function display($tpl = null) { $app = JFactory::getApplication(); $document =& JFactory::getDocument(); $this->params = $app->getParams(); $user =& JFactory::getUser(); $var['slideshow'] = JRequest::getVar('phocaslideshow', 0, '', 'int'); $var['download'] = JRequest::getVar('phocadownload', 0, '', 'int'); $uri =& JFactory::getURI(); $this->tmpl['action'] = $uri->toString(); $path = PhocaGalleryPath::getPath(); $neededAccessLevels = PhocaGalleryAccess::getNeededAccessLevels(); $access = PhocaGalleryAccess::isAccess($user->authorisedLevels(), $neededAccessLevels); // Information from the plugin - window is displayed after plugin action $get = array(); $get['detail'] = JRequest::getVar('detail', '', 'get', 'string'); $get['buttons'] = JRequest::getVar('buttons', '', 'get', 'string'); $get['ratingimg'] = JRequest::getVar('ratingimg', '', 'get', 'string'); $this->tmpl['picasa_correct_width_l'] = (int) $this->params->get('large_image_width', 640); $this->tmpl['picasa_correct_height_l'] = (int) $this->params->get('large_image_height', 480); $this->tmpl['enablecustomcss'] = $this->params->get('enable_custom_css', 0); $this->tmpl['customcss'] = $this->params->get('custom_css', ''); $this->tmpl['enable_multibox'] = $this->params->get('enable_multibox', 0); $this->tmpl['multibox_height'] = (int) $this->params->get('multibox_height', 560); $this->tmpl['multibox_width'] = (int) $this->params->get('multibox_width', 980); $this->tmpl['multibox_map_height'] = (int) $this->params->get('multibox_map_height', 300); $this->tmpl['multibox_map_width'] = (int) $this->params->get('multibox_map_width', 280); $this->tmpl['multibox_height_overflow'] = (int) $this->tmpl['multibox_height'] - 10; //padding $this->tmpl['multibox_left_bgcolor'] = $this->params->get('multibox_left_bgcolor', '#000000'); $this->tmpl['multibox_right_bgcolor'] = $this->params->get('multibox_right_bgcolor', '#ffffff'); $this->tmpl['multibox_comments_width'] = $this->params->get('multibox_comments_width', 300); $this->tmpl['multibox_comments_height'] = $this->params->get('multibox_comments_height', 600); $this->tmpl['multibox_thubms_box_width'] = $this->params->get('multibox_thubms_box_width', 300); $this->tmpl['multibox_thubms_count'] = $this->params->get('multibox_thubms_count', 4); $this->tmpl['large_image_width'] = $this->params->get('large_image_width', 640); $this->tmpl['large_image_height'] = $this->params->get('large_image_height', 640); $this->tmpl['multibox_fixed_cols'] = $this->params->get('multibox_fixed_cols', 1); $this->tmpl['display_multibox'] = $this->params->get('display_multibox', array(1, 2)); // CSS JHtml::stylesheet('components/com_phocagallery/assets/phocagallery.css'); if ($this->tmpl['enablecustomcss'] == 1) { JHtml::stylesheet('components/com_phocagallery/assets/phocagallerycustom.css'); PhocaGalleryRenderFront::displayCustomCSS($this->tmpl['customcss']); } // Plugin information $this->tmpl['detailwindow'] = $this->params->get('detail_window', 0); if (isset($get['detail']) && $get['detail'] != '') { $this->tmpl['detailwindow'] = $get['detail']; } // Plugin information $this->tmpl['detailbuttons'] = $this->params->get('detail_buttons', 1); if (isset($get['buttons']) && $get['buttons'] != '') { $this->tmpl['detailbuttons'] = $get['buttons']; } // Close and Reload links (for different window types) $close = PhocaGalleryRenderFront::renderCloseReloadDetail($this->tmpl['detailwindow']); $this->tmpl['detailwindowclose'] = $close['detailwindowclose']; $this->tmpl['detailwindowreload'] = $close['detailwindowreload']; $this->tmpl['displaydescriptiondetail'] = $this->params->get('display_description_detail', 0); $this->tmpl['displaytitleindescription'] = $this->params->get('display_title_description', 0); $this->tmpl['descriptiondetailheight'] = $this->params->get('description_detail_height', 16); $this->tmpl['fontsizedesc'] = $this->params->get('font_size_desc', 11); $this->tmpl['fontcolordesc'] = $this->params->get('font_color_desc', '#333333'); $this->tmpl['detailwindowbackgroundcolor'] = $this->params->get('detail_window_background_color', '#ffffff'); $this->tmpl['descriptionlightboxfontcolor'] = $this->params->get('description_lightbox_font_color', '#ffffff'); $this->tmpl['descriptionlightboxbgcolor'] = $this->params->get('description_lightbox_bg_color', '#000000'); $this->tmpl['descriptionlightboxfontsize'] = $this->params->get('description_lightbox_font_size', 12); $this->tmpl['displayratingimg'] = $this->params->get('display_rating_img', 0); $this->tmpl['displayicondownload'] = $this->params->get('display_icon_download', 0); $this->tmpl['externalcommentsystem'] = $this->params->get('external_comment_system', 0); $this->tmpl['largewidth'] = $this->params->get('large_image_width', 640); $this->tmpl['largeheight'] = $this->params->get('large_image_height', 480); $this->tmpl['boxlargewidth'] = $this->params->get('front_modal_box_width', 680); $this->tmpl['boxlargeheight'] = $this->params->get('front_modal_box_height', 560); $this->tmpl['slideshow_delay'] = $this->params->get('slideshow_delay', 3000); $this->tmpl['slideshow_pause'] = $this->params->get('slideshow_pause', 2500); $this->tmpl['slideshowrandom'] = $this->params->get('slideshow_random', 0); $this->tmpl['slideshow_description'] = $this->params->get('slideshow_description', 'peekaboo'); $this->tmpl['gallerymetakey'] = $this->params->get('gallery_metakey', ''); $this->tmpl['gallerymetadesc'] = $this->params->get('gallery_metadesc', ''); $this->tmpl['altvalue'] = $this->params->get('alt_value', 1); $this->tmpl['enablecustomcss'] = $this->params->get('enable_custom_css', 0); $this->tmpl['customcss'] = $this->params->get('custom_css', ''); $this->tmpl['display_tags_links'] = $this->params->get('display_tags_links', 0); $this->tmpl['ytb_display'] = $this->params->get('ytb_display', 0); $paramsFb = PhocaGalleryFbSystem::getCommentsParams($this->params->get('fb_comment_user_id', '')); // Facebook $this->tmpl['fb_comment_app_id'] = isset($paramsFb['fb_comment_app_id']) ? $paramsFb['fb_comment_app_id'] : ''; $this->tmpl['fb_comment_width'] = isset($paramsFb['fb_comment_width']) ? $paramsFb['fb_comment_width'] : 550; $this->tmpl['fb_comment_lang'] = isset($paramsFb['fb_comment_lang']) ? $paramsFb['fb_comment_lang'] : 'en_US'; $this->tmpl['fb_comment_count'] = isset($paramsFb['fb_comment_count']) ? $paramsFb['fb_comment_count'] : ''; $oH = ''; if ($this->tmpl['enable_multibox'] == 1) { $this->tmpl['fb_comment_width'] = $this->tmpl['multibox_comments_width']; $oH = 'overflow:hidden;'; } // CSS JHtml::stylesheet('components/com_phocagallery/assets/phocagallery.css'); if ($this->tmpl['enablecustomcss'] == 1) { JHtml::stylesheet('components/com_phocagallery/assets/phocagallerycustom.css'); if ($this->tmpl['customcss'] != '') { $document->addCustomTag("\n <style type=\"text/css\"> \n" . $this->escape(strip_tags($this->tmpl['customcss'])) . "\n </style> \n"); } } //Multibox displaying $this->tmpl['mb_title'] = PhocaGalleryUtils::isEnabledMultiboxFeature(1); $this->tmpl['mb_desc'] = PhocaGalleryUtils::isEnabledMultiboxFeature(2); $this->tmpl['mb_uploaded_by'] = PhocaGalleryUtils::isEnabledMultiboxFeature(3); $this->tmpl['mb_rating'] = PhocaGalleryUtils::isEnabledMultiboxFeature(4); $this->tmpl['mb_maps'] = PhocaGalleryUtils::isEnabledMultiboxFeature(5); $this->tmpl['mb_tags'] = PhocaGalleryUtils::isEnabledMultiboxFeature(6); $this->tmpl['mb_comments'] = PhocaGalleryUtils::isEnabledMultiboxFeature(7); $this->tmpl['mb_thumbs'] = PhocaGalleryUtils::isEnabledMultiboxFeature(8); // No bar in Detail View if ($this->tmpl['detailwindow'] == 7) { } else { $document->addCustomTag("<style type=\"text/css\"> \n" . " html, body, .contentpane, #all, #main {" . $oH . "background:" . $this->tmpl['detailwindowbackgroundcolor'] . ";padding:0px !important;margin:0px !important; width: 100% !important; max-width: 100% !important;} \n" . " center, table {background:" . $this->tmpl['detailwindowbackgroundcolor'] . ";} \n" . " #sbox-window {background-color:#fff;padding:5px} \n" . "body {min-width:100%} \n" . ".rt-container {width:100%} \n" . " </style> \n"); } // Download from the detail view which is not in the popupbox if ($var['download'] == 2) { $this->tmpl['displayicondownload'] = 2; } // Plugin Information if (isset($get['ratingimg']) && $get['ratingimg'] != '') { $this->tmpl['displayratingimg'] = $get['ratingimg']; } // Model $model =& $this->getModel(); $item = $model->getData(); //Multibox Thumbnails $this->tmpl['mb_thumbs_data'] = ''; if ($this->tmpl['mb_thumbs'] == 1) { // if we get item variable, we have rights to load the thumbnails, this is why we checking it if (isset($item->id) && isset($item->catid) && (int) $item->id > 0 && (int) $item->catid > 0) { $this->tmpl['mb_thumbs_data'] = $model->getThumbnails((int) $item->id, (int) $item->catid, (int) $item->ordering); } } // User Avatar $this->tmpl['useravatarimg'] = ''; $this->tmpl['useravatarmiddle'] = ''; $userAvatar = PhocaGalleryUser::getUserAvatar($item->userid); if ($userAvatar) { $pathAvatarAbs = $path->avatar_abs . 'thumbs' . DS . 'phoca_thumb_s_' . $userAvatar->avatar; $pathAvatarRel = $path->avatar_rel . 'thumbs/phoca_thumb_s_' . $userAvatar->avatar; if (JFile::exists($pathAvatarAbs)) { $sIH = $this->params->get('small_image_height', 50); $sIHR = @getImageSize($pathAvatarAbs); if (isset($sIHR[1])) { $sIH = $sIHR[1]; } if ((int) $sIH > 0) { $this->tmpl['useravatarmiddle'] = (int) $sIH / 2 - 10; } $this->tmpl['useravatarimg'] = '<img src="' . JURI::base(true) . '/' . $pathAvatarRel . '?imagesid=' . md5(uniqid(time())) . '" alt="" />'; } } // Access check - don't display the image if you have no access to this image (if user add own url) // USER RIGHT - ACCESS - - - - - - - - - - $rightDisplay = 0; if (!empty($item)) { $rightDisplay = PhocaGalleryAccess::getUserRight('accessuserid', $item->cataccessuserid, $item->cataccess, $user->authorisedLevels(), $user->get('id', 0), 0); } if ((int) $rightDisplay == 0) { echo $close['html']; //Some problem with cache - Joomla! return this message if there is no reason for do it. //$this->tmpl['pl'] = 'index.php?option=com_users&view=login&return='.base64_encode($uri->toString()); //$app->redirect(JRoute::_($this->tmpl['pl'], false), JText::_('COM_PHOCAGALLERY_NOT_AUTHORISED_ACTION')); exit; } // - - - - - - - - - - - - - - - - - - - - phocagalleryimport('phocagallery.image.image'); phocagalleryimport('phocagallery.render.renderdetailbutton'); // Javascript Slideshow buttons $detailButton = new PhocaGalleryRenderDetailButton(); if ($this->tmpl['enable_multibox'] == 1) { $detailButton->setType('multibox'); } $item->reloadbutton = $detailButton->getReload($item->catslug, $item->slug); $item->closebutton = $detailButton->getClose($item->catslug, $item->slug); $item->closetext = $detailButton->getCloseText($item->catslug, $item->slug); $item->nextbutton = $detailButton->getNext((int) $item->catid, (int) $item->id, (int) $item->ordering); $item->nextbuttonhref = $detailButton->getNext((int) $item->catid, (int) $item->id, (int) $item->ordering, 1); $item->prevbutton = $detailButton->getPrevious((int) $item->catid, (int) $item->id, (int) $item->ordering); $slideshowData = $detailButton->getJsSlideshow((int) $item->catid, (int) $item->id, (int) $var['slideshow'], $item->catslug, $item->slug); $item->slideshowbutton = $slideshowData['icons']; $item->slideshowfiles = $slideshowData['files']; $item->slideshow = $var['slideshow']; $item->download = $var['download']; // ALT VALUE $altValue = PhocaGalleryRenderFront::getAltValue($this->tmpl['altvalue'], $item->title, $item->description, $item->metadesc); $item->altvalue = $altValue; // Get file thumbnail or No Image $item->filenameno = $item->filename; $item->filename = PhocaGalleryFile::getTitleFromFile($item->filename, 1); $item->filesize = PhocaGalleryFile::getFileSize($item->filenameno); $realImageSize = ''; $extImage = PhocaGalleryImage::isExtImage($item->extid); if ($extImage) { $item->extl = $item->extl; $item->exto = $item->exto; $realImageSize = PhocaGalleryImage::getRealImageSize($item->extl, '', 1); $item->imagesize = PhocaGalleryImage::getImageSize($item->exto, 1, 1); if ($item->extw != '') { $extw = explode(',', $item->extw); $item->extw = $extw[0]; } $correctImageRes = PhocaGalleryPicasa::correctSizeWithRate($item->extw, $item->exth, $this->tmpl['picasa_correct_width_l'], $this->tmpl['picasa_correct_height_l']); $item->linkimage = JHtml::_('image', $item->extl, $item->altvalue, array('width' => $correctImageRes['width'], 'height' => $correctImageRes['height'], 'class' => 'pg-detail-image')); $item->realimagewidth = $correctImageRes['width']; $item->realimageheight = $correctImageRes['height']; } else { $item->linkthumbnailpath = PhocaGalleryImageFront::displayCategoryImageOrNoImage($item->filenameno, 'large'); $item->linkimage = JHtml::_('image', $item->linkthumbnailpath, $item->altvalue, array('class' => 'pg-detail-image')); $realImageSize = PhocaGalleryImage::getRealImageSize($item->filenameno); $item->imagesize = PhocaGalleryImage::getImageSize($item->filenameno, 1); if (isset($realImageSize['w']) && isset($realImageSize['h'])) { $item->realimagewidth = $realImageSize['w']; $item->realimageheight = $realImageSize['h']; } else { $item->realimagewidth = $this->tmpl['largewidth']; $item->realimageheight = $this->tmpl['largeheight']; } } // Add Statistics $model->hit(JRequest::getVar('id', '', '', 'int')); // R A T I N G // Only registered (VOTES + COMMENTS) $this->tmpl['notregisteredimg'] = true; $this->tmpl['usernameimg'] = ''; if ($access > 0) { $this->tmpl['notregisteredimg'] = false; $this->tmpl['usernameimg'] = $user->name; } // VOTES Statistics Img if ((int) $this->tmpl['displayratingimg'] == 1 || $this->tmpl['mb_rating']) { $this->tmpl['votescountimg'] = 0; $this->tmpl['votesaverageimg'] = 0; $this->tmpl['voteswidthimg'] = 0; $votesStatistics = PhocaGalleryRateImage::getVotesStatistics((int) $item->id); if (!empty($votesStatistics->count)) { $this->tmpl['votescountimg'] = $votesStatistics->count; } if (!empty($votesStatistics->average)) { $this->tmpl['votesaverageimg'] = $votesStatistics->average; if ($this->tmpl['votesaverageimg'] > 0) { $this->tmpl['votesaverageimg'] = round((double) $this->tmpl['votesaverageimg'] / 0.5) * 0.5; $this->tmpl['voteswidthimg'] = 22 * $this->tmpl['votesaverageimg']; } else { $this->tmpl['votesaverageimg'] = (int) 0; // not float displaying } } if ((int) $this->tmpl['votescountimg'] > 1) { $this->tmpl['votestextimg'] = 'COM_PHOCAGALLERY_VOTES'; } else { $this->tmpl['votestextimg'] = 'COM_PHOCAGALLERY_VOTE'; } // Already rated? $this->tmpl['alreadyratedimg'] = PhocaGalleryRateImage::checkUserVote((int) $item->id, (int) $user->id); } // Tags $this->tmpl['displaying_tags_output'] = ''; if ($this->tmpl['display_tags_links'] == 1 || $this->tmpl['display_tags_links'] == 3 || $this->tmpl['mb_tags']) { if ($this->tmpl['detailwindow'] == 7) { $this->tmpl['displaying_tags_output'] = PhocaGalleryTag::displayTags($item->id); } else { $this->tmpl['displaying_tags_output'] = PhocaGalleryTag::displayTags($item->id, 1); } } // Back button $this->tmpl['backbutton'] = ''; if ($this->tmpl['detailwindow'] == 7) { phocagalleryimport('phocagallery.image.image'); $formatIcon =& PhocaGalleryImage::getFormatIcon(); $this->tmpl['backbutton'] = '<div><a href="' . JRoute::_('index.php?option=com_phocagallery&view=category&id=' . $item->catslug . '&Itemid=' . JRequest::getVar('Itemid', 0, '', 'int')) . '"' . ' title="' . JText::_('COM_PHOCAGALLERY_BACK_TO_CATEGORY') . '">' . JHtml::_('image', 'components/com_phocagallery/assets/images/icon-up-images.' . $formatIcon, JText::_('COM_PHOCAGALLERY_BACK_TO_CATEGORY')) . '</a></div>'; } // ASIGN $this->assignRef('tmpl', $this->tmpl); $this->assignRef('item', $item); $this->_prepareDocument($item); if ($this->tmpl['enable_multibox'] == 1) { if ($item->download > 0) { if ($this->tmpl['displayicondownload'] == 2) { $backLink = 'index.php?option=com_phocagallery&view=category&id=' . $item->catslug . '&Itemid=' . JRequest::getVar('Itemid', 0, '', 'int'); phocagalleryimport('phocagallery.file.filedownload'); if (isset($item->exto) && $item->exto != '') { PhocaGalleryFileDownload::download($item, $backLink, 1); } else { PhocaGalleryFileDownload::download($item, $backLink); } exit; } else { parent::display('multibox'); //parent::display('download'); } } else { if (isset($item->videocode) && $item->videocode != '' && $item->videocode != '0') { $item->videocode = PhocaGalleryYoutube::displayVideo($item->videocode); } parent::display('multibox'); } } else { if (isset($item->videocode) && $item->videocode != '' && $item->videocode != '0') { $item->videocode = PhocaGalleryYoutube::displayVideo($item->videocode); if ($this->tmpl['detailwindow'] != 7 && $this->tmpl['ytb_display'] == 1) { $document->addCustomTag("<style type=\"text/css\"> \n" . " html, body, .contentpane, div#all, div#main, div#system-message-container {padding: 0px !important;margin: 0px !important;} \n" . " div#sbox-window {background-color:#fff;padding: 0px;margin: 0px;} \n" . " </style> \n"); } parent::display('video'); } else { parent::display('slideshowjs'); if ($item->slideshow == 1) { parent::display('slideshow'); } else { if ($item->download > 0) { if ($this->tmpl['displayicondownload'] == 2) { $backLink = 'index.php?option=com_phocagallery&view=category&id=' . $item->catslug . '&Itemid=' . JRequest::getVar('Itemid', 0, '', 'int'); phocagalleryimport('phocagallery.file.filedownload'); if (isset($item->exto) && $item->exto != '') { PhocaGalleryFileDownload::download($item, $backLink, 1); } else { PhocaGalleryFileDownload::download($item, $backLink); } exit; } else { parent::display('download'); } } else { parent::display($tpl); } } } } }
function _singleFileUploadAvatar(&$errUploadMsg, $file, &$redirectUrl) { $app = JFactory::getApplication(); JRequest::checkToken('request') or jexit('Invalid Token'); jimport('joomla.client.helper'); $ftp =& JClientHelper::setCredentialsFromRequest('ftp'); $path = PhocaGalleryPath::getPath(); $format = JRequest::getVar('format', 'html', '', 'cmd'); $return = JRequest::getVar('return-url', null, 'post', 'base64'); $viewBack = JRequest::getVar('viewback', '', '', ''); $view = JRequest::getVar('view', '', 'get', '', JREQUEST_NOTRIM); $paramsC = JComponentHelper::getParams('com_phocagallery'); $limitStartUrl = $this->getLimitStartUrl(0, 'subcat'); $return = JRoute::_($this->_url . $limitStartUrl->subcat . $limitStartUrl->image, false); $enableUploadAvatar = (int) $paramsC->get('enable_upload_avatar', 1); if ($enableUploadAvatar != 1) { $errUploadMsg = JText::_('COM_PHOCAGALLERY_NOT_ABLE_UPLOAD_AVATAR'); $redirectUrl = $return; return false; } if (isset($file['name'])) { $fileAvatar = md5(uniqid(time())) . '.' . JFile::getExt($file['name']); $filepath = JPath::clean($path->avatar_abs . DS . $fileAvatar); if (!PhocaGalleryFileUpload::canUpload($file, $errUploadMsg)) { if ($errUploadMsg == 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE') { $errUploadMsg = JText::_($errUploadMsg) . ' (' . PhocaGalleryFile::getFileSizeReadable($file['size']) . ')'; } else { if ($errUploadMsg == 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGERESOLUTION') { $imgSize = PhocaGalleryImage::getImageSize($file['tmp_name']); $errUploadMsg = JText::_($errUploadMsg) . ' (' . (int) $imgSize[0] . ' x ' . (int) $imgSize[1] . ' px)'; } else { $errUploadMsg = JText::_($errUploadMsg); } } $redirectUrl = $return; return false; } if (!JFile::upload($file['tmp_name'], $filepath)) { $errUploadMsg = JText::_('COM_PHOCAGALLERY_FILE_UNABLE_UPLOAD'); $redirectUrl = $return; return false; } else { $redirectUrl = $return; //Create thumbnail small, medium, large (Delete previous before) PhocaGalleryFileThumbnail::deleteFileThumbnail('avatars/' . $fileAvatar, 1, 1, 1); $returnFrontMessage = PhocaGalleryFileThumbnail::getOrCreateThumbnail('avatars/' . $fileAvatar, $return, 1, 1, 1, 1); if ($returnFrontMessage != 'Success') { $errUploadMsg = JText::_('COM_PHOCAGALLERY_THUMBNAIL_AVATAR_NOT_CREATED'); return false; } // Saving file name into database with relative path $succeeded = false; PhocaGalleryControllerUser::saveUser($fileAvatar, $succeeded, $errUploadMsg); $redirectUrl = $return; return $succeeded; } } else { $errUploadMsg = JText::_('COM_PHOCAGALLERY_WARNING_FILETYPE'); $redirectUrl = $return; return false; } return false; }
/** * can Upload * * @param array $file * @param string $errorUploadMsg * @param int $frontEnd - if it is called from frontend or backend (1 - category view, 2 user control panel) * @param boolean $chunkMethod - if chunk method is used (multiple upload) then there are special rules * @param string $realSize - if chunk method is used we get info about real size of file (not only the part) * @return boolean True on success * @since 1.5 */ public static function canUpload($file, &$errUploadMsg, $frontEnd = 0, $chunkEnabled = 0, $realSize = 0) { $params = JComponentHelper::getParams('com_phocagallery'); $paramsL = array(); $paramsL['upload_extensions'] = 'gif,jpg,png,jpeg'; $paramsL['image_extensions'] = 'gif,jpg,png,jpeg'; $paramsL['upload_mime'] = 'image/jpeg,image/gif,image/png'; $paramsL['upload_mime_illegal'] = 'application/x-shockwave-flash,application/msword,application/excel,application/pdf,application/powerpoint,text/plain,application/x-zip,text/html'; // The file doesn't exist if (empty($file['name'])) { $errUploadMsg = 'COM_PHOCAGALLERY_ERROR_UNABLE_TO_UPLOAD_FILE'; return false; } // Not safe file jimport('joomla.filesystem.file'); if ($file['name'] !== JFile::makesafe($file['name'])) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILENAME'; return false; } $format = strtolower(JFile::getExt($file['name'])); // Allowable extension $allowable = explode(',', $paramsL['upload_extensions']); if ($format == '' || $format == false || !in_array($format, $allowable)) { //if (!in_array($format, $allowable)) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILETYPE'; return false; } // 'COM_PHOCAGALLERY_MAX_RESOLUTION' $imgSize = PhocaGalleryImage::getImageSize($file['tmp_name']); $maxResWidth = $params->get('upload_maxres_width', 3072); $maxResHeight = $params->get('upload_maxres_height', 2304); if ((int) $maxResWidth > 0 && (int) $maxResHeight > 0 && ((int) $imgSize[0] > (int) $maxResWidth || (int) $imgSize[1] > (int) $maxResHeight)) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE_RESOLUTION'; return false; } // User (only in ucp) - Check the size of all images by users if ($frontEnd == 2) { $user = JFactory::getUser(); $maxUserImageSize = (int) $params->get('user_images_max_size', 20971520); if ($chunkEnabled == 1) { $fileSize = $realSize; } else { $fileSize = $file['size']; } $allFileSize = PhocaGalleryFileUploadFront::getSizeAllOriginalImages($fileSize, $user->id); if ((int) $maxUserImageSize > 0 && (int) $allFileSize > $maxUserImageSize) { $errUploadMsg = JText::_('COM_PHOCAGALLERY_WARNING_USERIMAGES_TOOLARGE'); return false; } } // Max size of image // If chunk method is used, we need to get computed size $maxSize = $params->get('upload_maxsize', 3145728); if ($chunkEnabled == 1) { if ((int) $maxSize > 0 && (int) $realSize > (int) $maxSize) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE'; return false; } } else { if ((int) $maxSize > 0 && (int) $file['size'] > (int) $maxSize) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_FILE_TOOLARGE'; return false; } } $user = JFactory::getUser(); $imginfo = null; // Image check $images = explode(',', $paramsL['image_extensions']); if (in_array($format, $images)) { // if its an image run it through getimagesize if ($chunkEnabled != 1) { if (($imginfo = getimagesize($file['tmp_name'])) === FALSE) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDIMG'; return false; } } } else { if (!in_array($format, $images)) { // if its not an image...and we're not ignoring it $allowed_mime = explode(',', $paramsL['upload_mime']); $illegal_mime = explode(',', $paramsL['upload_mime_illegal']); if (function_exists('finfo_open')) { // We have fileinfo $finfo = finfo_open(FILEINFO_MIME); $type = finfo_file($finfo, $file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDMIME'; return false; } finfo_close($finfo); } else { if (function_exists('mime_content_type')) { // we have mime magic $type = mime_content_type($file['tmp_name']); if (strlen($type) && !in_array($type, $allowed_mime) && in_array($type, $illegal_mime)) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_INVALIDMIME'; return false; } } } /* else if(!$user->authorize( 'login', 'administrator' )) { $errUploadMsg = = 'WARNNOTADMIN'; return false; }*/ } } // XSS Check $xss_check = JFile::read($file['tmp_name'], false, 256); $html_tags = array('abbr', 'acronym', 'address', 'applet', 'area', 'audioscope', 'base', 'basefont', 'bdo', 'bgsound', 'big', 'blackface', 'blink', 'blockquote', 'body', 'bq', 'br', 'button', 'caption', 'center', 'cite', 'code', 'col', 'colgroup', 'comment', 'custom', 'dd', 'del', 'dfn', 'dir', 'div', 'dl', 'dt', 'em', 'embed', 'fieldset', 'fn', 'font', 'form', 'frame', 'frameset', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'head', 'hr', 'html', 'iframe', 'ilayer', 'img', 'input', 'ins', 'isindex', 'keygen', 'kbd', 'label', 'layer', 'legend', 'li', 'limittext', 'link', 'listing', 'map', 'marquee', 'menu', 'meta', 'multicol', 'nobr', 'noembed', 'noframes', 'noscript', 'nosmartquotes', 'object', 'ol', 'optgroup', 'option', 'param', 'plaintext', 'pre', 'rt', 'ruby', 's', 'samp', 'script', 'select', 'server', 'shadow', 'sidebar', 'small', 'spacer', 'span', 'strike', 'strong', 'style', 'sub', 'sup', 'table', 'tbody', 'td', 'textarea', 'tfoot', 'th', 'thead', 'title', 'tr', 'tt', 'ul', 'var', 'wbr', 'xml', 'xmp', '!DOCTYPE', '!--'); foreach ($html_tags as $tag) { // A tag is '<tagname ', so we need to add < and a space or '<tagname>' if (stristr($xss_check, '<' . $tag . ' ') || stristr($xss_check, '<' . $tag . '>')) { $errUploadMsg = 'COM_PHOCAGALLERY_WARNING_IEXSS'; return false; } } return true; }
function display($tpl = null) { $app = JFactory::getApplication(); $document = JFactory::getDocument(); $this->params = $app->getParams(); $user = JFactory::getUser(); $uri = JFactory::getURI(); $this->itemId = $app->input->get('Itemid', 0, 'int'); $neededAccessLevels = PhocaGalleryAccess::getNeededAccessLevels(); $access = PhocaGalleryAccess::isAccess($user->getAuthorisedViewLevels(), $neededAccessLevels); // PLUGIN WINDOW - we get information from plugin $get = ''; $get['comment'] = $app->input->get('comment', '', 'string'); $this->tmpl['id'] = $app->input->get('id', 0, 'int'); $this->tmpl['catid'] = $app->input->get('catid', '', 'string'); $this->tmpl['maxcommentchar'] = $this->params->get('max_comment_char', 1000); $this->tmpl['displaycommentimg'] = $this->params->get('display_comment_img', 0); $this->tmpl['detailwindowbackgroundcolor'] = $this->params->get('detail_window_background_color', '#ffffff'); $this->tmpl['commentwidth'] = $this->params->get('comment_width', 500); $this->tmpl['enable_multibox'] = $this->params->get('enable_multibox', 0); $this->tmpl['multibox_comments_width'] = $this->params->get('multibox_comments_width', 300); $this->tmpl['externalcommentsystem'] = $this->params->get('external_comment_system', 0); $this->tmpl['gallerymetakey'] = $this->params->get('gallery_metakey', ''); $this->tmpl['gallerymetadesc'] = $this->params->get('gallery_metadesc', ''); $this->tmpl['altvalue'] = $this->params->get('alt_value', 1); $this->tmpl['largewidth'] = $this->params->get('large_image_width', 640); $this->tmpl['largeheight'] = $this->params->get('large_image_height', 480); $this->tmpl['picasa_correct_width_l'] = (int) $this->params->get('large_image_width', 640); $this->tmpl['picasa_correct_height_l'] = (int) $this->params->get('large_image_height', 480); $paramsFb = PhocaGalleryFbSystem::getCommentsParams($this->params->get('fb_comment_user_id', '')); // Facebook $this->tmpl['fb_comment_app_id'] = isset($paramsFb['fb_comment_app_id']) ? $paramsFb['fb_comment_app_id'] : ''; $this->tmpl['fb_comment_width'] = isset($paramsFb['fb_comment_width']) ? $paramsFb['fb_comment_width'] : 550; $this->tmpl['fb_comment_lang'] = isset($paramsFb['fb_comment_lang']) ? $paramsFb['fb_comment_lang'] : 'en_US'; $this->tmpl['fb_comment_count'] = isset($paramsFb['fb_comment_count']) ? $paramsFb['fb_comment_count'] : ''; $this->tmpl['display_comment_nopup'] = $this->params->get('display_comment_nopup', 0); $this->tmpl['enablecustomcss'] = $this->params->get('enable_custom_css', 0); $this->tmpl['customcss'] = $this->params->get('custom_css', ''); // Multibox if ($this->tmpl['enable_multibox'] == 1) { $this->tmpl['commentwidth'] = (int) $this->tmpl['multibox_comments_width'] - 70; //padding - margin } $get['commentsi'] = $app->input->get('commentsi', '', 'int'); $this->tmpl['enable_multibox_iframe'] = 0; if ($get['commentsi'] == 1) { // Seems we are in iframe $this->tmpl['enable_multibox_iframe'] = 1; } // CSS PhocaGalleryRenderFront::renderAllCSS(); if ($this->tmpl['gallerymetakey'] != '') { $document->setMetaData('keywords', $this->tmpl['gallerymetakey']); } if ($this->tmpl['gallerymetadesc'] != '') { $document->setMetaData('description', $this->tmpl['gallerymetadesc']); } // PARAMS - Open window parameters - modal popup box or standard popup window $detail_window = $this->params->get('detail_window', 0); // Plugin information if (isset($get['comment']) && $get['comment'] != '') { $detail_window = $get['comment']; } // Only registered (VOTES + COMMENTS) $this->tmpl['not_registered'] = true; $this->tmpl['name'] = ''; if ($access) { $this->tmpl['not_registered'] = false; $this->tmpl['name'] = $user->name; } $document->addScript(JURI::base(true) . '/media/com_phocagallery/js/comments.js'); $document->addCustomTag(PhocaGalleryRenderFront::renderCommentJS((int) $this->tmpl['maxcommentchar'])); $this->tmpl['already_commented'] = PhocaGalleryCommentImage::checkUserComment((int) $this->tmpl['id'], (int) $user->id); $commentItem = PhocaGalleryCommentImage::displayComment((int) $this->tmpl['id']); // PARAMS - Display Description in Detail window - set the font color $this->tmpl['detailwindowbackgroundcolor'] = $this->params->get('detail_window_background_color', '#ffffff'); $this->tmpl['detailwindow'] = $this->params->get('detail_window', 0); $description_lightbox_font_color = $this->params->get('description_lightbox_font_color', '#ffffff'); $description_lightbox_bg_color = $this->params->get('description_lightbox_bg_color', '#000000'); $description_lightbox_font_size = $this->params->get('description_lightbox_font_size', 12); // NO SCROLLBAR IN DETAIL WINDOW $document->addCustomTag("<style type=\"text/css\"> \n" . " html,body, .contentpane{background:" . $this->tmpl['detailwindowbackgroundcolor'] . ";text-align:left;} \n" . " center, table {background:" . $this->tmpl['detailwindowbackgroundcolor'] . ";} \n" . " #sbox-window {background-color:#fff;padding:5px} \n" . " </style> \n"); $model = $this->getModel(); $item = $model->getData(); $this->tmpl['imgtitle'] = $item->title; // Back button $this->tmpl['backbutton'] = ''; if ($this->tmpl['detailwindow'] == 7 || $this->tmpl['display_comment_nopup']) { // Display Image // Access check - don't display the image if you have no access to this image (if user add own url) // USER RIGHT - ACCESS - - - - - - - - - - $rightDisplay = 0; if (!empty($item)) { $rightDisplay = PhocaGalleryAccess::getUserRight('accessuserid', $item->cataccessuserid, $item->cataccess, $user->getAuthorisedViewLevels(), $user->get('id', 0), 0); } if ($rightDisplay == 0) { $this->tmpl['pl'] = 'index.php?option=com_users&view=login&return=' . base64_encode($uri->toString()); $app->redirect(JRoute::_($this->tmpl['pl'], false), JText::_('COM_PHOCAGALLERY_NOT_AUTHORISED_ACTION')); exit; } // - - - - - - - - - - - - - - - - - - - - phocagalleryimport('phocagallery.image.image'); $this->tmpl['backbutton'] = '<div><a href="' . JRoute::_('index.php?option=com_phocagallery&view=category&id=' . $this->tmpl['catid'] . '&Itemid=' . $this->itemId) . '"' . ' title="' . JText::_('COM_PHOCAGALLERY_BACK_TO_CATEGORY') . '">' . JHtml::_('image', 'media/com_phocagallery/images/icon-up-images.png', JText::_('COM_PHOCAGALLERY_BACK_TO_CATEGORY')) . '</a></div>'; // Get file thumbnail or No Image $item->filenameno = $item->filename; $item->filename = PhocaGalleryFile::getTitleFromFile($item->filename, 1); $item->filesize = PhocaGalleryFile::getFileSize($item->filenameno); $altValue = PhocaGalleryRenderFront::getAltValue($this->tmpl['altvalue'], $item->title, $item->description, $item->metadesc); $item->altvalue = $altValue; $realImageSize = ''; $extImage = PhocaGalleryImage::isExtImage($item->extid); if ($extImage) { $item->extl = $item->extl; $item->exto = $item->exto; $realImageSize = PhocaGalleryImage::getRealImageSize($item->extl, '', 1); $item->imagesize = PhocaGalleryImage::getImageSize($item->exto, 1, 1); if ($item->extw != '') { $extw = explode(',', $item->extw); $item->extw = $extw[0]; } $correctImageRes = PhocaGalleryPicasa::correctSizeWithRate($item->extw, $item->exth, $this->tmpl['picasa_correct_width_l'], $this->tmpl['picasa_correct_height_l']); $item->linkimage = JHtml::_('image', $item->extl, $item->altvalue, array('width' => $correctImageRes['width'], 'height' => $correctImageRes['height'])); $item->realimagewidth = $correctImageRes['width']; $item->realimageheight = $correctImageRes['height']; } else { $item->linkthumbnailpath = PhocaGalleryImageFront::displayCategoryImageOrNoImage($item->filenameno, 'large'); $item->linkimage = JHtml::_('image', $item->linkthumbnailpath, $item->altvalue); $realImageSize = PhocaGalleryImage::getRealImageSize($item->filenameno); $item->imagesize = PhocaGalleryImage::getImageSize($item->filenameno, 1); if (isset($realImageSize['w']) && isset($realImageSize['h'])) { $item->realimagewidth = $realImageSize['w']; $item->realimageheight = $realImageSize['h']; } else { $item->realimagewidth = $this->tmpl['largewidth']; $item->realimageheight = $this->tmpl['largeheight']; } } $this->assignRef('item', $item); } // ACTION $this->assignRef('item', $item); $this->tmpl['action'] = $uri->toString(); $this->assignRef('commentitem', $commentItem); $this->_prepareDocument($item); parent::display($tpl); }