function removeAction() { $hash = $this->getRequest()->getParam('csrf'); $key = X_Env::decode($this->getRequest()->getParam('key', false)); $csrf = new Zend_Form_Element_Hash('csrf', array('salt' => __CLASS__)); if (!$csrf->isValid($hash)) { $this->_helper->flashMessenger(array('type' => 'error', 'text' => X_Env::_('p_auth_err_invalidhash'))); $this->_helper->redirector('index', 'acl'); return; } $resource = new Application_Model_AclResource(); Application_Model_AclResourcesMapper::i()->find($key, $resource); if ($resource->isNew()) { $this->_helper->flashMessenger(array('type' => 'error', 'text' => X_Env::_('p_auth_acl_err_invalidkey'))); $this->_helper->redirector('index', 'acl'); return; } Application_Model_AclResourcesMapper::i()->delete($resource); $this->_helper->flashMessenger(array('type' => 'success', 'text' => X_Env::_('p_auth_acl_resourceremoved', $resource->getKey()))); $this->_helper->redirector('index', 'acl'); }
public function enableAction() { /* @var $request Zend_Controller_Request_Http */ $request = $this->getRequest(); $pluginId = $request->getParam('pluginId', false); $plugin = new Application_Model_Plugin(); $csrfValue = $request->getParam('csrf', false); $csrf = new Zend_Form_Element_Hash('csrf', array('salt' => __CLASS__)); if ($csrf->isValid($csrfValue)) { if ($pluginId !== false) { Application_Model_PluginsMapper::i()->find($pluginId, $plugin); if ($plugin->getId() != null && $plugin->getId() == $pluginId) { if ($plugin->getType() != Application_Model_Plugin::SYSTEM) { try { $plugin->setEnabled(true); Application_Model_PluginsMapper::i()->save($plugin); $this->_helper->flashMessenger(X_Env::_('configs_plugins_pluginenabled')); } catch (Exception $e) { $this->_helper->flashMessenger(X_Env::_('configs_plugins_err_db') . ": {$e->getMessage()}"); } } else { $this->_helper->flashMessenger(X_Env::_('configs_plugins_err_pluginId_notenable')); } } else { $this->_helper->flashMessenger(X_Env::_('configs_plugins_err_pluginId_unknown')); } } else { $this->_helper->flashMessenger(X_Env::_('configs_plugins_err_pluginId_missing')); } } else { $this->_helper->flashMessenger(array('type' => 'error', 'text' => X_Env::_('configs_plugins_err_invalidtoken'))); } $this->_helper->redirector('index', 'configs'); }
function removeAction() { $hash = $this->getRequest()->getParam('csrf'); $accountId = $this->getRequest()->getParam('id'); $csrf = new Zend_Form_Element_Hash('csrf', array('salt' => __CLASS__)); if (!$csrf->isValid($hash)) { $this->_helper->flashMessenger(array('type' => 'error', 'text' => X_Env::_('p_auth_err_invalidhash'))); $this->_helper->redirector('accounts', 'auth'); return; } $account = new Application_Model_AuthAccount(); Application_Model_AuthAccountsMapper::i()->find($accountId, $account); if (is_null($account->getId())) { $this->_helper->flashMessenger(array('type' => 'error', 'text' => X_Env::_('p_auth_err_invalidaccount'))); $this->_helper->redirector('accounts', 'auth'); return; } if ($this->plugin->getCurrentUser() == $account->getUsername()) { $this->_helper->flashMessenger(array('type' => 'error', 'text' => X_Env::_('p_auth_err_currentremovalnotallowed'))); $this->_helper->redirector('accounts', 'auth'); return; } Application_Model_AuthAccountsMapper::i()->delete($account); $this->_helper->flashMessenger(array('type' => 'success', 'text' => X_Env::_('p_auth_accountremoved', $account->getUsername()))); $this->_helper->redirector('accounts', 'auth'); }
public function bookmarkAction() { $csrf = new Zend_Form_Element_Hash('csrf', array('salt' => __CLASS__)); $validCheck = $csrf->isValid($this->getRequest()->getParam('csrf', false)); $csrf->initCsrfToken(); $hash = $csrf->getHash(); $return = array('success' => true, 'api' => array('resolver' => $this->_helper->url->url(array('controller' => 'bookmarklets', 'action' => 'resolver', 'csrf' => $hash)), 'adder' => $this->_helper->url->url(array('controller' => 'bookmarklets', 'action' => 'add', 'csrf' => $hash)), 'bookmark' => $this->_helper->url->url(array('controller' => 'bookmarklets', 'action' => 'bookmark', 'csrf' => $hash)))); if ($validCheck) { $url = $this->getRequest()->getParam("url", false); $title = strip_tags($this->getRequest()->getParam("title", false)); $description = strip_tags($this->getRequest()->getParam("description", false)); $thumbnail = $this->getRequest()->getParam("thumbnail", false); $ua = $this->getRequest()->getParam("ua", false); $cookies = $this->getRequest()->getParam("cookies", false); if ($url && $title) { $model = new Application_Model_Bookmark(); $model->setUrl($url); $model->setTitle($title); if ($thumbnail) { $model->setThumbnail($thumbnail); } if ($description) { $model->setDescription($description); } if ($ua) { $model->setUa($ua); } if ($cookies) { $model->setCookies($cookies); } try { Application_Model_BookmarksMapper::i()->save($model); } catch (Exception $e) { X_Debug::e("DB Error: {$e->getMessage()}"); $return['success'] = false; } } else { X_Debug::e("Missing data"); $return['success'] = false; } } else { X_Debug::e("Invalid CSRF"); $return['success'] = false; } $this->_helper->json($return, true, false); }
/** * Processes batch edit information. Only accessible via POST. * * @return void */ public function batchEditSaveAction() { $hashParam = $this->_getParam('batch_edit_hash'); $hash = new Zend_Form_Element_Hash('batch_edit_hash'); if (!$hash->isValid($hashParam)) { throw new Omeka_Controller_Exception_403(); } if ($itemIds = $this->_getParam('items')) { $metadata = $this->_getParam('metadata'); $removeMetadata = $this->_getParam('removeMetadata'); $delete = $this->_getParam('delete'); $custom = $this->_getParam('custom'); // Set metadata values to null for "removed" metadata keys. if ($removeMetadata && is_array($removeMetadata)) { foreach ($removeMetadata as $key => $value) { if ($value) { $metadata[$key] = null; } } } $errorMessage = null; $aclHelper = $this->_helper->acl; if ($metadata && array_key_exists('public', $metadata) && !$aclHelper->isAllowed('makePublic')) { $errorMessage = __('User is not allowed to modify visibility of items.'); } if ($metadata && array_key_exists('featured', $metadata) && !$aclHelper->isAllowed('makeFeatured')) { $errorMessage = __('User is not allowed to modify featured status of items.'); } if (!$errorMessage) { foreach ($itemIds as $id) { if ($item = $this->_helper->db->getTable('Item')->find($id)) { if ($delete && !$aclHelper->isAllowed('delete', $item)) { $errorMessage = __('User is not allowed to delete selected items.'); break; } // Check to see if anything but 'tag' if ($metadata && array_diff_key($metadata, array('tags' => '')) && !$aclHelper->isAllowed('edit', $item)) { $errorMessage = __('User is not allowed to edit selected items.'); break; } if ($metadata && array_key_exists('tags', $metadata) && !$aclHelper->isAllowed('tag', $item)) { $errorMessage = __('User is not allowed to tag selected items.'); break; } release_object($item); } } } $errorMessage = apply_filters('items_batch_edit_error', $errorMessage, array('metadata' => $metadata, 'custom' => $custom, 'item_ids' => $itemIds)); if ($errorMessage) { $this->_helper->flashMessenger($errorMessage, 'error'); } else { $dispatcher = Zend_Registry::get('job_dispatcher'); $dispatcher->send('Job_ItemBatchEdit', array('itemIds' => $itemIds, 'delete' => $delete, 'metadata' => $metadata, 'custom' => $custom)); if ($delete) { $message = __('The items were successfully deleted!'); } else { $message = __('The items were successfully changed!'); } $this->_helper->flashMessenger($message, 'success'); } } $this->_helper->redirector('browse', 'items'); }
function clearAction() { $id = $this->getRequest()->getParam('id', false); $csrf = $this->getRequest()->getParam('csrf', false); if (!$id) { throw new Exception("Thread id missing"); } $hash = new Zend_Form_Element_Hash('csrf', array('salt' => __CLASS__)); if (!$hash->isValid($csrf)) { throw new Exception("Invalid token"); } $hash->initCsrfToken(); $thread = X_Threads_Manager::instance()->getMonitor()->getThread($id); X_Threads_Manager::instance()->getMessenger()->clearQueue($thread); $this->_helper->flashMessenger(array('type' => 'success', 'text' => X_Env::_('threads_done'))); $this->_helper->redirector('index', 'tmanager'); }