function save($data = 0)
{
$fileModel = VmModel::getModel('media');
//Now we try to determine to which this media should be long to
$data = array_merge(vRequest::getRequest(), vRequest::get('media'));
//$data['file_title'] = vRequest::getVar('file_title','','post','STRING',JREQUEST_ALLOWHTML);
if (!empty($data['file_description'])) {
$data['file_description'] = JComponentHelper::filterText($data['file_description']);
//vRequest::filter(); vRequest::getHtml('file_description','');
}
/*$data['media_action'] = vRequest::getCmd('media[media_action]');
$data['media_attributes'] = vRequest::getCmd('media[media_attributes]');
$data['file_type'] = vRequest::getCmd('media[file_type]');*/
if (empty($data['file_type'])) {
$data['file_type'] = $data['media_attributes'];
}
$msg = '';
if ($id = $fileModel->store($data)) {
$msg = vmText::_('COM_VIRTUEMART_FILE_SAVED_SUCCESS');
}
$cmd = vRequest::getCmd('task');
if ($cmd == 'apply') {
$redirection = 'index.php?option=com_virtuemart&view=media&task=edit&virtuemart_media_id=' . $id;
} else {
$redirection = 'index.php?option=com_virtuemart&view=media';
}
$this->setRedirect($redirection, $msg);
}
/**
* Sanitize a value
*
* @param mixed $value Input string/array-of-string to be 'cleaned'
* @return mixed 'Cleaned' version of input parameter
*/
public function sanitize($value)
{
$value = (string) $value;
if (!empty($value)) {
$value = JComponentHelper::filterText($value);
}
return $value;
}
protected function getInputData()
{
$data = parent::getInputData();
$params = JComponentHelper::getParams('com_k2');
if ($params->get('mergeEditors')) {
$data['text'] = JComponentHelper::filterText($this->input->get('text', '', 'raw'));
} else {
$data['introtext'] = JComponentHelper::filterText($this->input->get('introtext', '', 'raw'));
$data['fulltext'] = JComponentHelper::filterText($this->input->get('fulltext', '', 'raw'));
}
$data['media'] = JComponentHelper::filterText($this->input->get('media', '', 'raw'));
return $data;
}
/**
* We want to allow html so we need to overwrite some request data
*
* @author Max Milbers
*/
function save($data = 0)
{
$data = JRequest::get('post');
if (!class_exists('Permissions')) {
require JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'permissions.php';
}
if (Permissions::getInstance()->check('admin')) {
$data['product_desc'] = JRequest::getVar('product_desc', '', 'post', 'STRING', 2);
$data['product_s_desc'] = JRequest::getVar('product_s_desc', '', 'post', 'STRING', 2);
$data['customtitle'] = JRequest::getVar('customtitle', '', 'post', 'STRING', 2);
} else {
$data['product_desc'] = JRequest::getVar('product_desc', '', 'post', 'STRING', 2);
$data['product_desc'] = JComponentHelper::filterText($data['product_desc']);
//Why we have this?
$multix = Vmconfig::get('multix', 'none');
if ($multix != 'none') {
//in fact this shoudl be used, when the mode is administrated and the sysetm is so that
//every product must be approved by an admin.
unset($data['published']);
//unset($data['childs']);
}
}
parent::save($data);
}
function saveAddressInCart($data, $type, $putIntoSession = true,$prefix='') {
// VirtueMartModelUserfields::getUserFields() won't work
if(!class_exists('VirtueMartModelUserfields')) require(VMPATH_ADMIN.DS.'models'.DS.'userfields.php' );
$userFieldsModel = VmModel::getModel('userfields');
if ($type == 'STaddress' or $type == 'BTaddress'){
vmTrace('STaddress found, seek and destroy');
}
$prepareUserFields = $userFieldsModel->getUserFieldsFor('cart',$type);
if(!is_array($data)){
$data = get_object_vars($data);
}
if ($type =='ST') {
$this->STsameAsBT = 0;
} else { // BT
if(empty($data['email'])){
$jUser = JFactory::getUser();
$address['email'] = $jUser->email;
}
}
$address = array();
if(!class_exists('vmFilter'))require(VMPATH_ADMIN.DS.'helpers'.DS.'vmfilter.php');
foreach ($prepareUserFields as $fld) {
if(!empty($fld->name)){
$name = $fld->name;
if(!isset($data[$prefix.$name])){
$tmp = vRequest::getString($prefix.$name,false);
if($tmp){
$data[$prefix.$name] = $tmp;
}
else if($fld->required and isset($this->{$type}[$name])){ //Why we have this fallback to the already stored value?
$data[$prefix.$name] = $this->{$type}[$name];
}
/*if($fld->type=='text'){
} else {
vmdebug('my fld ',$fld);
}*/
}
if(isset($data[$prefix.$name])){
if(!empty($data[$prefix.$name])){
$value = vmFilter::hl( $data[$prefix.$name],array('deny_attribute'=>'*'));
//to strong
/* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */
//lets use instead
$value = JComponentHelper::filterText($value);
$value = (string)preg_replace('#on[a-z](.+?)\)#si','',$value);//replace start of script onclick() onload()...
$value = trim(str_replace('"', ' ', $value),"'") ;
$data[$prefix.$name] = (string)preg_replace('#^\'#si','',$value);
}
$address[$name] = $data[$prefix.$name];
} else {
vmdebug('Data not found for type '.$type.' and name '.$prefix.$name.' ');
}
}
}
//dont store passwords in the session
unset($address['password']);
unset($address['password2']);
$this->{$type} = $address;
if($putIntoSession){
$this->setCartIntoSession(true);
}
}
function saveForm()
{
$template = new stdClass();
$template->tempid = acymailing_getCID('tempid');
$formData = JRequest::getVar('data', array(), '', 'array');
if (!empty($formData['template']['category']) && $formData['template']['category'] == -1) {
$formData['template']['category'] = JRequest::getString('newcategory', '');
}
foreach ($formData['template'] as $column => $value) {
acymailing_secureField($column);
$template->{$column} = strip_tags($value);
}
$styles = JRequest::getVar('styles', array(), '', 'array');
foreach ($styles as $class => $oneStyle) {
$styles[$class] = str_replace('"', "'", $oneStyle);
if (empty($oneStyle)) {
unset($styles[$class]);
}
}
$newStyles = JRequest::getVar('otherstyles', array(), '', 'array');
if (!empty($newStyles)) {
foreach ($newStyles['classname'] as $id => $className) {
if (!empty($className) and $className != JText::_('CLASS_NAME') and !empty($newStyles['style'][$id]) and $newStyles['style'][$id] != JText::_('CSS_STYLE')) {
$className = str_replace(array(',', ' ', ':', '.', '#'), '', $className);
$styles[$className] = str_replace('"', "'", $newStyles['style'][$id]);
}
}
}
$template->styles = serialize($styles);
if (empty($template->thumb)) {
unset($template->thumb);
} elseif ($template->thumb == 'delete') {
$template->thumb = '';
}
if (empty($template->readmore)) {
unset($template->readmore);
} elseif ($template->readmore == 'delete') {
$template->readmore = '';
}
$template->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW);
if (ACYMAILING_J25) {
$template->body = JComponentHelper::filterText($template->body);
}
if (!empty($styles['color_bg'])) {
$pat1 = '#^([^<]*<[^>]*background-color:)([^;">]{1,30})#i';
$found = false;
if (preg_match($pat1, $template->body)) {
$template->body = preg_replace($pat1, '$1' . $styles['color_bg'], $template->body);
$found = true;
}
$pat2 = '#^([^<]*<[^>]*bgcolor=")([^;">]{1,10})#i';
if (preg_match($pat2, $template->body)) {
$template->body = preg_replace($pat2, '$1' . $styles['color_bg'], $template->body);
$found = true;
}
if (!$found) {
$template->body = '<div style="background-color:' . $styles['color_bg'] . ';" width="100%">' . $template->body . '</div>';
}
}
$acypluginsHelper = acymailing_get('helper.acyplugins');
$acypluginsHelper->cleanHtml($template->body);
$template->description = JRequest::getVar('editor_description', '', '', 'string', JREQUEST_ALLOWHTML);
$tempid = $this->save($template);
if (!$tempid) {
return false;
}
if (empty($template->tempid)) {
$orderClass = acymailing_get('helper.order');
$orderClass->pkey = 'tempid';
$orderClass->table = 'template';
$orderClass->reOrder();
}
$this->createTemplateFile($tempid);
JRequest::setVar('tempid', $tempid);
return true;
}
protected function getInputData()
{
$data = parent::getInputData();
$data['description'] = JComponentHelper::filterText($this->input->get('description', '', 'raw'));
return $data;
}
/**
* Add a product to the cart
*
* @author RolandD
* @author Max Milbers
* @access public
*/
public function add($virtuemart_product_ids = null, &$errorMsg = '')
{
$mainframe = JFactory::getApplication();
$success = false;
$post = JRequest::get('default');
if (empty($virtuemart_product_ids)) {
$virtuemart_product_ids = JRequest::getVar('virtuemart_product_id', array(), 'default', 'array');
//is sanitized then
}
if (empty($virtuemart_product_ids)) {
$mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_CART_ERROR_NO_PRODUCT_IDS', false));
return false;
}
$pModel = VmModel::getModel('product');
//Iterate through the prod_id's and perform an add to cart for each one
foreach ($virtuemart_product_ids as $p_key => $virtuemart_product_id) {
$quantityPost = (int) $post['quantity'][$p_key];
if ($quantityPost === 0) {
continue;
}
//$pModel->setId($virtuemart_product_id);
$tmpProduct = $pModel->getProduct($virtuemart_product_id, true, false, true, $quantityPost);
if (VmConfig::get('oncheckout_show_images')) {
$pModel->addImages($tmpProduct, 1);
}
// trying to save some space in the session table
$product = new stdClass();
$product->virtuemart_manufacturer_id = $tmpProduct->virtuemart_manufacturer_id;
// $product -> mf_name = $tmpProduct -> mf_name;
$product->slug = $tmpProduct->slug;
// $product -> mf_desc = $tmpProduct -> mf_desc;
// $product -> mf_url = $tmpProduct -> mf_url;
$product->published = $tmpProduct->published;
$product->virtuemart_product_price_id = $tmpProduct->virtuemart_product_price_id;
$product->virtuemart_product_id = $tmpProduct->virtuemart_product_id;
$product->virtuemart_shoppergroup_id = $tmpProduct->virtuemart_shoppergroup_id;
$product->product_price = $tmpProduct->product_price;
$product->override = $tmpProduct->override;
$product->product_override_price = $tmpProduct->product_override_price;
$product->product_tax_id = $tmpProduct->product_tax_id;
$product->product_discount_id = $tmpProduct->product_discount_id;
$product->product_currency = $tmpProduct->product_currency;
// $product -> product_price_vdate = $tmpProduct -> product_price_vdate;
// $product -> product_price_edate = $tmpProduct -> product_price_edate;
$product->virtuemart_vendor_id = $tmpProduct->virtuemart_vendor_id;
$product->product_parent_id = $tmpProduct->product_parent_id;
$product->product_sku = $tmpProduct->product_sku;
$product->product_name = $tmpProduct->product_name;
$product->product_s_desc = $tmpProduct->product_s_desc;
$product->product_weight = $tmpProduct->product_weight;
$product->product_weight_uom = $tmpProduct->product_weight_uom;
$product->product_length = $tmpProduct->product_length;
$product->product_width = $tmpProduct->product_width;
$product->product_height = $tmpProduct->product_height;
$product->product_lwh_uom = $tmpProduct->product_lwh_uom;
$product->product_in_stock = $tmpProduct->product_in_stock;
$product->product_ordered = $tmpProduct->product_ordered;
$product->product_available_date = $tmpProduct->product_available_date;
$product->product_availability = $tmpProduct->product_availability;
$product->product_sales = $tmpProduct->product_sales;
$product->product_unit = $tmpProduct->product_unit;
$product->product_packaging = $tmpProduct->product_packaging;
$product->min_order_level = $tmpProduct->min_order_level;
$product->max_order_level = $tmpProduct->max_order_level;
$product->virtuemart_media_id = $tmpProduct->virtuemart_media_id;
$product->step_order_level = $tmpProduct->step_order_level;
if (!empty($tmpProduct->images)) {
$product->image = $tmpProduct->images[0];
}
$product->categories = $tmpProduct->categories;
$product->virtuemart_category_id = $tmpProduct->virtuemart_category_id;
$product->category_name = $tmpProduct->category_name;
$product->link = $tmpProduct->link;
$product->packaging = $tmpProduct->packaging;
//$product -> customfields = empty($tmpProduct -> customfields)? array():$tmpProduct -> customfields ;
//$product -> customfieldsCart = empty($tmpProduct -> customfieldsCart)? array(): $tmpProduct -> customfieldsCart;
if (!empty($tmpProduct->customfieldsCart)) {
$product->customfieldsCart = true;
}
//$product -> customsChilds = empty($tmpProduct -> customsChilds)? array(): $tmpProduct -> customsChilds;
//Why reloading the product wiht same name $product ?
// passed all from $tmpProduct and relaoding it second time ????
// $tmpProduct = $this->getProduct((int) $virtuemart_product_id); seee before !!!
// $product = $this->getProduct((int) $virtuemart_product_id);
// Who ever noted that, yes that is exactly right that way, before we have a full object, with all functions
// of all its parents, we only need the data of the product, so we create a dummy class which contains only the data
// This is extremly important for performance reasons, else the sessions becomes too big.
// Check if we have a product
if ($product) {
if (!empty($post['virtuemart_category_id'][$p_key])) {
$virtuemart_category_idPost = (int) $post['virtuemart_category_id'][$p_key];
$product->virtuemart_category_id = $virtuemart_category_idPost;
}
$productKey = $product->virtuemart_product_id;
// INDEX NOT FOUND IN JSON HERE
// changed name field you know exactly was this is
if (isset($post['customPrice'])) {
$product->customPrices = $post['customPrice'];
if (isset($post['customPlugin'])) {
//if(!class_exists('vmFilter'))require(JPATH_VM_ADMINISTRATOR.DS.'helpers'.DS.'vmfilter.php');
if (!is_array($post['customPlugin'])) {
$customPluginPost = (array) $post['customPlugin'];
} else {
$customPluginPost = $post['customPlugin'];
}
foreach ($customPluginPost as &$customPlugin) {
if (is_array($customPlugin)) {
foreach ($customPlugin as &$customPlug) {
if (is_array($customPlug)) {
foreach ($customPlug as &$customPl) {
//$value = vmFilter::hl( $customPl,array('deny_attribute'=>'*'));
//to strong
/* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */
//lets use instead
$value = JComponentHelper::filterText($customPl);
$value = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $value);
//replace start of script onclick() onload()...
$value = trim(str_replace('"', ' ', $value), "'");
$customPl = (string) preg_replace('#^\'#si', '', $value);
}
}
}
}
}
$product->customPlugin = json_encode($customPluginPost);
}
$productKey .= '::';
foreach ($product->customPrices as $customPrice) {
foreach ($customPrice as $customId => $custom_fieldId) {
//MarkerVarMods
if (is_array($custom_fieldId)) {
foreach ($custom_fieldId as $userfieldId => $userfield) {
//$productKey .= (int)$customId . ':' . (int)$userfieldId . ';';
$productKey .= (int) $custom_fieldId . ':' . (int) $customId . ';';
}
} else {
//TODO productCartId
$productKey .= (int) $custom_fieldId . ':' . (int) $customId . ';';
}
}
}
}
// Add in the quantity in case the customfield plugins need it
$product->quantity = (int) $quantityPost;
if (!class_exists('vmCustomPlugin')) {
require JPATH_VM_PLUGINS . DS . 'vmcustomplugin.php';
}
JPluginHelper::importPlugin('vmcustom');
$dispatcher = JDispatcher::getInstance();
// on returning false the product have not to be added to cart
$addToCartReturnValues = $dispatcher->trigger('plgVmOnAddToCart', array(&$product));
foreach ($addToCartReturnValues as $returnValue) {
if ($returnValue === false) {
continue 2;
}
}
if (array_key_exists($productKey, $this->products) && empty($product->customPlugin)) {
$errorMsg = JText::_('COM_VIRTUEMART_CART_PRODUCT_UPDATED');
$totalQuantity = $this->products[$productKey]->quantity + $quantityPost;
if ($this->checkForQuantities($product, $totalQuantity, $errorMsg)) {
$this->products[$productKey]->quantity = $totalQuantity;
} else {
continue;
}
} else {
if (!empty($product->customPlugin)) {
$productKey .= count($this->products);
}
if ($this->checkForQuantities($product, $quantityPost, $errorMsg)) {
$this->products[$productKey] = $product;
$product->quantity = $quantityPost;
//$mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_CART_PRODUCT_ADDED'));
} else {
// $errorMsg = JText::_('COM_VIRTUEMART_CART_PRODUCT_OUT_OF_STOCK');
continue;
}
}
$success = true;
} else {
$mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_PRODUCT_NOT_FOUND', false));
return false;
}
}
if ($success == false) {
return false;
}
// End Iteration through Prod id's
$this->setCartIntoSession();
return $tmpProduct;
}
function saveastmpl()
{
$tmplClass = acymailing_get('class.template');
$newTmpl = new stdClass();
$formData = JRequest::getVar('data', array(), '', 'array');
if (!empty($formData['mail']['tempid'])) {
$template = $tmplClass->get($formData['mail']['tempid']);
$newTmpl->styles = $template->styles;
$newTmpl->stylesheet = $template->stylesheet;
$newTmpl->category = $template->category;
}
if (!empty($formData['mail']['subject'])) {
$formData['mail']['subject'] = str_replace(chr(226) . chr(128) . chr(168), '', $formData['mail']['subject']);
$newTmpl->subject = strip_tags($formData['mail']['subject']);
$newTmpl->name = strip_tags($formData['mail']['subject']);
}
$newTmpl->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW);
if (ACYMAILING_J25) {
$newTmpl->body = JComponentHelper::filterText($newTmpl->body);
}
$acypluginsHelper = acymailing_get('helper.acyplugins');
$acypluginsHelper->cleanHtml($newTmpl->body);
if (!empty($formData['mail']['thumb']) && $formData['mail']['thumb'] == 'delete') {
$newTmpl->thumb = null;
} elseif (!empty($formData['mail']['thumb'])) {
$newTmpl->thumb = strip_tags($formData['mail']['thumb']);
} else {
$mailid = acymailing_getCID('mailid');
if (!empty($mailid)) {
$mail = $this->get($mailid);
$newTmpl->thumb = $mail->thumb;
}
}
if (!empty($formData['mail']['altbody'])) {
$newTmpl->altbody = strip_tags($formData['mail']['altbody']);
}
if (!empty($formData['mail']['fromname'])) {
$newTmpl->fromname = strip_tags($formData['mail']['fromname']);
}
if (!empty($formData['mail']['fromemail'])) {
$newTmpl->fromemail = strip_tags($formData['mail']['fromemail']);
}
if (!empty($formData['mail']['replyname'])) {
$newTmpl->replyname = strip_tags($formData['mail']['replyname']);
}
if (!empty($formData['mail']['replyemail'])) {
$newTmpl->replyemail = strip_tags($formData['mail']['replyemail']);
}
if (!empty($formData['mail']['summary'])) {
$newTmpl->description = strip_tags($formData['mail']['summary']);
}
$newTmpl->ordering = 1;
$tempid = $tmplClass->save($newTmpl);
if (!empty($tempid)) {
$formData['mail']['tempid'] = $tempid;
acymailing_enqueueMessage(JText::_('ACY_SAVEASTMPL_VALID'), 'message');
} else {
acymailing_enqueueMessage(JText::_('ERROR_SAVING'), 'error');
}
return true;
}
function cleanText($text)
{
if (version_compare(JVERSION, '2.5.0', 'ge')) {
$text = JComponentHelper::filterText($text);
} else {
if (version_compare(JVERSION, '2.5.0', 'lt') && version_compare(JVERSION, '1.6.0', 'ge')) {
JLoader::register('ContentHelper', JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_content' . DS . 'helpers' . DS . 'content.php');
$text = ContentHelper::filterText($text);
} else {
$config = JComponentHelper::getParams('com_content');
$user = JFactory::getUser();
$gid = $user->get('gid');
$filterGroups = $config->get('filter_groups');
// convert to array if one group selected
if (!is_array($filterGroups) && (int) $filterGroups > 0) {
$filterGroups = array($filterGroups);
}
if (is_array($filterGroups) && in_array($gid, $filterGroups)) {
$filterType = $config->get('filter_type');
$filterTags = preg_split('#[,\\s]+#', trim($config->get('filter_tags')));
$filterAttrs = preg_split('#[,\\s]+#', trim($config->get('filter_attritbutes')));
switch ($filterType) {
case 'NH':
$filter = new JFilterInput();
break;
case 'WL':
$filter = new JFilterInput($filterTags, $filterAttrs, 0, 0, 0);
break;
case 'BL':
default:
$filter = new JFilterInput($filterTags, $filterAttrs, 1, 1);
break;
}
$text = $filter->clean($text);
} elseif (empty($filterGroups) && $gid != '25') {
// no default filtering for super admin (gid=25)
$filter = new JFilterInput(array(), array(), 1, 1);
$text = $filter->clean($text);
}
}
}
return $text;
}
/**
* - Encodes all characters that has a numerical value <32.
* - keeps "secure" html
*/
public static function getHtml($name, $default = ''){
$tmp = self::get($name, $default,FILTER_UNSAFE_RAW,FILTER_FLAG_ENCODE_LOW);
return JComponentHelper::filterText($tmp);
}
function save($data)
{
$db = $this->getDbo();
$row = $this->getTable('igallery_img');
if (!$row->bind($data)) {
$this->setError($db->getErrorMsg());
return false;
}
if (strpos($row->description, 'class="des_div"') > 0) {
JError::raise(2, 500, 'Error: Html formatting has been copied from the gallery frontend into the description, please paste plain text');
}
$row->alt_text = htmlspecialchars($row->alt_text, ENT_QUOTES);
$raw = JRequest::getVar('jform', array(), 'post', 'NONE', JREQUEST_ALLOWRAW);
$row->description = JComponentHelper::filterText($raw['description']);
if (!$row->store()) {
$this->setError($db->getErrorMsg());
return false;
}
if (JFactory::getApplication()->isSite()) {
$data = JRequest::getVar('jform', array(), 'post', 'NONE', 4);
$id = (int) $data['id'];
} else {
$id = JRequest::getInt('id', 0);
}
$query = 'SELECT gallery_id, ordering from #__igallery_img WHERE id = ' . (int) $id;
$db->setQuery($query);
$currentRow = $db->loadObject();
$nextOrdering = $currentRow->ordering + 1;
$query = 'SELECT id from #__igallery_img WHERE gallery_id = ' . (int) $currentRow->gallery_id . ' AND ordering = ' . (int) $nextOrdering . ' LIMIT 1';
$db->setQuery($query);
$nextRow = $db->loadObject();
return $nextRow->id;
}
public static function getHtml($name, $default = '')
{
$tmp = self::get($name, $default);
return JComponentHelper::filterText($tmp);
}
function saveForm()
{
$app = JFactory::getApplication();
$config = acymailing_config();
$template = new stdClass();
$template->tempid = acymailing_getCID('tempid');
$formData = JRequest::getVar('data', array(), '', 'array');
foreach ($formData['template'] as $column => $value) {
acymailing_secureField($column);
$template->{$column} = strip_tags($value);
}
$styles = JRequest::getVar('styles', array(), '', 'array');
foreach ($styles as $class => $oneStyle) {
$styles[$class] = str_replace('"', "'", $oneStyle);
if (empty($oneStyle)) {
unset($styles[$class]);
}
}
$newStyles = JRequest::getVar('otherstyles', array(), '', 'array');
if (!empty($newStyles)) {
foreach ($newStyles['classname'] as $id => $className) {
if (!empty($className) and $className != JText::_('CLASS_NAME') and !empty($newStyles['style'][$id]) and $newStyles['style'][$id] != JText::_('CSS_STYLE')) {
$className = str_replace(array(',', ' ', ':', '.', '#'), '', $className);
$styles[$className] = str_replace('"', "'", $newStyles['style'][$id]);
}
}
}
$template->styles = serialize($styles);
$files = JRequest::getVar('pictures', array(), 'files', 'array');
if (!empty($files)) {
jimport('joomla.filesystem.file');
$uploadFolder = JPath::clean(html_entity_decode($config->get('uploadfolder')));
$uploadFolder = trim($uploadFolder, DS . ' ') . DS;
$uploadPath = JPath::clean(ACYMAILING_ROOT . $uploadFolder);
acymailing_createDir($uploadPath, true);
if (!is_writable($uploadPath)) {
@chmod($uploadPath, '0755');
if (!is_writable($uploadPath)) {
$app->enqueueMessage(JText::sprintf('WRITABLE_FOLDER', $uploadPath), 'notice');
}
}
$allowedExtensions = array('jpg', 'gif', 'png', 'jpeg', 'ico', 'bmp');
foreach ($files['name'] as $id => $filename) {
if (empty($filename)) {
continue;
}
$extension = strtolower(substr($filename, strrpos($filename, '.') + 1));
if (!in_array($extension, $allowedExtensions)) {
$app->enqueueMessage(JText::sprintf('ACCEPTED_TYPE', $extension, implode(', ', $allowedExtensions)), 'notice');
continue;
}
$pictname = strtolower(substr(JFile::makeSafe($filename), 0, strrpos($filename, '.') + 1));
$pictname = preg_replace('#[^0-9a-z]#i', '_', $pictname);
$pictfullname = $pictname . '.' . $extension;
if (file_exists($uploadPath . $pictfullname)) {
$pictfullname = $pictname . time() . '.' . $extension;
}
if (!JFile::upload($files['tmp_name'][$id], $uploadPath . $pictfullname)) {
if (!move_uploaded_file($files['tmp_name'][$id], $uploadPath . $pictfullname)) {
$app->enqueueMessage(JText::sprintf('FAIL_UPLOAD', '<b><i>' . $files['tmp_name'][$id] . '</i></b>', '<b><i>' . $uploadPath . $pictfullname . '</i></b>'), 'error');
continue;
}
}
$template->{$id} = str_replace(DS, '/', $uploadFolder) . $pictfullname;
}
}
$template->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW);
if (ACYMAILING_J25) {
$template->body = JComponentHelper::filterText($template->body);
}
if (!empty($styles['color_bg'])) {
$pat1 = '#^([^<]*<[^>]*background-color:)([^;">]{1,30})#i';
$found = false;
if (preg_match($pat1, $template->body)) {
$template->body = preg_replace($pat1, '$1' . $styles['color_bg'], $template->body);
$found = true;
}
$pat2 = '#^([^<]*<[^>]*bgcolor=")([^;">]{1,10})#i';
if (preg_match($pat2, $template->body)) {
$template->body = preg_replace($pat2, '$1' . $styles['color_bg'], $template->body);
$found = true;
}
if (!$found) {
$template->body = '<div style="background-color:' . $styles['color_bg'] . ';" width="100%">' . $template->body . '</div>';
}
}
$acypluginsHelper = acymailing_get('helper.acyplugins');
$acypluginsHelper->cleanHtml($template->body);
$template->description = JRequest::getVar('editor_description', '', '', 'string', JREQUEST_ALLOWHTML);
$tempid = $this->save($template);
if (!$tempid) {
return false;
}
if (empty($template->tempid)) {
$orderClass = acymailing_get('helper.order');
$orderClass->pkey = 'tempid';
$orderClass->table = 'template';
$orderClass->reOrder();
}
$this->createTemplateFile($tempid);
JRequest::setVar('tempid', $tempid);
return true;
}
protected function filterText($var)
{
$text = JRequest::getVar($var, '', 'post', 'STRING', 2);
return JComponentHelper::filterText($text);
}
/**
* Applies the text filters to arbitrary text as per settings for current user groups
*
* @param text $text The string to filter
*
* @return string The filtered string
*/
public static function filterText($text)
{
return JComponentHelper::filterText($text);
}
public function saveAttributes($data, &$table)
{
$db = JFactory::getDbo();
if (!empty($data)) {
$non_empty_fields = array(0);
foreach ($data as $k => $v) {
if (!empty($v)) {
$non_empty_fields[] = (int) $k;
}
}
$app = JFactory::getApplication();
$task = $app->input->getCmd('task');
$non_empty_fields = array_unique($non_empty_fields);
$non_empty_fields_ids = implode(',', $non_empty_fields);
if ($task != 'import') {
$query = $db->getQuery(true);
$query->delete();
$query->from('#__djc2_items_extra_fields_values_text');
//$query->where('item_id ='.$table->id.' and field_id not in (select id from #__djc2_items_extra_fields where group_id = '.$table->group_id.' or group_id = 0)');
$query->where('item_id =' . $table->id . ' and field_id not in (' . $non_empty_fields_ids . ')');
$db->setQuery($query);
$db->query();
$query = $db->getQuery(true);
$query->delete();
$query->from('#__djc2_items_extra_fields_values_int');
//$query->where('item_id ='.$table->id.' and field_id not in (select id from #__djc2_items_extra_fields where group_id = '.$table->group_id.' or group_id = 0)');
$query->where('item_id =' . $table->id . ' and field_id not in (' . $non_empty_fields_ids . ')');
$db->setQuery($query);
$db->query();
$query = $db->getQuery(true);
$query->delete();
$query->from('#__djc2_items_extra_fields_values_date');
//$query->where('item_id ='.$table->id.' and field_id not in (select id from #__djc2_items_extra_fields where group_id = '.$table->group_id.' or group_id = 0)');
$query->where('item_id =' . $table->id . ' and field_id not in (' . $non_empty_fields_ids . ')');
$db->setQuery($query);
$db->query();
}
$query = $db->getQuery(true);
$query->select('ef.*');
$query->from('#__djc2_items_extra_fields as ef');
//$query->where('ef.group_id='.$table->group_id.' OR ef.group_id=0');
$query->where('ef.id in (' . $non_empty_fields_ids . ')');
$db->setQuery($query);
$attribs = $db->loadObjectList();
$itemId = $table->id;
$rows = array();
$text_types = array('text', 'textarea', 'html');
$int_types = array('select', 'checkbox', 'radio');
$date_types = array('calendar');
/*
foreach ($attribs as $k=>$v) {
$fieldId = $v->id;
$className = DJCatalog2CustomField.ucfirst($v->type);
if (class_exists($className) == false ){
continue;
}
$field = new $className($fieldId, $itemId, $v->name, $v->required);
if (array_key_exists($fieldId, $data) && !empty($data[$fieldId])) {
$field->setValue($data[$fieldId]);
$field->save();
} else {
$field->delete();
}
}
return true;*/
foreach ($attribs as $k => $v) {
$fv_table = null;
$type_table_name = null;
$table_type = null;
if (in_array($v->type, $text_types)) {
$fv_table = JTable::getInstance('FieldValuesText', 'Djcatalog2Table', array());
$type_table_name = '#__djc2_items_extra_fields_values_text';
$table_type = 'text';
} else {
if (in_array($v->type, $int_types)) {
$fv_table = JTable::getInstance('FieldValuesInt', 'Djcatalog2Table', array());
$type_table_name = '#__djc2_items_extra_fields_values_int';
$table_type = 'int';
} else {
if (in_array($v->type, $date_types)) {
$fv_table = JTable::getInstance('FieldValuesDate', 'Djcatalog2Table', array());
$type_table_name = '#__djc2_items_extra_fields_values_date';
$table_type = 'date';
} else {
continue;
}
}
}
$fieldId = $v->id;
if (array_key_exists($fieldId, $data) && !empty($data[$fieldId])) {
// add/alter data
$value = null;
$id = null;
if (is_array($data[$fieldId])) {
$db->setQuery('
SELECT id
FROM ' . $type_table_name . '
WHERE
item_id=' . (int) $itemId . '
AND field_id=' . $fieldId . ' order by id ');
$values = $db->loadColumn();
$count = count($values) > count($data[$fieldId]) ? count($values) : count($data[$fieldId]);
for ($i = 0; $i < $count; $i++) {
if (isset($data[$fieldId][$i])) {
$id = null;
if (isset($values[$i])) {
$id = $values[$i];
}
$rows[] = array('id' => $id, 'item_id' => $itemId, 'field_id' => $fieldId, 'value' => $data[$fieldId][$i], 'type' => $table_type);
} else {
$db->setQuery('
DELETE
FROM ' . $type_table_name . '
WHERE id=' . (int) $values[$i]);
$db->query();
}
}
} else {
if ($v->type == 'html') {
$data[$fieldId] = JComponentHelper::filterText($data[$fieldId]);
$data[$fieldId] = preg_replace('/&(?![A-Za-z0-9#]{1,7};)/', '&', $data[$fieldId]);
}
if ($fv_table->load(array('item_id' => $itemId, 'field_id' => $fieldId))) {
$id = $fv_table->id;
}
$rows[] = array('id' => $id, 'item_id' => $itemId, 'field_id' => $fieldId, 'value' => $data[$fieldId], 'type' => $table_type);
}
} else {
// remove data
$db->setQuery('
DELETE
FROM ' . $type_table_name . '
WHERE
field_id=' . (int) $fieldId . '
AND item_id=' . (int) $itemId);
$db->query();
}
}
foreach ($rows as $key => $row) {
$fv_table = null;
if (isset($row['type'])) {
if ($row['type'] == 'text' || $row['type'] == 'int' || $row['type'] == 'date') {
$fv_table = JTable::getInstance('FieldValues' . ucfirst($row['type']), 'Djcatalog2Table', array());
unset($row['type']);
} else {
continue;
}
} else {
continue;
}
$isNew = true;
// Load the row if saving an existing record.
if ($row['id'] > 0) {
$fv_table->load($row['id'], true);
$isNew = false;
}
// Bind the data.
if (!$fv_table->bind($row)) {
$this->setError($fv_table->getError());
return false;
}
// Check the data.
if (!$fv_table->check()) {
$this->setError($fv_table->getError());
return false;
}
// Store the data.
if (!$fv_table->store()) {
$this->setError($fv_table->getError());
return false;
}
}
}
return true;
}
function saveForm()
{
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$config =& acymailing_config();
$mail = new stdClass();
$mail->mailid = acymailing_getCID('mailid');
$formData = JRequest::getVar('data', array(), '', 'array');
foreach ($formData['mail'] as $column => $value) {
if ($app->isAdmin() or in_array($column, $this->allowedFields)) {
acymailing_secureField($column);
if ($column == 'params') {
$mail->{$column} = $value;
} else {
$mail->{$column} = strip_tags($value, '<ADV>');
}
}
}
$mail->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW);
if (ACYMAILING_J25) {
$mail->body = JComponentHelper::filterText($mail->body);
}
$acypluginsHelper = acymailing_get('helper.acyplugins');
$acypluginsHelper->cleanHtml($mail->body);
$mail->attach = array();
$attachments = JRequest::getVar('attachments', array(), 'files', 'array');
if (!empty($attachments['name'][0]) or !empty($attachments['name'][1])) {
jimport('joomla.filesystem.file');
$uploadFolder = JPath::clean(html_entity_decode($config->get('uploadfolder')));
$uploadFolder = trim($uploadFolder, DS . ' ') . DS;
$uploadPath = JPath::clean(ACYMAILING_ROOT . $uploadFolder);
acymailing_createDir($uploadPath, true);
if (!is_writable($uploadPath)) {
@chmod($uploadPath, '0755');
if (!is_writable($uploadPath)) {
$app->enqueueMessage(JText::sprintf('WRITABLE_FOLDER', $uploadPath), 'notice');
}
}
foreach ($attachments['name'] as $id => $filename) {
if (empty($filename)) {
continue;
}
$attachment = new stdClass();
$attachment->filename = strtolower(JFile::makeSafe($filename));
$attachment->size = $attachments['size'][$id];
if (!preg_match('#\\.(' . str_replace(array(',', '.'), array('|', '\\.'), $config->get('allowedfiles')) . ')$#Ui', $attachment->filename, $extension) || preg_match('#\\.(php.?|.?htm.?|pl|py|jsp|asp|sh|cgi)#Ui', $attachment->filename)) {
$app->enqueueMessage(JText::sprintf('ACCEPTED_TYPE', substr($attachment->filename, strrpos($attachment->filename, '.') + 1), $config->get('allowedfiles')), 'notice');
continue;
}
$attachment->filename = str_replace(array('.', ' '), '_', substr($attachment->filename, 0, strpos($attachment->filename, $extension[0]))) . $extension[0];
if (!JFile::upload($attachments['tmp_name'][$id], $uploadPath . $attachment->filename)) {
if (!move_uploaded_file($attachments['tmp_name'][$id], $uploadPath . $attachment->filename)) {
$app->enqueueMessage(JText::sprintf('FAIL_UPLOAD', '<b><i>' . $attachments['tmp_name'][$id] . '</i></b>', '<b><i>' . $uploadPath . $attachment->filename . '</i></b>'), 'error');
continue;
}
}
$mail->attach[] = $attachment;
}
}
if (isset($mail->filter)) {
$mail->filter = array();
$filterData = JRequest::getVar('filter');
foreach ($filterData['type'] as $num => $oneType) {
if (empty($oneType)) {
continue;
}
$mail->filter['type'][$num] = $oneType;
$mail->filter[$num][$oneType] = $filterData[$num][$oneType];
}
}
$toggleHelper = acymailing_get('helper.toggle');
if (!empty($mail->type) && $mail->type == 'followup' && !empty($mail->mailid)) {
$oldMail = $this->get($mail->mailid);
if (!empty($mail->published) and !$oldMail->published) {
$this->_publishfollowup($mail);
}
if ($oldMail->senddate != $mail->senddate) {
$text = JText::_('FOLLOWUP_CHANGED_DELAY_INFORMED');
$text .= ' ' . $toggleHelper->toggleText('update', $mail->mailid, 'followup', JText::_('FOLLOWUP_CHANGED_DELAY'));
$app->enqueueMessage($text, 'notice');
}
}
if (preg_match('#<a[^>]*subid=[0-9].*</a>#Uis', $mail->body, $pregResult)) {
$app->enqueueMessage('There is a personal link in your Newsletter ( ' . $pregResult[0] . ' ) instead of a tag...<br />Please make sure to not copy/paste the link you received in your e-mail as it may break your unsubscribe or confirmation links.<br />Use our tags instead!', 'notice');
}
$mailid = $this->save($mail);
if (!$mailid) {
return false;
}
JRequest::setVar('mailid', $mailid);
$status = true;
if (!empty($formData['listmail'])) {
$receivers = array();
$remove = array();
foreach ($formData['listmail'] as $listid => $receiveme) {
if (!empty($receiveme)) {
$receivers[] = $listid;
} else {
$remove[] = $listid;
}
}
$listMailClass = acymailing_get('class.listmail');
$status = $listMailClass->save($mailid, $receivers, $remove);
}
if (!empty($mail->type) && $mail->type == 'followup' && empty($mail->mailid) && !empty($mail->published)) {
$mail->mailid = $mailid;
$this->_publishfollowup($mail);
}
return $status;
}
/**
* Applies the content tag filters to arbitrary text as per settings for current user group
*
* @param text $text The string to filter
*
* @return string The filtered string
*
* @deprecated 4.0 Use JComponentHelper::filterText() instead.
*/
public static function filterText($text)
{
JLog::add('ContentHelper::filterText() is deprecated. Use JComponentHelper::filterText() instead.', JLog::WARNING, 'deprecated');
return JComponentHelper::filterText($text);
}
private function filterCartInput($v)
{
$v = vmFilter::hl($v, array('deny_attribute' => '*'));
//to strong
/* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */
//lets use instead
$v = JComponentHelper::filterText($v);
$v = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $v);
//replace start of script onclick() onload()...
$v = str_replace(array('"', "\t", "\n", "\r", "", "\v"), ' ', trim($v));
return (string) preg_replace('#^\'#si', '', $v);
}
/**
* - Encodes all characters that has a numerical value <32.
* - keeps "secure" html
*/
public static function getHtml($name, $default = '', $input = 0)
{
$tmp = self::get($name, $default, FILTER_UNSAFE_RAW, FILTER_FLAG_ENCODE_LOW, $input);
if (is_array($tmp)) {
foreach ($tmp as $k => $v) {
$tmp[$k] = JComponentHelper::filterText($v);
}
return $tmp;
} else {
return JComponentHelper::filterText($tmp);
}
}
function saveForm()
{
$app = JFactory::getApplication();
$config =& acymailing_config();
$mail = new stdClass();
$mail->mailid = acymailing_getCID('mailid');
$formData = JRequest::getVar('data', array(), '', 'array');
if (!empty($formData['mail']['subject'])) {
$formData['mail']['subject'] = str_replace(chr(226) . chr(128) . chr(168), '', $formData['mail']['subject']);
}
foreach ($formData['mail'] as $column => $value) {
if (!$app->isAdmin() && !in_array($column, $this->allowedFields)) {
continue;
}
acymailing_secureField($column);
if (in_array($column, array('params', 'summary'))) {
$mail->{$column} = $value;
} else {
$mail->{$column} = strip_tags($value, '<ADV>');
}
}
$mail->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW);
if (ACYMAILING_J25) {
$mail->body = JComponentHelper::filterText($mail->body);
}
$acypluginsHelper = acymailing_get('helper.acyplugins');
$acypluginsHelper->cleanHtml($mail->body);
$mail->attach = array();
$attachments = JRequest::getVar('attachments', array(), '', 'array');
if (!empty($attachments)) {
foreach ($attachments as $id => $filepath) {
if (empty($filepath)) {
continue;
}
$attachment = new stdClass();
$attachment->filename = strtolower($filepath);
$attachment->size = filesize(JPATH_SITE . '/' . $filepath);
$extension = substr($attachment->filename, strrpos($attachment->filename, '.'));
if (preg_match('#\\.(php.?|.?htm.?|pl|py|jsp|asp|sh|cgi)#Ui', $attachment->filename)) {
acymailing_enqueueMessage(JText::sprintf('ACCEPTED_TYPE', substr($attachment->filename, strrpos($attachment->filename, '.') + 1), $config->get('allowedfiles')), 'notice');
continue;
}
$attachment->filename = str_replace(array('.', ' '), '_', substr($attachment->filename, 0, strpos($attachment->filename, $extension))) . $extension;
$mail->attach[] = $attachment;
}
}
if (isset($mail->filter)) {
$mail->filter = array();
$filterData = JRequest::getVar('filter');
foreach ($filterData['type'] as $num => $oneType) {
if (empty($oneType)) {
continue;
}
$mail->filter['type'][$num] = $oneType;
$mail->filter[$num][$oneType] = $filterData[$num][$oneType];
}
}
$toggleHelper = acymailing_get('helper.toggle');
if (!empty($mail->type) && $mail->type == 'followup' && !empty($mail->mailid)) {
$oldMail = $this->get($mail->mailid);
if (!empty($mail->published) and !$oldMail->published) {
$this->_publishfollowup($mail);
}
if ($oldMail->senddate != $mail->senddate) {
$text = JText::_('FOLLOWUP_CHANGED_DELAY_INFORMED');
$text .= ' ' . $toggleHelper->toggleText('update', $mail->mailid, 'followup', JText::_('FOLLOWUP_CHANGED_DELAY'));
acymailing_enqueueMessage($text, 'notice');
}
}
if (preg_match('#<a[^>]*subid=[0-9].*</a>#Uis', $mail->body, $pregResult)) {
acymailing_enqueueMessage('There is a personal link in your Newsletter ( ' . $pregResult[0] . ' ) instead of a tag...<br />Please make sure to not copy/paste the link you received in your e-mail as it may break your unsubscribe or confirmation links.<br />Use our tags instead!', 'notice');
}
if (empty($mail->thumb)) {
unset($mail->thumb);
} elseif ($mail->thumb == 'delete') {
$mail->thumb = '';
}
$mailid = $this->save($mail);
if (!$mailid) {
return false;
}
JRequest::setVar('mailid', $mailid);
$status = true;
if (!empty($formData['listmail'])) {
$receivers = array();
$remove = array();
foreach ($formData['listmail'] as $listid => $receiveme) {
if (!empty($receiveme)) {
$receivers[] = $listid;
} else {
$remove[] = $listid;
}
}
$listMailClass = acymailing_get('class.listmail');
$status = $listMailClass->save($mailid, $receivers, $remove);
}
if (!empty($mail->type) && $mail->type == 'followup' && empty($mail->mailid) && !empty($mail->published)) {
$mail->mailid = $mailid;
$this->_publishfollowup($mail);
}
return $status;
}
/**
* Method to store an image
*
* @param array $data The data of the image to store, if null we will use the data of the current request
* @param array $files Image files to upload, if null we will use the data of the current request
* @param array $params Additional parameters of the image, if null we will use the data of the current request
* @return int The image ID on success, boolean false otherwise
* @since 1.5.5
*/
public function store($data = null, $files = null, $params = null)
{
$row = $this->getTable('joomgalleryimages');
$validate = true;
if (is_null($data)) {
$data = JRequest::get('post', 2);
} else {
// No validation in case of e.g. 'editimage' view
$validate = false;
}
if (is_null($params)) {
$params = JRequest::getVar('params', array(), 'post', 'array');
}
// Check for validation errors
if ($validate) {
$form = $this->getForm($data);
$data = $this->_validate($form, $data);
if ($data === false) {
return false;
}
} else {
// Sanitize image description here because JForm didn't take care of it above
if (isset($data['imgtext'])) {
$data['imgtext'] = JComponentHelper::filterText($data['imgtext']);
}
}
// Check whether it is a new image
if ($id = intval($data['cid'])) {
$isNew = false;
// Read image from database
$row->load($id);
// Check whether we are allowed to edit it
$asset = _JOOM_OPTION . '.image.' . $id;
if (!$this->_user->authorise('core.edit', $asset) && (!$this->_user->authorise('core.edit.own', $asset) || !$row->owner || $row->owner != $this->_user->get('id'))) {
$this->setError(JText::_('COM_JOOMGALLERY_COMMON_MSG_NOT_ALLOWED_TO_EDIT_IMAGE'));
return false;
}
// Read old category ID
$catid_old = $row->catid;
} else {
$isNew = true;
}
// Bind the form fields to the image table
if (!$row->bind($data)) {
$this->setError($row->getError());
return false;
}
// Additional parameters, if set
if (count($params)) {
// Build parameter INI string
$txt = array();
foreach ($params as $k => $v) {
$txt[] = $k . '=' . $v;
}
$row->params = implode("\n", $txt);
}
// Bind the rules
if (isset($data['rules'])) {
$rules = new JAccessRules($data['rules']);
$row->setRules($rules);
}
// Load category information for permission checks
$query = $this->_db->getQuery(true)->select('cid, owner')->from(_JOOM_TABLE_CATEGORIES)->where('cid = ' . $row->catid);
$this->_db->setQuery($query);
$category = $this->_db->loadObject();
if ($isNew) {
// Check whether we are allowed to create the image in the selected category
$asset = _JOOM_OPTION . '.category.' . $row->catid;
if (!$this->_user->authorise('joom.upload', $asset) && (!$this->_user->authorise('joom.upload.inown', $asset) || !$category->owner || $category->owner != $this->_user->get('id'))) {
$this->setError(JText::_('COM_JOOMGALLERY_COMMON_MSG_NOT_ALLOWED_TO_CREATE_IMAGE'));
return false;
}
// Approve image
$row->approved = 1;
// Set date of image
$date = JFactory::getDate();
$row->imgdate = $date->toSQL();
// Make sure the record is valid
if (!$row->check()) {
$this->setError($row->getError());
return false;
}
// Category path for destination category
$catpath = JoomHelper::getCatPath($row->catid);
// Source path for original and detail image
$detail_catpath = JoomHelper::getCatPath($data['detail_catid']);
// Source path for thumbnail
$thumb_catpath = JoomHelper::getCatPath($data['thumb_catid']);
// Make sure the record is valid
if (!$row->check()) {
$this->setError($row->getError());
return false;
}
// Copy the image files, the row will be stored, too
if (!$this->_newImage($row, $catpath, $detail_catpath, $thumb_catpath, $data['copy_original'])) {
$this->setError(JText::_('COM_JOOMGALLERY_IMGMAN_MSG_ERROR_CREATING_NEW_IMAGES'));
return false;
}
// Successfully stored new image
$row->reorder('catid = ' . $row->catid);
$this->_mainframe->triggerEvent('onContentAfterSave', array(_JOOM_OPTION . '.image', &$row, true));
return $row->id;
}
// Get new image files
if (is_null($files)) {
$files = JRequest::getVar('files', '', 'files');
}
// Clear votes if 'clearvotes' is checked
if (isset($data['clearvotes']) && $data['clearvotes']) {
$row->imgvotes = 0;
$row->imgvotesum = 0;
// Delete votes for image
$query = $this->_db->getQuery(true)->delete()->from(_JOOM_TABLE_VOTES)->where('picid = ' . $row->id);
$this->_db->setQuery($query);
if (!$this->_db->query()) {
$this->setError($row->getError());
return false;
}
}
// Clear hits if 'clearhits' is checked
if (isset($data['clearhits']) && $data['clearhits']) {
$row->hits = 0;
}
// Clear downloads if 'cleardownloads' is checked
if (isset($data['cleardownloads']) && $data['cleardownloads']) {
$row->downloads = 0;
}
// Upload and handle new image files
$types = array('thumb', 'img', 'orig');
foreach ($types as $type) {
if (isset($files['tmp_name']) && isset($files['tmp_name'][$type]) && $files['tmp_name'][$type]) {
jimport('joomla.filesystem.file');
// Possibly the file name has to be changed because of another image format
$temp_filename = $files['name'][$type];
$columnname = 'imgfilename';
if ($type == 'thumb') {
$columnname = 'imgthumbname';
}
$filename = $row->{$columnname};
$new_ext = JFile::getExt($temp_filename);
$old_ext = JFile::getExt($filename);
if ($new_ext != $old_ext) {
$row->{$columnname} = substr_replace($row->{$columnname}, '.' . $new_ext, -(strlen($old_ext) + 1));
}
// Upload the file
$file = $this->_ambit->getImg($type . '_path', $row);
//JFile::delete($file);
if (!JFile::upload($files['tmp_name'][$type], $file)) {
JError::raiseWarning(500, JText::sprintf('COM_JOOMGALLERY_UPLOAD_ERROR_UPLOADING', $this->_ambit->getImg($type . '_path', $row)));
// Revert database entry
$row->{$columnname} = $filename;
}
// Resize image
$debugoutput = '';
switch ($type) {
case 'thumb':
$return = JoomFile::resizeImage($debugoutput, $file, $file, $this->_config->get('jg_useforresizedirection'), $this->_config->get('jg_thumbwidth'), $this->_config->get('jg_thumbheight'), $this->_config->get('jg_thumbcreation'), $this->_config->get('jg_thumbquality'));
break;
case 'img':
$return = JoomFile::resizeImage($debugoutput, $file, $file, false, $this->_config->get('jg_maxwidth'), false, $this->_config->get('jg_thumbcreation'), $this->_config->get('jg_picturequality'), true);
break;
default:
break;
}
}
}
$move = false;
if (isset($catid_old) && $catid_old != $row->catid) {
$move = true;
// Check whether the new category is a valid one
if (!$category) {
// If that's not the case store the image in the old category and leave a message
$move = false;
$row->catid = $catid_old;
$this->_mainframe->enqueueMessage(JText::_('COM_JOOMGALLERY_COMMON_MSG_NO_VALID_CATEGORY_SELECTED'), 'notice');
} else {
// Access check for the selected new category
if (!$this->_user->authorise('joom.upload', _JOOM_OPTION . '.category.' . $row->catid) && (!$this->_user->authorise('joom.upload.inown', _JOOM_OPTION . '.category.' . $row->catid) || !$category->owner || $category->owner != $this->_user->get('id'))) {
$move = false;
$row->catid = $catid_old;
$this->_mainframe->enqueueMessage(JText::_('COM_JOOMGALLERY_COMMON_MSG_NOT_ALLOWED_STORE_IMAGE_IN_CATEGORY'), 'notice');
}
}
}
// Move the image if necessary (the data is stored in function moveImage because
// we have ensured that the old and new category ID are different from each other)
if ($move && !$this->moveImage($row, $row->catid, $catid_old)) {
$this->_mainframe->enqueueMessage(JText::_('COM_JOOMGALLERY_COULD_NOT_MOVE_IMAGE'), 'notice');
return false;
} else {
// Make sure the record is valid
if (!$row->check()) {
$this->setError($row->getError());
return false;
}
// Store the entry to the database
if (!$row->store()) {
$this->setError($row->getError());
return false;
}
}
// Successfully stored image (and moved)
$row->reorder('catid = ' . $row->catid);
if (isset($catid_old) and $catid_old != $row->catid) {
$row->reorder('catid = ' . $catid_old);
}
$this->_mainframe->triggerEvent('onContentAfterSave', array(_JOOM_OPTION . '.image', &$row, false));
return $row->id;
}
static function dataFilter($v, $maxlength = 0, $validation = 'string', $check_callable = 0)
{
if ($validation == '-1') {
return flexicontent_html::striptagsandcut($v, $maxlength);
}
$v = $maxlength ? substr($v, 0, $maxlength) : $v;
if ($check_callable) {
if (strpos($validation, '::') !== false && is_callable(explode('::', $validation))) {
return call_user_func(explode('::', $validation), $v);
} elseif (function_exists($validation)) {
return call_user_func($validation, $v);
}
// A callback function
}
// Do filtering
if ($validation == '1') {
$safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1);
} else {
if ($validation != '2') {
$noHtmlFilter = JFilterInput::getInstance();
}
}
switch ($validation) {
case '1':
// Allow safe HTML
$v = $safeHtmlFilter->clean($v, 'string');
break;
case '2':
// Filter according to user group Text Filters
$v = JComponentHelper::filterText($v);
break;
case 'URL':
case 'url':
// This cleans some of the more dangerous characters but leaves special characters that are valid.
$v = trim($noHtmlFilter->clean($v, 'HTML'));
// <>" are never valid in a uri see http://www.ietf.org/rfc/rfc1738.txt.
$v = str_replace(array('<', '>', '"'), '', $v);
// Convert to Punycode string
$v = FLEXI_J30GE ? JStringPunycode::urlToPunycode($v) : $v;
break;
case 'EMAIL':
case 'email':
// This cleans some of the more dangerous characters but leaves special characters that are valid.
$v = trim($noHtmlFilter->clean($v, 'HTML'));
// <>" are never valid in a email ?
$v = str_replace(array('<', '>', '"'), '', $v);
// Convert to Punycode string
$v = FLEXI_J30GE ? JStringPunycode::emailToPunycode($v) : $v;
// Check for valid email (punycode is ASCII so this should work with UTF-8 too)
$email_regexp = "/^[a-zA-Z0-9.!#\$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\$/";
if (!preg_match($email_regexp, $v)) {
$v = '';
}
break;
default:
// Filter using JFilterInput
$v = $noHtmlFilter->clean($v, $validation);
break;
}
$v = trim($v);
return $v;
}
function save($data)
{
$db = $this->getDbo();
$row = $this->getTable('igallery');
$user = JFactory::getUser();
$app = JFactory::getApplication();
$params = JComponentHelper::getParams('com_igallery');
$isSite = JFactory::getApplication()->isSite();
if (!$row->bind($data)) {
$this->setError($db->getErrorMsg());
return false;
}
if (strlen($_FILES['jform']['name']['upload_image']) > 2) {
$fileName = $_FILES['jform']['name']['upload_image'];
$tmpPath = $_FILES['jform']['tmp_name']['upload_image'];
$uploadError = $_FILES['jform']['error']['upload_image'];
if (!($fileArray = igFileHelper::processUploadedImage($fileName, $tmpPath, $uploadError, 'igallery', true))) {
return false;
}
$row->menu_image_filename = $fileArray['filename'];
$params = JComponentHelper::getParams('com_igallery');
}
if (empty($row->id)) {
$firstLast = $params->get('new_cat_ordering', 'last');
$row->ordering = $firstLast == 'first' ? 0 : $row->getNextOrder('parent = ' . (int) $row->parent);
$row->profile = empty($row->profile) ? $params->get('default_profile', 1) : $row->profile;
$row->parent = empty($row->parent) ? $params->get('default_parent', 0) : $row->parent;
}
$row->moderate = $params->get('moderate_cat', 0) == 0 || $isSite == false ? 1 : 0;
$row->user = empty($row->user) ? $user->id : $row->user;
$row->alias = empty($row->alias) ? JFilterOutput::stringURLSafe($row->name) : JFilterOutput::stringURLSafe($row->alias);
$row->name = empty($row->name) ? '____' : $row->name;
$raw = JRequest::getVar('jform', array(), 'post', 'NONE', JREQUEST_ALLOWRAW);
$row->menu_description = JComponentHelper::filterText($raw['menu_description']);
$row->gallery_description = JComponentHelper::filterText($raw['gallery_description']);
if ($data['remove_menu_image'] == 1) {
$query = 'SELECT menu_image_filename FROM #__igallery WHERE id = ' . (int) $data['id'];
$db->setQuery($query);
$category = $db->loadObject();
$query = 'SELECT menu_image_filename FROM #__igallery WHERE menu_image_filename = ' . $this->_db->Quote($category->menu_image_filename);
$db->setQuery($query);
$db->query();
$numRows = $db->getNumRows();
$deleteImg = $numRows > 1 ? false : true;
if ($deleteImg) {
igFileHelper::deleteImage($category->menu_image_filename, $deleteImg);
}
$row->menu_image_filename = '';
}
if (!$row->store()) {
$this->setError($db->getErrorMsg());
return false;
}
if (trim(str_replace('-', '', $row->alias)) == '') {
$row->alias = 'category-' . (int) $row->id;
if (!$row->store()) {
$this->setError($db->getErrorMsg());
return false;
}
}
$query = 'SELECT alias from #__igallery where alias = "' . $db->escape($row->alias) . '"';
$db->setQuery($query);
$rows = $db->loadObjectList();
if (count($rows) > 1) {
$row->alias = $row->alias . '-' . (int) $row->id;
if (!$row->store()) {
$this->setError($db->getErrorMsg());
return false;
}
}
if ($firstLast == 'first') {
$row->reorder('parent = ' . (int) $row->parent);
}
if ($params->get('notify_new_category', 0) == 1 && $isSite == true) {
$siteConfig = JFactory::getConfig();
$from = $siteConfig->get('config.mailfrom');
$fromname = $siteConfig->get('config.fromname');
$recipient = explode(',', $params->get('notify_emails', ''));
$subject = $siteConfig->get('config.sitename') . ' : ' . JText::_('NEW_CATEGORY_ADDED');
$body = JText::_('JGLOBAL_USERNAME') . ': ' . $user->name . " \n\n " . JText::_('JCATEGORY') . ': ' . $row->name . " \n\n " . IG_HOST . 'administrator/index.php?option=com_igallery&view=icategory&id=' . $row->id . " \n\n " . IG_HOST . 'index.php?option=com_igallery&view=category&igid=' . $row->id;
$mail = JFactory::getMailer();
for ($i = 0; $i < count($recipient); $i++) {
$mail->sendMail($from, $fromname, $recipient[$i], $subject, $body);
if ($i > 5) {
break;
}
}
}
return true;
}
