/** * Send a lost password e-mail * @param object */ protected function sendPasswordLink($objMember) { $objNotification = \NotificationCenter\Model\Notification::findByPk($this->nc_notification); if ($objNotification === null) { $this->log('The notification was not found ID ' . $this->nc_notification, __METHOD__, TL_ERROR); return; } $confirmationId = md5(uniqid(mt_rand(), true)); // Store the confirmation ID $objMember = \MemberModel::findByPk($objMember->id); $objMember->activation = $confirmationId; $objMember->save(); $arrTokens = array(); // Add member tokens foreach ($objMember->row() as $k => $v) { $arrTokens['member_' . $k] = $v; } $arrTokens['recipient_email'] = $objMember->email; $arrTokens['domain'] = \Idna::decode(\Environment::get('host')); $arrTokens['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . ($GLOBALS['TL_CONFIG']['disableAlias'] || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId; $objNotification->send($arrTokens); $this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS); // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); }
public function test_decode() { $arrIdnaToStr = array_flip($this->arrIdnaTests); foreach ($arrIdnaToStr as $strEncodedDomain => $strDecodedDomain) { $this->assertEquals(Idna::decode($strEncodedDomain), $strDecodedDomain); } }
/** * Generate the widget and return it as string * @return string */ public function generate() { // Hide the Punycode format (see #2750) if ($this->rgxp == 'email' || $this->rgxp == 'url') { $this->varValue = \Idna::decode($this->varValue); } return sprintf('<input type="%s" name="%s" id="ctrl_%s" class="text%s%s" value="%s"%s%s', $this->hideInput ? 'password' : 'text', $this->strName, $this->strId, $this->hideInput ? ' password' : '', strlen($this->strClass) ? ' ' . $this->strClass : '', specialchars($this->varValue), $this->getAttributes(), $this->strTagEnding) . $this->addSubmit(); }
/** * @param $strType * @param null $strForceLanguage */ public function __construct($strType, $strForceLanguage = null) { if (in_array($strType, $GLOBALS['TL_EMAIL'])) { $this->strType = $strType; } $this->strForceLanguage = $strForceLanguage; // Set default parameters $this->addParameter('host', \Idna::decode(\Environment::get('host'))); $this->addParameter('admin_name', \BackendUser::getInstance()->name); }
/** * Send a lost password e-mail * * @param \MemberModel $objMember */ protected function sendPasswordLink($objMember) { $objNotification = \NotificationCenter\Model\Notification::findByPk($this->nc_notification); if ($objNotification === null) { $this->log('The notification was not found ID ' . $this->nc_notification, __METHOD__, TL_ERROR); return; } $confirmationId = md5(uniqid(mt_rand(), true)); // Store the confirmation ID $objMember = \MemberModel::findByPk($objMember->id); $objMember->activation = $confirmationId; $objMember->save(); $arrTokens = array(); // Add member tokens foreach ($objMember->row() as $k => $v) { if (\Validator::isBinaryUuid($v)) { $v = \StringUtil::binToUuid($v); } $arrTokens['member_' . $k] = specialchars($v); } // FIX: Add salutation token $arrTokens['salutation_user'] = NotificationCenterPlus::createSalutation($GLOBALS['TL_LANGUAGE'], $objMember); // ENDFIX $arrTokens['recipient_email'] = $objMember->email; $arrTokens['domain'] = \Idna::decode(\Environment::get('host')); $arrTokens['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . ($GLOBALS['TL_CONFIG']['disableAlias'] || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId; // FIX: Add custom change password jump to if (($objJumpTo = $this->objModel->getRelated('changePasswordJumpTo')) !== null) { $arrTokens['link'] = \Idna::decode(\Environment::get('base')) . \Controller::generateFrontendUrl($objJumpTo->row(), '?token=' . $confirmationId); } // ENDFIX $objNotification->send($arrTokens, $GLOBALS['TL_LANGUAGE']); $this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS); // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } StatusMessage::addSuccess(sprintf($GLOBALS['TL_LANG']['notification_center_plus']['sendPasswordLink']['messageSuccess'], $arrTokens['recipient_email']), $this->objModel->id); $this->reload(); }
/** * Parse the template file and return it as string * @param array * @return string */ public function parse($arrAttributes = null) { if ($this->formcontrol_template) { $this->strTemplate = $this->formcontrol_template; // Hide the Punycode format (see #2750) if ($this->rgxp == 'email' || $this->rgxp == 'friendly' || $this->rgxp == 'url') { $this->varValue = \Idna::decode($this->varValue); } if ($this->hideInput) { $strType = 'password'; } elseif ($this->strFormat != 'xhtml') { // Use the HTML5 types (see #4138) // but not the date, time and datetime types (see #5918) switch ($this->rgxp) { case 'digit': $strType = 'number'; break; case 'phone': $strType = 'tel'; break; case 'email': $strType = 'email'; break; case 'url': $strType = 'url'; break; default: $strType = 'text'; break; } } else { $strType = 'text'; } $this->type = $strType; } return parent::parse($arrAttributes); }
/** * @param string $filePk * @param bool $isImage * @return array */ protected function getFileInfo($filePk, $isImage = false) { $fileInfo = array(); $objFile = \FilesModel::findByPk($filePk); $ogImage = $objFile ? (string) $objFile->path : ''; if ($ogImage != '') { $baseUrl = \Idna::decode(\Environment::get('base')); if ($baseUrl == '') { $baseUrl = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, -9); } $fileInfo['url'] = $baseUrl . $ogImage; if (file_exists(TL_ROOT . TL_FILES_URL . '/' . $ogImage)) { $image = TL_ROOT . TL_FILES_URL . '/' . $ogImage; } elseif (file_exists(TL_ROOT . '/' . $ogImage)) { $image = TL_ROOT . '/' . $ogImage; } else { $image = dirname(__FILE__) . '/../../../../../' . $ogImage; } $mimeType = @mime_content_type($image); if ($mimeType) { $fileInfo['mime_type'] = $mimeType; } if ($isImage) { $imagesize = @getimagesize($image); if ($imagesize) { $fileInfo['width'] = $imagesize[0]; $fileInfo['height'] = $imagesize[1]; } } } return $fileInfo; }
/** * Decode an internationalized domain name * * @param string $strDomain The domain name * * @return string The decoded domain name * * @deprecated Use Idna::decode() instead */ protected function idnaDecode($strDomain) { return \Idna::decode($strDomain); }
/** * Notify the subscribers of new comments * * @param \CommentsModel $objComment */ public static function notifyCommentsSubscribers(\CommentsModel $objComment) { // Notified already if ($objComment->notified) { return; } $objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent); // No subscriptions if ($objNotify === null) { return; } while ($objNotify->next()) { // Don't notify the commentor about his own comment if ($objNotify->email == $objComment->email) { continue; } // Prepare the URL $strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url; $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove); $objEmail->sendTo($objNotify->email); } $objComment->notified = 1; $objComment->save(); }
protected function createNewUser($arrData) { $arrData['tstamp'] = time(); $arrData['login'] = $this->reg_allowLogin; $arrData['activation'] = md5(uniqid(mt_rand(), true)); $arrData['dateAdded'] = $arrData['tstamp']; $pw = $this->getRandomPassword(6); $arrData['password'] = \Encryption::hash($pw["clear"]); $arrData['username'] = strtolower($arrData['email']); $arrData['email'] = strtolower($arrData['email']); // Set default groups if (!array_key_exists('groups', $arrData)) { $arrData['groups'] = $this->reg_groups; } // // Disable account // $arrData['disable'] = 1; // Send activation e-mail if ($this->reg_activate) { $arrChunks = array(); $strConfirmation = $this->reg_text; preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks); foreach ($arrChunks[0] as $strChunk) { $strKey = substr($strChunk, 2, -2); switch ($strKey) { case 'domain': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation); break; case 'gen_pw': $strConfirmation = str_replace($strChunk, $pw["clear"], $strConfirmation); break; case 'link': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $arrData['activation'], $strConfirmation); break; // HOOK: support newsletter subscriptions // HOOK: support newsletter subscriptions case 'channel': case 'channels': if (!in_array('newsletter', \ModuleLoader::getActive())) { break; } // Make sure newsletter is an array if (!is_array($arrData['newsletter'])) { if ($arrData['newsletter'] != '') { $arrData['newsletter'] = array($arrData['newsletter']); } else { $arrData['newsletter'] = array(); } } // Replace the wildcard if (!empty($arrData['newsletter'])) { $objChannels = \NewsletterChannelModel::findByIds($arrData['newsletter']); if ($objChannels !== null) { $strConfirmation = str_replace($strChunk, implode("\n", $objChannels->fetchEach('title')), $strConfirmation); } } else { $strConfirmation = str_replace($strChunk, '', $strConfirmation); } break; default: $strConfirmation = str_replace($strChunk, $arrData[$strKey], $strConfirmation); break; } } $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['emailSubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = $strConfirmation; $objEmail->sendTo($arrData['email']); } // Make sure newsletter is an array if (isset($arrData['newsletter']) && !is_array($arrData['newsletter'])) { $arrData['newsletter'] = array($arrData['newsletter']); } // Create the user $objNewUser = new \MemberModel(); $objNewUser->setRow($arrData); $objNewUser->save(); $insertId = $objNewUser->id; // Assign home directory if ($this->reg_assignDir) { $objHomeDir = \FilesModel::findByUuid($this->reg_homeDir); if ($objHomeDir !== null) { $this->import('Files'); $strUserDir = standardize($arrData['username']) ?: 'user_' . $insertId; // Add the user ID if the directory exists while (is_dir(TL_ROOT . '/' . $objHomeDir->path . '/' . $strUserDir)) { $strUserDir .= '_' . $insertId; } // Create the user folder new \Folder($objHomeDir->path . '/' . $strUserDir); $objUserDir = \FilesModel::findByPath($objHomeDir->path . '/' . $strUserDir); // Save the folder ID $objNewUser->assignDir = 1; $objNewUser->homeDir = $objUserDir->uuid; $objNewUser->save(); } } // HOOK: send insert ID and user data if (isset($GLOBALS['TL_HOOKS']['createNewUser']) && is_array($GLOBALS['TL_HOOKS']['createNewUser'])) { foreach ($GLOBALS['TL_HOOKS']['createNewUser'] as $callback) { $this->import($callback[0]); $this->{$callback}[0]->{$callback}[1]($insertId, $arrData, $this); } } // Inform admin if no activation link is sent if (!$this->reg_activate) { $this->sendAdminNotification($insertId, $arrData); } // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); }
/** * Replace insert tags with their values * * @param string $strBuffer The text with the tags to be replaced * @param boolean $blnCache If false, non-cacheable tags will be replaced * * @return string The text with the replaced tags */ protected function doReplace($strBuffer, $blnCache) { /** @var PageModel $objPage */ global $objPage; // Preserve insert tags if (\Config::get('disableInsertTags')) { return \StringUtil::restoreBasicEntities($strBuffer); } $tags = preg_split('/{{([^{}]+)}}/', $strBuffer, -1, PREG_SPLIT_DELIM_CAPTURE); if (count($tags) < 2) { return \StringUtil::restoreBasicEntities($strBuffer); } $strBuffer = ''; // Create one cache per cache setting (see #7700) static $arrItCache; $arrCache =& $arrItCache[$blnCache]; for ($_rit = 0, $_cnt = count($tags); $_rit < $_cnt; $_rit += 2) { $strBuffer .= $tags[$_rit]; $strTag = $tags[$_rit + 1]; // Skip empty tags if ($strTag == '') { continue; } $flags = explode('|', $strTag); $tag = array_shift($flags); $elements = explode('::', $tag); // Load the value from cache if (isset($arrCache[$strTag]) && !in_array('refresh', $flags)) { $strBuffer .= $arrCache[$strTag]; continue; } // Skip certain elements if the output will be cached if ($blnCache) { if ($elements[0] == 'date' || $elements[0] == 'ua' || $elements[0] == 'post' || $elements[0] == 'file' || $elements[1] == 'back' || $elements[1] == 'referer' || $elements[0] == 'request_token' || $elements[0] == 'toggle_view' || strncmp($elements[0], 'cache_', 6) === 0 || in_array('uncached', $flags)) { $strBuffer .= '{{' . $strTag . '}}'; continue; } } $arrCache[$strTag] = ''; // Replace the tag switch (strtolower($elements[0])) { // Date case 'date': $arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('dateFormat')); break; // Accessibility tags // Accessibility tags case 'lang': if ($elements[1] == '') { $arrCache[$strTag] = '</span>'; } else { $arrCache[$strTag] = $arrCache[$strTag] = '<span lang="' . $elements[1] . '">'; } break; // Line break // Line break case 'br': $arrCache[$strTag] = '<br>'; break; // E-mail addresses // E-mail addresses case 'email': case 'email_open': case 'email_url': if ($elements[1] == '') { $arrCache[$strTag] = ''; break; } $strEmail = \StringUtil::encodeEmail($elements[1]); // Replace the tag switch (strtolower($elements[0])) { case 'email': $arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" class="email">' . preg_replace('/\\?.*$/', '', $strEmail) . '</a>'; break; case 'email_open': $arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" title="' . $strEmail . '" class="email">'; break; case 'email_url': $arrCache[$strTag] = $strEmail; break; } break; // Label tags // Label tags case 'label': $keys = explode(':', $elements[1]); if (count($keys) < 2) { $arrCache[$strTag] = ''; break; } $file = $keys[0]; // Map the key (see #7217) switch ($file) { case 'CNT': $file = 'countries'; break; case 'LNG': $file = 'languages'; break; case 'MOD': case 'FMD': $file = 'modules'; break; case 'FFL': $file = 'tl_form_field'; break; case 'CACHE': $file = 'tl_page'; break; case 'XPL': $file = 'explain'; break; case 'XPT': $file = 'exception'; break; case 'MSC': case 'ERR': case 'CTE': case 'PTY': case 'FOP': case 'CHMOD': case 'DAYS': case 'MONTHS': case 'UNITS': case 'CONFIRM': case 'DP': case 'COLS': $file = 'default'; break; } \System::loadLanguageFile($file); if (count($keys) == 2) { $arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]]; } else { $arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]][$keys[2]]; } break; // Front end user // Front end user case 'user': if (FE_USER_LOGGED_IN) { $this->import('FrontendUser', 'User'); $value = $this->User->{$elements[1]}; if ($value == '') { $arrCache[$strTag] = $value; break; } $this->loadDataContainer('tl_member'); if ($GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['inputType'] == 'password') { $arrCache[$strTag] = ''; break; } $value = \StringUtil::deserialize($value); // Decrypt the value if ($GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['eval']['encrypt']) { $value = \Encryption::decrypt($value); } $rgxp = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['eval']['rgxp']; $opts = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['options']; $rfrc = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['reference']; if ($rgxp == 'date') { $arrCache[$strTag] = \Date::parse(\Config::get('dateFormat'), $value); } elseif ($rgxp == 'time') { $arrCache[$strTag] = \Date::parse(\Config::get('timeFormat'), $value); } elseif ($rgxp == 'datim') { $arrCache[$strTag] = \Date::parse(\Config::get('datimFormat'), $value); } elseif (is_array($value)) { $arrCache[$strTag] = implode(', ', $value); } elseif (is_array($opts) && array_is_assoc($opts)) { $arrCache[$strTag] = isset($opts[$value]) ? $opts[$value] : $value; } elseif (is_array($rfrc)) { $arrCache[$strTag] = isset($rfrc[$value]) ? is_array($rfrc[$value]) ? $rfrc[$value][0] : $rfrc[$value] : $value; } else { $arrCache[$strTag] = $value; } // Convert special characters (see #1890) $arrCache[$strTag] = \StringUtil::specialchars($arrCache[$strTag]); } break; // Link // Link case 'link': case 'link_open': case 'link_url': case 'link_title': case 'link_target': case 'link_name': $strTarget = null; // Back link if ($elements[1] == 'back') { $strUrl = 'javascript:history.go(-1)'; $strTitle = $GLOBALS['TL_LANG']['MSC']['goBack']; // No language files if the page is cached if (!strlen($strTitle)) { $strTitle = 'Go back'; } $strName = $strTitle; } elseif (strncmp($elements[1], 'http://', 7) === 0 || strncmp($elements[1], 'https://', 8) === 0) { $strUrl = $elements[1]; $strTitle = $elements[1]; $strName = str_replace(array('http://', 'https://'), '', $elements[1]); } else { // User login page if ($elements[1] == 'login') { if (!FE_USER_LOGGED_IN) { break; } $this->import('FrontendUser', 'User'); $elements[1] = $this->User->loginPage; } $objNextPage = \PageModel::findByIdOrAlias($elements[1]); if ($objNextPage === null) { break; } // Page type specific settings (thanks to Andreas Schempp) switch ($objNextPage->type) { case 'redirect': $strUrl = $objNextPage->url; if (strncasecmp($strUrl, 'mailto:', 7) === 0) { $strUrl = \StringUtil::encodeEmail($strUrl); } break; case 'forward': if ($objNextPage->jumpTo) { /** @var PageModel $objNext */ $objNext = $objNextPage->getRelated('jumpTo'); } else { $objNext = \PageModel::findFirstPublishedRegularByPid($objNextPage->id); } if ($objNext instanceof PageModel) { $strUrl = $objNext->getFrontendUrl(); break; } // DO NOT ADD A break; STATEMENT // DO NOT ADD A break; STATEMENT default: $strUrl = $objNextPage->getFrontendUrl(); break; } $strName = $objNextPage->title; $strTarget = $objNextPage->target ? ' target="_blank"' : ''; $strTitle = $objNextPage->pageTitle ?: $objNextPage->title; } // Replace the tag switch (strtolower($elements[0])) { case 'link': $arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>%s</a>', $strUrl, \StringUtil::specialchars($strTitle), $strTarget, $strName); break; case 'link_open': $arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>', $strUrl, \StringUtil::specialchars($strTitle), $strTarget); break; case 'link_url': $arrCache[$strTag] = $strUrl; break; case 'link_title': $arrCache[$strTag] = \StringUtil::specialchars($strTitle); break; case 'link_target': $arrCache[$strTag] = $strTarget; break; case 'link_name': $arrCache[$strTag] = $strName; break; } break; // Closing link tag // Closing link tag case 'link_close': case 'email_close': $arrCache[$strTag] = '</a>'; break; // Insert article // Insert article case 'insert_article': if (($strOutput = $this->getArticle($elements[1], false, true)) !== false) { $arrCache[$strTag] = ltrim($strOutput); } else { $arrCache[$strTag] = '<p class="error">' . sprintf($GLOBALS['TL_LANG']['MSC']['invalidPage'], $elements[1]) . '</p>'; } break; // Insert content element // Insert content element case 'insert_content': $arrCache[$strTag] = $this->getContentElement($elements[1]); break; // Insert module // Insert module case 'insert_module': $arrCache[$strTag] = $this->getFrontendModule($elements[1]); break; // Insert form // Insert form case 'insert_form': $arrCache[$strTag] = $this->getForm($elements[1]); break; // Article // Article case 'article': case 'article_open': case 'article_url': case 'article_title': if (($objArticle = \ArticleModel::findByIdOrAlias($elements[1])) === null || !($objPid = $objArticle->getRelated('pid')) instanceof PageModel) { break; } /** @var PageModel $objPid */ $strUrl = $objPid->getFrontendUrl('/articles/' . ($objArticle->alias ?: $objArticle->id)); // Replace the tag switch (strtolower($elements[0])) { case 'article': $arrCache[$strTag] = sprintf('<a href="%s" title="%s">%s</a>', $strUrl, \StringUtil::specialchars($objArticle->title), $objArticle->title); break; case 'article_open': $arrCache[$strTag] = sprintf('<a href="%s" title="%s">', $strUrl, \StringUtil::specialchars($objArticle->title)); break; case 'article_url': $arrCache[$strTag] = $strUrl; break; case 'article_title': $arrCache[$strTag] = \StringUtil::specialchars($objArticle->title); break; } break; // Article teaser // Article teaser case 'article_teaser': $objTeaser = \ArticleModel::findByIdOrAlias($elements[1]); if ($objTeaser !== null) { $arrCache[$strTag] = \StringUtil::toHtml5($objTeaser->teaser); } break; // Last update // Last update case 'last_update': $strQuery = "SELECT MAX(tstamp) AS tc"; $bundles = \System::getContainer()->getParameter('kernel.bundles'); if (isset($bundles['ContaoNewsBundle'])) { $strQuery .= ", (SELECT MAX(tstamp) FROM tl_news) AS tn"; } if (isset($bundles['ContaoCalendarBundle'])) { $strQuery .= ", (SELECT MAX(tstamp) FROM tl_calendar_events) AS te"; } $strQuery .= " FROM tl_content"; $objUpdate = \Database::getInstance()->query($strQuery); if ($objUpdate->numRows) { $arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('datimFormat'), max($objUpdate->tc, $objUpdate->tn, $objUpdate->te)); } break; // Version // Version case 'version': $arrCache[$strTag] = VERSION . '.' . BUILD; break; // Request token // Request token case 'request_token': $arrCache[$strTag] = REQUEST_TOKEN; break; // POST data // POST data case 'post': $arrCache[$strTag] = \Input::post($elements[1]); break; // Mobile/desktop toggle (see #6469) // Mobile/desktop toggle (see #6469) case 'toggle_view': $strUrl = ampersand(\Environment::get('request')); $strGlue = strpos($strUrl, '?') === false ? '?' : '&'; if (\Input::cookie('TL_VIEW') == 'mobile' || \Environment::get('agent')->mobile && \Input::cookie('TL_VIEW') != 'desktop') { $arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=desktop" class="toggle_desktop" title="' . \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['toggleDesktop'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleDesktop'][0] . '</a>'; } else { $arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=mobile" class="toggle_mobile" title="' . \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['toggleMobile'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleMobile'][0] . '</a>'; } break; // Conditional tags (if) // Conditional tags (if) case 'iflng': if ($elements[1] != '' && $elements[1] != $objPage->language) { for (; $_rit < $_cnt; $_rit += 2) { if ($tags[$_rit + 1] == 'iflng' || $tags[$_rit + 1] == 'iflng::' . $objPage->language) { break; } } } unset($arrCache[$strTag]); break; // Conditional tags (if not) // Conditional tags (if not) case 'ifnlng': if ($elements[1] != '') { $langs = \StringUtil::trimsplit(',', $elements[1]); if (in_array($objPage->language, $langs)) { for (; $_rit < $_cnt; $_rit += 2) { if ($tags[$_rit + 1] == 'ifnlng') { break; } } } } unset($arrCache[$strTag]); break; // Environment // Environment case 'env': switch ($elements[1]) { case 'host': $arrCache[$strTag] = \Idna::decode(\Environment::get('host')); break; case 'http_host': $arrCache[$strTag] = \Idna::decode(\Environment::get('httpHost')); break; case 'url': $arrCache[$strTag] = \Idna::decode(\Environment::get('url')); break; case 'path': $arrCache[$strTag] = \Idna::decode(\Environment::get('base')); break; case 'request': $arrCache[$strTag] = \Environment::get('indexFreeRequest'); break; case 'ip': $arrCache[$strTag] = \Environment::get('ip'); break; case 'referer': $arrCache[$strTag] = $this->getReferer(true); break; case 'files_url': $arrCache[$strTag] = TL_FILES_URL; break; case 'assets_url': case 'plugins_url': case 'script_url': $arrCache[$strTag] = TL_ASSETS_URL; break; case 'base_url': $arrCache[$strTag] = \System::getContainer()->get('request_stack')->getCurrentRequest()->getBaseUrl(); break; } break; // Page // Page case 'page': if ($elements[1] == 'pageTitle' && $objPage->pageTitle == '') { $elements[1] = 'title'; } elseif ($elements[1] == 'parentPageTitle' && $objPage->parentPageTitle == '') { $elements[1] = 'parentTitle'; } elseif ($elements[1] == 'mainPageTitle' && $objPage->mainPageTitle == '') { $elements[1] = 'mainTitle'; } // Do not use \StringUtil::specialchars() here (see #4687) $arrCache[$strTag] = $objPage->{$elements[1]}; break; // User agent // User agent case 'ua': $ua = \Environment::get('agent'); if ($elements[1] != '') { $arrCache[$strTag] = $ua->{$elements[1]}; } else { $arrCache[$strTag] = ''; } break; // Abbreviations // Abbreviations case 'abbr': case 'acronym': if ($elements[1] != '') { $arrCache[$strTag] = '<abbr title="' . $elements[1] . '">'; } else { $arrCache[$strTag] = '</abbr>'; } break; // Images // Images case 'image': case 'picture': $width = null; $height = null; $alt = ''; $class = ''; $rel = ''; $strFile = $elements[1]; $mode = ''; $size = null; $strTemplate = 'picture_default'; // Take arguments if (strpos($elements[1], '?') !== false) { $arrChunks = explode('?', urldecode($elements[1]), 2); $strSource = \StringUtil::decodeEntities($arrChunks[1]); $strSource = str_replace('[&]', '&', $strSource); $arrParams = explode('&', $strSource); foreach ($arrParams as $strParam) { list($key, $value) = explode('=', $strParam); switch ($key) { case 'width': $width = $value; break; case 'height': $height = $value; break; case 'alt': $alt = \StringUtil::specialchars($value); break; case 'class': $class = $value; break; case 'rel': $rel = $value; break; case 'mode': $mode = $value; break; case 'size': $size = (int) $value; break; case 'template': $strTemplate = preg_replace('/[^a-z0-9_]/i', '', $value); break; } } $strFile = $arrChunks[0]; } if (\Validator::isUuid($strFile)) { // Handle UUIDs $objFile = \FilesModel::findByUuid($strFile); if ($objFile === null) { $arrCache[$strTag] = ''; break; } $strFile = $objFile->path; } elseif (is_numeric($strFile)) { // Handle numeric IDs (see #4805) $objFile = \FilesModel::findByPk($strFile); if ($objFile === null) { $arrCache[$strTag] = ''; break; } $strFile = $objFile->path; } else { // Check the path if (\Validator::isInsecurePath($strFile)) { throw new \RuntimeException('Invalid path ' . $strFile); } } // Check the maximum image width if (\Config::get('maxImageWidth') > 0 && $width > \Config::get('maxImageWidth')) { $width = \Config::get('maxImageWidth'); $height = null; } // Generate the thumbnail image try { // Image if (strtolower($elements[0]) == 'image') { $dimensions = ''; $imageObj = \Image::create($strFile, array($width, $height, $mode)); $src = $imageObj->executeResize()->getResizedPath(); $objFile = new \File(rawurldecode($src)); // Add the image dimensions if (($imgSize = $objFile->imageSize) !== false) { $dimensions = ' width="' . $imgSize[0] . '" height="' . $imgSize[1] . '"'; } $arrCache[$strTag] = '<img src="' . TL_FILES_URL . $src . '" ' . $dimensions . ' alt="' . $alt . '"' . ($class != '' ? ' class="' . $class . '"' : '') . '>'; } else { $picture = \Picture::create($strFile, array(0, 0, $size))->getTemplateData(); $picture['alt'] = $alt; $picture['class'] = $class; $pictureTemplate = new \FrontendTemplate($strTemplate); $pictureTemplate->setData($picture); $arrCache[$strTag] = $pictureTemplate->parse(); } // Add a lightbox link if ($rel != '') { if (strncmp($rel, 'lightbox', 8) !== 0) { $attribute = ' rel="' . $rel . '"'; } else { $attribute = ' data-lightbox="' . substr($rel, 8) . '"'; } $arrCache[$strTag] = '<a href="' . TL_FILES_URL . $strFile . '"' . ($alt != '' ? ' title="' . $alt . '"' : '') . $attribute . '>' . $arrCache[$strTag] . '</a>'; } } catch (\Exception $e) { $arrCache[$strTag] = ''; } break; // Files (UUID or template path) // Files (UUID or template path) case 'file': if (\Validator::isUuid($elements[1])) { $objFile = \FilesModel::findByUuid($elements[1]); if ($objFile !== null) { $arrCache[$strTag] = $objFile->path; break; } } $arrGet = $_GET; \Input::resetCache(); $strFile = $elements[1]; // Take arguments and add them to the $_GET array if (strpos($elements[1], '?') !== false) { $arrChunks = explode('?', urldecode($elements[1])); $strSource = \StringUtil::decodeEntities($arrChunks[1]); $strSource = str_replace('[&]', '&', $strSource); $arrParams = explode('&', $strSource); foreach ($arrParams as $strParam) { $arrParam = explode('=', $strParam); $_GET[$arrParam[0]] = $arrParam[1]; } $strFile = $arrChunks[0]; } // Check the path if (\Validator::isInsecurePath($strFile)) { throw new \RuntimeException('Invalid path ' . $strFile); } // Include .php, .tpl, .xhtml and .html5 files if (preg_match('/\\.(php|tpl|xhtml|html5)$/', $strFile) && file_exists(TL_ROOT . '/templates/' . $strFile)) { ob_start(); include TL_ROOT . '/templates/' . $strFile; $arrCache[$strTag] = ob_get_clean(); } $_GET = $arrGet; \Input::resetCache(); break; // HOOK: pass unknown tags to callback functions // HOOK: pass unknown tags to callback functions default: if (isset($GLOBALS['TL_HOOKS']['replaceInsertTags']) && is_array($GLOBALS['TL_HOOKS']['replaceInsertTags'])) { foreach ($GLOBALS['TL_HOOKS']['replaceInsertTags'] as $callback) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($tag, $blnCache, $arrCache[$strTag], $flags, $tags, $arrCache, $_rit, $_cnt); // see #6672 // Replace the tag and stop the loop if ($varValue !== false) { $arrCache[$strTag] = $varValue; break; } } } if (\Config::get('debugMode')) { $GLOBALS['TL_DEBUG']['unknown_insert_tags'][] = $strTag; } break; } // Handle the flags if (!empty($flags)) { foreach ($flags as $flag) { switch ($flag) { case 'addslashes': case 'stripslashes': case 'standardize': case 'ampersand': case 'specialchars': case 'nl2br': case 'nl2br_pre': case 'strtolower': case 'utf8_strtolower': case 'strtoupper': case 'utf8_strtoupper': case 'ucfirst': case 'lcfirst': case 'ucwords': case 'trim': case 'rtrim': case 'ltrim': case 'utf8_romanize': case 'strrev': case 'urlencode': case 'rawurlencode': $arrCache[$strTag] = $flag($arrCache[$strTag]); break; case 'encodeEmail': case 'decodeEntities': $arrCache[$strTag] = \StringUtil::$flag($arrCache[$strTag]); break; case 'number_format': $arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 0); break; case 'currency_format': $arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 2); break; case 'readable_size': $arrCache[$strTag] = \System::getReadableSize($arrCache[$strTag]); break; case 'flatten': if (!is_array($arrCache[$strTag])) { break; } $it = new \RecursiveIteratorIterator(new \RecursiveArrayIterator($arrCache[$strTag])); $result = array(); foreach ($it as $leafValue) { $keys = array(); foreach (range(0, $it->getDepth()) as $depth) { $keys[] = $it->getSubIterator($depth)->key(); } $result[] = implode('.', $keys) . ': ' . $leafValue; } $arrCache[$strTag] = implode(', ', $result); break; // HOOK: pass unknown flags to callback functions // HOOK: pass unknown flags to callback functions default: if (isset($GLOBALS['TL_HOOKS']['insertTagFlags']) && is_array($GLOBALS['TL_HOOKS']['insertTagFlags'])) { foreach ($GLOBALS['TL_HOOKS']['insertTagFlags'] as $callback) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($flag, $tag, $arrCache[$strTag], $flags, $blnCache, $tags, $arrCache, $_rit, $_cnt); // see #5806 // Replace the tag and stop the loop if ($varValue !== false) { $arrCache[$strTag] = $varValue; break; } } } if (\Config::get('debugMode')) { $GLOBALS['TL_DEBUG']['unknown_insert_tag_flags'][] = $flag; } break; } } } $strBuffer .= $arrCache[$strTag]; } return \StringUtil::restoreBasicEntities($strBuffer); }
/** * Create a new user and redirect * * @param \MemberModel $objMember */ protected function sendPasswordLink($objMember) { $confirmationId = md5(uniqid(mt_rand(), true)); // Store the confirmation ID $objMember = \MemberModel::findByPk($objMember->id); $objMember->activation = $confirmationId; $objMember->save(); // Prepare the simple token data $arrData = $objMember->row(); $arrData['domain'] = \Idna::decode(\Environment::get('host')); $arrData['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId; // Send e-mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = \String::parseSimpleTokens($this->reg_password, $arrData); $objEmail->sendTo($objMember->email); $this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS); // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); }
protected function commentsController() { $returnarray['error'] = $this->errorcode(0); $returnarray['changes'] = 1; $getTs = \Input::get($this->request['ts']); $getId = \Input::get($this->request['id']); $returnarray['ts'] = isset($getTs) ? $getTs : 0; if (isset($getId)) { if (\Input::get($this->request['action']) == 'add') { $comment = $_REQUEST[$this->request['comment']]; $name = $_REQUEST[$this->request['name']]; $email = $_REQUEST[$this->request['email']]; $key = $_REQUEST[$this->request['key']]; if (!$comment || $comment == "" || !$name || !$email) { $returnarray['error'] = $this->errorcode(30); } elseif (!\Validator::isEmail($email)) { $returnarray['error'] = $this->errorcode(31); } else { $ts = time(); $arrInsert = array('tstamp' => $ts, 'source' => 'tl_news', 'parent' => $getId, 'date' => $ts, 'name' => $name, 'email' => $email, 'comment' => trim($comment), 'published' => $this->settings['news_moderate'] == 1 ? 0 : 1, 'ip' => \Environment::get('remote_addr')); $objComment = new \CommentsModel(); $objComment->setRow($arrInsert)->save(); if ($objComment->id) { $strComment = $_REQUEST[$this->request['comment']]; $strComment = strip_tags($strComment); $strComment = \String::decodeEntities($strComment); $strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment); $objTemplate = new \FrontendTemplate('kommentar_email'); $objTemplate->name = $arrInsert['name'] . ' (' . $arrInsert['email'] . ')'; $objTemplate->comment = $strComment; $objTemplate->edit = \Idna::decode(\Environment::get('base')) . 'contao/main.php?do=comments&act=edit&id=' . $objComment->id; $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = $objTemplate->parse(); if ($GLOBALS['TL_ADMIN_EMAIL'] != '') { $objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']); } $returnarray['error'] = $this->errorcode(0); $returnarray['ts'] = $ts; $returnarray['comment_id'] = $objComment->id; $returnarray['changes'] = 1; $returnarray['status'] = $this->settings['news_moderate'] == 1 ? 'Kommentar wird geprüft.' : "Kommentar veröffentlicht."; } else { $returnarray['error'] = $this->errorcode(31); } } } else { $post = $this->getComment($getId); if ($post['commentStatus'] == 'open') { $returnarray['comment_status'] = $post['commentStatus']; $returnarray['comments_count'] = $post['commentsCount']; $returnarray['REQUEST_TOKEN'] = REQUEST_TOKEN; if ($post['commentsCount'] > 0) { $pos = 0; foreach ($post['items'] as $comment) { $tempArray = array(); $tempArray['pos'] = ++$pos; $tempArray['id'] = $comment->id; $tempArray['text'] = strip_tags($comment->comment); $tempArray['timestamp'] = (int) $comment->date; if ($tempArray['timestamp'] > $returnarray['ts']) { $returnarray['ts'] = $tempArray['timestamp']; $returnarray['changes'] = 1; } $tempArray['datum'] = date('d.m.Y, H:i', $tempArray['timestamp']); $tempArray['author']['name'] = $comment->name; $tempArray['author']['id'] = "0"; $tempArray['author']['email'] = $comment->email; $tempArray['author']['img'] = ""; if ($comment->addReply) { $objUser = \UserModel::findByPk($comment->author); $tempArray['subitems'] = array(array('pos' => 1, 'id' => 1, 'parent_id' => $comment->id, 'text' => strip_tags($comment->reply), 'timestamp' => (int) $comment->tstamp, 'datum' => date('d.m.Y, H:i', $comment->tstamp), 'author' => array('name' => $objUser->name, 'id' => $objUser->id, 'email' => $objUser->email, 'img' => ""))); } $returnarray['items'][] = $tempArray; } if ($returnarray['changes'] != 1) { unset($returnarray['items']); } } } else { $returnarray['error'] = $this->errorcode(29); } } } else { $returnarray['error'] = $this->errorcode(15); } return array('comments' => $returnarray); }
/** * removes $this->reload(); call (last line) of core method \Comments::renderCommentForm() */ protected function renderCommentForm(\FrontendTemplate $objTemplate, \stdClass $objConfig, $strSource, $intParent, $varNotifies) { $this->import('FrontendUser', 'User'); // Access control if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) { $objTemplate->requireLogin = true; $objTemplate->login = $GLOBALS['TL_LANG']['MSC']['com_login']; return; } // Confirm or remove a subscription if (\Input::get('token')) { static::changeSubscriptionStatus($objTemplate); return; } // Form fields $arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['com_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64)), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['com_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true)), 'website' => array('name' => 'website', 'label' => $GLOBALS['TL_LANG']['MSC']['com_website'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true))); // Captcha if (!$objConfig->disableCaptcha) { $arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true)); } // Comment field $arrFields['comment'] = array('name' => 'comment', 'label' => $GLOBALS['TL_LANG']['MSC']['com_comment'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 4, 'cols' => 40, 'preserveTags' => true)); // Notify me of new comments $arrFields['notify'] = array('name' => 'notify', 'label' => '', 'inputType' => 'checkbox', 'options' => array(1 => $GLOBALS['TL_LANG']['MSC']['com_notify'])); $doNotSubmit = false; $arrWidgets = array(); $strFormId = 'com_' . $strSource . '_' . $intParent; // Initialize the widgets foreach ($arrFields as $arrField) { /** @var \Widget $strClass */ $strClass = $GLOBALS['TL_FFL'][$arrField['inputType']]; // Continue if the class is not defined if (!class_exists($strClass)) { continue; } $arrField['eval']['required'] = $arrField['eval']['mandatory']; /** @var \Widget $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($arrField, $arrField['name'], $arrField['value'])); // Validate the widget if (\Input::post('FORM_SUBMIT') == $strFormId) { $objWidget->validate(); if ($objWidget->hasErrors()) { $doNotSubmit = true; } } $arrWidgets[$arrField['name']] = $objWidget; } $objTemplate->fields = $arrWidgets; $objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit']; $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->messages = ''; // Backwards compatibility $objTemplate->formId = $strFormId; $objTemplate->hasError = $doNotSubmit; // Do not index or cache the page with the confirmation message if ($_SESSION['TL_COMMENT_ADDED']) { /** @var \PageModel $objPage */ global $objPage; $objPage->noSearch = 1; $objPage->cache = 0; $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm']; $_SESSION['TL_COMMENT_ADDED'] = false; } // Store the comment if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) { $strWebsite = $arrWidgets['website']->value; // Add http:// to the website if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) { $strWebsite = 'http://' . $strWebsite; } // Do not parse any tags in the comment $strComment = specialchars(trim($arrWidgets['comment']->value)); $strComment = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strComment); // Remove multiple line feeds $strComment = preg_replace('@\\n\\n+@', "\n\n", $strComment); // Parse BBCode if ($objConfig->bbcode) { $strComment = $this->parseBbCode($strComment); } // Prevent cross-site request forgeries $strComment = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strComment); $time = time(); // Prepare the record $arrSet = array('tstamp' => $time, 'source' => $strSource, 'parent' => $intParent, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'website' => $strWebsite, 'comment' => $this->convertLineFeeds($strComment), 'ip' => $this->anonymizeIp(\Environment::get('ip')), 'date' => $time, 'published' => $objConfig->moderate ? '' : 1); // Store the comment $objComment = new \CommentsModel(); $objComment->setRow($arrSet)->save(); // Store the subscription if ($arrWidgets['notify']->value) { static::addCommentsSubscription($objComment); } // HOOK: add custom logic if (isset($GLOBALS['TL_HOOKS']['addComment']) && is_array($GLOBALS['TL_HOOKS']['addComment'])) { foreach ($GLOBALS['TL_HOOKS']['addComment'] as $callback) { $this->import($callback[0]); $this->{$callback[0]}->{$callback[1]}($objComment->id, $arrSet, $this); } } // Prepare the notification mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_subject'], \Idna::decode(\Environment::get('host'))); // Convert the comment to plain text $strComment = strip_tags($strComment); $strComment = \StringUtil::decodeEntities($strComment); $strComment = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strComment); // Add the comment details $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strComment, \Idna::decode(\Environment::get('base')) . \Environment::get('request'), \Idna::decode(\Environment::get('base')) . 'contao/main.php?do=comments&act=edit&id=' . $objComment->id); // Do not send notifications twice if (is_array($varNotifies)) { $objEmail->sendTo(array_unique($varNotifies)); } elseif ($varNotifies != '') { $objEmail->sendTo($varNotifies); // see #5443 } // Pending for approval if ($objConfig->moderate) { $_SESSION['TL_COMMENT_ADDED'] = true; } else { static::notifyCommentsSubscribers($objComment); } } }
/** * Replace insert tags with their values * * @param string $strBuffer The text with the tags to be replaced * @param boolean $blnCache If false, non-cacheable tags will be replaced * * @return string The text with the replaced tags */ protected function replaceInsertTags($strBuffer, $blnCache = true) { global $objPage; // Preserve insert tags if (\Config::get('disableInsertTags')) { return \String::restoreBasicEntities($strBuffer); } $tags = preg_split('/\\{\\{(([^\\{\\}]*|(?R))*)\\}\\}/', $strBuffer, -1, PREG_SPLIT_DELIM_CAPTURE); $strBuffer = ''; static $arrCache = array(); for ($_rit = 0, $_cnt = count($tags); $_rit < $_cnt; $_rit += 3) { $strBuffer .= $tags[$_rit]; $strTag = $tags[$_rit + 1]; // Skip empty tags if ($strTag == '') { continue; } // Run the replacement again if there are more tags (see #4402) if (strpos($strTag, '{{') !== false) { $strTag = $this->replaceInsertTags($strTag, $blnCache); } $flags = explode('|', $strTag); $tag = array_shift($flags); $elements = explode('::', $tag); // Load the value from cache if (isset($arrCache[$strTag]) && !in_array('refresh', $flags)) { $strBuffer .= $arrCache[$strTag]; continue; } // Skip certain elements if the output will be cached if ($blnCache) { if ($elements[0] == 'date' || $elements[0] == 'ua' || $elements[0] == 'post' || $elements[0] == 'file' || $elements[1] == 'back' || $elements[1] == 'referer' || $elements[0] == 'request_token' || $elements[0] == 'toggle_view' || strncmp($elements[0], 'cache_', 6) === 0 || in_array('uncached', $flags)) { $strBuffer .= '{{' . $strTag . '}}'; continue; } } $arrCache[$strTag] = ''; // Replace the tag switch (strtolower($elements[0])) { // Date case 'date': $arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('dateFormat')); break; // Accessibility tags // Accessibility tags case 'lang': if ($elements[1] == '') { $arrCache[$strTag] = '</span>'; } elseif ($objPage->outputFormat == 'xhtml') { $arrCache[$strTag] = '<span lang="' . $elements[1] . '" xml:lang="' . $elements[1] . '">'; } else { $arrCache[$strTag] = $arrCache[$strTag] = '<span lang="' . $elements[1] . '">'; } break; // Line break // Line break case 'br': $arrCache[$strTag] = '<br' . ($objPage->outputFormat == 'xhtml' ? ' />' : '>'); break; // E-mail addresses // E-mail addresses case 'email': case 'email_open': case 'email_url': if ($elements[1] == '') { $arrCache[$strTag] = ''; break; } $strEmail = \String::encodeEmail($elements[1]); // Replace the tag switch (strtolower($elements[0])) { case 'email': $arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" class="email">' . preg_replace('/\\?.*$/', '', $strEmail) . '</a>'; break; case 'email_open': $arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" class="email">'; break; case 'email_url': $arrCache[$strTag] = $strEmail; break; } break; // Label tags // Label tags case 'label': $keys = explode(':', $elements[1]); if (count($keys) < 2) { $arrCache[$strTag] = ''; break; } $file = $keys[0]; // Map the key (see #7217) switch ($file) { case 'CNT': $file = 'countries'; break; case 'LNG': $file = 'languages'; break; case 'MOD': case 'FMD': $file = 'modules'; break; case 'FFL': $file = 'tl_form_field'; break; case 'CACHE': $file = 'tl_page'; break; case 'XPL': $file = 'explain'; break; case 'XPT': $file = 'exception'; break; } \System::loadLanguageFile($file); if (count($keys) == 2) { $arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]]; } else { $arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]][$keys[2]]; } break; // Front end user // Front end user case 'user': if (FE_USER_LOGGED_IN) { $this->import('FrontendUser', 'User'); $value = $this->User->{$elements}[1]; if ($value == '') { $arrCache[$strTag] = $value; break; } $this->loadDataContainer('tl_member'); if ($GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['inputType'] == 'password') { $arrCache[$strTag] = ''; break; } $value = deserialize($value); $rgxp = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['eval']['rgxp']; $opts = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['options']; $rfrc = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['reference']; if ($rgxp == 'date') { $arrCache[$strTag] = \Date::parse(\Config::get('dateFormat'), $value); } elseif ($rgxp == 'time') { $arrCache[$strTag] = \Date::parse(\Config::get('timeFormat'), $value); } elseif ($rgxp == 'datim') { $arrCache[$strTag] = \Date::parse(\Config::get('datimFormat'), $value); } elseif (is_array($value)) { $arrCache[$strTag] = implode(', ', $value); } elseif (is_array($opts) && array_is_assoc($opts)) { $arrCache[$strTag] = isset($opts[$value]) ? $opts[$value] : $value; } elseif (is_array($rfrc)) { $arrCache[$strTag] = isset($rfrc[$value]) ? is_array($rfrc[$value]) ? $rfrc[$value][0] : $rfrc[$value] : $value; } else { $arrCache[$strTag] = $value; } // Convert special characters (see #1890) $arrCache[$strTag] = specialchars($arrCache[$strTag]); } break; // Link // Link case 'link': case 'link_open': case 'link_url': case 'link_title': $strTarget = null; // Back link if ($elements[1] == 'back') { $strUrl = 'javascript:history.go(-1)'; $strTitle = $GLOBALS['TL_LANG']['MSC']['goBack']; // No language files if the page is cached if (!strlen($strTitle)) { $strTitle = 'Go back'; } $strName = $strTitle; } elseif (strncmp($elements[1], 'http://', 7) === 0 || strncmp($elements[1], 'https://', 8) === 0) { $strUrl = $elements[1]; $strTitle = $elements[1]; $strName = str_replace(array('http://', 'https://'), '', $elements[1]); } else { // User login page if ($elements[1] == 'login') { if (!FE_USER_LOGGED_IN) { break; } $this->import('FrontendUser', 'User'); $elements[1] = $this->User->loginPage; } $objNextPage = \PageModel::findByIdOrAlias($elements[1]); if ($objNextPage === null) { break; } // Page type specific settings (thanks to Andreas Schempp) switch ($objNextPage->type) { case 'redirect': $strUrl = $this->replaceInsertTags($objNextPage->url); // see #6765 if (strncasecmp($strUrl, 'mailto:', 7) === 0) { $strUrl = \String::encodeEmail($strUrl); } break; case 'forward': if ($objNextPage->jumpTo) { $objNext = $objNextPage->getRelated('jumpTo'); } else { $objNext = \PageModel::findFirstPublishedRegularByPid($objNextPage->id); } if ($objNext !== null) { $strForceLang = null; $objNext->loadDetails(); // Check the target page language (see #4706) if (\Config::get('addLanguageToUrl')) { $strForceLang = $objNext->language; } $strUrl = $this->generateFrontendUrl($objNext->row(), null, $strForceLang, true); break; } // DO NOT ADD A break; STATEMENT // DO NOT ADD A break; STATEMENT default: $strForceLang = null; $objNextPage->loadDetails(); // Check the target page language (see #4706, #5465) if (\Config::get('addLanguageToUrl')) { $strForceLang = $objNextPage->language; } $strUrl = $this->generateFrontendUrl($objNextPage->row(), null, $strForceLang, true); break; } $strName = $objNextPage->title; $strTarget = $objNextPage->target ? $objPage->outputFormat == 'xhtml' ? LINK_NEW_WINDOW : ' target="_blank"' : ''; $strTitle = $objNextPage->pageTitle ?: $objNextPage->title; } // Replace the tag switch (strtolower($elements[0])) { case 'link': $arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>%s</a>', $strUrl, specialchars($strTitle), $strTarget, specialchars($strName)); break; case 'link_open': $arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>', $strUrl, specialchars($strTitle), $strTarget); break; case 'link_url': $arrCache[$strTag] = $strUrl; break; case 'link_title': $arrCache[$strTag] = specialchars($strTitle); break; case 'link_target': $arrCache[$strTag] = $strTarget; break; } break; // Closing link tag // Closing link tag case 'link_close': $arrCache[$strTag] = '</a>'; break; // Insert article // Insert article case 'insert_article': if (($strOutput = $this->getArticle($elements[1], false, true)) !== false) { $arrCache[$strTag] = $this->replaceInsertTags(ltrim($strOutput), $blnCache); } else { $arrCache[$strTag] = '<p class="error">' . sprintf($GLOBALS['TL_LANG']['MSC']['invalidPage'], $elements[1]) . '</p>'; } break; // Insert content element // Insert content element case 'insert_content': $arrCache[$strTag] = $this->replaceInsertTags($this->getContentElement($elements[1]), $blnCache); break; // Insert module // Insert module case 'insert_module': $arrCache[$strTag] = $this->replaceInsertTags($this->getFrontendModule($elements[1]), $blnCache); break; // Insert form // Insert form case 'insert_form': $arrCache[$strTag] = $this->replaceInsertTags($this->getForm($elements[1]), $blnCache); break; // Article // Article case 'article': case 'article_open': case 'article_url': case 'article_title': if (($objArticle = \ArticleModel::findByIdOrAlias($elements[1])) === null || ($objPid = $objArticle->getRelated('pid')) === null) { break; } $strUrl = $this->generateFrontendUrl($objPid->row(), '/articles/' . (!\Config::get('disableAlias') && strlen($objArticle->alias) ? $objArticle->alias : $objArticle->id)); // Replace the tag switch (strtolower($elements[0])) { case 'article': $strLink = specialchars($objArticle->title); $arrCache[$strTag] = sprintf('<a href="%s" title="%s">%s</a>', $strUrl, $strLink, $strLink); break; case 'article_open': $arrCache[$strTag] = sprintf('<a href="%s" title="%s">', $strUrl, specialchars($objArticle->title)); break; case 'article_url': $arrCache[$strTag] = $strUrl; break; case 'article_title': $arrCache[$strTag] = specialchars($objArticle->title); break; } break; // FAQ // FAQ case 'faq': case 'faq_open': case 'faq_url': case 'faq_title': if (($objFaq = \FaqModel::findByIdOrAlias($elements[1])) === null || ($objPid = $objFaq->getRelated('pid')) === null || ($objJumpTo = $objPid->getRelated('jumpTo')) === null) { break; } $strUrl = $this->generateFrontendUrl($objJumpTo->row(), (\Config::get('useAutoItem') && !\Config::get('disableAlias') ? '/' : '/items/') . (!\Config::get('disableAlias') && $objFaq->alias != '' ? $objFaq->alias : $objFaq->id)); // Replace the tag switch (strtolower($elements[0])) { case 'faq': $strLink = specialchars($objFaq->question); $arrCache[$strTag] = sprintf('<a href="%s" title="%s">%s</a>', $strUrl, $strLink, $strLink); break; case 'faq_open': $arrCache[$strTag] = sprintf('<a href="%s" title="%s">', $strUrl, specialchars($objFaq->question)); break; case 'faq_url': $arrCache[$strTag] = $strUrl; break; case 'faq_title': $arrCache[$strTag] = specialchars($objFaq->question); break; } break; // News // News case 'news': case 'news_open': case 'news_url': case 'news_title': if (($objNews = \NewsModel::findByIdOrAlias($elements[1])) === null) { break; } $strUrl = ''; if ($objNews->source == 'external') { $strUrl = $objNews->url; } elseif ($objNews->source == 'internal') { if (($objJumpTo = $objNews->getRelated('jumpTo')) !== null) { $strUrl = $this->generateFrontendUrl($objJumpTo->row()); } } elseif ($objNews->source == 'article') { if (($objArticle = \ArticleModel::findByPk($objNews->articleId, array('eager' => true))) !== null && ($objPid = $objArticle->getRelated('pid')) !== null) { $strUrl = $this->generateFrontendUrl($objPid->row(), '/articles/' . (!\Config::get('disableAlias') && $objArticle->alias != '' ? $objArticle->alias : $objArticle->id)); } } else { if (($objArchive = $objNews->getRelated('pid')) !== null && ($objJumpTo = $objArchive->getRelated('jumpTo')) !== null) { $strUrl = $this->generateFrontendUrl($objJumpTo->row(), (\Config::get('useAutoItem') && !\Config::get('disableAlias') ? '/' : '/items/') . (!\Config::get('disableAlias') && $objNews->alias != '' ? $objNews->alias : $objNews->id)); } } // Replace the tag switch (strtolower($elements[0])) { case 'news': $strLink = specialchars($objNews->headline); $arrCache[$strTag] = sprintf('<a href="%s" title="%s">%s</a>', $strUrl, $strLink, $strLink); break; case 'news_open': $arrCache[$strTag] = sprintf('<a href="%s" title="%s">', $strUrl, specialchars($objNews->headline)); break; case 'news_url': $arrCache[$strTag] = $strUrl; break; case 'news_title': $arrCache[$strTag] = specialchars($objNews->headline); break; } break; // Events // Events case 'event': case 'event_open': case 'event_url': case 'event_title': if (($objEvent = \CalendarEventsModel::findByIdOrAlias($elements[1])) === null) { break; } $strUrl = ''; if ($objEvent->source == 'external') { $strUrl = $objEvent->url; } elseif ($objEvent->source == 'internal') { if (($objJumpTo = $objEvent->getRelated('jumpTo')) !== null) { $strUrl = $this->generateFrontendUrl($objJumpTo->row()); } } elseif ($objEvent->source == 'article') { if (($objArticle = \ArticleModel::findByPk($objEvent->articleId, array('eager' => true))) !== null && ($objPid = $objArticle->getRelated('pid')) !== null) { $strUrl = $this->generateFrontendUrl($objPid->row(), '/articles/' . (!\Config::get('disableAlias') && $objArticle->alias != '' ? $objArticle->alias : $objArticle->id)); } } else { if (($objCalendar = $objEvent->getRelated('pid')) !== null && ($objJumpTo = $objCalendar->getRelated('jumpTo')) !== null) { $strUrl = $this->generateFrontendUrl($objJumpTo->row(), (\Config::get('useAutoItem') && !\Config::get('disableAlias') ? '/' : '/events/') . (!\Config::get('disableAlias') && $objEvent->alias != '' ? $objEvent->alias : $objEvent->id)); } } // Replace the tag switch (strtolower($elements[0])) { case 'event': $strLink = specialchars($objEvent->title); $arrCache[$strTag] = sprintf('<a href="%s" title="%s">%s</a>', $strUrl, $strLink, $strLink); break; case 'event_open': $arrCache[$strTag] = sprintf('<a href="%s" title="%s">', $strUrl, specialchars($objEvent->title)); break; case 'event_url': $arrCache[$strTag] = $strUrl; break; case 'event_title': $arrCache[$strTag] = specialchars($objEvent->title); break; } break; // Article teaser // Article teaser case 'article_teaser': $objTeaser = \ArticleModel::findByIdOrAlias($elements[1]); if ($objTeaser !== null) { if ($objPage->outputFormat == 'xhtml') { $arrCache[$strTag] = \String::toXhtml($this->replaceInsertTags($objTeaser->teaser), $blnCache); } else { $arrCache[$strTag] = \String::toHtml5($this->replaceInsertTags($objTeaser->teaser), $blnCache); } } break; // News teaser // News teaser case 'news_teaser': $objTeaser = \NewsModel::findByIdOrAlias($elements[1]); if ($objTeaser !== null) { if ($objPage->outputFormat == 'xhtml') { $arrCache[$strTag] = \String::toXhtml($objTeaser->teaser); } else { $arrCache[$strTag] = \String::toHtml5($objTeaser->teaser); } } break; // Event teaser // Event teaser case 'event_teaser': $objTeaser = \CalendarEventsModel::findByIdOrAlias($elements[1]); if ($objTeaser !== null) { if ($objPage->outputFormat == 'xhtml') { $arrCache[$strTag] = \String::toXhtml($objTeaser->teaser); } else { $arrCache[$strTag] = \String::toHtml5($objTeaser->teaser); } } break; // News feed URL // News feed URL case 'news_feed': $objFeed = \NewsFeedModel::findByPk($elements[1]); if ($objFeed !== null) { $arrCache[$strTag] = $objFeed->feedBase . 'share/' . $objFeed->alias . '.xml'; } break; // Calendar feed URL // Calendar feed URL case 'calendar_feed': $objFeed = \CalendarFeedModel::findByPk($elements[1]); if ($objFeed !== null) { $arrCache[$strTag] = $objFeed->feedBase . 'share/' . $objFeed->alias . '.xml'; } break; // Last update // Last update case 'last_update': $strQuery = "SELECT MAX(tstamp) AS tc"; if (in_array('news', \ModuleLoader::getActive())) { $strQuery .= ", (SELECT MAX(tstamp) FROM tl_news) AS tn"; } if (in_array('calendar', \ModuleLoader::getActive())) { $strQuery .= ", (SELECT MAX(tstamp) FROM tl_calendar_events) AS te"; } $strQuery .= " FROM tl_content"; $objUpdate = \Database::getInstance()->query($strQuery); if ($objUpdate->numRows) { $arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('datimFormat'), max($objUpdate->tc, $objUpdate->tn, $objUpdate->te)); } break; // Version // Version case 'version': $arrCache[$strTag] = VERSION . '.' . BUILD; break; // Request token // Request token case 'request_token': $arrCache[$strTag] = REQUEST_TOKEN; break; // POST data // POST data case 'post': $arrCache[$strTag] = \Input::post($elements[1]); break; // Mobile/desktop toggle (see #6469) // Mobile/desktop toggle (see #6469) case 'toggle_view': $strUrl = ampersand(\Environment::get('request')); $strGlue = strpos($strUrl, '?') === false ? '?' : '&'; if (\Input::cookie('TL_VIEW') == 'mobile' || \Environment::get('agent')->mobile && \Input::cookie('TL_VIEW') != 'desktop') { $arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=desktop" class="toggle_desktop" title="' . specialchars($GLOBALS['TL_LANG']['MSC']['toggleDesktop'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleDesktop'][0] . '</a>'; } else { $arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=mobile" class="toggle_mobile" title="' . specialchars($GLOBALS['TL_LANG']['MSC']['toggleMobile'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleMobile'][0] . '</a>'; } break; // Conditional tags (if) // Conditional tags (if) case 'iflng': if ($elements[1] != '' && $elements[1] != $objPage->language) { for (; $_rit < $_cnt; $_rit += 3) { if ($tags[$_rit + 1] == 'iflng' || $tags[$_rit + 1] == 'iflng::' . $objPage->language) { break; } } } unset($arrCache[$strTag]); break; // Conditional tags (if not) // Conditional tags (if not) case 'ifnlng': if ($elements[1] != '') { $langs = trimsplit(',', $elements[1]); if (in_array($objPage->language, $langs)) { for (; $_rit < $_cnt; $_rit += 3) { if ($tags[$_rit + 1] == 'ifnlng') { break; } } } } unset($arrCache[$strTag]); break; // Environment // Environment case 'env': switch ($elements[1]) { case 'host': $arrCache[$strTag] = \Idna::decode(\Environment::get('host')); break; case 'http_host': $arrCache[$strTag] = \Idna::decode(\Environment::get('httpHost')); break; case 'url': $arrCache[$strTag] = \Idna::decode(\Environment::get('url')); break; case 'path': $arrCache[$strTag] = \Idna::decode(\Environment::get('base')); break; case 'request': $arrCache[$strTag] = \Environment::get('indexFreeRequest'); break; case 'ip': $arrCache[$strTag] = \Environment::get('ip'); break; case 'referer': $arrCache[$strTag] = $this->getReferer(true); break; case 'files_url': $arrCache[$strTag] = TL_FILES_URL; break; case 'assets_url': case 'plugins_url': case 'script_url': $arrCache[$strTag] = TL_ASSETS_URL; break; } break; // Page // Page case 'page': if ($elements[1] == 'pageTitle' && $objPage->pageTitle == '') { $elements[1] = 'title'; } elseif ($elements[1] == 'parentPageTitle' && $objPage->parentPageTitle == '') { $elements[1] = 'parentTitle'; } elseif ($elements[1] == 'mainPageTitle' && $objPage->mainPageTitle == '') { $elements[1] = 'mainTitle'; } // Do not use specialchars() here (see #4687) $arrCache[$strTag] = $objPage->{$elements[1]}; break; // User agent // User agent case 'ua': $ua = \Environment::get('agent'); if ($elements[1] != '') { $arrCache[$strTag] = $ua->{$elements[1]}; } else { $arrCache[$strTag] = ''; } break; // Acronyms // Acronyms case 'acronym': if ($objPage->outputFormat == 'xhtml') { if ($elements[1] != '') { $arrCache[$strTag] = '<acronym title="' . $elements[1] . '">'; } else { $arrCache[$strTag] = '</acronym>'; } break; } // NO break; // Abbreviations // NO break; // Abbreviations case 'abbr': if ($elements[1] != '') { $arrCache[$strTag] = '<abbr title="' . $elements[1] . '">'; } else { $arrCache[$strTag] = '</abbr>'; } break; // Images // Images case 'image': $width = null; $height = null; $alt = ''; $class = ''; $rel = ''; $strFile = $elements[1]; $mode = ''; // Take arguments if (strpos($elements[1], '?') !== false) { $arrChunks = explode('?', urldecode($elements[1]), 2); $strSource = \String::decodeEntities($arrChunks[1]); $strSource = str_replace('[&]', '&', $strSource); $arrParams = explode('&', $strSource); foreach ($arrParams as $strParam) { list($key, $value) = explode('=', $strParam); switch ($key) { case 'width': $width = $value; break; case 'height': $height = $value; break; case 'alt': $alt = specialchars($value); break; case 'class': $class = $value; break; case 'rel': $rel = $value; break; case 'mode': $mode = $value; break; } } $strFile = $arrChunks[0]; } if (\Validator::isUuid($strFile)) { // Handle UUIDs $objFile = \FilesModel::findByUuid($strFile); if ($objFile === null) { $arrCache[$strTag] = ''; break; } $strFile = $objFile->path; } elseif (is_numeric($strFile)) { // Handle numeric IDs (see #4805) $objFile = \FilesModel::findByPk($strFile); if ($objFile === null) { $arrCache[$strTag] = ''; break; } $strFile = $objFile->path; } else { // Sanitize the path $strFile = str_replace('../', '', $strFile); } // Check the maximum image width if (\Config::get('maxImageWidth') > 0 && $width > \Config::get('maxImageWidth')) { $width = \Config::get('maxImageWidth'); $height = null; } // Generate the thumbnail image try { $src = \Image::get($strFile, $width, $height, $mode); $dimensions = ''; // Add the image dimensions if (($imgSize = @getimagesize(TL_ROOT . '/' . rawurldecode($src))) !== false) { $dimensions = $imgSize[3]; } // Generate the HTML markup if ($rel != '') { if (strncmp($rel, 'lightbox', 8) !== 0 || $objPage->outputFormat == 'xhtml') { $attribute = ' rel="' . $rel . '"'; } else { $attribute = ' data-lightbox="' . substr($rel, 8) . '"'; } $arrCache[$strTag] = '<a href="' . TL_FILES_URL . $strFile . '"' . ($alt != '' ? ' title="' . $alt . '"' : '') . $attribute . '><img src="' . TL_FILES_URL . $src . '" ' . $dimensions . ' alt="' . $alt . '"' . ($class != '' ? ' class="' . $class . '"' : '') . ($objPage->outputFormat == 'xhtml' ? ' />' : '>') . '</a>'; } else { $arrCache[$strTag] = '<img src="' . TL_FILES_URL . $src . '" ' . $dimensions . ' alt="' . $alt . '"' . ($class != '' ? ' class="' . $class . '"' : '') . ($objPage->outputFormat == 'xhtml' ? ' />' : '>'); } } catch (\Exception $e) { $arrCache[$strTag] = ''; } break; // Files (UUID or template path) // Files (UUID or template path) case 'file': if (\Validator::isUuid($elements[1])) { $objFile = \FilesModel::findByUuid($elements[1]); if ($objFile !== null) { $arrCache[$strTag] = $objFile->path; break; } } $arrGet = $_GET; \Input::resetCache(); $strFile = $elements[1]; // Take arguments and add them to the $_GET array if (strpos($elements[1], '?') !== false) { $arrChunks = explode('?', urldecode($elements[1])); $strSource = \String::decodeEntities($arrChunks[1]); $strSource = str_replace('[&]', '&', $strSource); $arrParams = explode('&', $strSource); foreach ($arrParams as $strParam) { $arrParam = explode('=', $strParam); $_GET[$arrParam[0]] = $arrParam[1]; } $strFile = $arrChunks[0]; } // Sanitize path $strFile = str_replace('../', '', $strFile); // Include .php, .tpl, .xhtml and .html5 files if (preg_match('/\\.(php|tpl|xhtml|html5)$/', $strFile) && file_exists(TL_ROOT . '/templates/' . $strFile)) { ob_start(); include TL_ROOT . '/templates/' . $strFile; $arrCache[$strTag] = ob_get_contents(); ob_end_clean(); } $_GET = $arrGet; \Input::resetCache(); break; // HOOK: pass unknown tags to callback functions // HOOK: pass unknown tags to callback functions default: if (isset($GLOBALS['TL_HOOKS']['replaceInsertTags']) && is_array($GLOBALS['TL_HOOKS']['replaceInsertTags'])) { foreach ($GLOBALS['TL_HOOKS']['replaceInsertTags'] as $callback) { $this->import($callback[0]); $varValue = $this->{$callback}[0]->{$callback}[1]($tag, $blnCache, $arrCache[$strTag], $flags, $tags, $arrCache, $_rit, $_cnt); // see #6672 // Replace the tag and stop the loop if ($varValue !== false) { $arrCache[$strTag] = $varValue; break; } } } if (\Config::get('debugMode')) { $GLOBALS['TL_DEBUG']['unknown_insert_tags'][] = $strTag; } break; } // Handle the flags if (!empty($flags)) { foreach ($flags as $flag) { switch ($flag) { case 'addslashes': case 'stripslashes': case 'standardize': case 'ampersand': case 'specialchars': case 'nl2br': case 'nl2br_pre': case 'strtolower': case 'utf8_strtolower': case 'strtoupper': case 'utf8_strtoupper': case 'ucfirst': case 'lcfirst': case 'ucwords': case 'trim': case 'rtrim': case 'ltrim': case 'utf8_romanize': case 'strrev': case 'base64_encode': case 'base64_decode': case 'urlencode': case 'rawurlencode': $arrCache[$strTag] = $flag($arrCache[$strTag]); break; case 'encodeEmail': case 'decodeEntities': $arrCache[$strTag] = \String::$flag($arrCache[$strTag]); break; case 'number_format': $arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 0); break; case 'currency_format': $arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 2); break; case 'readable_size': $arrCache[$strTag] = \System::getReadableSize($arrCache[$strTag]); break; // HOOK: pass unknown flags to callback functions // HOOK: pass unknown flags to callback functions default: if (isset($GLOBALS['TL_HOOKS']['insertTagFlags']) && is_array($GLOBALS['TL_HOOKS']['insertTagFlags'])) { foreach ($GLOBALS['TL_HOOKS']['insertTagFlags'] as $callback) { $this->import($callback[0]); $varValue = $this->{$callback}[0]->{$callback}[1]($flag, $tag, $arrCache[$strTag], $flags, $blnCache, $tags, $arrCache, $_rit, $_cnt); // see #5806 // Replace the tag and stop the loop if ($varValue !== false) { $arrCache[$strTag] = $varValue; break; } } } if (\Config::get('debugMode')) { $GLOBALS['TL_DEBUG']['unknown_insert_tag_flags'][] = $flag; } break; } } } $strBuffer .= $arrCache[$strTag]; } return \String::restoreBasicEntities($strBuffer); }
/** * Try to login the current user * * @return boolean True if the user could be logged in */ public function login() { \System::loadLanguageFile('default'); // Do not continue if username or password are missing if (empty($_POST['username']) || empty($_POST['password'])) { return false; } // Load the user object if ($this->findBy('username', \Input::post('username', true)) == false) { $blnLoaded = false; // HOOK: pass credentials to callback functions if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) { foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) { $this->import($callback[0], 'objImport', true); $blnLoaded = $this->objImport->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this->strTable); // Load successfull if ($blnLoaded === true) { break; } } } // Return if the user still cannot be loaded if (!$blnLoaded || $this->findBy('username', \Input::post('username', true)) == false) { \Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']); $this->log('Could not find user "' . \Input::post('username', true) . '"', __METHOD__, TL_ACCESS); return false; } } $time = time(); // Set the user language if (\Input::post('language')) { $this->language = \Input::post('language'); } // Lock the account if there are too many login attempts if ($this->loginCount < 1) { $this->locked = $time; $this->loginCount = \Config::get('loginCount'); $this->save(); // Add a log entry and the error message, because checkAccountStatus() will not be called (see #4444) $this->log('User "' . $this->username . '" has been locked for ' . ceil(\Config::get('lockPeriod') / 60) . ' minutes', __METHOD__, TL_ACCESS); \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['accountLocked'], ceil(($this->locked + \Config::get('lockPeriod') - $time) / 60))); // Send admin notification if (\Config::get('adminEmail') != '') { $objEmail = new \Email(); $objEmail->subject = $GLOBALS['TL_LANG']['MSC']['lockedAccount'][0]; $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['lockedAccount'][1], $this->username, TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name, \Idna::decode(\Environment::get('base')), ceil(\Config::get('lockPeriod') / 60)); $objEmail->sendTo(\Config::get('adminEmail')); } return false; } // Check the account status if ($this->checkAccountStatus() == false) { return false; } // The password has been generated with crypt() if (\Encryption::test($this->password)) { $blnAuthenticated = \Encryption::verify(\Input::postUnsafeRaw('password'), $this->password); } else { list($strPassword, $strSalt) = explode(':', $this->password); $blnAuthenticated = $strSalt == '' ? $strPassword === sha1(\Input::postUnsafeRaw('password')) : $strPassword === sha1($strSalt . \Input::postUnsafeRaw('password')); // Store a SHA-512 encrpyted version of the password if ($blnAuthenticated) { $this->password = \Encryption::hash(\Input::postUnsafeRaw('password')); } } // HOOK: pass credentials to callback functions if (!$blnAuthenticated && isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) { foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) { $this->import($callback[0], 'objAuth', true); $blnAuthenticated = $this->objAuth->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this); // Authentication successfull if ($blnAuthenticated === true) { break; } } } // Redirect if the user could not be authenticated if (!$blnAuthenticated) { --$this->loginCount; $this->save(); \Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']); $this->log('Invalid password submitted for username "' . $this->username . '"', __METHOD__, TL_ACCESS); return false; } $this->setUserFromDb(); // Update the record $this->lastLogin = $this->currentLogin; $this->currentLogin = $time; $this->loginCount = \Config::get('loginCount'); $this->save(); // Generate the session $this->generateSession(); $this->log('User "' . $this->username . '" has logged in', __METHOD__, TL_ACCESS); // HOOK: post login callback if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) { foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) { $this->import($callback[0], 'objLogin', true); $this->objLogin->{$callback[1]}($this); } } return true; }
public function sendUnSubscribeMail($channels, $subject = '', $text = '') { $objChannel = \Database::getInstance()->prepare("SELECT * FROM tl_newsletter_channel WHERE id IN (" . implode(',', $channels) . ")")->limit(1)->execute(); $objEmail = new \Email(); if (empty($subject)) { $subject = $objChannel->first()->nl_unsubscribe_subject; } if (empty($text)) { $text = $objChannel->first()->nl_unsubscribe_text; } $strSubject = str_replace(array('##channel##', '##channels##'), implode(",", $objChannel->fetchEach('title')), $subject); $strText = str_replace('##salutation##', $this->getSalutation(), $text); $strText = str_replace('##domain##', \Idna::decode(\Environment::get('host')), $strText); $strText = str_replace('##link##', \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $this->token, $strText); $strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText); $objEmail->from = $objChannel->first()->nl_unsubscribe_sender_mail ? $objChannel->first()->nl_unsubscribe_sender_mail : $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $objChannel->first()->nl_unsubscribe_sender_name ? $objChannel->first()->nl_unsubscribe_sender_name : $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = $this->replaceInsertTags($strSubject); $objEmail->text = $this->replaceInsertTags($strText); if ($objEmail->sendTo($this->email)) { $_SESSION['UNSUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_removed']; return true; } return false; }
/** * Return a parameter * * @param string $strKey The parameter key * * @return mixed The parameter value */ public function __get($strKey) { switch ($strKey) { case 'value': if (is_array($this->varValue)) { return array($this->varValue[0], \Idna::decode($this->varValue[1])); } else { return array('', \Idna::decode($this->varValue)); } break; case 'type': return 'text'; break; default: return parent::__get($strKey); break; } }
/** * Add a form to create new testimonials * @param \FrontendTemplate * @param \stdClass * @param string * @param integer * @param array */ protected function renderTestimonialForm(\FrontendTemplate $objTemplate, \stdClass $objConfig, $intParent) { $this->import('FrontendUser', 'User'); // Access control if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) { $objTemplate->requireLogin = true; return; } // Form fields $arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_name'])), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_email'])), 'url' => array('name' => 'url', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_url'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_url'])), 'company' => array('name' => 'company', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_company'], 'inputType' => 'text', 'eval' => array('maxlength' => 128, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_company'])), 'title' => array('name' => 'title', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_title'], 'inputType' => 'text', 'eval' => array('maxlength' => 128, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_title']))); if ($objConfig->enableVoteField1 && $objConfig->addVote) { $arrFields['votefield1'] = array('name' => 'votefield1', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield1'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField2 && $objConfig->addVote) { $arrFields['votefield2'] = array('name' => 'votefield2', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield2'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField3 && $objConfig->addVote) { $arrFields['votefield3'] = array('name' => 'votefield3', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield3'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField4 && $objConfig->addVote) { $arrFields['votefield4'] = array('name' => 'votefield4', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield4'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField5 && $objConfig->addVote) { $arrFields['votefield5'] = array('name' => 'votefield5', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield5'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField6 && $objConfig->addVote) { $arrFields['votefield6'] = array('name' => 'votefield6', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield6'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } // Captcha if (!$objConfig->disableCaptcha) { $arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true)); } // Testimonial field $arrFields['testimonial'] = array('name' => 'testimonial', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_testimonial'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 15, 'cols' => 40, 'preserveTags' => true)); $doNotSubmit = false; $arrWidgets = array(); $strFormId = 'jedo_testimonials_' . $intParent; // Initialize the widgets foreach ($arrFields as $arrField) { $strClass = $GLOBALS['TL_FFL'][$arrField['inputType']]; // Continue if the class is not defined if (!class_exists($strClass)) { continue; } $arrField['eval']['required'] = $arrField['eval']['mandatory']; $objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value'])); // Validate the widget if (\Input::post('FORM_SUBMIT') == $strFormId) { $objWidget->validate(); if ($objWidget->hasErrors()) { $doNotSubmit = true; } } $arrWidgets[$arrField['name']] = $objWidget; } $objTemplate->fields = $arrWidgets; $objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit']; $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->messages = ''; // Backwards compatibility $objTemplate->formId = $strFormId; $objTemplate->hasError = $doNotSubmit; // Do not index or cache the page with the confirmation message if ($_SESSION['TL_TESTIMONIAL_ADDED']) { global $objPage; $objPage->noSearch = 1; $objPage->cache = 0; $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm']; $_SESSION['TL_TESTIMONIAL_ADDED'] = false; } // Store the testimonial if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) { $strWebsite = $arrWidgets['url']->value; if ($strWebsite == $GLOBALS['TL_LANG']['MSC']['tm_url']) { $strWebsite = ''; } // Add http:// to the website if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) { $strWebsite = 'http://' . $strWebsite; } // Do not parse any tags in the testimonial $strTestimonial = htmlspecialchars(trim($arrWidgets['testimonial']->value)); $strTestimonial = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strTestimonial); // Remove multiple line feeds $strTestimonial = preg_replace('@\\n\\n+@', "\n\n", $strTestimonial); // Parse BBCode if ($objConfig->bbcode) { $strTestimonial = $this->parseBbCode($strTestimonial); } // Prevent cross-site request forgeries $strTestimonial = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strTestimonial); $time = time(); if ($objConfig->addVote) { // make the totalvote object $fields = 0; $value = 0.0; if ($objConfig->enableVoteField1) { $arrWidgets['votefield1']->value = $this->getRatingValue($arrWidgets['votefield1']->value); $value = $value + $arrWidgets['votefield1']->value; $fields++; } if ($objConfig->enableVoteField2) { $arrWidgets['votefield2']->value = $this->getRatingValue($arrWidgets['votefield2']->value); $value = $value + $arrWidgets['votefield2']->value; $fields++; } if ($objConfig->enableVoteField3) { $arrWidgets['votefield3']->value = $this->getRatingValue($arrWidgets['votefield3']->value); $value = $value + $arrWidgets['votefield3']->value; $fields++; } if ($objConfig->enableVoteField4) { $arrWidgets['votefield4']->value = $this->getRatingValue($arrWidgets['votefield4']->value); $value = $value + $arrWidgets['votefield4']->value; $fields++; } if ($objConfig->enableVoteField5) { $arrWidgets['votefield5']->value = $this->getRatingValue($arrWidgets['votefield5']->value); $value = $value + $arrWidgets['votefield5']->value; $fields++; } if ($objConfig->enableVoteField6) { $arrWidgets['votefield6']->value = $this->getRatingValue($arrWidgets['votefield6']->value); $value = $value + $arrWidgets['votefield6']->value; $fields++; } $totalvote = $value / $fields; $strTVotes = number_format($totalvote, 2); } if ($arrWidgets['company']->value == $value_company) { $arrWidgets['company']->value = ''; } if ($arrWidgets['title']->value == $value_title) { $arrWidgets['title']->value = ''; } // Prepare the record $arrSet = array('tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'company' => $arrWidgets['company']->value, 'title' => $arrWidgets['title']->value, 'url' => $strWebsite, 'testimonial' => $this->convertLineFeeds($strTestimonial), 'ip' => $this->anonymizeIp($this->Environment->ip), 'date' => $time, 'votestotal' => $strTVotes, 'votefield1' => !$objConfig->enableVoteField1 ? '' : $arrWidgets['votefield1']->value, 'votefield2' => !$objConfig->enableVoteField2 ? '' : $arrWidgets['votefield2']->value, 'votefield3' => !$objConfig->enableVoteField3 ? '' : $arrWidgets['votefield3']->value, 'votefield4' => !$objConfig->enableVoteField4 ? '' : $arrWidgets['votefield4']->value, 'votefield5' => !$objConfig->enableVoteField5 ? '' : $arrWidgets['votefield5']->value, 'votefield6' => !$objConfig->enableVoteField6 ? '' : $arrWidgets['votefield6']->value, 'published' => $objConfig->moderate ? '' : 1); // Store the testimonial $objTestimonials = new \TestimonialsModel(); $objTestimonials->setRow($arrSet)->save(); // Prepare the notification mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['tm_subject'], \Idna::decode(\Environment::get('host'))); // Convert the testimonial to plain text $strTestimonial = strip_tags($strTestimonial); $strTestimonial = \StringUtil::decodeEntities($strTestimonial); $strTestimonial = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strTestimonial); // Add the testimonial details $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['tm_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strTestimonial, \Idna::decode(\Environment::get('base')) . \Environment::get('request'), \Idna::decode(\Environment::get('base')) . 'contao/main.php?do=testimonials&act=edit&id=' . $objTestimonials->id); $objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']); // Pending for approval if ($objConfig->moderate) { // FIXME: notify the subscribers when the testimonial is published $_SESSION['TL_TESTIMONIAL_ADDED'] = true; } $this->reload(); } }
/** * Send an admin notification e-mail * * @param integer $intId * @param array $arrData */ protected function sendAdminNotification($intId, $arrData) { $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['adminSubject'], \Idna::decode(\Environment::get('host'))); $strData = "\n\n"; // Add user details foreach ($arrData as $k => $v) { if ($k == 'password' || $k == 'tstamp' || $k == 'activation' || $k == 'dateAdded') { continue; } $v = deserialize($v); if ($k == 'dateOfBirth' && strlen($v)) { $v = \Date::parse(\Config::get('dateFormat'), $v); } $strData .= $GLOBALS['TL_LANG']['tl_member'][$k][0] . ': ' . (is_array($v) ? implode(', ', $v) : $v) . "\n"; } $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['adminText'], $intId, $strData . "\n") . "\n"; $objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']); $this->log('A new user (ID ' . $intId . ') has registered on the website', __METHOD__, TL_ACCESS); }
/** * Generate the widget and return it as string * @return string */ public function generate() { $type = $this->hideInput ? 'password' : 'text'; if (!$this->multiple) { // Hide the Punycode format (see #2750) if ($this->rgxp == 'email' || $this->rgxp == 'url') { $this->varValue = \Idna::decode($this->varValue); } return sprintf('<input type="%s" name="%s" id="ctrl_%s" class="tl_text%s" value="%s"%s onfocus="Backend.getScrollOffset()">%s', $type, $this->strName, $this->strId, $this->strClass != '' ? ' ' . $this->strClass : '', specialchars($this->varValue), $this->getAttributes(), $this->wizard); } // Return if field size is missing if (!$this->size) { return ''; } if (!is_array($this->varValue)) { $this->varValue = array($this->varValue); } $arrFields = array(); for ($i = 0; $i < $this->size; $i++) { $arrFields[] = sprintf('<input type="%s" name="%s[]" id="ctrl_%s" class="tl_text_%s" value="%s"%s onfocus="Backend.getScrollOffset()">', $type, $this->strName, $this->strId . '_' . $i, $this->size, specialchars(@$this->varValue[$i]), $this->getAttributes()); } return sprintf('<div id="ctrl_%s"%s>%s</div>%s', $this->strId, $this->strClass != '' ? ' class="' . $this->strClass . '"' : '', implode(' ', $arrFields), $this->wizard); }
/** * * Add contao core tokens, as long as the cron job does not have these information * on sending mail in queue mode * * @param $arrTokens * @param $strLanguage * @return bool false if context_tokens has been set already (required by cron) */ protected function addContextTokens($objMessage, &$arrTokens, $strLanguage) { // add context tokens only once (queue will trigger this function again, and tokens might be overwritten) if (isset($arrTokens['context_tokens'])) { return false; } $arrTokens['context_tokens'] = true; // add environment variables as token $arrTokens['env_host'] = \Idna::decode(\Environment::get('host')); $arrTokens['env_http_host'] = \Idna::decode(\Environment::get('httpHost')); $arrTokens['env_url'] = \Idna::decode(\Environment::get('url')); $arrTokens['env_path'] = \Idna::decode(\Environment::get('base')); $arrTokens['env_request'] = \Idna::decode(\Environment::get('indexFreeRequest')); $arrTokens['env_ip'] = \Idna::decode(\Environment::get('ip')); $arrTokens['env_referer'] = \System::getReferer(); $arrTokens['env_files_url'] = TL_FILES_URL; $arrTokens['env_plugins_url'] = TL_ASSETS_URL; $arrTokens['env_script_url'] = TL_ASSETS_URL; // add date tokens $arrTokens['date'] = \Controller::replaceInsertTags('{{date}}'); $arrTokens['last_update'] = \Controller::replaceInsertTags('{{last_update}}'); if (TL_MODE == 'FE') { // add current page as token global $objPage; if ($objPage !== null) { foreach ($objPage->row() as $key => $value) { $arrTokens['page_' . $key] = $value; } if ($objPage->pageTitle == '') { $arrTokens['pageTitle'] = $objPage->title; } else { if ($objPage->parentPageTitle == '') { $arrTokens['parentPageTitle'] = $objPage->parentTitle; } else { if ($objPage->mainPageTitle == '') { $arrTokens['mainPageTitle'] = $objPage->mainTitle; } } } } // add user attributes as token if (FE_USER_LOGGED_IN) { $arrUserData = \FrontendUser::getInstance()->getData(); if (is_array($arrUserData)) { foreach ($arrUserData as $key => $value) { if (!is_array($value) && \Validator::isBinaryUuid($value)) { $value = \StringUtil::binToUuid($value); $objFile = \FilesModel::findByUuid($value); if ($objFile !== null) { $value = $objFile->path; } } $arrTokens['user_' . $key] = $value; } } } } }
/** * Tries to parse a string and to get the domain name, tld and idn * converted domain name. * * If given string is not a domain name, it will add a default tld. * * Also skips given string if it is longer than 63 characters. * * @throws instance of AbstractException if throwExceptions = true * @param string $unparsedString * @param string $defaultTld * @return void */ public function parse($unparsedString, $defaultTld = 'com') { try { if ($this->loaded === false) { $this->load(); } $matchedDomain = ''; $matchedDomainIdn = ''; $matchedTld = ''; $matchedTldIdn = ''; $matchedGroup = ''; $validHostname = true; $IdnaConverter = new Idna(array('idn_version' => 2008)); preg_match('/^((http|https|ftp|ftps|news|ssh|sftp|gopher):[\\/]{2,})?([^\\/]+)/', mb_strtolower(trim($unparsedString), $this->encoding), $matches); $parsedString = $IdnaConverter->encode(end($matches)); foreach ($this->tldList['content'] as $tldgroup => $tlds) { foreach ($tlds as $tld) { if (preg_match('/\\.' . $tld . '$/', $parsedString, $trash)) { $matchedTld = $tld; $matchedTldIdn = $IdnaConverter->encode($tld); $matchedDomain = substr($parsedString, 0, -strlen('.' . $matchedTld)); $matchedDomain = rtrim($matchedDomain, '.'); $matchedDomain = ltrim($matchedDomain, '.'); if ($matchedTld != 'name' && strpos($matchedDomain, '.')) { $matchedDomain = str_replace('.', '', strrchr($matchedDomain, '.')); } if (strpos($matchedDomain, ' ')) { $matchedDomain = explode(' ', $matchedDomain); $matchedDomain = end($matchedDomain); } $matchedDomainIdn = $IdnaConverter->encode($matchedDomain); $matchedGroup = $tldgroup; break; } if ($tld == $parsedString) { $matchedTld = $tld; $matchedTldIdn = $IdnaConverter->encode($tld); break; } } } if ($matchedDomain == '' && strlen($matchedDomainIdn) <= 63 && $matchedTld == '') { $matchedDomain = $IdnaConverter->decode(preg_replace_callback('/[^a-zA-Z0-9\\-\\.]/', function ($match) use(&$validHostname) { $validHostname = false; }, $IdnaConverter->encode($parsedString))); $matchedDomainIdn = $IdnaConverter->encode($matchedDomain); $matchedTld = $matchedTldIdn = $defaultTld; } elseif ($matchedDomain != '' && strlen($matchedDomainIdn) <= 63 && $matchedTld != '') { $matchedDomain = $IdnaConverter->decode(preg_replace_callback('/[^a-zA-Z0-9\\-\\.]/', function ($match) use(&$validHostname) { $validHostname = false; }, $IdnaConverter->encode($matchedDomain))); $matchedDomainIdn = $IdnaConverter->encode($matchedDomain); } elseif ($matchedDomain == '' && $matchedTld != '') { $validHostname = false; } else { throw \Novutec\DomainParser\AbstractException::factory('UnparsableString', 'Unparsable domain name.'); } $Result = new Result($matchedDomain, $matchedDomainIdn, $IdnaConverter->decode($matchedTld), $matchedTldIdn, $matchedGroup, $validHostname); } catch (\Novutec\DomainParser\AbstractException $e) { if ($this->throwExceptions) { throw $e; } $Result = new Result(); $Result->error = $e->getMessage(); } return $Result->get($this->format); }
/** * Generate the widget and return it as string * * @return string The widget markup */ public function generate() { $strType = $this->hideInput ? 'password' : 'text'; if (!$this->multiple) { // Hide the Punycode format (see #2750) if ($this->rgxp == 'url') { $this->value = \Idna::decode($this->value); } elseif ($this->rgxp == 'email' || $this->rgxp == 'friendly') { $this->value = \Idna::decodeEmail($this->value); } return sprintf('<input type="%s" name="%s" id="ctrl_%s" class="text%s%s" value="%s"%s%s', $strType, $this->strName, $this->strId, $this->hideInput ? ' password' : '', $this->strClass != '' ? ' ' . $this->strClass : '', specialchars($this->value), $this->getAttributes(), $this->strTagEnding) . $this->addSubmit(); } // Return if field size is missing if (!$this->size) { return ''; } if (!is_array($this->value)) { $this->value = array($this->value); } $arrFields = array(); for ($i = 0; $i < $this->size; $i++) { $arrFields[] = sprintf('<input type="%s" name="%s[]" id="ctrl_%s" class="text_%s" value="%s"%s%s', $strType, $this->strName, $this->strId . '_' . $i, $this->size, specialchars(@$this->value[$i]), $this->getAttributes(), $this->strTagEnding); } return sprintf('<div id="ctrl_%s"%s>%s</div>', $this->strId, $this->strClass != '' ? ' class="' . $this->strClass . '"' : '', implode(' ', $arrFields)) . $this->addSubmit(); }
/** * Create a new user and redirect * @param object */ protected function sendPasswordLink($objMember) { $arrChunks = array(); $confirmationId = md5(uniqid(mt_rand(), true)); // Store the confirmation ID $objMember = \MemberModel::findByPk($objMember->id); $objMember->activation = $confirmationId; $objMember->save(); $strConfirmation = $this->reg_password; preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks); foreach ($arrChunks[0] as $strChunk) { $strKey = substr($strChunk, 2, -2); switch ($strKey) { case 'domain': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation); break; case 'link': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId, $strConfirmation); break; default: try { $strConfirmation = str_replace($strChunk, $objMember->{$strKey}, $strConfirmation); } catch (\Exception $e) { $strConfirmation = str_replace($strChunk, '', $strConfirmation); $this->log('Invalid wildcard "' . $strKey . '" used in password request e-mail', __METHOD__, TL_GENERAL, $e->getMessage()); } break; } } // Send e-mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = $strConfirmation; $objEmail->sendTo($objMember->email); $this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS); // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); }
/** * Format a value * * @param string $k * @param mixed $value * @param boolean $blnListSingle * * @return mixed */ protected function formatValue($k, $value, $blnListSingle = false) { $value = deserialize($value); // Return if empty if (empty($value)) { return ''; } /** @var \PageModel $objPage */ global $objPage; // Array if (is_array($value)) { $value = implode(', ', $value); } elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'date') { $value = \Date::parse($objPage->dateFormat, $value); } elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'time') { $value = \Date::parse($objPage->timeFormat, $value); } elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'datim') { $value = \Date::parse($objPage->datimFormat, $value); } elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'url' && preg_match('@^(https?://|ftp://)@i', $value)) { $value = \Idna::decode($value); // see #5946 $value = '<a href="' . $value . '"' . ($objPage->outputFormat == 'xhtml' ? ' onclick="return !window.open(this.href)"' : ' target="_blank"') . '>' . $value . '</a>'; } elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'email') { $value = \String::encodeEmail(\Idna::decode($value)); // see #5946 $value = '<a href="mailto:' . $value . '">' . $value . '</a>'; } elseif (is_array($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['reference'])) { $value = $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['reference'][$value]; } elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['isAssociative'] || array_is_assoc($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['options'])) { if ($blnListSingle) { $value = $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['options'][$value]; } else { $value = '<span class="value">[' . $value . ']</span> ' . $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['options'][$value]; } } return $value; }
/** * Add a new recipient */ protected function addRecipient() { if (!\Environment::get('isAjaxRequest')) { return parent::addRecipient(); } $arrChannels = \Input::post('channels'); if (!is_array($arrChannels)) { $_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels']; return false; } $arrChannels = array_intersect($arrChannels, $this->nl_channels); // see #3240 // Check the selection if (!is_array($arrChannels) || empty($arrChannels)) { $_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels']; return false; } $varInput = \Idna::encodeEmail(\Input::post('email', true)); // Validate the e-mail address if (!\Validator::isEmail($varInput)) { $_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['email']; return false; } $arrSubscriptions = array(); // Get the existing active subscriptions if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) { $arrSubscriptions = $objSubscription->fetchEach('pid'); } $arrNew = array_diff($arrChannels, $arrSubscriptions); // Return if there are no new subscriptions if (!is_array($arrNew) || empty($arrNew)) { $_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['subscribed']; return false; } // Remove old subscriptions that have not been activated yet if (($objOld = \NewsletterRecipientsModel::findBy(array("email=? AND active=''"), $varInput)) !== null) { while ($objOld->next()) { $objOld->delete(); } } $time = time(); $strToken = md5(uniqid(mt_rand(), true)); // Add the new subscriptions foreach ($arrNew as $id) { $objRecipient = new \NewsletterRecipientsModel(); $objRecipient->pid = $id; $objRecipient->tstamp = $time; $objRecipient->email = $varInput; $objRecipient->active = ''; $objRecipient->addedOn = $time; $objRecipient->ip = $this->anonymizeIp(\Environment::get('ip')); $objRecipient->token = $strToken; $objRecipient->confirmed = ''; $objRecipient->save(); } // Get the channels $objChannel = \NewsletterChannelModel::findByIds($arrChannels); // Prepare the e-mail text $strText = str_replace('##token##', $strToken, $this->nl_subscribe); $strText = str_replace('##domain##', \Idna::decode(\Environment::get('host')), $strText); $strText = str_replace('##link##', \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $strToken, $strText); $strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText); // Activation e-mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = $strText; $objEmail->sendTo($varInput); // Redirect to the jumpTo page if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) { $this->redirect($this->generateFrontendUrl($objTarget->row())); } $_SESSION['SUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_confirm']; return true; }
/** * Remove the recipient */ protected function removeRecipient() { $arrChannels = \Input::post('channels'); if (!is_array($arrChannels)) { $_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels']; $this->reload(); } $arrChannels = array_intersect($arrChannels, $this->nl_channels); // see #3240 // Check the selection if (!is_array($arrChannels) || empty($arrChannels)) { $_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels']; $this->reload(); } $varInput = \Idna::encodeEmail(\Input::post('email', true)); // Validate e-mail address if (!\Validator::isEmail($varInput)) { $_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['email']; $this->reload(); } $arrSubscriptions = array(); // Get the existing active subscriptions if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) { $arrSubscriptions = $objSubscription->fetchEach('pid'); } $arrRemove = array_intersect($arrChannels, $arrSubscriptions); // Return if there are no subscriptions to remove if (!is_array($arrRemove) || empty($arrRemove)) { $_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['unsubscribed']; $this->reload(); } // Remove the subscriptions if (($objRemove = \NewsletterRecipientsModel::findByEmailAndPids($varInput, $arrRemove)) !== null) { while ($objRemove->next()) { $objRemove->delete(); } } // Get the channels $objChannels = \NewsletterChannelModel::findByIds($arrRemove); $arrChannels = $objChannels->fetchEach('title'); // Log activity $this->log($varInput . ' unsubscribed from ' . implode(', ', $arrChannels), __METHOD__, TL_NEWSLETTER); // HOOK: post unsubscribe callback if (isset($GLOBALS['TL_HOOKS']['removeRecipient']) && is_array($GLOBALS['TL_HOOKS']['removeRecipient'])) { foreach ($GLOBALS['TL_HOOKS']['removeRecipient'] as $callback) { $this->import($callback[0]); $this->{$callback}[0]->{$callback}[1]($varInput, $arrRemove); } } // Prepare the simple token data $arrData = array(); $arrData['domain'] = \Idna::decode(\Environment::get('host')); $arrData['channel'] = $arrData['channels'] = implode("\n", $arrChannels); // Confirmation e-mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = \StringUtil::parseSimpleTokens($this->nl_unsubscribe, $arrData); $objEmail->sendTo($varInput); // Redirect to the jumpTo page if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) { $this->redirect($this->generateFrontendUrl($objTarget->row())); } $_SESSION['UNSUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_removed']; $this->reload(); }
/** * Return a parameter * * @param string $strKey The parameter key * * @return mixed The parameter value */ public function __get($strKey) { switch ($strKey) { case 'value': // Hide the Punycode format (see #2750) if ($this->rgxp == 'email' || $this->rgxp == 'friendly' || $this->rgxp == 'url') { return \Idna::decode($this->varValue); } else { return $this->varValue; } break; case 'type': if ($this->hideInput) { return 'password'; } // Use the HTML5 types (see #4138) but not the date, time and datetime types (see #5918) switch ($this->rgxp) { case 'digit': // Allow floats (see #7257) if (!isset($this->arrAttributes['step'])) { $this->addAttribute('step', 'any'); } // NO break; here // NO break; here case 'natural': return 'number'; break; case 'phone': return 'tel'; break; case 'email': return 'email'; break; case 'url': return 'url'; break; } return 'text'; break; default: return parent::__get($strKey); break; } }
protected function prepareSubmissionData() { $arrSubmissionData = parent::prepareSubmissionData(); $arrSubmissionData['domain'] = \Idna::decode(\Environment::get('host')); $arrSubmissionData['activation'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $this->activeRecord->activation; if (in_array('newsletter', \ModuleLoader::getActive())) { // Replace the wildcard if (!empty($this->objModel->newsletter)) { $objChannels = \NewsletterChannelModel::findByIds($this->activeRecord->newsletter); if ($objChannels !== null) { $arrSubmissionData['channels'] = implode("\n", $objChannels->fetchEach('title')); } } } // Backwards compatibility $arrSubmissionData['channel'] = $arrSubmissionData['channels']; return $arrSubmissionData; }