}
if ($view && in_array($moduleName . '/' . $view, $policyAccessList)) {
return true;
}
}
return false;
}
// look for module and view info in uri parameters
if (!isset($uriParams[1])) {
exitWithInternalError("Did not find module info in url.");
return;
}
// find module
$uri = eZURI::instance(eZSys::requestURI());
$moduleName = $uri->element();
$module = eZModule::findModule($moduleName);
if (!$module instanceof eZModule) {
exitWithInternalError("'{$moduleName}' module does not exist, or is not a valid module.");
return;
}
// check existance of view
$viewName = $uri->element(1);
$moduleViews = $module->attribute('views');
if (!isset($moduleViews[$viewName])) {
exitWithInternalError("'{$viewName}' view does not exist on the current module.");
return;
}
// Check if module / view is disabled
$moduleCheck = eZModule::accessAllowed($uri);
if (!$moduleCheck['result']) {
exitWithInternalError('$moduleName/$viewName is disabled.');
}
// Redirect to request URI if it is set, if not view the new object in main node
if ( $upload->attribute( 'result_uri' ) )
{
$uri = $upload->attribute( 'result_uri' );
return $module->redirectTo( $uri );
}
else if ( $upload->attribute( 'result_module' ) )
{
$data = $upload->attribute( 'result_module' );
$moduleName = $data[0];
$view = $data[1];
$parameters = isset( $data[2] ) ? $data[2] : array();
$userParameters = isset( $data[3] ) ? $data[3] : array();
$resultModule = eZModule::findModule( $moduleName, $module );
$resultModule->setCurrentAction( $upload->attribute( 'result_action_name' ), $view );
$actionParameters = false;
if ( $upload->hasAttribute( 'result_action_parameters' ) )
{
$actionParameters = $upload->attribute( 'result_action_parameters' );
}
if ( $actionParameters )
{
foreach ( $actionParameters as $actionParameterName => $actionParameter )
{
$resultModule->setActionParameter( $actionParameterName, $actionParameter, $view );
}
}
return $resultModule->run( $view, $parameters, false, $userParameters );
/**
* Test regression for issue #14371 in a module/view context:
* Workflow template repeat broken by security patch.
*
* Test Outline
* ------------
* 1. Setup a workflow that features a custom workflow event that expects a
* value to be submitted before
* 2. Create & publish an article
* 3. Add a global POST variable that would be sent interactively from POST
* 4. Publish again with this variable
*
* @result: Redirection to content/history
* @expected: The object gets published without being redirected
* @link http://issues.ez.no/14371
*/
public function testEditAfterFetchTemplateRepeatOperation()
{
// first, we need to create an appropriate test workflow
$adminUser = eZUser::fetchByName('admin');
$adminUserID = $adminUser->attribute('contentobject_id');
// Create approval workflow and set up pre publish trigger
$this->workflow = $this->createWorkFlow($adminUserID);
$this->trigger = $this->createTrigger($this->workflow->attribute('id'));
// Log in as a user who's allowed to publish content
$this->currentUser = eZUser::currentUser();
eZUser::setCurrentlyLoggedInUser($adminUser, $adminUserID);
// required to avoid a notice
$GLOBALS['eZSiteBasics']['user-object-required'] = false;
$contentModule = eZModule::findModule('content');
$adminUserID = eZUser::fetchByName('admin')->attribute('contentobject_id');
// STEP 1: Create an article
// This should start the publishing process, and interrupt it because
// of the fetch template repeat workflow (expected)
$article = new ezpObject("article", 2, $adminUserID);
$article->name = "Article (with interactive workflow) for issue/regression #14371";
$objectID = $article->publish();
$version = eZContentObjectVersion::fetchVersion(1, $objectID);
// STEP 2: Add the POST variables that will allow the operation to continue
$_POST['CompletePublishing'] = 1;
// STEP 3: run content/edit again in order to simulate a POST from the custom TPL
$operationResult = eZOperationHandler::execute('content', 'publish', array('object_id' => $objectID, 'version' => 1));
$this->assertInternalType('array', $operationResult);
$this->assertEquals($operationResult['status'], eZModuleOperationInfo::STATUS_CONTINUE, "The operation result wasn't CONTINUE");
$this->removeWorkflow($this->workflow);
// Log in as whoever was logged in
eZUser::setCurrentlyLoggedInUser($this->currentUser, $this->currentUser->attribute('id'));
}
/**
* Loads a module object by name
*
* @param string $moduleName The name of the module to find (ex: content)
* @param array|string
* Either an array of path or a single path string. These will be
* used as additionnal locations that will be looked into
* @param boolean $showError
* If true an error will be shown if the module it not found.
* @return eZModule The eZModule object, or null if the module wasn't found
* @see findModule()
*/
static function exists($moduleName, $pathList = null, $showError = false)
{
$module = null;
return eZModule::findModule($moduleName, $module, $pathList, $showError);
}
$dataMap = $node->attribute('data_map');
$query = $dataMap['solr_filter']->attribute('content');
$tpl->setVariable('query', $query);
$content = $tpl->fetch('design:modules/mugo_bootstrap_admin/treemenu_search.tpl');
}
break;
// including type 'node_id'
// including type 'node_id'
default:
// special case for setup node
if ($value == 48) {
$data = [];
$moduleIni = eZINI::instance('module.ini');
$moduleNames = $moduleIni->variable('ModuleSettings', 'ModuleList');
foreach ($moduleNames as $identifier) {
$module = eZModule::findModule($identifier);
// if module does not have a name
$name = $module->Module['name'] ? $module->Module['name'] : $identifier;
$data[$name] = array('title' => $name, 'key' => $identifier, 'folder' => true, 'lazy' => true, 'icon' => 'glyphicon icon-default', 'type' => 'view');
}
ksort($data, SORT_STRING);
// remove keys
foreach ($data as $entry) {
$cleanData[] = $entry;
}
$content = json_encode($cleanData);
} else {
$data = array();
$parentNodeId = (int) $value;
$parentNode = eZContentObjectTreeNode::fetch($parentNodeId);
$params = array('parent_node_id' => $parentNodeId, 'limit' => 200, 'sort_by' => $parentNode->attribute('sort_array'));