function myCancel() { // See if we have a special 'from' to handle $from = JRequest::getVar('from', false); if ($from == 'editor') { // Make sure we have a valid article ID require_once JPATH_BASE . DS . '..' . DS . 'components' . DS . 'com_attachments' . DS . 'helper.php'; $article_id = AttachmentsHelper::valid_article_id($_POST['article_id']); if ($article_id == -1) { $this->execute('cancel'); // Give up } $link = 'index.php?option=com_content&task=edit&cid[]=' . $article_id; $this->setRedirect($link, JText::_('UPLOAD CANCELED')); } $this->execute('cancel'); }
function save() { // Check for request forgeries JRequest::checkToken() or die('Invalid Token'); // Make sure that the caller is logged in $user =& JFactory::getUser(); if ($user->get('username') == '') { $errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT'); JError::raiseError(500, $errmsg); } // Make sure we have a valid article ID $article_id = AttachmentsHelper::valid_article_id(JRequest::getVar('article_id', null, 'POST')); // Verify that this user may add attachments to this article require_once JPATH_COMPONENT . DS . 'permissions.php'; if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) { $errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD'); JError::raiseError(500, $errmsg); } // Get the Itemid $Itemid = JRequest::getVar('Itemid', null, 'POST'); if ($Itemid && is_numeric($Itemid)) { $Itemid = intval($Itemid); } else { $Itemid = 1; } // How to redirect? $from = JRequest::getVar('from', false, 'POST'); if ($from) { if ($from == 'frontpage') { $redirect_to = JURI::base(); } elseif ($from == 'article') { $redirect_to = JRoute::_("index.php?option=com_content&view=article&id={$article_id}", False); } else { $redirect_to = JURI::base(); } } else { $redirect_to = JURI::base(); } // See if we should cancel if ($_POST['submit'] == JText::_('CANCEL')) { $msg = JText::_('UPLOAD CANCELED'); $this->setRedirect($redirect_to, $msg); return; } // If this is an update, get the attachment id $update = JRequest::getVar('update', false, 'POST'); $attachment_id = false; if ($update) { $attachment_id = JRequest::getVar('id', false, 'POST'); } // Bind the info from the form $row =& JTable::getInstance('Attachments', 'Table'); if ($attachment_id && !$row->load($attachment_id)) { $errmsg = JText::_('ERROR CANNOT UPDATE ATTACHMENT INVALID ID') . " ({$id})"; JError::raiseError(500, $errmsg); exit; } if (!$row->bind(JRequest::get('post'))) { JError::raiseError(500, $row->getError()); } if (!$update) { $row->uploader_id = $user->get('id'); $row->article_id = $article_id; } // Upload the file $tmp_name = $_FILES['upload']['tmp_name']; if ($update) { $update_file = JRequest::getVar('update_file', false, 'POST'); if ($update_file) { $msg = AttachmentsHelper::upload_file($row, $article_id, $update, $attachment_id); // NOTE: store() is not needed if upload_file() is called since it does it } else { // Save the updated attachment if (!$row->store()) { JError::raiseError(500, $row->getError()); } $msg = "Attachment updated!"; } } else { $msg = AttachmentsHelper::upload_file($row, $article_id, $update); } // If we are supposed to close this iframe, do it now. if ($from == 'closeme') { // Queue the message AttachmentsHelper::enqueueSystemMessage($msg); // Now do the Javascript to close this pop-up window and reload the parent echo "<script language=\"javascript\" type=\"text/javascript\">\r\n window.parent.document.getElementById('sbox-window').close();\r\n window.parent.location.reload();\r\n </script>"; exit; } $this->setRedirect($redirect_to, $msg); }