size'] = 1; } if ($formData['filter']['filter_type'] == 'cursor') { $filter->filter_options['cursor_number'] = $safeHtmlFilter->clean($formData['filter']['cursor_number'], 'string'); if (empty($formData['filter']['cursor_min'])) { $formData['filter']['cursor_min'] = '0'; } if (!strlen($formData['filter']['cursor_max']) || $formData['filter']['cursor_min'] == $formData['filter']['cursor_max']) { $app->enqueueMessage(JText::_('MIN_MAX_NOT_SET'), 'error'); $problem = true; } $filter->filter_options['cursor_min'] = $safeHtmlFilter->clean($formData['filter']['cursor_min'], 'string'); $filter->filter_options['cursor_max'] = $safeHtmlFilter->clean($formData['filter']['cursor_max'], 'string'); $filter->filter_options['cursor_step'] = $safeHtmlFilter->clean($formData['filter']['cursor_step'], 'string'); $filter->filter_options['cursor_effect'] = $safeHtmlFilter->clean($formData['filter']['cursor_effect'], 'string'); $filter->filter_options['cursor_width'] = $safeHtmlFilter->clean($formData['filter']['cursor_width'], 'string'); $filter->filter_options['cursor_width'] = $safeHtmlFilter->clean($formData['filter']['cursor_width'], 'string'); $filter->filter_options['title_position'] = $safeHtmlFilter->clean($formData['filter']['title_position_cursor'], 'string'); } if (!empty($formData['filter']['defined_limits'])) { $filter->filter_options['defined_limits'] = $safeHtmlFilter->clean(@$formData['filter']['defined_limits'], 'string'); } if ($formData['filter']['filter_data'] == 'price') { $filter->filter_options['currencies'] = $safeHtmlFilter->clean(@$formData['filter']['filter_currencies'], 'array'); } if ($formData['filter']['filter_type'] == 'text') { $filter->filter_options['max_char'] = $safeHtmlFilter->clean($formData['filter']['max_char'], 'string'); $filter->filter_options['textBoxSize'] = $safeHtmlFilter->clean($formData['filter']['textBoxSize'], 'string'); $filter->filter_options['searchProcessing'] = $safeHtmlFilter->clean($formData['filter']['searchProcessing'], 'string'); } if ($formData['filter']['filter_data'] == 'characteristic') { $filter->filter_options['filter_charac'] = $safeHtmlFilter->clean($formData['filter']['filter_charac'], 'string'); } if ($formData['filter']['filter_data'] == 'information' || $formData['filter']['filter_type'] == 'cursor') { if ($formData['filter']['product_information'] == 'weight' && $formData['filter']['filter_type'] != 'cursor' || $formData['filter']['filter_data_cursor'] == 'weight' && $formData['filter']['filter_type'] == 'cursor') { $filter->filter_options['information_unit'] = $safeHtmlFilter->clean($formData['filter']['weight_unit'], 'string'); } else { $filter->filter_options['information_unit'] = $safeHtmlFilter->clean($formData['filter']['dimension_unit'], 'string'); } } if ($formData['filter']['filter_type'] != 'cursor') { $filter->filter_options['product_information'] = $safeHtmlFilter->clean($formData['filter']['product_information'], 'string'); } else { $filter->filter_options['product_information'] = $safeHtmlFilter->clean($formData['filter']['filter_data'], 'string'); } $filter->filter_options['button_align'] = $safeHtmlFilter->clean($formData['filter']['button_align'], 'string'); if ($formData['filter']['filter_data'] == 'sort') { if (isset($formData['filter']['sort_by'])) { $filter->filter_options['sort_by'] = $safeHtmlFilter->clean($formData['filter']['sort_by'], 'array'); } else { $app->enqueueMessage(JText::_('CHOOSE_SORT_OPTIONS'), 'error'); $problem = true; } } $filter->filter_options['parent_category_id'] = $safeHtmlFilter->clean($formData['filter']['parent_category_id'], 'string'); unset($filter->column_width); unset($filter->title_position); unset($filter->filter_size); unset($filter->cursor_number); unset($filter->cursor_min); unset($filter->cursor_max); unset($filter->filter_currencies); unset($filter->max_char); unset($filter->defined_limits); unset($filter->filter_charac); unset($filter->sort_by); unset($filter->product_information); unset($filter->custom_field); unset($filter->filter_data_text); unset($filter->filter_data_cursor); unset($filter->button_align); unset($filter->dimension_unit); unset($filter->weight_unit); unset($filter->information_unit); unset($filter->parent_category_id); unset($filter->textBoxSize); unset($filter->cursor_step); unset($filter->cursor_effect); unset($filter->cursor_width); unset($filter->title_position_cursor); unset($filter->searchProcessing); if ($problem) { JRequest::setVar('fail', $filter); } else { $status = $this->save($filter); if ($new && $status) { $orderClass = hikashop_get('helper.order'); $orderClass->pkey = 'filter_id'; $orderClass->table = 'filter'; $orderClass->orderingMap = 'filter_ordering'; $orderClass->reOrder(); } JRequest::setVar('filter_id', $filter->filter_id); return $status; } return false; }
function _cleanOrder() { $element = new stdClass(); $formData = JRequest::getVar('data', array(), '', 'array'); $fieldsClass = hikashop_get('class.field'); $old = null; //$fieldsClass->get($formData['order']['product']['order_product_id']); foreach ($formData['order'] as $column => $value) { hikashop_secureField($column); if ($column == 'product') { $formData['item'] = $formData['order']['product']; JRequest::setVar('data', $formData); $fieldsClass->getInput('item', $old, false); $element->product = $_SESSION['hikashop_item_data']; } elseif (in_array($column, array('history', 'mail'))) { $element->{$column} = new stdClass(); foreach ($value as $k => $v) { $k = hikashop_secureField($k); $element->{$column}->{$k} = strip_tags($v); } } else { if (is_array($value)) { $value = implode(',', $value); } $element->{$column} = strip_tags($value); } } if (!isset($element->mail)) { $element->mail = new stdClass(); } $element->mail->body = JRequest::getVar('hikashop_mail_body', '', '', 'string', JREQUEST_ALLOWRAW); $element->mail->data = new stdClass(); if (!empty($element->order_id)) { $element->mail->data->order_id = (int) $element->order_id; } return $element; }