public function executePostActionsHook($strAction, \DataContainer $dc)
{
if ($strAction !== static::$uploadAction) {
return false;
}
// Check whether the field is allowed for regular users
if (!isset($GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]) || $GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]['exclude'] && !\BackendUser::getInstance()->hasAccess($dc->table . '::' . \Input::post('field'), 'alexf')) {
\System::log('Field "' . \Input::post('field') . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR);
$objResponse = new ResponseError();
$objResponse->setMessage('Bad Request');
$objResponse->output();
}
$this->name = \Input::post('field');
$this->id = \Input::post('field');
$this->field = \Input::post('field');
if ($dc->activeRecord === null) {
$dc->activeRecord = General::getModelInstance($dc->table, $dc->id);
}
// add dca attributes
$this->addAttributes(\Widget::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$this->name], $this->name));
$objResponse = $this->upload();
/** @var Response */
if ($objResponse instanceof Response) {
$objResponse->output();
}
}
protected function compile()
{
$this->Template->headline = $this->headline;
$this->Template->hl = $this->hl;
$this->Template->wrapperClass = $this->strWrapperClass;
$this->Template->wrapperId = $this->strWrapperId;
$this->strFormId = $this->formHybridDataContainer . '_' . $this->id;
$strAction = $this->defaultAction ?: \Input::get('act');
$this->arrEditable = deserialize($this->formHybridEditable, true);
$this->strToken = $this->strToken ?: \Input::get('token');
// Do not change this order (see #6191)
$this->Template->style = !empty($this->arrStyle) ? implode(' ', $this->arrStyle) : '';
$this->Template->class = trim('mod_' . $this->type . ' ' . $this->cssID[1]);
$this->Template->cssID = $this->cssID[0] != '' ? ' id="' . $this->cssID[0] . '"' : '';
$this->Template->inColumn = $this->strColumn;
if ($this->Template->headline == '') {
$this->Template->headline = $this->headline;
}
if ($this->Template->hl == '') {
$this->Template->hl = $this->hl;
}
if (!empty($this->classes) && is_array($this->classes)) {
$this->Template->class .= ' ' . implode(' ', $this->classes);
}
$this->addDefaultArchive();
// at first check for the correct request token to be set
if (!$this->deactivateTokens && !\RequestToken::validate($this->strToken)) {
if (!$this->blnSilentMode) {
StatusMessage::addError(sprintf($GLOBALS['TL_LANG']['frontendedit']['requestTokenExpired'], Url::replaceParameterInUri(Url::getUrl(), 'token', \RequestToken::get())), $this->id, 'requestTokenExpired');
}
return;
}
if ($this->formHybridAllowIdAsGetParameter) {
$intId = \Input::get($this->formHybridIdGetParameter);
if (is_numeric($intId)) {
$this->intId = $intId;
}
}
$strItemClass = \Model::getClassFromTable($this->formHybridDataContainer);
// get id from share
if ($strShare = \Input::get('share')) {
if (($objItem = $strItemClass::findByShareToken($strShare)) !== null && !FormHybridList::shareTokenExpiredOrEmpty($objItem, time())) {
$this->intId = $objItem->id;
}
}
if (!$this->intId) {
if (isset($GLOBALS['TL_HOOKS']['frontendEditAddNoIdBehavior']) && is_array($GLOBALS['TL_HOOKS']['frontendEditAddNoIdBehavior'])) {
foreach ($GLOBALS['TL_HOOKS']['frontendEditAddNoIdBehavior'] as $arrCallback) {
$this->import($arrCallback[0]);
if ($this->{$arrCallback}[0]->{$arrCallback}[1]($this) === false) {
return;
}
}
}
if ($this->noIdBehavior == 'error') {
if (!$this->blnSilentMode) {
StatusMessage::addError($GLOBALS['TL_LANG']['frontendedit']['noIdFound'], $this->id, 'noidfound');
}
return;
} elseif ($this->noIdBehavior == 'redirect' || $this->noIdBehavior == 'create_until') {
$arrConditions = deserialize($this->existanceConditions, true);
if ($this->existanceConditions && !empty($arrConditions)) {
$arrColumns = array();
$arrValues = array();
foreach ($arrConditions as $arrCondition) {
if (!$arrCondition['field']) {
continue;
}
$arrColumns[] = $arrCondition['field'] . '=?';
$arrValues[] = $this->replaceInsertTags($arrCondition['value']);
}
if (!empty($arrColumns) && ($objItem = $strItemClass::findOneBy($arrColumns, $arrValues)) !== null) {
$this->intId = $objItem->id;
}
}
}
if (!$this->intId) {
if ($this->noIdBehavior == 'redirect') {
if (!$this->blnSilentMode) {
StatusMessage::addError($GLOBALS['TL_LANG']['frontendedit']['noIdFound'], $this->id, 'noidfound');
}
return;
} else {
$strFormId = FormHelper::getFormId($this->formHybridDataContainer, $this->id);
// get id from FormSession
if ($_POST) {
if ($intId = FormSession::getSubmissionId($strFormId)) {
$this->intId = $intId;
}
}
if (!$this->intId) {
// if no id is given a new instance is initiated
$objConfiguration = new FormConfiguration($this->arrData);
// ajax handling, required in this manor, as we have no real ajax controller in contao and ajax request not related to this module
// might trigger this module beforhand and new submission will be created after the submission was transfered to the user and id wont match any more
if (Ajax::isRelated(Form::FORMHYBRID_NAME) !== null) {
if ($intId = FormSession::getSubmissionId($strFormId)) {
$this->intId = $intId;
} else {
$objConfiguration->forceCreate = true;
}
}
$this->objForm = new $this->strFormClass($objConfiguration, $this->arrSubmitCallbacks, $this->intId ?: 0, $this);
if ($intId = $this->objForm->getId()) {
$this->intId = $intId;
}
}
}
}
}
// intId is set at this point!
if (!$this->checkEntityExists($this->intId)) {
if (!$this->blnSilentMode) {
StatusMessage::addError($GLOBALS['TL_LANG']['formhybrid_list']['noPermission'], $this->id, 'nopermission');
}
if (Ajax::isRelated(Form::FORMHYBRID_NAME)) {
$objResponse = new ResponseError();
$objResponse->setResult(StatusMessage::generate($this->id));
$objResponse->output();
}
return;
}
// page title
if ($this->setPageTitle) {
global $objPage;
if (($objItem = General::getModelInstance($this->formHybridDataContainer, $this->intId)) !== null) {
$objPage->pageTitle = $objItem->{$this->pageTitleField};
}
}
if ($strAction == FRONTENDEDIT_ACT_DELETE) {
if ($this->checkDeletePermission($this->intId)) {
$blnResult = $this->deleteItem($this->intId);
if (\Environment::get('isAjaxRequest')) {
die($blnResult);
}
// return to the list
\Controller::redirect(Url::removeQueryString(array('act', 'id', 'token'), Url::getUrl()));
} else {
if (!$this->blnSilentMode) {
StatusMessage::addError($GLOBALS['TL_LANG']['formhybrid_list']['noPermission'], $this->id, 'nopermission');
}
return;
}
} else {
if ($this->checkUpdatePermission($this->intId)) {
// create a new lock if necessary
if (in_array('entity_lock', \ModuleLoader::getActive()) && $this->addEntityLock) {
if (\HeimrichHannot\EntityLock\EntityLockModel::isLocked($this->formHybridDataContainer, $this->intId, $this)) {
$objLock = \HeimrichHannot\EntityLock\EntityLockModel::findActiveLock($this->formHybridDataContainer, $this->intId, $this);
$objItem = General::getModelInstance($this->formHybridDataContainer, $this->intId);
if (!$this->blnSilentMode) {
$strMessage = \HeimrichHannot\EntityLock\EntityLock::generateErrorMessage($this->formHybridDataContainer, $this->intId, $this);
if ($this->allowLockDeletion) {
$strUnlockForm = $this->generateUnlockForm($objItem, $objLock);
$strMessage .= $strUnlockForm;
}
StatusMessage::addError($strMessage, $this->id, 'locked');
}
if ($this->readOnlyOnLocked) {
$this->formHybridViewMode = FORMHYBRID_VIEW_MODE_READONLY;
$this->formHybridReadonlyTemplate = 'formhybridreadonly_default';
} else {
return;
}
} else {
\HeimrichHannot\EntityLock\EntityLockModel::create($this->formHybridDataContainer, $this->intId, $this);
}
}
if ($this->objForm === null) {
$this->objForm = new $this->strFormClass(new FormConfiguration($this->arrData), $this->arrSubmitCallbacks, $this->intId, $this);
}
$this->Template->form = $this->objForm->generate();
$this->Template->item = $this->objForm->activeRecord;
if (\Environment::get('isAjaxRequest') && \Input::get('scope') == 'modal') {
$objItem = General::getModelInstance($this->formHybridDataContainer, $this->intId);
$objModalWrapper = new \FrontendTemplate($this->modalTpl ?: 'formhybrid_reader_modal_bootstrap');
if ($objItem !== null) {
$objModalWrapper->setData($objItem->row());
}
$objModalWrapper->module = Arrays::arrayToObject($this->arrData);
$objModalWrapper->item = $this->replaceInsertTags($this->Template->parse());
die($objModalWrapper->parse());
}
} else {
if (!$this->blnSilentMode) {
StatusMessage::addError($GLOBALS['TL_LANG']['formhybrid_list']['noPermission'], $this->id, 'nopermission');
}
return;
}
}
}
public function upload()
{
// check for the request token
if (!\Input::post('requestToken') || !RequestToken::validate(\Input::post('requestToken'))) {
$objResponse = new ResponseError();
$objResponse->setMessage('Invalid Request Token!');
$objResponse->output();
}
$objTmpFolder = new \Folder(MultiFileUpload::UPLOAD_TMP);
$arrUuids = null;
$varReturn = null;
// Dropzone Upload
if (!empty($_FILES)) {
if (!isset($_FILES[$this->name])) {
return;
}
$strField = $this->name;
$varFile = $_FILES[$strField];
// Multi-files upload at once
if (is_array($varFile['name'])) {
for ($i = 0; $i < count($varFile['name']); $i++) {
$arrFiles = array();
foreach (array_keys($varFile) as $strKey) {
$arrFiles[$strKey] = $varFile[$strKey][$i];
}
$arrFile = $this->uploadFile($arrFiles, $objTmpFolder->path, $strField);
$varReturn[] = $arrFile;
$arrUuids[] = $arrFile['uuid'];
}
} else {
$varReturn = $this->uploadFile($varFile, $objTmpFolder->path, $strField);
$arrUuids[] = $varReturn['uuid'];
}
if ($varReturn !== null) {
$this->varValue = $arrUuids;
$objResponse = new ResponseSuccess();
$objResult = new ResponseData();
$objResult->setData($varReturn);
$objResponse->setResult($objResult);
return $objResponse;
}
}
}
