/** * Save an attachment (from editing) */ public function save($key = null, $urlVar = null) { // Check for request forgeries JSession::checkToken() or die(JText::_('JINVALID_TOKEN')); // Access check. $user = JFactory::getUser(); if (!($user->authorise('core.edit', 'com_attachments') or $user->authorise('core.edit.own', 'com_attachments'))) { return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 134)'); } $model = $this->getModel(); $attachment = $model->getTable(); // Make sure the article ID is valid $attachment_id = JRequest::getInt('id'); if (!$attachment->load($attachment_id)) { $errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_UPDATE_ATTACHMENT_INVALID_ID_N', $id) . ' (ERR 135)'; JError::raiseError(500, $errmsg); } // Note the old uri type $old_uri_type = $attachment->uri_type; // Get the data from the form if (!$attachment->bind(JRequest::get('post'))) { $errmsg = $attachment->getError() . ' (ERR 136)'; JError::raiseError(500, $errmsg); } // Get the parent handler for this attachment JPluginHelper::importPlugin('attachments'); $apm = getAttachmentsPluginManager(); if (!$apm->attachmentsPluginInstalled($attachment->parent_type)) { $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $attachment->parent_type) . ' (ERR 135B)'; JError::raiseError(500, $errmsg); } $parent = $apm->getAttachmentsPlugin($attachment->parent_type); // See if the parent ID has been changed $parent_changed = false; $old_parent_id = JRequest::getString('old_parent_id'); if ($old_parent_id == '') { $old_parent_id = null; } else { $old_parent_id = JRequest::getInt('old_parent_id'); } // Handle new parents (in process of creation) if ($parent->newParent($attachment)) { $attachment->parent_id = null; } // Deal with updating an orphaned attachment if ($old_parent_id == null && is_numeric($attachment->parent_id)) { $parent_changed = true; } // Check for normal parent changes if ($old_parent_id && $attachment->parent_id != $old_parent_id) { $parent_changed = true; } // See if we are updating a file or URL $new_uri_type = JRequest::getWord('update'); if ($new_uri_type && !in_array($new_uri_type, AttachmentsDefines::$LEGAL_URI_TYPES)) { // Make sure only legal values are entered $new_uri_type = ''; } // See if the parent type has changed $new_parent_type = JRequest::getCmd('new_parent_type'); $new_parent_entity = JRequest::getCmd('new_parent_entity'); $old_parent_type = JRequest::getCmd('old_parent_type'); $old_parent_entity = JRequest::getCmd('old_parent_entity'); if ($new_parent_type && ($new_parent_type != $old_parent_type || $new_parent_entity != $old_parent_entity)) { $parent_changed = true; } // If the parent has changed, make sure they have selected the new parent if ($parent_changed && (int) $attachment->parent_id == -1) { $errmsg = JText::sprintf('ATTACH_ERROR_MUST_SELECT_PARENT'); echo "<script type=\"text/javascript\"> alert('{$errmsg}'); window.history.go(-1); </script>\n"; exit; } // If the parent has changed, switch the parent, rename files if necessary if ($parent_changed) { if ($new_uri_type == 'url' && $old_uri_type == 'file') { // If we are changing parents and converting from file to URL, delete the old file jimport('joomla.filesystem.file'); // Load the attachment so we can get its filename_sys $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select('filename_sys, id')->from('#__attachments')->where('id=' . (int) $attachment->id); $db->setQuery($query, 0, 1); $filename_sys = $db->loadResult(); JFile::delete($filename_sys); AttachmentsHelper::clean_directory($filename_sys); } else { // Otherwise switch the file/url to the new parent if ($old_parent_id == null) { $old_parent_id = 0; // NOTE: When attaching a file to an article during creation, // the article_id (parent_id) is initially null until // the article is saved (at that point the // parent_id/article_id updated). If the attachment is // added and creating the article is canceled, the // attachment exists but is orhpaned since it does not // have a parent. It's article_id is null, but it is // saved in directory as if its article_id is 0: // article/0/file.txt. Therefore, if the parent has // changed, we pretend the old_parent_id=0 for file // renaming/moving. } $error_msg = AttachmentsHelper::switch_parent($attachment, $old_parent_id, $attachment->parent_id, $new_parent_type, $new_parent_entity); if ($error_msg != '') { $errmsg = JText::_($error_msg) . ' (ERR 137)'; $link = 'index.php?option=com_attachments'; $this->setRedirect($link, $errmsg, 'error'); return; } } } // Update parent type/entity, if needed if ($new_parent_type && $new_parent_type != $old_parent_type) { $attachment->parent_type = $new_parent_type; } if ($new_parent_type && $new_parent_entity != $old_parent_entity) { $attachment->parent_entity = $new_parent_entity; } // Get the article/parent handler if ($new_parent_type) { $parent_type = $new_parent_type; $parent_entity = $new_parent_entity; } else { $parent_type = JRequest::getCmd('parent_type', 'com_content'); $parent_entity = JRequest::getCmd('parent_entity', 'default'); } $parent = $apm->getAttachmentsPlugin($parent_type); $parent_entity = $parent->getCanonicalEntityId($parent_entity); // Get the title of the article/parent $new_parent = JRequest::getBool('new_parent', false); $parent->new = $new_parent; if ($new_parent) { $attachment->parent_id = null; $parent->title = ''; } else { $parent->title = $parent->getTitle($attachment->parent_id, $parent_entity); } // Check to make sure the user has permissions to edit the attachment if (!$parent->userMayEditAttachment($attachment)) { // ??? Add better error message return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 139)'); } // Double-check to see if the URL changed $old_url = JRequest::getString('old_url'); if (!$new_uri_type && $old_url && $old_url != $attachment->url) { $new_uri_type = 'url'; } // If this is a URL, get settings $verify_url = false; $relative_url = false; if ($new_uri_type == 'url') { // See if we need to verify the URL (if applicable) if (JRequest::getWord('verify_url') == 'verify') { $verify_url = true; } // Allow relative URLs? if (JRequest::getWord('url_relative') == 'relative') { $relative_url = true; } } // Compute the update time $now = JFactory::getDate(); // Update create/modify info $attachment->modified_by = $user->get('id'); $attachment->modified = $now->toSql(); // Upload new file/url and create/update the attachment $msg = null; $msgType = 'message'; if ($new_uri_type == 'file') { // Upload a new file $result = AttachmentsHelper::upload_file($attachment, $parent, $attachment_id, 'update'); if (is_object($result)) { $msg = $result->error_msg . ' (ERR 140)'; $msgType = 'error'; } else { $msg = $result; } // NOTE: store() is not needed if upload_file() is called since it does it } elseif ($new_uri_type == 'url') { // Upload/add the new URL $result = AttachmentsHelper::add_url($attachment, $parent, $verify_url, $relative_url, $old_uri_type, $attachment_id); // NOTE: store() is not needed if add_url() is called since it does it if (is_object($result)) { $msg = $result->error_msg . ' (ERR 141)'; $msgType = 'error'; } else { $msg = $result; } } else { // Extra handling for checkboxes for URLs if ($attachment->uri_type == 'url') { // Update the url_relative field $attachment->url_relative = $relative_url; $attachment->url_verify = $verify_url; } // Remove any extraneous fields if (isset($attachment->parent_entity_name)) { unset($attachment->parent_entity_name); } // Save the updated attachment info if (!$attachment->store()) { $errmsg = $attachment->getError() . ' (ERR 142)'; JError::raiseError(500, $errmsg); } } switch ($this->getTask()) { case 'apply': if (!$msg) { $msg = JText::_('ATTACH_CHANGES_TO_ATTACHMENT_SAVED'); } $link = 'index.php?option=com_attachments&task=attachment.edit&cid[]=' . (int) $attachment->id; break; case 'save': default: if (!$msg) { $msg = JText::_('ATTACH_ATTACHMENT_UPDATED'); } $link = 'index.php?option=com_attachments'; break; } // If invoked from an iframe popup, close it and refresh the attachments list $from = JRequest::getWord('from'); $known_froms = $parent->knownFroms(); if (in_array($from, $known_froms)) { // If there has been a problem, alert the user and redisplay if ($msgType == 'error') { $errmsg = $msg; if (DIRECTORY_SEPARATOR == "\\") { // Fix filename on Windows system so alert can display it $errmsg = str_replace(DIRECTORY_SEPARATOR, "\\\\", $errmsg); } $errmsg = str_replace("'", "\\'", $errmsg); $errmsg = str_replace("<br />", "\\n", $errmsg); echo "<script type=\"text/javascript\"> alert('{$errmsg}'); window.history.go(-1); </script>"; exit; } // Can only refresh the old parent if ($parent_changed) { $parent_type = $old_parent_type; $parent_entity = $old_parent_entity; $parent_id = $old_parent_id; } else { $parent_id = (int) $attachment->parent_id; } // Close the iframe and refresh the attachments list in the parent window $uri = JFactory::getURI(); $base_url = $uri->base(true); $lang = JRequest::getCmd('lang', ''); AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $parent_id, $lang, $from); exit; } $this->setRedirect($link, $msg, $msgType); }
function saveNew() { // Check for request forgeries JRequest::checkToken() or die('Invalid Token'); // Make sure we have a user $user =& JFactory::getUser(); if ($user->get('username') == '') { $errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT'); JError::raiseError(500, $errmsg); } // Make sure we have a valid article ID require_once JPATH_BASE . DS . '..' . DS . 'components' . DS . 'com_attachments' . DS . 'helper.php'; $article_id = AttachmentsHelper::valid_article_id($_POST['article_id']); if ($article_id == -1) { // Save the warning message for the pop-up window // ??? // echo "<script>SqueezeBox.fromElement('<a href=\"index.php\"></a>')</script>"; // echo "<script>document.getElementById('sbox-window').open()</script>"; // require_once(JPATH_BASE.DS.'..'.DS.'components'.DS.'com_attachments'.DS.'helper.php'); // $msg = JText::_('ERROR MUST SELECT ARTICLE'); // AttachmentsHelper::save_warning_message($msg); // $button->set('options', "{handler: 'iframe', size: {x: 400, y: 300}}"); // $link = "index.php?option=com_attachments&task=warning&tmpl=component"; $errmsg = JText::_('ERROR MUST SELECT ARTICLE'); echo "<script> alert('{$errmsg}'); window.history.go(-1); </script>\n"; // exit(); } // Make sure this user has permission to upload (should never fail with admin?) require_once JPATH_COMPONENT_SITE . DS . 'permissions.php'; if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) { $errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD'); JError::raiseError(500, $errmsg); exit; } // Set up the new record $row =& JTable::getInstance('Attachments', 'Table'); if (!$row->bind(JRequest::get('post'))) { JError::raiseError(500, $row->getError()); } $row->uploader_id = $user->get('id'); $row->article_id = $article_id; // Handle 'from' clause $from = JRequest::getVar('from', ' (no from)'); $msg = AttachmentsHelper::upload_file($row, $article_id); // See where to go to next global $option; switch ($this->_task) { case 'applyNew': $link = 'index.php?option=' . $option . '&task=edit&cid[]=' . $row->id; break; case 'saveNew': default: $link = 'index.php?option=' . $option; break; } // If called from the editor, go back to it if ($from == 'editor') { $link = 'index.php?option=com_content&task=edit&cid[]=' . $article_id; } // If we are supposed to close this iframe, do it now. if ($from == 'closeme') { echo "<script language=\"javascript\" type=\"text/javascript\">window.parent.document.getElementById('sbox-window').close()</script>"; exit; } $this->setRedirect($link, $msg); }
/** * Save a new or edited attachment */ public function save() { // Check for request forgeries JSession::checkToken() or die(JText::_('JINVALID_TOKEN')); // Make sure that the user is logged in $user = JFactory::getUser(); // Get the parameters jimport('joomla.application.component.helper'); $params = JComponentHelper::getParams('com_attachments'); // Get the article/parent handler $new_parent = JRequest::getBool('new_parent', false); $parent_type = JRequest::getCmd('parent_type', 'com_content'); $parent_entity = JRequest::getCmd('parent_entity', 'default'); JPluginHelper::importPlugin('attachments'); $apm = getAttachmentsPluginManager(); if (!$apm->attachmentsPluginInstalled($parent_type)) { $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 5)'; JError::raiseError(500, $errmsg); } $parent = $apm->getAttachmentsPlugin($parent_type); $parent_entity = $parent->getCanonicalEntityId($parent_entity); $parent_entity_name = JText::_('ATTACH_' . $parent_entity); // Make sure we have a valid parent ID $parent_id = JRequest::getInt('parent_id', -1); if (!$new_parent && ($parent_id == 0 || $parent_id == -1 || !$parent->parentExists($parent_id, $parent_entity))) { $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_S_ID_N', $parent_entity_name, $parent_id) . ' (ERR 6)'; JError::raiseError(500, $errmsg); } // Verify that this user may add attachments to this parent if (!$parent->userMayAddAttachment($parent_id, $parent_entity, $new_parent)) { $errmsg = JText::sprintf('ATTACH_ERROR_NO_PERMISSION_TO_UPLOAD_S', $parent_entity_name) . ' (ERR 7)'; JError::raiseError(500, $errmsg); } // Get the Itemid $Itemid = JRequest::getInt('Itemid', 1); // How to redirect? $from = JRequest::getWord('from', 'closeme'); $uri = JFactory::getURI(); if ($from) { if ($from == 'frontpage') { $redirect_to = $uri->root(true); } elseif ($from == 'article') { $redirect_to = JRoute::_("index.php?option=com_content&view=article&id={$parent_id}", False); } else { $redirect_to = $uri->root(true); } } else { $redirect_to = $uri->root(true); } // See if we should cancel if ($_POST['submit'] == JText::_('ATTACH_CANCEL')) { $msg = JText::_('ATTACH_UPLOAD_CANCELED'); $this->setRedirect($redirect_to, $msg); return; } // Figure out if we are uploading or updating $save_type = JString::strtolower(JRequest::getWord('save_type')); if (!in_array($save_type, AttachmentsDefines::$LEGAL_SAVE_TYPES)) { $errmsg = JText::_('ATTACH_ERROR_INVALID_SAVE_PARAMETERS') . ' (ERR 8)'; JError::raiseError(500, $errmsg); } // If this is an update, get the attachment id $attachment_id = false; if ($save_type == 'update') { $attachment_id = JRequest::getInt('id'); } // Bind the info from the form JTable::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_attachments/tables'); $attachment = JTable::getInstance('Attachment', 'AttachmentsTable'); if ($attachment_id && !$attachment->load($attachment_id)) { $errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_UPDATE_ATTACHMENT_INVALID_ID_N', $id) . ' (ERR 9)'; JError::raiseError(500, $errmsg); } if (!$attachment->bind(JRequest::get('post'))) { $errmsg = $attachment->getError() . ' (ERR 10)'; JError::raiseError(500, $errmsg); } // Note what the old uri type is, if updating $old_uri_type = null; if ($save_type == 'update') { $old_uri_type = $attachment->uri_type; } // Figure out what the new URI is if ($save_type == 'upload') { // See if we are uploading a file or URL $new_uri_type = JRequest::getWord('uri_type'); if ($new_uri_type && !in_array($new_uri_type, AttachmentsDefines::$LEGAL_URI_TYPES)) { // Make sure only legal values are entered $new_uri_type = ''; } // Fix the access level if (!$params->get('allow_frontend_access_editing', false)) { $attachment->access = $params->get('default_access_level', AttachmentsDefines::$DEFAULT_ACCESS_LEVEL_ID); } } elseif ($save_type == 'update') { // See if we are updating a file or URL $new_uri_type = JRequest::getWord('update'); if ($new_uri_type && !in_array($new_uri_type, AttachmentsDefines::$LEGAL_URI_TYPES)) { // Make sure only legal values are entered $new_uri_type = ''; } // Since URLs can be edited, we always evaluate them from scratch if ($new_uri_type == '' && $old_uri_type == 'url') { $new_uri_type = 'url'; } // Double-check to see if the URL changed $old_url = JRequest::getString('old_url'); if (!$new_uri_type && $old_url && $old_url != $attachment->url) { $new_uri_type = 'url'; } } // Get more info about the type of upload/update $verify_url = false; $relative_url = false; if ($new_uri_type == 'url') { if (JRequest::getWord('verify_url') == 'verify') { $verify_url = true; } if (JRequest::getWord('relative_url') == 'relative') { $relative_url = true; } } // Handle the various ways this function might get invoked if ($save_type == 'upload') { $attachment->created_by = $user->get('id'); $attachment->parent_id = $parent_id; } // Update the modified info $now = JFactory::getDate(); $attachment->modified_by = $user->get('id'); $attachment->modified = $now->toSql(); // Set up a couple of items that the upload function may need $parent->new = $new_parent; if ($new_parent) { $attachment->parent_id = null; $parent->title = ''; } else { $attachment->parent_id = $parent_id; $parent->title = $parent->getTitle($parent_id, $parent_entity); } // Upload new file/url and create/update the attachment if ($new_uri_type == 'file') { // Upload a new file $msg = AttachmentsHelper::upload_file($attachment, $parent, $attachment_id, $save_type); // NOTE: store() is not needed if upload_file() is called since it does it } elseif ($new_uri_type == 'url') { $attachment->url_relative = $relative_url; $attachment->url_verify = $verify_url; // Upload/add the new URL $msg = AttachmentsHelper::add_url($attachment, $parent, $verify_url, $relative_url, $old_uri_type, $attachment_id); // NOTE: store() is not needed if add_url() is called since it does it } else { // Save the updated attachment info if (!$attachment->store()) { $errmsg = $attachment->getError() . ' (ERR 11)'; JError::raiseError(500, $errmsg); } $lang = JFactory::getLanguage(); $lang->load('com_attachments', JPATH_SITE); $msg = JText::_('ATTACH_ATTACHMENT_UPDATED'); } // If we are supposed to close this iframe, do it now. if (in_array($from, $parent->knownFroms())) { // If there is no parent_id, the parent is being created, use the username instead if ($new_parent) { $pid = 0; } else { $pid = (int) $parent_id; } // Close the iframe and refresh the attachments list in the parent window $base_url = $uri->root(true); $lang = JRequest::getCmd('lang', ''); AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $pid, $lang, $from); exit; } $this->setRedirect($redirect_to, $msg); }
function save() { // Check for request forgeries JRequest::checkToken() or die('Invalid Token'); // Make sure that the caller is logged in $user =& JFactory::getUser(); if ($user->get('username') == '') { $errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT'); JError::raiseError(500, $errmsg); } // Make sure we have a valid article ID $article_id = AttachmentsHelper::valid_article_id(JRequest::getVar('article_id', null, 'POST')); // Verify that this user may add attachments to this article require_once JPATH_COMPONENT . DS . 'permissions.php'; if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) { $errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD'); JError::raiseError(500, $errmsg); } // Get the Itemid $Itemid = JRequest::getVar('Itemid', null, 'POST'); if ($Itemid && is_numeric($Itemid)) { $Itemid = intval($Itemid); } else { $Itemid = 1; } // How to redirect? $from = JRequest::getVar('from', false, 'POST'); if ($from) { if ($from == 'frontpage') { $redirect_to = JURI::base(); } elseif ($from == 'article') { $redirect_to = JRoute::_("index.php?option=com_content&view=article&id={$article_id}", False); } else { $redirect_to = JURI::base(); } } else { $redirect_to = JURI::base(); } // See if we should cancel if ($_POST['submit'] == JText::_('CANCEL')) { $msg = JText::_('UPLOAD CANCELED'); $this->setRedirect($redirect_to, $msg); return; } // If this is an update, get the attachment id $update = JRequest::getVar('update', false, 'POST'); $attachment_id = false; if ($update) { $attachment_id = JRequest::getVar('id', false, 'POST'); } // Bind the info from the form $row =& JTable::getInstance('Attachments', 'Table'); if ($attachment_id && !$row->load($attachment_id)) { $errmsg = JText::_('ERROR CANNOT UPDATE ATTACHMENT INVALID ID') . " ({$id})"; JError::raiseError(500, $errmsg); exit; } if (!$row->bind(JRequest::get('post'))) { JError::raiseError(500, $row->getError()); } if (!$update) { $row->uploader_id = $user->get('id'); $row->article_id = $article_id; } // Upload the file $tmp_name = $_FILES['upload']['tmp_name']; if ($update) { $update_file = JRequest::getVar('update_file', false, 'POST'); if ($update_file) { $msg = AttachmentsHelper::upload_file($row, $article_id, $update, $attachment_id); // NOTE: store() is not needed if upload_file() is called since it does it } else { // Save the updated attachment if (!$row->store()) { JError::raiseError(500, $row->getError()); } $msg = "Attachment updated!"; } } else { $msg = AttachmentsHelper::upload_file($row, $article_id, $update); } // If we are supposed to close this iframe, do it now. if ($from == 'closeme') { // Queue the message AttachmentsHelper::enqueueSystemMessage($msg); // Now do the Javascript to close this pop-up window and reload the parent echo "<script language=\"javascript\" type=\"text/javascript\">\r\n window.parent.document.getElementById('sbox-window').close();\r\n window.parent.location.reload();\r\n </script>"; exit; } $this->setRedirect($redirect_to, $msg); }