/** * Validate the input and set the value */ public function validate() { // No file specified if (!isset($_FILES[$this->strName]) || empty($_FILES[$this->strName]['name'])) { if ($this->mandatory) { if ($this->strLabel == '') { $this->addError($GLOBALS['TL_LANG']['ERR']['mdtryNoLabel']); } else { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['mandatory'], $this->strLabel)); } } return; } $file = $_FILES[$this->strName]; $maxlength_kb = $this->getMaximumUploadSize(); $maxlength_kb_readable = $this->getReadableSize($maxlength_kb); // Sanitize the filename try { $file['name'] = \StringUtil::sanitizeFileName($file['name']); } catch (\InvalidArgumentException $e) { $this->addError($GLOBALS['TL_LANG']['ERR']['filename']); return; } // Invalid file name if (!\Validator::isValidFileName($file['name'])) { $this->addError($GLOBALS['TL_LANG']['ERR']['filename']); return; } // File was not uploaded if (!is_uploaded_file($file['tmp_name'])) { if ($file['error'] == 1 || $file['error'] == 2) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable)); } elseif ($file['error'] == 3) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['filepartial'], $file['name'])); } elseif ($file['error'] > 0) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['fileerror'], $file['error'], $file['name'])); } unset($_FILES[$this->strName]); return; } // File is too big if ($file['size'] > $maxlength_kb) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['filesize'], $maxlength_kb_readable)); unset($_FILES[$this->strName]); return; } $objFile = new \File($file['name']); $uploadTypes = \StringUtil::trimsplit(',', strtolower($this->extensions)); // File type is not allowed if (!in_array($objFile->extension, $uploadTypes)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['filetype'], $objFile->extension)); unset($_FILES[$this->strName]); return; } if (($arrImageSize = @getimagesize($file['tmp_name'])) != false) { // Image exceeds maximum image width if ($arrImageSize[0] > \Config::get('imageWidth')) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['filewidth'], $file['name'], \Config::get('imageWidth'))); unset($_FILES[$this->strName]); return; } // Image exceeds maximum image height if ($arrImageSize[1] > \Config::get('imageHeight')) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['fileheight'], $file['name'], \Config::get('imageHeight'))); unset($_FILES[$this->strName]); return; } } // Store file in the session and optionally on the server if (!$this->hasErrors()) { $_SESSION['FILES'][$this->strName] = $_FILES[$this->strName]; if ($this->storeFile) { $intUploadFolder = $this->uploadFolder; // Overwrite the upload folder with user's home directory if ($this->useHomeDir && FE_USER_LOGGED_IN) { $this->import('FrontendUser', 'User'); if ($this->User->assignDir && $this->User->homeDir) { $intUploadFolder = $this->User->homeDir; } } $objUploadFolder = \FilesModel::findByUuid($intUploadFolder); // The upload folder could not be found if ($objUploadFolder === null) { throw new \Exception("Invalid upload folder ID {$intUploadFolder}"); } $strUploadFolder = $objUploadFolder->path; // Store the file if the upload folder exists if ($strUploadFolder != '' && is_dir(TL_ROOT . '/' . $strUploadFolder)) { $this->import('Files'); // Do not overwrite existing files if ($this->doNotOverwrite && file_exists(TL_ROOT . '/' . $strUploadFolder . '/' . $file['name'])) { $offset = 1; $arrAll = scan(TL_ROOT . '/' . $strUploadFolder); $arrFiles = preg_grep('/^' . preg_quote($objFile->filename, '/') . '.*\\.' . preg_quote($objFile->extension, '/') . '/', $arrAll); foreach ($arrFiles as $strFile) { if (preg_match('/__[0-9]+\\.' . preg_quote($objFile->extension, '/') . '$/', $strFile)) { $strFile = str_replace('.' . $objFile->extension, '', $strFile); $intValue = intval(substr($strFile, strrpos($strFile, '_') + 1)); $offset = max($offset, $intValue); } } $file['name'] = str_replace($objFile->filename, $objFile->filename . '__' . ++$offset, $file['name']); } // Move the file to its destination $this->Files->move_uploaded_file($file['tmp_name'], $strUploadFolder . '/' . $file['name']); $this->Files->chmod($strUploadFolder . '/' . $file['name'], \Config::get('defaultFileChmod')); $strUuid = null; $strFile = $strUploadFolder . '/' . $file['name']; // Generate the DB entries if (\Dbafs::shouldBeSynchronized($strFile)) { $objModel = \FilesModel::findByPath($strFile); if ($objModel === null) { $objModel = \Dbafs::addResource($strFile); } $strUuid = \StringUtil::binToUuid($objModel->uuid); // Update the hash of the target folder \Dbafs::updateFolderHashes($strUploadFolder); } // Add the session entry (see #6986) $_SESSION['FILES'][$this->strName] = array('name' => $file['name'], 'type' => $file['type'], 'tmp_name' => TL_ROOT . '/' . $strFile, 'error' => $file['error'], 'size' => $file['size'], 'uploaded' => true, 'uuid' => $strUuid); // Add a log entry $this->log('File "' . $strUploadFolder . '/' . $file['name'] . '" has been uploaded', __METHOD__, TL_FILES); } } } unset($_FILES[$this->strName]); }
/** * Run the controller and parse the template */ public function run() { if ($this->strFile == '') { die('No file given'); } // Make sure there are no attempts to hack the file system if (preg_match('@^\\.+@i', $this->strFile) || preg_match('@\\.+/@i', $this->strFile) || preg_match('@(://)+@i', $this->strFile)) { die('Invalid file name'); } // Limit preview to the files directory if (!preg_match('@^' . preg_quote(\Config::get('uploadPath'), '@') . '@i', $this->strFile)) { die('Invalid path'); } // Check whether the file exists if (!file_exists(TL_ROOT . '/' . $this->strFile)) { die('File not found'); } // Check whether the file is mounted (thanks to Marko Cupic) if (!$this->User->hasAccess($this->strFile, 'filemounts')) { die('Permission denied'); } // Open the download dialogue if (\Input::get('download')) { $objFile = new \File($this->strFile, true); $objFile->sendToBrowser(); } /** @var \BackendTemplate|object $objTemplate */ $objTemplate = new \BackendTemplate('be_popup'); // Add the resource (see #6880) if (($objModel = \FilesModel::findByPath($this->strFile)) === null) { if (\Dbafs::shouldBeSynchronized($this->strFile)) { $objModel = \Dbafs::addResource($this->strFile); } } if ($objModel !== null) { $objTemplate->uuid = \StringUtil::binToUuid($objModel->uuid); // see #5211 } // Add the file info if (is_dir(TL_ROOT . '/' . $this->strFile)) { $objFile = new \Folder($this->strFile, true); $objTemplate->filesize = $this->getReadableSize($objFile->size) . ' (' . number_format($objFile->size, 0, $GLOBALS['TL_LANG']['MSC']['decimalSeparator'], $GLOBALS['TL_LANG']['MSC']['thousandsSeparator']) . ' Byte)'; } else { $objFile = new \File($this->strFile, true); // Image if ($objFile->isImage) { $objTemplate->isImage = true; $objTemplate->width = $objFile->width; $objTemplate->height = $objFile->height; $objTemplate->src = $this->urlEncode($this->strFile); } $objTemplate->href = ampersand(\Environment::get('request'), true) . '&download=1'; $objTemplate->filesize = $this->getReadableSize($objFile->filesize) . ' (' . number_format($objFile->filesize, 0, $GLOBALS['TL_LANG']['MSC']['decimalSeparator'], $GLOBALS['TL_LANG']['MSC']['thousandsSeparator']) . ' Byte)'; } $objTemplate->icon = $objFile->icon; $objTemplate->mime = $objFile->mime; $objTemplate->ctime = \Date::parse(\Config::get('datimFormat'), $objFile->ctime); $objTemplate->mtime = \Date::parse(\Config::get('datimFormat'), $objFile->mtime); $objTemplate->atime = \Date::parse(\Config::get('datimFormat'), $objFile->atime); $objTemplate->path = specialchars($this->strFile); $objTemplate->theme = \Backend::getTheme(); $objTemplate->base = \Environment::get('base'); $objTemplate->language = $GLOBALS['TL_LANGUAGE']; $objTemplate->title = specialchars($this->strFile); $objTemplate->charset = \Config::get('characterSet'); $objTemplate->headline = basename(utf8_convert_encoding($this->strFile, \Config::get('characterSet'))); $objTemplate->label_uuid = $GLOBALS['TL_LANG']['MSC']['fileUuid']; $objTemplate->label_imagesize = $GLOBALS['TL_LANG']['MSC']['fileImageSize']; $objTemplate->label_filesize = $GLOBALS['TL_LANG']['MSC']['fileSize']; $objTemplate->label_ctime = $GLOBALS['TL_LANG']['MSC']['fileCreated']; $objTemplate->label_mtime = $GLOBALS['TL_LANG']['MSC']['fileModified']; $objTemplate->label_atime = $GLOBALS['TL_LANG']['MSC']['fileAccessed']; $objTemplate->label_path = $GLOBALS['TL_LANG']['MSC']['filePath']; $objTemplate->download = specialchars($GLOBALS['TL_LANG']['MSC']['fileDownload']); \Config::set('debugMode', false); $objTemplate->output(); }
/** * Save the current value * * @param mixed $varValue * * @throws \Exception */ protected function save($varValue) { if (\Input::post('FORM_SUBMIT') != $this->strTable) { return; } $arrData = $GLOBALS['TL_DCA'][$this->strTable]['fields'][$this->strField]; // File names if ($this->strField == 'name') { if (!file_exists(TL_ROOT . '/' . $this->strPath . '/' . $this->varValue . $this->strExtension) || !$this->isMounted($this->strPath . '/' . $this->varValue . $this->strExtension) || $this->varValue === $varValue) { return; } $this->import('Files'); $varValue = utf8_romanize($varValue); // Trigger the save_callback if (is_array($arrData['save_callback'])) { foreach ($arrData['save_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $this); } elseif (is_callable($callback)) { $varValue = $callback($varValue, $this); } } } // The target exists if (strcasecmp($this->strPath . '/' . $this->varValue . $this->strExtension, $this->strPath . '/' . $varValue . $this->strExtension) !== 0 && file_exists(TL_ROOT . '/' . $this->strPath . '/' . $varValue . $this->strExtension)) { throw new \Exception(sprintf($GLOBALS['TL_LANG']['ERR']['fileExists'], $varValue)); } $arrImageTypes = trimsplit(',', strtolower(\Config::get('validImageTypes'))); // Remove potentially existing thumbnails (see #6641) if (in_array(substr($this->strExtension, 1), $arrImageTypes)) { foreach (glob(TL_ROOT . '/assets/images/*/' . $this->varValue . '-*' . $this->strExtension) as $strThumbnail) { $this->Files->delete(str_replace(TL_ROOT . '/', '', $strThumbnail)); } } // Rename the file $this->Files->rename($this->strPath . '/' . $this->varValue . $this->strExtension, $this->strPath . '/' . $varValue . $this->strExtension); // New folders if (stristr($this->intId, '__new__') !== false) { // Update the database if ($this->blnIsDbAssisted && \Dbafs::shouldBeSynchronized($this->strPath . '/' . $varValue . $this->strExtension)) { $this->objActiveRecord = \Dbafs::addResource($this->strPath . '/' . $varValue . $this->strExtension); } $this->log('Folder "' . $this->strPath . '/' . $varValue . $this->strExtension . '" has been created', __METHOD__, TL_FILES); } else { // Update the database if ($this->blnIsDbAssisted) { $syncSource = \Dbafs::shouldBeSynchronized($this->strPath . '/' . $this->varValue . $this->strExtension); $syncTarget = \Dbafs::shouldBeSynchronized($this->strPath . '/' . $varValue . $this->strExtension); if ($syncSource && $syncTarget) { \Dbafs::moveResource($this->strPath . '/' . $this->varValue . $this->strExtension, $this->strPath . '/' . $varValue . $this->strExtension); } elseif ($syncSource) { \Dbafs::deleteResource($this->strPath . '/' . $this->varValue . $this->strExtension); } elseif ($syncTarget) { \Dbafs::addResource($this->strPath . '/' . $varValue . $this->strExtension); } } $this->log('File or folder "' . $this->strPath . '/' . $this->varValue . $this->strExtension . '" has been renamed to "' . $this->strPath . '/' . $varValue . $this->strExtension . '"', __METHOD__, TL_FILES); } // Set the new value so the input field can show it if (\Input::get('act') == 'editAll') { $session = $this->Session->getData(); if (($index = array_search($this->strPath . '/' . $this->varValue . $this->strExtension, $session['CURRENT']['IDS'])) !== false) { $session['CURRENT']['IDS'][$index] = $this->strPath . '/' . $varValue . $this->strExtension; $this->Session->setData($session); } } $this->varValue = $varValue; } elseif ($this->blnIsDbAssisted && $this->objActiveRecord !== null) { // Convert date formats into timestamps if ($varValue != '' && in_array($arrData['eval']['rgxp'], array('date', 'time', 'datim'))) { $objDate = new \Date($varValue, \Date::getFormatFromRgxp($arrData['eval']['rgxp'])); $varValue = $objDate->tstamp; } // Make sure unique fields are unique if ($arrData['eval']['unique'] && $varValue != '' && !$this->Database->isUniqueValue($this->strTable, $this->strField, $varValue, $this->objActiveRecord->id)) { throw new \Exception(sprintf($GLOBALS['TL_LANG']['ERR']['unique'], $arrData['label'][0] ?: $this->strField)); } // Handle multi-select fields in "override all" mode if (\Input::get('act') == 'overrideAll' && ($arrData['inputType'] == 'checkbox' || $arrData['inputType'] == 'checkboxWizard') && $arrData['eval']['multiple']) { if ($this->objActiveRecord !== null) { $new = deserialize($varValue, true); $old = deserialize($this->objActiveRecord->{$this->strField}, true); switch (\Input::post($this->strInputName . '_update')) { case 'add': $varValue = array_values(array_unique(array_merge($old, $new))); break; case 'remove': $varValue = array_values(array_diff($old, $new)); break; case 'replace': $varValue = $new; break; } if (!is_array($varValue) || empty($varValue)) { $varValue = ''; } elseif (isset($arrData['eval']['csv'])) { $varValue = implode($arrData['eval']['csv'], $varValue); // see #2890 } else { $varValue = serialize($varValue); } } } // Convert arrays (see #2890) if ($arrData['eval']['multiple'] && isset($arrData['eval']['csv'])) { $varValue = implode($arrData['eval']['csv'], deserialize($varValue, true)); } // Trigger the save_callback if (is_array($arrData['save_callback'])) { foreach ($arrData['save_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $this); } elseif (is_callable($callback)) { $varValue = $callback($varValue, $this); } } } // Save the value if there was no error if (($varValue != '' || !$arrData['eval']['doNotSaveEmpty']) && ($this->varValue != $varValue || $arrData['eval']['alwaysSave'])) { // If the field is a fallback field, empty all other columns if ($arrData['eval']['fallback'] && $varValue != '') { $this->Database->execute("UPDATE " . $this->strTable . " SET " . $this->strField . "=''"); } // Set the correct empty value (see #6284, #6373) if ($varValue === '') { $varValue = \Widget::getEmptyValueByFieldType($GLOBALS['TL_DCA'][$this->strTable]['fields'][$this->strField]['sql']); } $this->objActiveRecord->{$this->strField} = $varValue; $this->objActiveRecord->save(); $this->blnCreateNewVersion = true; $this->varValue = deserialize($varValue); } } }
/** * Ajax actions that do require a data container object * * @param \DataContainer $dc */ public function executePostActions(\DataContainer $dc) { header('Content-Type: text/html; charset=' . \Config::get('characterSet')); // Bypass any core logic for non-core drivers (see #5957) if (!$dc instanceof \DC_File && !$dc instanceof \DC_Folder && !$dc instanceof \DC_Table) { $this->executePostActionsHook($dc); exit; } switch ($this->strAction) { // Load nodes of the page structure tree case 'loadStructure': echo $dc->ajaxTreeView($this->strAjaxId, intval(\Input::post('level'))); exit; break; // Load nodes of the file manager tree // Load nodes of the file manager tree case 'loadFileManager': echo $dc->ajaxTreeView(\Input::post('folder', true), intval(\Input::post('level'))); exit; break; // Load nodes of the page tree // Load nodes of the page tree case 'loadPagetree': $strField = $dc->field = \Input::post('name'); /** @var \PageSelector $strClass */ $strClass = $GLOBALS['BE_FFL']['pageSelector']; /** @var \PageSelector $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, null, $strField, $dc->table, $dc)); echo $objWidget->generateAjax($this->strAjaxId, \Input::post('field'), intval(\Input::post('level'))); exit; break; // Load nodes of the file tree // Load nodes of the file tree case 'loadFiletree': $strField = $dc->field = \Input::post('name'); /** @var \FileSelector $strClass */ $strClass = $GLOBALS['BE_FFL']['fileSelector']; /** @var \FileSelector $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, null, $strField, $dc->table, $dc)); // Load a particular node if (\Input::post('folder', true) != '') { echo $objWidget->generateAjax(\Input::post('folder', true), \Input::post('field'), intval(\Input::post('level'))); } else { echo $objWidget->generate(); } exit; break; // Reload the page/file picker // Reload the page/file picker case 'reloadPagetree': case 'reloadFiletree': $intId = \Input::get('id'); $strField = $dc->field = \Input::post('name'); // Handle the keys in "edit multiple" mode if (\Input::get('act') == 'editAll') { $intId = preg_replace('/.*_([0-9a-zA-Z]+)$/', '$1', $strField); $strField = preg_replace('/(.*)_[0-9a-zA-Z]+$/', '$1', $strField); } // The field does not exist if (!isset($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField])) { $this->log('Field "' . $strField . '" does not exist in DCA "' . $dc->table . '"', __METHOD__, TL_ERROR); header('HTTP/1.1 400 Bad Request'); die('Bad Request'); } $objRow = null; $varValue = null; // Load the value if ($GLOBALS['TL_DCA'][$dc->table]['config']['dataContainer'] == 'File') { $varValue = \Config::get($strField); } elseif ($intId > 0 && $this->Database->tableExists($dc->table)) { $objRow = $this->Database->prepare("SELECT * FROM " . $dc->table . " WHERE id=?")->execute($intId); // The record does not exist if ($objRow->numRows < 1) { $this->log('A record with the ID "' . $intId . '" does not exist in table "' . $dc->table . '"', __METHOD__, TL_ERROR); header('HTTP/1.1 400 Bad Request'); die('Bad Request'); } $varValue = $objRow->{$strField}; $dc->activeRecord = $objRow; } // Call the load_callback if (is_array($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'])) { foreach ($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField]['load_callback'] as $callback) { if (is_array($callback)) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($varValue, $dc); } elseif (is_callable($callback)) { $varValue = $callback($varValue, $dc); } } } // Set the new value $varValue = \Input::post('value', true); $strKey = $this->strAction == 'reloadPagetree' ? 'pageTree' : 'fileTree'; // Convert the selected values if ($varValue != '') { $varValue = trimsplit("\t", $varValue); // Automatically add resources to the DBAFS if ($strKey == 'fileTree') { foreach ($varValue as $k => $v) { if (\Dbafs::shouldBeSynchronized($v)) { $varValue[$k] = \Dbafs::addResource($v)->uuid; } } } $varValue = serialize($varValue); } /** @var \FileTree|\PageTree $strClass */ $strClass = $GLOBALS['BE_FFL'][$strKey]; /** @var \FileTree|\PageTree $objWidget */ $objWidget = new $strClass($strClass::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$strField], $dc->field, $varValue, $strField, $dc->table, $dc)); echo $objWidget->generate(); exit; break; // Feature/unfeature an element // Feature/unfeature an element case 'toggleFeatured': if (class_exists($dc->table, false)) { $dca = new $dc->table(); if (method_exists($dca, 'toggleFeatured')) { $dca->toggleFeatured(\Input::post('id'), \Input::post('state') == 1 ? true : false); } } exit; break; // Toggle subpalettes // Toggle subpalettes case 'toggleSubpalette': $this->import('BackendUser', 'User'); // Check whether the field is a selector field and allowed for regular users (thanks to Fabian Mihailowitsch) (see #4427) if (!is_array($GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || !in_array(\Input::post('field'), $GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || $GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]['exclude'] && !$this->User->hasAccess($dc->table . '::' . \Input::post('field'), 'alexf')) { $this->log('Field "' . \Input::post('field') . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR); header('HTTP/1.1 400 Bad Request'); die('Bad Request'); } if ($dc instanceof DC_Table) { if (\Input::get('act') == 'editAll') { $this->strAjaxId = preg_replace('/.*_([0-9a-zA-Z]+)$/', '$1', \Input::post('id')); $this->Database->prepare("UPDATE " . $dc->table . " SET " . \Input::post('field') . "='" . (intval(\Input::post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($this->strAjaxId); if (\Input::post('load')) { echo $dc->editAll($this->strAjaxId, \Input::post('id')); } } else { $this->Database->prepare("UPDATE " . $dc->table . " SET " . \Input::post('field') . "='" . (intval(\Input::post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($dc->id); if (\Input::post('load')) { echo $dc->edit(false, \Input::post('id')); } } } elseif ($dc instanceof \DC_File) { $val = intval(\Input::post('state') == 1) ? true : false; \Config::persist(\Input::post('field'), $val); if (\Input::post('load')) { \Config::set(\Input::post('field'), $val); echo $dc->edit(false, \Input::post('id')); } } exit; break; // DropZone file upload // DropZone file upload case 'fileupload': $dc->move(); exit; break; // HOOK: pass unknown actions to callback functions // HOOK: pass unknown actions to callback functions default: $this->executePostActionsHook($dc); exit; break; } }
/** * Extract the theme files and write the data to the database * * @param array $arrFiles * @param array $arrDbFields */ protected function extractThemeFiles($arrFiles, $arrDbFields) { foreach ($arrFiles as $strZipFile) { $xml = null; // Open the archive $objArchive = new \ZipReader($strZipFile); // Extract all files while ($objArchive->next()) { // Load the XML file if ($objArchive->file_name == 'theme.xml') { $xml = new \DOMDocument(); $xml->preserveWhiteSpace = false; $xml->loadXML($objArchive->unzip()); continue; } // Limit file operations to files and the templates directory if (strncmp($objArchive->file_name, 'files/', 6) !== 0 && strncmp($objArchive->file_name, 'tl_files/', 9) !== 0 && strncmp($objArchive->file_name, 'templates/', 10) !== 0) { \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['invalidFile'], $objArchive->file_name)); continue; } // Extract the files try { \File::putContent($this->customizeUploadPath($objArchive->file_name), $objArchive->unzip()); } catch (\Exception $e) { \Message::addError($e->getMessage()); } } // Continue if there is no XML file if (!$xml instanceof \DOMDocument) { \Message::addError(sprintf($GLOBALS['TL_LANG']['tl_theme']['missing_xml'], basename($strZipFile))); continue; } $arrMapper = array(); $tables = $xml->getElementsByTagName('table'); $arrNewFolders = array(); // Extract the folder names from the XML file for ($i = 0; $i < $tables->length; $i++) { if ($tables->item($i)->getAttribute('name') == 'tl_theme') { $fields = $tables->item($i)->childNodes->item(0)->childNodes; for ($k = 0; $k < $fields->length; $k++) { if ($fields->item($k)->getAttribute('name') == 'folders') { $arrNewFolders = deserialize($fields->item($k)->nodeValue); break; } } break; } } // Sync the new folder(s) if (!empty($arrNewFolders) && is_array($arrNewFolders)) { foreach ($arrNewFolders as $strFolder) { $strCustomized = $this->customizeUploadPath($strFolder); if (\Dbafs::shouldBeSynchronized($strCustomized)) { \Dbafs::addResource($strCustomized); } } } // Lock the tables $arrLocks = array('tl_files' => 'WRITE', 'tl_theme' => 'WRITE', 'tl_style_sheet' => 'WRITE', 'tl_style' => 'WRITE', 'tl_module' => 'WRITE', 'tl_layout' => 'WRITE', 'tl_image_size' => 'WRITE', 'tl_image_size_item' => 'WRITE'); // Load the DCAs of the locked tables (see #7345) foreach (array_keys($arrLocks) as $table) { $this->loadDataContainer($table); } $this->Database->lockTables($arrLocks); // Get the current auto_increment values $tl_files = $this->Database->getNextId('tl_files'); $tl_theme = $this->Database->getNextId('tl_theme'); $tl_style_sheet = $this->Database->getNextId('tl_style_sheet'); $tl_style = $this->Database->getNextId('tl_style'); $tl_module = $this->Database->getNextId('tl_module'); $tl_layout = $this->Database->getNextId('tl_layout'); $tl_image_size = $this->Database->getNextId('tl_image_size'); $tl_image_size_item = $this->Database->getNextId('tl_image_size_item'); // Build the mapper data (see #8326) for ($i = 0; $i < $tables->length; $i++) { $rows = $tables->item($i)->childNodes; $table = $tables->item($i)->getAttribute('name'); // Skip invalid tables if (!in_array($table, array_keys($arrLocks))) { continue; } // Loop through the rows for ($j = 0; $j < $rows->length; $j++) { $fields = $rows->item($j)->childNodes; // Loop through the fields for ($k = 0; $k < $fields->length; $k++) { // Increment the ID if ($fields->item($k)->getAttribute('name') == 'id') { $arrMapper[$table][$fields->item($k)->nodeValue] = ${$table}++; break; } } } } // Loop through the tables for ($i = 0; $i < $tables->length; $i++) { $rows = $tables->item($i)->childNodes; $table = $tables->item($i)->getAttribute('name'); // Skip invalid tables if (!in_array($table, array_keys($arrLocks))) { continue; } // Get the order fields $objDcaExtractor = \DcaExtractor::getInstance($table); $arrOrder = $objDcaExtractor->getOrderFields(); // Loop through the rows for ($j = 0; $j < $rows->length; $j++) { $set = array(); $fields = $rows->item($j)->childNodes; // Loop through the fields for ($k = 0; $k < $fields->length; $k++) { $value = $fields->item($k)->nodeValue; $name = $fields->item($k)->getAttribute('name'); // Skip NULL values if ($value == 'NULL') { continue; } elseif ($name == 'id') { $value = $arrMapper[$table][$value]; } elseif ($name == 'pid') { if ($table == 'tl_style') { $value = $arrMapper['tl_style_sheet'][$value]; } elseif ($table == 'tl_image_size_item') { $value = $arrMapper['tl_image_size'][$value]; } else { $value = $arrMapper['tl_theme'][$value]; } } elseif ($name == 'fallback') { $value = ''; } elseif ($table == 'tl_layout' && $name == 'stylesheet') { $stylesheets = deserialize($value); if (is_array($stylesheets)) { foreach (array_keys($stylesheets) as $key) { $stylesheets[$key] = $arrMapper['tl_style_sheet'][$stylesheets[$key]]; } $value = serialize($stylesheets); } } elseif ($table == 'tl_layout' && $name == 'modules') { $modules = deserialize($value); if (is_array($modules)) { foreach ($modules as $key => $mod) { if ($mod['mod'] > 0) { $modules[$key]['mod'] = $arrMapper['tl_module'][$mod['mod']]; } } $value = serialize($modules); } } elseif (($table == 'tl_theme' || $table == 'tl_style_sheet') && $name == 'name') { $objCount = $this->Database->prepare("SELECT COUNT(*) AS count FROM " . $table . " WHERE name=?")->execute($value); if ($objCount->count > 0) { $value = preg_replace('/( |\\-)[0-9]+$/', '', $value); $value .= ($table == 'tl_style_sheet' ? '-' : ' ') . ${$table}; } } elseif (($table == 'tl_style_sheet' || $table == 'tl_style' || $table == 'tl_files' && $name == 'path') && strpos($value, 'files') !== false) { $tmp = deserialize($value); if (is_array($tmp)) { foreach ($tmp as $kk => $vv) { $tmp[$kk] = $this->customizeUploadPath($vv); } $value = serialize($tmp); } else { $value = $this->customizeUploadPath($value); } } elseif ($GLOBALS['TL_DCA'][$table]['fields'][$name]['inputType'] == 'fileTree' && !$GLOBALS['TL_DCA'][$table]['fields'][$name]['eval']['multiple']) { if (!$value) { $value = null; // Contao >= 3.2 } else { // Do not use the FilesModel here – tables are locked! $objFile = $this->Database->prepare("SELECT uuid FROM tl_files WHERE path=?")->limit(1)->execute($this->customizeUploadPath($value)); $value = $objFile->uuid; } } elseif ($GLOBALS['TL_DCA'][$table]['fields'][$name]['inputType'] == 'fileTree' || in_array($name, $arrOrder)) { $tmp = deserialize($value); if (is_array($tmp)) { foreach ($tmp as $kk => $vv) { // Do not use the FilesModel here – tables are locked! $objFile = $this->Database->prepare("SELECT uuid FROM tl_files WHERE path=?")->limit(1)->execute($this->customizeUploadPath($vv)); $tmp[$kk] = $objFile->uuid; } $value = serialize($tmp); } } elseif ($GLOBALS['TL_DCA'][$table]['fields'][$name]['inputType'] == 'imageSize') { $imageSizes = deserialize($value, true); if (!empty($imageSizes)) { if (is_numeric($imageSizes[2])) { $imageSizes[2] = $arrMapper['tl_image_size'][$imageSizes[2]]; } } $value = serialize($imageSizes); } $set[$name] = $value; } // Skip fields that are not in the database (e.g. because of missing extensions) foreach ($set as $k => $v) { if (!in_array($k, $arrDbFields[$table])) { unset($set[$k]); } } // Create the templates folder even if it is empty (see #4793) if ($table == 'tl_theme' && isset($set['templates']) && strncmp($set['templates'], 'templates/', 10) === 0 && !is_dir(TL_ROOT . '/' . $set['templates'])) { new \Folder($set['templates']); } // Update tl_files (entries have been created by the Dbafs class) if ($table == 'tl_files') { $this->Database->prepare("UPDATE {$table} %s WHERE path=?")->set($set)->execute($set['path']); } else { $this->Database->prepare("INSERT INTO {$table} %s")->set($set)->execute(); } } } // Unlock the tables $this->Database->unlockTables(); // Update the style sheets $this->import('StyleSheets'); $this->StyleSheets->updateStyleSheets(); // Notify the user \Message::addConfirmation(sprintf($GLOBALS['TL_LANG']['tl_theme']['theme_imported'], basename($strZipFile))); // HOOK: add custom logic if (isset($GLOBALS['TL_HOOKS']['extractThemeFiles']) && is_array($GLOBALS['TL_HOOKS']['extractThemeFiles'])) { $intThemeId = empty($arrMapper['tl_theme']) ? null : reset($arrMapper['tl_theme']); foreach ($GLOBALS['TL_HOOKS']['extractThemeFiles'] as $callback) { \System::importStatic($callback[0])->{$callback[1]}($xml, $objArchive, $intThemeId, $arrMapper); } } unset($tl_files, $tl_theme, $tl_style_sheet, $tl_style, $tl_module, $tl_layout, $tl_image_size, $tl_image_size_item); } \System::setCookie('BE_PAGE_OFFSET', 0, 0); $this->Session->remove('uploaded_themes'); // Redirect $this->redirect(str_replace('&key=importTheme', '', \Environment::get('request'))); }
/** * Check if the folder should be synchronized with the database * * @return bool True if the folder needs to be synchronized with the database * * @deprecated Use Dbafs::shouldBeSynchronized() instead */ public function shouldBeSynchronized() { return \Dbafs::shouldBeSynchronized($this->strFolder); }
/** * Copy the file * * @param string $strNewName The target path * * @return boolean True if the operation was successful */ public function copyTo($strNewName) { $strParent = dirname($strNewName); // Create the parent folder if it does not exist if (!is_dir(TL_ROOT . '/' . $strParent)) { new \Folder($strParent); } $this->Files->copy($this->strFile, $strNewName); // Update the database AFTER the file has been renamed $syncSource = \Dbafs::shouldBeSynchronized($this->strFile); $syncTarget = \Dbafs::shouldBeSynchronized($strNewName); // Synchronize the database if ($syncSource && $syncTarget) { \Dbafs::copyResource($this->strFile, $strNewName); } elseif ($syncTarget) { \Dbafs::addResource($strNewName); } return true; }