function publishHandlerObject($element, &$params) { $ret = null; $objectID = $element->getAttribute('id'); // protection from self-embedding if ($objectID == $this->contentObjectID) { $this->isInputValid = false; $this->Messages[] = ezpI18n::tr('kernel/classes/datatypes', 'Object %1 can not be embeded to itself.', false, array($objectID)); return $ret; } if (!in_array($objectID, $this->relatedObjectIDArray)) { $this->relatedObjectIDArray[] = $objectID; } // If there are any image object with links. $href = $element->getAttributeNS($this->Namespaces['image'], 'ezurl_href'); //washing href. single and double quotes inside url replaced with their urlencoded form $href = str_replace(array('\'', '"'), array('%27', '%22'), $href); $urlID = $element->getAttributeNS($this->Namespaces['image'], 'ezurl_id'); if ($href != null) { $urlID = eZURL::registerURL($href); $element->setAttributeNS($this->Namespaces['image'], 'image:ezurl_id', $urlID); $element->removeAttributeNS($this->Namespaces['image'], 'ezurl_href'); } if ($urlID != null) { $this->urlIDArray[] = $urlID; } $this->convertCustomAttributes($element); return $ret; }
function modify($tpl, $operatorName, $operatorParameters, $rootNamespace, $currentNamespace, &$operatorValue, $namedParameters) { switch ($operatorName) { case $this->ININameHasVariable: case $this->ININame: if (count($operatorParameters) > 0) { $iniGroup = $tpl->elementValue($operatorParameters[0], $rootNamespace, $currentNamespace); if (count($operatorParameters) == 1) { $tpl->error($operatorName, "Missing variable name parameter"); return; } $iniVariable = $tpl->elementValue($operatorParameters[1], $rootNamespace, $currentNamespace); $iniName = isset($operatorParameters[2]) ? $tpl->elementValue($operatorParameters[2], $rootNamespace, $currentNamespace) : false; $iniPath = isset($operatorParameters[3]) ? $tpl->elementValue($operatorParameters[3], $rootNamespace, $currentNamespace) : false; // If we should check for existence of variable. // You can use like: // ezini( <BlockName>, <SettingName>, <FileName>, <IniPath>, _use under template compiling mode_ , <Should We Check for existence: 'hasVariable' or true()> ) // ezini_hasvariable( <BlockName>, <SettingName>, <FileName>, <IniPath>... ) if ($operatorName == $this->ININameHasVariable) { $checkExistence = true; } else { $checkExistence = isset($operatorParameters[5]) ? ($tpl->elementValue($operatorParameters[5], $rootNamespace, $currentNamespace) === true or $tpl->elementValue($operatorParameters[5], $rootNamespace, $currentNamespace) == 'hasVariable') ? true : false : false; } if ($iniPath !== false) { $ini = eZINI::instance($iniName, $iniPath, null, null, null, true); } elseif ($iniName !== false) { $ini = eZINI::instance($iniName); } else { $ini = eZINI::instance(); } if ($ini->hasVariable($iniGroup, $iniVariable)) { $operatorValue = !$checkExistence ? $ini->variable($iniGroup, $iniVariable) : true; } else { if ($checkExistence) { $operatorValue = false; return; } if ($iniPath !== false) { // Return empty string instead of displaying error when using 'path' parameter // and DirectAccess mode for ezini. $operatorValue = ''; } else { if ($iniName === false) { $iniName = 'site.ini'; } $tpl->error($operatorName, "!!!No such variable '{$iniVariable}' in group '{$iniGroup}' for {$iniName}"); } } return; } else { $tpl->error($operatorName, "Missing group name parameter"); } break; case $this->HTTPNameHasVariable: case $this->HTTPName: $http = eZHTTPTool::instance(); if (count($operatorParameters) > 0) { $httpType = eZURLOperator::HTTP_OPERATOR_TYPE_POST; $httpName = $tpl->elementValue($operatorParameters[0], $rootNamespace, $currentNamespace); if (count($operatorParameters) > 1) { $httpTypeName = strtolower($tpl->elementValue($operatorParameters[1], $rootNamespace, $currentNamespace)); if ($httpTypeName == 'post') { $httpType = eZURLOperator::HTTP_OPERATOR_TYPE_POST; } else { if ($httpTypeName == 'get') { $httpType = eZURLOperator::HTTP_OPERATOR_TYPE_GET; } else { if ($httpTypeName == 'session') { $httpType = eZURLOperator::HTTP_OPERATOR_TYPE_SESSION; } else { if ($httpTypeName == 'cookie') { $httpType = eZURLOperator::HTTP_OPERATOR_TYPE_COOKIE; } else { $tpl->warning($operatorName, "Unknown http type '{$httpTypeName}'"); } } } } } // If we should check for existence of http variable // You can use like: // ezhttp( <Variable>, <Method: post, get, session>, <Should We Check for existence: 'hasVariable' or true()> ) // ezhttp_hasvariable( <Variable>, <Method> ) if ($operatorName == $this->HTTPNameHasVariable) { $checkExistence = true; } else { $checkExistence = isset($operatorParameters[2]) ? ($tpl->elementValue($operatorParameters[2], $rootNamespace, $currentNamespace) === true or $tpl->elementValue($operatorParameters[2], $rootNamespace, $currentNamespace) == 'hasVariable') ? true : false : false; } switch ($httpType) { case eZURLOperator::HTTP_OPERATOR_TYPE_POST: if ($http->hasPostVariable($httpName)) { $operatorValue = !$checkExistence ? $http->postVariable($httpName) : true; } else { // If only check for existence - return false if ($checkExistence) { $operatorValue = false; return; } $tpl->error($operatorName, "Unknown post variable '{$httpName}'"); } break; case eZURLOperator::HTTP_OPERATOR_TYPE_GET: if ($http->hasGetVariable($httpName)) { $operatorValue = !$checkExistence ? $http->getVariable($httpName) : true; } else { if ($checkExistence) { $operatorValue = false; return; } $tpl->error($operatorName, "Unknown get variable '{$httpName}'"); } break; case eZURLOperator::HTTP_OPERATOR_TYPE_SESSION: if ($http->hasSessionVariable($httpName)) { $operatorValue = !$checkExistence ? $http->sessionVariable($httpName) : true; } else { if ($checkExistence) { $operatorValue = false; return; } $tpl->error($operatorName, "Unknown session variable '{$httpName}'"); } break; case eZURLOperator::HTTP_OPERATOR_TYPE_COOKIE: if (array_key_exists($httpName, $_COOKIE)) { $operatorValue = !$checkExistence ? $_COOKIE[$httpName] : true; } else { if ($checkExistence) { $operatorValue = false; return; } $tpl->error($operatorName, "Unknown cookie variable '{$httpName}'"); } break; } } else { $operatorValue = $http; } return; break; case $this->URLName: eZURI::transformURI($operatorValue, false, $namedParameters['server_url']); break; case $this->URLRootName: if (preg_match("#^[a-zA-Z0-9]+:#", $operatorValue) or substr($operatorValue, 0, 2) == '//') { break; } if (strlen($operatorValue) > 0 and $operatorValue[0] != '/') { $operatorValue = '/' . $operatorValue; } // Same as "ezurl" without "index.php" and the siteaccess name in the returned address. eZURI::transformURI($operatorValue, true, $namedParameters['server_url']); break; case $this->SysName: if (count($operatorParameters) == 0) { $tpl->warning('eZURLOperator' . $operatorName, 'Requires attributename'); } else { $sysAttribute = $tpl->elementValue($operatorParameters[0], $rootNamespace, $currentNamespace); if (!$this->Sys->hasAttribute($sysAttribute)) { $tpl->warning('eZURLOperator' . $operatorName, "No such attribute '{$sysAttribute}' for eZSys"); } else { $operatorValue = $this->Sys->attribute($sysAttribute); } } return; break; case $this->ImageName: if (count($operatorParameters) == 2 && $tpl->elementValue($operatorParameters[1], $rootNamespace, $currentNamespace) == true && strlen($this->Sys->wwwDir()) == 0) { $skipSlash = true; } else { $skipSlash = false; } $operatorValue = $this->eZImage($tpl, $operatorValue, $operatorName, $skipSlash); break; case $this->ExtName: $urlMD5 = md5($operatorValue); $url = eZURL::urlByMD5($urlMD5); if ($url === false) { eZURL::registerURL($operatorValue); } else { $operatorValue = $url; } break; case $this->DesignName: $operatorValue = $this->eZDesign($tpl, $operatorValue, $operatorName); break; } $quote = "\""; $val = $namedParameters['quote_val']; if ($val == 'single') { $quote = "'"; } else { if ($val == 'no') { $quote = false; } } $http = eZHTTPTool::instance(); if (isset($http->UseFullUrl) and $http->UseFullUrl and strncasecmp($operatorValue, '/', 1) === 0) { $operatorValue = $http->createRedirectUrl($operatorValue, array('pre_url' => false)); } if ($quote !== false) { $operatorValue = $quote . $operatorValue . $quote; } }
function unserializeContentObjectAttribute($package, $objectAttribute, $attributeNode) { $urlNode = $attributeNode->getElementsByTagName('url')->item(0); if (is_object($urlNode)) { unset($url); $url = urldecode($urlNode->textContent); $urlID = eZURL::registerURL($url); if ($urlID) { $urlObject = eZURL::fetch($urlID); $urlObject->setAttribute('original_url_md5', $urlNode->getAttribute('original-url-md5')); $urlObject->setAttribute('is_valid', $urlNode->getAttribute('is-valid')); $urlObject->setAttribute('last_checked', $urlNode->getAttribute('last-checked')); $urlObject->setAttribute('created', time()); $urlObject->setAttribute('modified', time()); $urlObject->store(); $objectAttribute->setAttribute('data_int', $urlID); } } $textNode = $attributeNode->getElementsByTagName('text')->item(0); if ($textNode) { $objectAttribute->setAttribute('data_text', $textNode->textContent); } }
/** * publishHandlerLink (Publish handler, pass 2 after schema validation) * Publish handler for link element, converts href to [object|node|link]_id. * * @param DOMElement $element * @param array $param parameters for xml element * @return null|array changes structure if it contains 'result' key */ function publishHandlerLink($element, &$params) { $ret = null; $href = $element->getAttribute('href'); if ($href) { $objectID = false; if (strpos($href, 'ezobject') === 0 && preg_match("@^ezobject://([0-9]+)/?(#.+)?@i", $href, $matches)) { $objectID = $matches[1]; if (isset($matches[2])) { $anchorName = substr($matches[2], 1); } $element->setAttribute('object_id', $objectID); if (!eZContentObject::exists($objectID)) { $this->Messages[] = ezpI18n::tr('design/standard/ezoe/handler', 'Object %1 does not exist.', false, array($objectID)); } } elseif (strpos($href, 'eznode') === 0 && preg_match("@^eznode://([^#]+)(#.+)?@i", $href, $matches)) { $nodePath = trim($matches[1], '/'); if (isset($matches[2])) { $anchorName = substr($matches[2], 1); } if (is_numeric($nodePath)) { $nodeID = $nodePath; $node = eZContentObjectTreeNode::fetch($nodeID); if (!$node instanceof eZContentObjectTreeNode) { $this->Messages[] = ezpI18n::tr('design/standard/ezoe/handler', 'Node %1 does not exist.', false, array($nodeID)); } } else { $node = eZContentObjectTreeNode::fetchByURLPath($nodePath); if (!$node instanceof eZContentObjectTreeNode) { $this->Messages[] = ezpI18n::tr('design/standard/ezoe/handler', 'Node '%1' does not exist.', false, array($nodePath)); } else { $nodeID = $node->attribute('node_id'); } $element->setAttribute('show_path', 'true'); } if (isset($nodeID) && $nodeID) { $element->setAttribute('node_id', $nodeID); } if (isset($node) && $node instanceof eZContentObjectTreeNode) { $objectID = $node->attribute('contentobject_id'); } } elseif (strpos($href, '#') === 0) { $anchorName = substr($href, 1); } else { $temp = explode('#', $href); $url = $temp[0]; if (isset($temp[1])) { $anchorName = $temp[1]; } if ($url) { // Protection from XSS attack if (preg_match("/^(java|vb)script:.*/i", $url)) { $this->isInputValid = false; $this->Messages[] = "Using scripts in links is not allowed, '{$url}' has been removed"; $element->removeAttribute('href'); return $ret; } // Check mail address validity following RFC 5322 and RFC 5321 if (preg_match("/^mailto:([^.][a-z0-9!#\$%&'*+-\\/=?`{|}~^]+@([a-z0-9.-]+))/i", $url, $mailAddr)) { if (!eZMail::validate($mailAddr[1])) { $this->isInputValid = false; if ($this->errorLevel >= 0) { $this->Messages[] = ezpI18n::tr('kernel/classes/datatypes/ezxmltext', "Invalid e-mail address: '%1'", false, array($mailAddr[1])); } $element->removeAttribute('href'); return $ret; } } // Store urlID instead of href $url = str_replace(array('&', '%28', '%29'), array('&', '(', ')'), $url); $urlID = eZURL::registerURL($url); if ($urlID) { if (!in_array($urlID, $this->urlIDArray)) { $this->urlIDArray[] = $urlID; } $element->setAttribute('url_id', $urlID); } } } if ($objectID && !in_array($objectID, $this->linkedObjectIDArray)) { $this->linkedObjectIDArray[] = $objectID; } if (isset($anchorName) && $anchorName) { $element->setAttribute('anchor_name', $anchorName); } } return $ret; }
/** * Test scenario for issue #018211: URL datatype is not case sensitive * * @link http://issues.ez.no/18211 * @group issue18211 */ public function testUrlCaseSensitivity() { $url = 'http://ez.no/EZPUBLISH'; $urlId = eZURL::registerURL($url); $urlObject = eZURL::fetch($urlId); self::assertEquals($url, $urlObject->attribute('url')); unset($urlId, $urlObject); $url2 = 'http://ez.no/ezpublish'; $url2Id = eZURL::registerURL($url2); $url2Object = eZURL::fetch($url2Id); self::assertEquals($url2, $url2Object->attribute('url')); self::assertEquals(md5($url2), $url2Object->attribute('original_url_md5')); unset($url2Id, $url2Object); }
/** * Imports a value to an attribute adapting it to the proper type. * Not written by me, downloaded from ez.no! Extended it only! * @param data The value (string/int/float). * @param contentObjectAttribute The attribute to modify. */ function importAttribute($data, &$contentObjectAttribute) { $contentClassAttribute = $contentObjectAttribute->attribute('contentclass_attribute'); $dataTypeString = $contentClassAttribute->attribute('data_type_string'); ezDebug::writeDebug("Converting " . $data . " to expected " . $dataTypeString); switch ($dataTypeString) { case 'ezfloat': case 'ezprice': $contentObjectAttribute->setAttribute('data_float', $data); $contentObjectAttribute->store(); break; case 'ezboolean': case 'ezdate': case 'ezdatetime': case 'ezinteger': case 'ezsubtreesubscription': case 'eztime': $contentObjectAttribute->setAttribute('data_int', $data); $contentObjectAttribute->store(); break; case 'ezobjectrelation': // $data is contentobject_id to relate to // $oldData = $contentObjectAttribute->attribute( 'data_int' ); $contentObjectAttribute->setAttribute('data_int', $data); $contentObjectAttribute->store(); $object = $contentObjectAttribute->object(); $contentObjectVersion = $contentObjectAttribute->attribute('version'); $contentClassAttributeID = $contentObjectAttribute->attribute('contentclassattribute_id'); // Problem with translations if removing old relations ?! // $object->removeContentObjectRelation( $oldData, $contentObjectVersion, $contentClassAttributeID, eZContentObject::RELATION_ATTRIBUTE ); $object->addContentObjectRelation($data, $contentObjectVersion, $contentClassAttributeID, RELATION_ATTRIBUTE); break; case 'ezurl': $urlID = eZURL::registerURL($data); $contentObjectAttribute->setAttribute('data_int', $urlID); // Fall through to set data_text // Fall through to set data_text case 'ezemail': case 'ezisbn': case 'ezstring': case 'eztext': $contentObjectAttribute->setAttribute('data_text', $data); $contentObjectAttribute->store(); break; case 'ezxmltext': /* $parser = new eZXMLInputParser(); $document = $parser->process( $data ); $data = eZXMLTextType::domString( $document ); $contentObjectAttribute->fromString( $data );*/ $contentObjectAttribute->setAttribute('data_text', $data); $contentObjectAttribute->store(); break; // case 'ezimage': // $this->saveImage( $data, $contentObjectAttribute ); // break; // case 'ezbinaryfile': // $this->saveFile( $data, $contentObjectAttribute ); // break; // case 'ezenum': //removed enum - function can be found at ez.no // break; // case 'ezimage': // $this->saveImage( $data, $contentObjectAttribute ); // break; // case 'ezbinaryfile': // $this->saveFile( $data, $contentObjectAttribute ); // break; // case 'ezenum': //removed enum - function can be found at ez.no // break; case 'ezuser': // $data is assumed to be an associative array( login, password, email ); $user = new eZUser($contentObjectAttribute->attribute('contentobject_id')); if (isset($data['login'])) { $user->setAttribute('login', $data['login']); } if (isset($data['email'])) { $user->setAttribute('email', $data['email']); } if (isset($data['password'])) { $hashType = eZUser::hashType() . ''; $newHash = $user->createHash($data['login'], $data['password'], eZUser::site(), $hashType); $user->setAttribute('password_hash_type', $hashType); $user->setAttribute('password_hash', $newHash); } $user->store(); break; default: die('Can not store ' . $data . ' as datatype: ' . $dataTypeString); } }
/** * Bug in link rendering related to GET parameters (& double encoded to &amp;) * * @link http://issues.ez.no/016668: links in ezxmltext double escapes. * @note Test depends on template output!! */ public function testLinkEscape() { $url = '/index.php?c=6&kat=company'; $urlID = eZURL::registerURL( $url ); $XMLString = '<?xml version="1.0" encoding="utf-8"?> <section xmlns:image="http://ez.no/namespaces/ezpublish3/image/" xmlns:xhtml="http://ez.no/namespaces/ezpublish3/xhtml/" xmlns:custom="http://ez.no/namespaces/ezpublish3/custom/"><paragraph xmlns:tmp="http://ez.no/namespaces/ezpublish3/temporary/"><link url_id="' . $urlID . '">My link</link></paragraph></section>'; $outputHandler = new eZXHTMLXMLOutput( $XMLString, false ); $result = $outputHandler->outputText(); $expected = '<p><a href="/index.php?c=6&kat=company" target="_self">My link</a></p>'; $this->assertEquals( $expected, $result ); }