function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } $is_importcsv = JRequest::getVar('task') == 'importcsv'; // Server side validation $validation = $field->parameters->get('validation', 2); $use_html = $field->parameters->get('use_html', 0); $maxlength = (int) $field->parameters->get('maxlength', 0); $maxlength = $use_html ? 0 : $maxlength; // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // support for basic CSV import / export if ($is_importcsv && !is_array($v)) { if (@unserialize($v) !== false || $v === 'b:0;') { // support for exported serialized data) $v = unserialize($v); } else { $v = array('title' => $v, 'text' => ''); } } // ************************************************************** // Validate data, skipping values that are empty after validation // ************************************************************** $title = flexicontent_html::dataFilter($v['title'], $maxlength, 'HTML', 0); // Skip empty value, but if in group increment the value position if (!strlen($title)) { if ($use_ingroup) { $newpost[$new++] = null; } continue; } $newpost[$new] = array(); $newpost[$new]['title'] = $title; $newpost[$new]['text'] = flexicontent_html::dataFilter($v['text'], $maxlength, $validation, 0); $new++; } $post = $newpost; // Serialize multi-property data before storing them into the DB, // null indicates to increment valueorder without adding a value foreach ($post as $i => $v) { if ($v !== null) { $post[$i] = serialize($v); } } /*if ($use_ingroup) { $app = JFactory::getApplication(); $app->enqueueMessage( print_r($post, true), 'warning'); }*/ }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } $is_importcsv = JRequest::getVar('task') == 'importcsv'; $label_maxlength = (int) $field->parameters->get('label_maxlength', 0); // client/server side enforced $cc_maxlength = (int) $field->parameters->get('cc_maxlength', 0); // client/server side enforced $phone_maxlength = (int) $field->parameters->get('phone_maxlength', 0); // client/server side enforced // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // support for basic CSV import / export if ($is_importcsv && !is_array($post[$n])) { if (@unserialize($post[$n]) !== false || $post[$n] === 'b:0;') { // support for exported serialized data) $post[$n] = unserialize($post[$n]); } else { $post[$n] = array('label' => '', 'cc' => '', 'phone1' => '', 'phone2' => $post[$n], 'phone3' => ''); } } // **************************************************************************** // Validate phone number, skipping phone number that are empty after validation // **************************************************************************** $newpost[$new]['phone1'] = flexicontent_html::dataFilter(@$post[$n]['phone1'], $phone_maxlength, 'INT', 0); $newpost[$new]['phone2'] = flexicontent_html::dataFilter(@$post[$n]['phone2'], $phone_maxlength, 'INT', 0); $newpost[$new]['phone3'] = flexicontent_html::dataFilter(@$post[$n]['phone3'], $phone_maxlength, 'INT', 0); if (!strlen($post[$n]['phone1']) && !strlen($post[$n]['phone2']) && !strlen($post[$n]['phone3']) && !$use_ingroup) { continue; } // Skip empty values if not in field group // Validate other value properties $newpost[$new]['label'] = flexicontent_html::dataFilter(@$post[$n]['label'], $label_maxlength, 'STRING', 0); $newpost[$new]['cc'] = flexicontent_html::dataFilter(@$post[$n]['cc'], $cc_maxlength, 'STRING', 0); $new++; } $post = $newpost; }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } // Make sure posted data is an array //echo "<pre>"; print_r($post); exit; $post = !is_array($post) ? array($post) : $post; //echo "<pre>"; print_r($post); // Get configuration $inputmode = (int) $field->parameters->get('inputmode', 1); $is_importcsv = JRequest::getVar('task') == 'importcsv'; $import_docs_folder = JRequest::getVar('import_docs_folder'); $iform_allowdel = $field->parameters->get('iform_allowdel', 1); $iform_title = $inputmode == 1 ? 0 : $field->parameters->get('iform_title', 1); $iform_desc = $inputmode == 1 ? 0 : $field->parameters->get('iform_desc', 1); $iform_lang = $inputmode == 1 ? 0 : $field->parameters->get('iform_lang', 0); $iform_dir = $inputmode == 1 ? 0 : $field->parameters->get('iform_dir', 0); // Execute once static $initialized = null; static $srcpath_original = ''; if (!$initialized) { $initialized = 1; jimport('joomla.filesystem.folder'); jimport('joomla.filesystem.path'); $srcpath_original = JPath::clean(JPATH_SITE . DS . $import_docs_folder . DS); } $newpost = array(); $new = 0; foreach ($post as $n => $v) { if (empty($v)) { if ($use_ingroup) { // empty value for group $newpost[$new] = ''; $new++; } continue; } // support for basic CSV import / export if ($is_importcsv) { if (!is_numeric($v)) { $filename = basename($v); $sub_folder = dirname($v); $sub_folder = $sub_folder && $sub_folder != '.' ? DS . $sub_folder : ''; $fman = new FlexicontentControllerFilemanager(); $Fobj = new stdClass(); $Fobj->return_url = null; $Fobj->file_dir_path = DS . $import_docs_folder . $sub_folder; $Fobj->file_filter_re = preg_quote($filename); $Fobj->secure = 0; $Fobj->keep = 1; $file_ids = $fman->addlocal($Fobj); $v = !empty($file_ids) ? reset($file_ids) : false; // Get fist element //$_filetitle = key($file_ids); this is the cleaned up filename, currently not needed } } else { $file_id = isset($v['file-id']) ? (int) $v['file-id'] : $v; $file_id = is_numeric($file_id) ? (int) $file_id : 0; // if $v is not an array $err_code = $_FILES["custom"]["error"][$field->name][$n]['file-data']; $new_file = $err_code == 0; if ($err_code && $err_code != UPLOAD_ERR_NO_FILE) { $err_msg = array(UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini', UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form', UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded', UPLOAD_ERR_NO_FILE => 'No file was uploaded', UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder', UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk', UPLOAD_ERR_EXTENSION => 'A PHP extension stopped the file upload'); JFactory::getApplication()->enqueueMessage("FILE FIELD: " . $err_msg[$err_code], 'warning'); continue; } // validate data or empty/set default values $v['file-del'] = !$iform_allowdel ? 0 : (int) @$v['file-del']; $v['file-title'] = !$iform_title ? '' : flexicontent_html::dataFilter($v['file-title'], 1000, 'STRING', 0); $v['file-desc'] = !$iform_desc ? '' : flexicontent_html::dataFilter($v['file-desc'], 10000, 'STRING', 0); $v['file-lang'] = !$iform_lang ? '' : flexicontent_html::dataFilter($v['file-lang'], 9, 'STRING', 0); $v['secure'] = !$iform_dir ? 0 : ((int) $v['secure'] ? 1 : 0); // UPDATE existing file if (!$new_file && $file_id) { $dbdata = array(); $dbdata['id'] = $file_id; if ($iform_title) { $dbdata['altname'] = $v['file-title']; } if ($iform_desc) { $dbdata['description'] = $v['file-desc']; } if ($iform_lang) { $dbdata['language'] = $v['file-lang']; } // !! Do not change folder for existing files //if ($iform_dir) { $dbdata['secure'] = $v['secure']; // Load file data from DB $row = JTable::getInstance('flexicontent_files', ''); $row->load($file_id); $_filename = $row->filename_original ? $row->filename_original : $row->filename; $dbdata['secure'] = $row->secure ? 1 : 0; // !! Do not change media/secure -folder- for existing files // Security concern, check file is assigned to current item $isAssigned = $this->checkFileAssignment($field, $file_id, $item); if ($v['file-del']) { if (!$isAssigned) { //JFactory::getApplication()->enqueueMessage("FILE FIELD: refusing to delete file: '".$_filename."', that is not assigned to current item", 'warning' ); } else { //JFactory::getApplication()->enqueueMessage("FILE FIELD: refusing to update file properties of a file: '".$_filename."', that is not assigned to current item", 'warning' ); } } // Delete existing file if so requested if ($v['file-del']) { $canDelete = $this->canDeleteFile($field, $file_id, $item); if ($isAssigned && $canDelete) { $fm = new FlexicontentModelFilemanager(); $fm->delete(array($file_id)); } continue; // Skip file since unloading / removal was requested } // Set the changed data into the object foreach ($dbdata as $index => $data) { $row->{$index} = $data; } // Update DB data of the file if (!$row->check() || !$row->store()) { JFactory::getApplication()->enqueueMessage("FILE FIELD: " . JFactory::getDBO()->getErrorMsg(), 'warning'); continue; } // Set file id as value of the field $v = $file_id; } else { if ($new_file) { // new file was uploaded, but also handle previous selected file ... if ($file_id) { // Security concern, check file is assigned to current item $isAssigned = $this->checkFileAssignment($field, $file_id, $item); if (!$isAssigned) { /*$row = JTable::getInstance('flexicontent_files', ''); $row->load( $file_id ); $_filename = $row->filename_original ? $row->filename_original : $row->filename; JFactory::getApplication()->enqueueMessage("FILE FIELD: refusing to delete file: '".$_filename."', that is not assigned to current item", 'warning' );*/ } else { if ($this->canDeleteFile($field, $file_id, $item)) { $fm = new FlexicontentModelFilemanager(); $fm->delete(array($file_id)); } } } // Skip file if unloading / removal was requested if ($v['file-del']) { continue; } $fman = new FlexicontentControllerFilemanager(); // Controller will do the data filter too JRequest::setVar('return-url', null, 'post'); // needed ! JRequest::setVar('secure', $v['secure'], 'post'); JRequest::setVar('file-title', $v['file-title'], 'post'); JRequest::setVar('file-desc', $v['file-desc'], 'post'); JRequest::setVar('file-lang', $v['file-lang'], 'post'); // The dform field name of the <input type="file" ... JRequest::setVar('file-ffname', 'custom', 'post'); JRequest::setVar('fname_level1', $field->name, 'post'); JRequest::setVar('fname_level2', $n, 'post'); JRequest::setVar('fname_level3', 'file-data', 'post'); $file_id = $fman->upload(); $v = !empty($file_id) ? $file_id : false; } else { // no existing file and no new file uploaded $v = 0; } } } if (!$use_ingroup) { // NOT inside field group, add it only if not empty reverse the file array, indexing it by file IDs, to add each file only once if (!empty($v) && is_numeric($v)) { $newpost[(int) $v] = $new++; } } else { // Inside fieldgroup, allow same file multiple times $newpost[$new++] = (int) $v; } } // IF NOT inside field group, the file array was reversed (indexed by file IDs), so that the same file can be added once $post = !$use_ingroup ? array_flip($newpost) : $newpost; }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } $is_importcsv = JRequest::getVar('task') == 'importcsv'; $label_maxlength = (int) $field->parameters->get('label_maxlength', 0); // client/server side enforced $cc_maxlength = (int) $field->parameters->get('cc_maxlength', 0); // client/server side enforced $phone1_maxlength = (int) $field->parameters->get('phone1_maxlength', 0); // client/server side enforced $phone2_maxlength = (int) $field->parameters->get('phone2_maxlength', 0); // client/server side enforced $phone3_maxlength = (int) $field->parameters->get('phone3_maxlength', 0); // client/server side enforced $allow_letters = (int) $field->parameters->get('allow_letters', 0); // allow letters during validation // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // support for basic CSV import / export if ($is_importcsv && !is_array($v)) { if (@unserialize($v) !== false || $v === 'b:0;') { // support for exported serialized data) $v = unserialize($v); } else { $v = array('label' => '', 'cc' => '', 'phone1' => '', 'phone2' => $v, 'phone3' => ''); } } // **************************************************************************** // Validate phone number, skipping phone number that are empty after validation // **************************************************************************** $regex = $allow_letters ? '/[^0-9A-Z]/' : '/[^0-9]/'; // allow letters? // force string to uppercase, remove any forbiden characters $v['phone1'] = preg_replace($regex, '', strtoupper($v['phone1'])); $v['phone2'] = preg_replace($regex, '', strtoupper($v['phone2'])); $v['phone3'] = preg_replace($regex, '', strtoupper($v['phone3'])); // enforce max length $newpost[$new]['phone1'] = $phone1_maxlength ? $v['phone1'] : substr($v['phone1'], 0, $phone1_maxlength); $newpost[$new]['phone2'] = $phone2_maxlength ? $v['phone2'] : substr($v['phone2'], 0, $phone2_maxlength); $newpost[$new]['phone3'] = $phone3_maxlength ? $v['phone3'] : substr($v['phone3'], 0, $phone3_maxlength); if (!strlen($v['phone1']) && !strlen($v['phone2']) && !strlen($v['phone3']) && !$use_ingroup) { continue; } // Skip empty values if not in field group // Validate other value properties $newpost[$new]['label'] = flexicontent_html::dataFilter(@$v['label'], $label_maxlength, 'STRING', 0); $newpost[$new]['cc'] = flexicontent_html::dataFilter(@$v['cc'], $cc_maxlength, 'STRING', 0); $new++; } $post = $newpost; }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } // Server side validation $validation = $field->parameters->get('validation', 2); $use_html = $field->field_type == 'maintext' ? !$field->parameters->get('hide_html', 0) : $field->parameters->get('use_html', 0); $maxlength = (int) $field->parameters->get('maxlength', 0); $maxlength = $use_html ? 0 : $maxlength; // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // ************************************************************** // Validate data, skipping values that are empty after validation // ************************************************************** $post[$n] = flexicontent_html::dataFilter($post[$n], $maxlength, $validation, 0); if (!strlen($post[$n]) && !$use_ingroup) { continue; } // skip empty values $newpost[$new] = $post[$n]; $new++; } $post = $newpost; // Reconstruct value if it has splitted up e.g. to tabs or if given field is the description field, // for textarea MULTI-VALUE and TAB-SPLIT not supported simutaneusly if ($field->parameters->get('editorarea_per_tab', 0) && count($post) > 1) { $post = array(implode(' ', $post)); } /*if ($use_ingroup) { $app = JFactory::getApplication(); $app->enqueueMessage( print_r($post, true), 'warning'); }*/ }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } // Take into consideration client side validation $inputmask = $field->parameters->get('inputmask', false); // Server side validation $validation = $field->parameters->get('validation', 'HTML'); $maxlength = (int) $field->parameters->get('maxlength', 0); // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // Unmasking is done via JS code, but try to redo it, to avoid value loss is unmasking was not done if (1) { //JFactory::getApplication()->enqueueMessage( print_r($post[$n], true), 'warning'); if ($inputmask == "decimal_comma") { $post[$n] = str_replace('.', '', $post[$n]); $post[$n] = str_replace(',', '.', $post[$n]); } else { if ($inputmask == "decimal_comma") { $post[$n] = str_replace(',', '', $post[$n]); } else { if ($inputmask == "currency" || $inputmask == "currency_euro") { $post[$n] = str_replace('$', '', $post[$n]); $post[$n] = str_replace(chr(0xe2) . chr(0x82) . chr(0xac), '', $post[$n]); $post[$n] = str_replace(',', '', $post[$n]); } } } //JFactory::getApplication()->enqueueMessage( print_r($post[$n], true), 'warning'); } // ************************************************************** // Validate data, skipping values that are empty after validation // ************************************************************** $post[$n] = flexicontent_html::dataFilter($post[$n], $maxlength, $validation, 0); // Skip empty value, but if in group increment the value position if (!strlen($post[$n])) { if ($use_ingroup) { $newpost[$new++] = null; } continue; } $newpost[$new] = $post[$n]; $new++; } $post = $newpost; /*if ($use_ingroup) { $app = JFactory::getApplication(); $app->enqueueMessage( print_r($post, true), 'warning'); }*/ }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } $is_importcsv = JRequest::getVar('task') == 'importcsv'; // Server side validation //$validation = $field->parameters->get( 'validation', 'EMAIL' ) ; $maxlength = (int) $field->parameters->get('maxlength', 0); // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // support for basic CSV import / export if ($is_importcsv && !is_array($post[$n])) { if (@unserialize($post[$n]) !== false || $post[$n] === 'b:0;') { // support for exported serialized data) $post[$n] = unserialize($post[$n]); } else { $post[$n] = array('addr' => $post[$n], 'text' => ''); } } // ************************************************************** // Validate data, skipping values that are empty after validation // ************************************************************** $addr = flexicontent_html::dataFilter($post[$n]['addr'], $maxlength, 'EMAIL', 0); // Clean bad text/html if (!strlen($addr) && !$use_ingroup) { continue; } // Skip empty values $newpost[$new] = array(); $newpost[$new]['addr'] = $addr; $newpost[$new]['text'] = flexicontent_html::dataFilter(@$post[$n]['text'], 0, 'STRING', 0); $new++; } $post = $newpost; // Serialize multi-property data before storing them into the DB foreach ($post as $i => $v) { $post[$i] = serialize($v); } /*if ($use_ingroup) { $app = JFactory::getApplication(); $app->enqueueMessage( print_r($post, true), 'warning'); }*/ }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $date_source = $field->parameters->get('date_source', 0); // Timestamp mode (Current time), which will be displayed as user time but saved as 'UTC 0' if ($date_source == 3) { // Dates are always stored using 'UTC 0' timezone $tz = new DateTimeZone('UTC'); $date_now = JFactory::getDate('now'); $date_now->setTimezone($tz); $date_now_value = $date_now->toSql(); } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } $config = JFactory::getConfig(); $user = JFactory::getUser(); $date_allowtime = $field->parameters->get('date_allowtime', 1); $use_editor_tz = $field->parameters->get('use_editor_tz', 0); $use_editor_tz = $date_allowtime ? $use_editor_tz : 0; // Timezone IS disabled, if time usage is disabled if ($use_editor_tz == 0) { // Raw date input, ignore timezone, NOTE: this is OLD BEHAVIOUR of this field $timezone = 'UTC'; } else { // For logged users the date values are in user's time zone, (unlogged users will submit in site default timezone) $timezone = $user->getParam('timezone', $config->get('offset')); // this is numeric offset in J1.5 and timezone STRING in J2.5 } // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { if ($date_source == 3) { if (!strlen($v)) { // New timestamp $newpost[$new++] = $date_now_value; } else { // Existing timestamps $v = (int) $v; $newpost[$new++] = isset($item->fieldvalues[$field->id][$v]) ? $item->fieldvalues[$field->id][$v] : $date_now_value; } continue; } // Do server-side validation and skip empty values $post[$n] = flexicontent_html::dataFilter($post[$n], 200, 'STRING', 0); // Skip empty value, but if in group increment the value position if (!strlen($post[$n])) { if ($use_ingroup) { $newpost[$new++] = null; } continue; } // Check if dates are allowed to have time part @(list($date, $time) = preg_split('#\\s+#', $post[$n], $limit = 2)); $time = $date_allowtime == 2 && !$time ? '00:00' : $time; if (!$date_allowtime) { // Time part not allowed $post[$n] = $date; } else { if ($time) { // Time part exists $post[$n] = $date . ' ' . $time; } } if (!$use_editor_tz || !$time) { // Dates have no timezone information, because either : // (a) ignoring timezone OR (b) no time given $newpost[$new] = $post[$n]; } else { // Dates are in user's timezone, convert to UTC+0 $date = new JDate($post[$n], $timezone); $newpost[$new] = $date->toSql(); } $new++; } $post = $newpost; /*if ($use_ingroup) { $app = JFactory::getApplication(); $app->enqueueMessage( print_r($post, true), 'warning'); }*/ }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } $config = JFactory::getConfig(); $user = JFactory::getUser(); $date_allowtime = $field->parameters->get('date_allowtime', 1); $use_editor_tz = $field->parameters->get('use_editor_tz', 0); $use_editor_tz = $date_allowtime ? $use_editor_tz : 0; if ($use_editor_tz == 0) { // Raw date input, ignore timezone, NOTE: this is OLD BEHAVIOUR of this field $timezone = 'UTC'; } else { // For logged users the date values are in user's time zone, (unlogged users will submit in site default timezone) $timezone = $user->getParam('timezone', $config->get('offset')); // this is numeric offset in J1.5 and timezone STRING in J2.5 } // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // Do server-side validation and skip empty values $post[$n] = flexicontent_html::dataFilter($post[$n], 200, 'STRING', 0); if (!strlen($post[$n]) && !$use_ingroup) { continue; } // skip empty values // Check if dates are allowed to have time part @(list($date, $time) = preg_split('#\\s+#', $post[$n], $limit = 2)); $time = $date_allowtime == 2 && !$time ? '00:00' : $time; if (!$date_allowtime) { // Time part not allowed $post[$n] = $date; } else { if ($time) { // Time part exists $post[$n] = $date . ' ' . $time; } } if (!$use_editor_tz || !$time) { // Dates have no timezone information, because either : // (a) ignoring timezone OR (b) no time given $newpost[$new] = $post[$n]; } else { // Dates are in user's timezone, convert to UTC+0 $date = new JDate($post[$n], $timezone); $newpost[$new] = $date->toSql(); } $new++; } $post = $newpost; /*if ($use_ingroup) { $app = JFactory::getApplication(); $app->enqueueMessage( print_r($post, true), 'warning'); }*/ }
function storereviewform() { $content_id = JRequest::getInt('content_id', ''); $review_type = JRequest::getCmd('review_type', 'item'); $user = JFactory::getUser(); $db = JFactory::getDBO(); // Validate email $email = $user->id ? $user->email : flexicontent_html::dataFilter(JRequest::getVar('email'), $maxlength = 255, 'EMAIL', 0); // Clean bad text/html JRequest::setVar('email', $email); // ****************************** // Get voting field configuration // ****************************** if (!$content_id) { $error = "Content_id is zero"; } else { if (!$email) { $error = "Email is invalid or empty"; } else { if ($review_type != 'item') { $error = "review_type <> item is not yet supported"; } else { // Check content item exists $item = JTable::getInstance($type = 'flexicontent_items', $prefix = '', $config = array()); if (!$item->load($content_id)) { $error = 'ID: ' . $pk . ': ' . $table->getError(); } else { $db->setQuery('SELECT * FROM #__flexicontent_fields WHERE field_type="voting"'); $field = $db->loadObject(); FlexicontentFields::loadFieldConfig($field, $item); // This will also load type configuration $allow_reviews = (int) $field->parameters->get('allow_reviews', 1); if (!$allow_reviews) { $error = "Reviews are disabled"; } } } } } if (!empty($error)) { $result = new stdClass(); $error = ' <div class="fc-mssg fc-warning fc-nobgimage"> <button type="button" class="close" data-dismiss="alert">×</button> ' . $error . ' </div>'; $result->html = $error; echo json_encode($result); jexit(); } // Load review of a logged user $review = false; if ($user->id) { $query = "SELECT * " . " FROM #__flexicontent_reviews_ratings AS r" . " WHERE r.content_id=" . $content_id . " AND r.type=" . $db->Quote($review_type) . " AND r.user_id=" . $user->id; $db->setQuery($query); $review = $db->loadObject(); } $result = new stdClass(); $result->html = '<pre>' . print_r($_REQUEST, true) . '</pre>'; echo json_encode($result); jexit(); }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } $is_importcsv = JRequest::getVar('task') == 'importcsv'; // Currently post is an array of properties, TODO: make field multi-value if (empty($post)) { $post = array(); } else { if (!isset($post[0])) { $post = array($post); } } $display_edit_size_form = $field->parameters->get('display_edit_size_form', 1); // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // support for basic CSV import / export if ($is_importcsv && !is_array($v)) { if (@unserialize($v) !== false || $v === 'b:0;') { // support for exported serialized data) $v = unserialize($v); } else { $v = array('url' => $v); } } // ************************************************************** // Validate data, skipping values that are empty after validation // ************************************************************** $url = flexicontent_html::dataFilter($v['url'], 4000, 'URL', 0); // Clean bad text/html // Skip empty value, but if in group increment the value position if (empty($url)) { if ($use_ingroup) { $newpost[$new++] = null; } continue; } $newpost[$new] = array(); $newpost[$new]['url'] = $url; // Validate other value properties $newpost[$new]['api_type'] = flexicontent_html::dataFilter(@$v['api_type'], 0, 'STRING', 100); $newpost[$new]['media_id'] = flexicontent_html::dataFilter(@$v['media_id'], 0, 'STRING', 1000); $newpost[$new]['embed_url'] = flexicontent_html::dataFilter(@$v['embed_url'], 0, 'STRING', 1000); // 'URL' strips needed characters ? $newpost[$new]['thumb'] = flexicontent_html::dataFilter(@$v['thumb'], 0, 'STRING', 1000); // 'URL' strips needed characters ? $newpost[$new]['title'] = flexicontent_html::dataFilter(@$v['title'], 0, 'STRING', 1000); $newpost[$new]['author'] = flexicontent_html::dataFilter(@$v['author'], 0, 'STRING', 1000); $newpost[$new]['duration'] = flexicontent_html::dataFilter(@$v['duration'], 0, 'INT', 20); $newpost[$new]['description'] = flexicontent_html::dataFilter(@$v['description'], 0, 'STRING', 10000); $newpost[$new]['height'] = $display_edit_size_form == 1 ? flexicontent_html::dataFilter(@$v['height'], 0, 'INT', 0) : ''; $newpost[$new]['width'] = $display_edit_size_form == 1 ? flexicontent_html::dataFilter(@$v['width'], 0, 'INT', 0) : ''; $new++; } $post = $newpost; // Serialize multi-property data before storing them into the DB, // null indicates to increment valueorder without adding a value foreach ($post as $i => $v) { if ($v !== null) { $post[$i] = serialize($v); } } }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } $is_importcsv = JRequest::getVar('task') == 'importcsv'; // Currently post is an array of properties, TODO: make field multi-value if (empty($post)) { $post = array(); } else { if (!isset($post[0])) { $post = array($post); } } // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // support for basic CSV import / export if ($is_importcsv && !is_array($post[$n])) { if (@unserialize($post[$n]) !== false || $post[$n] === 'b:0;') { // support for exported serialized data) $post[$n] = unserialize($post[$n]); } else { $post[$n] = array('url' => $post[$n]); } } // *********************************************************** // Validate URL, skipping URLs that are empty after validation // *********************************************************** $url = flexicontent_html::dataFilter($post[$n]['url'], 0, 'URL', 0); // Clean bad text/html if (empty($url) && !$use_ingroup) { continue; } // Skip empty values if not in field group $newpost[$new] = array(); $newpost[$new]['url'] = $url; // Validate other value properties $newpost[$new]['videotype'] = flexicontent_html::dataFilter(@$post[$n]['videotype'], 0, 'STRING', 0); $newpost[$new]['videoid'] = flexicontent_html::dataFilter(@$post[$n]['videoid'], 0, 'STRING', 0); $newpost[$new]['title'] = flexicontent_html::dataFilter(@$post[$n]['title'], 0, 'STRING', 0); $newpost[$new]['author'] = flexicontent_html::dataFilter(@$post[$n]['author'], 0, 'STRING', 0); $newpost[$new]['duration'] = flexicontent_html::dataFilter(@$post[$n]['duration'], 0, 'INT', 0); $newpost[$new]['description'] = flexicontent_html::dataFilter(@$post[$n]['description'], 0, 'STRING', 0); $new++; } $post = $newpost; // Serialize multi-property data before storing them into the DB foreach ($post as $i => $v) { $post[$i] = serialize($v); } }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } // Check if item is an existing item, being modified, if so then nothing to do $isnew = $item->_isnew; if (!$isnew) { return; } // Check if user is logged, if so then nothing to do $user = JFactory::getUser(); if ($user->id) { $post = array(); return; } // Check if not inside form $jinput = JFactory::getApplication()->input; if ($jinput->get('layout', false) != "form" && $jinput->get('task') != 'add' && $jinput->get('task') != 'edit') { return; } // Server side validation $maxlength = (int) $field->parameters->get('maxlength', 0); // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; if (!isset($post[0])) { JError::raiseWarning(0, 'empty FORM data for field: Account via submit'); return false; } // ************************************************************** // Validate data, skipping values that are empty after validation // ************************************************************** $email = flexicontent_html::dataFilter($post[0]['addr'], $maxlength, 'EMAIL', 0); // Clean bad text/html // Cancel item creation, if email is invalid if (!$email || !JMailHelper::isEmailAddress($email)) { $error = JText::sprintf('FLEXI_ACCOUNT_V_SUBMIT_INVALID_EMAIL', $post[0]['addr']) . ' ' . JText::_('FLEXI_ACCOUNT_V_SUBMIT_PROVIDE_VALID_EMAIL'); JError::raiseWarning(0, $error); return false; } $full = flexicontent_html::dataFilter(@$post[0]['full'], 0, 'STRING', 0); $first = flexicontent_html::dataFilter(@$post[0]['first'], 0, 'STRING', 0); $last = flexicontent_html::dataFilter(@$post[0]['last'], 0, 'STRING', 0); $password = JUserHelper::genRandomPassword(8); $gender = flexicontent_html::dataFilter(@$post[0]['gender'], 0, 'STRING', 0); if (!$gender || !in_array($gender, array('M', 'F'))) { $gender = 'M'; } $name = trim($full ? $full : $first . ' ' . $last); $name = $name ? $name : $email; // Make sure field is initialized $this->initialize($field); // Check email already used $db = JFactory::getDBO(); $db->setQuery("SELECT id FROM #__users WHERE email='{$email}'"); $existingUserID = $db->loadResult(); // HANDLE existing user if ($existingUserID) { // Fail if auto-using existing email not enabled if ($field->parameters->get('handle_existing_email', 0) == 0) { $notice = JText::sprintf('FLEXI_ACCOUNT_V_SUBMIT_EMAIL_EXISTS', $email); JError::raiseWarning(0, $notice); return false; } // Account with given email exists, set as item's author $item->created_by = $existingUserID; } else { if ($field->parameters->get('create_accounts', 0)) { $username = $email; // EMAIL used as username $newUserID = $this->registerUser($name, $username, $email, $password, $gender, $field); if ($newUserID === false) { // Cancel item creation, if email creation returns false $notice = JText::_('FLEXI_ACCOUNT_V_SUBMIT_ACCOUNT_CREATION_FAILED'); JError::raiseWarning(0, $notice); return false; } // Account with given email created, set as item's author $item->created_by = $newUserID; } else { // item will have the 'default' owner ... } } // CREATE EDIT COUPON $create_coupons = $field->parameters->get('create_coupons', 0); if ($create_coupons) { $token = uniqid(); $query = 'INSERT #__flexicontent_edit_coupons ' . 'SET timestamp = ' . time() . ', email = ' . $db->Quote($email) . ', token = ' . $db->Quote($token) . ', id = ' . $item->id; $db->setQuery($query); $db->execute(); $res = $this->sendEditCoupon($item, $field, $email, $token); if (!$res) { // Delete edit coupon and cancel item creation if email coupon sending failed ?? $query = 'DELETE FROM #__flexicontent_edit_coupons WHERE id = ' . $item->id; $db->setQuery($query); $db->execute(); return false; } } }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } $is_importcsv = JRequest::getVar('task') == 'importcsv'; $host = JURI::getInstance('SERVER')->gethost(); // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // support for basic CSV import / export if ($is_importcsv && !is_array($post[$n])) { if (@unserialize($post[$n]) !== false || $post[$n] === 'b:0;') { // support for exported serialized data) $post[$n] = unserialize($post[$n]); } else { $post[$n] = array('link' => $post[$n], 'title' => '', 'id' => '', 'class' => '', 'linktext' => '', 'hits' => 0); } } // *********************************************************** // Validate URL, skipping URLs that are empty after validation // *********************************************************** $link = flexicontent_html::dataFilter($post[$n]['link'], 0, 'URL', 0); // Clean bad text/html if (empty($link) && !$use_ingroup) { continue; } // Skip empty values if not in field group // Sanitize the URL as absolute or relative // Has protocol nothing to do if (parse_url($link, PHP_URL_SCHEME)) { $prefix = ''; } else { if (strpos($link, $host) === 0) { $prefix = 'http://'; } else { if (substr($link, 0, 10) == '/index.php') { $link = substr($link, 1); } $prefix = substr($link, 0, 9) == 'index.php' ? JURI::root() : 'http://'; } } $newpost[$new] = array(); $newpost[$new]['link'] = empty($link) ? '' : $prefix . $link; // Validate other value properties $newpost[$new]['title'] = flexicontent_html::dataFilter(@$post[$n]['title'], 0, 'STRING', 0); $newpost[$new]['hits'] = (int) @$post[$n]['hits']; $new++; } $post = $newpost; // Serialize multi-property data before storing them into the DB foreach ($post as $i => $v) { $post[$i] = serialize($v); } /*if ($use_ingroup) { $app = JFactory::getApplication(); $app->enqueueMessage( print_r($post, true), 'warning'); }*/ }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } // Check if field has posted data if (empty($post) || !is_array($post)) { return; } // Make sure posted data is an array $v = reset($post); $post = !is_array($v) ? array($post) : $post; // Enforce configuration so that user does not manipulate form to add disabled data $use_addr2 = $field->parameters->get('use_addr2', 1); $use_addr3 = $field->parameters->get('use_addr3', 1); $use_usstate = $field->parameters->get('use_usstate', 1); $use_province = $field->parameters->get('use_province', 1); $use_country = $field->parameters->get('use_country', 1); $use_zip_suffix = $field->parameters->get('use_zip_suffix', 1); $single_country = $field->parameters->get('single_country', ''); $new = 0; $newpost = array(); foreach ($post as $n => $v) { if (empty($v)) { continue; } // validate data or empty/set default values $newpost[$new] = array(); $v['country'] = !$use_country ? $single_country : @$v['country']; // Force single country $newpost[$new]['autocomplete'] = flexicontent_html::dataFilter($v['autocomplete'], 4000, 'STRING', 0); $newpost[$new]['addr_display'] = flexicontent_html::dataFilter($v['addr_display'], 4000, 'STRING', 0); $newpost[$new]['addr_formatted'] = flexicontent_html::dataFilter($v['addr_formatted'], 4000, 'STRING', 0); $newpost[$new]['addr1'] = flexicontent_html::dataFilter($v['addr1'], 4000, 'STRING', 0); $newpost[$new]['city'] = flexicontent_html::dataFilter($v['city'], 4000, 'STRING', 0); $newpost[$new]['zip'] = flexicontent_html::dataFilter($v['zip'], 10, 'STRING', 0); $newpost[$new]['lat'] = flexicontent_html::dataFilter(str_replace(',', '.', $v['lat']), 100, 'DOUBLE', 0); $newpost[$new]['lon'] = flexicontent_html::dataFilter(str_replace(',', '.', $v['lon']), 100, 'DOUBLE', 0); $newpost[$new]['url'] = flexicontent_html::dataFilter($v['url'], 4000, 'URL', 0); $newpost[$new]['zoom'] = flexicontent_html::dataFilter($v['zoom'], 2, 'INTEGER', 0); $newpost[$new]['addr2'] = !$use_addr2 || !isset($v['addr2']) ? '' : flexicontent_html::dataFilter($v['addr2'], 4000, 'STRING', 0); $newpost[$new]['addr3'] = !$use_addr3 || !isset($v['addr3']) ? '' : flexicontent_html::dataFilter($v['addr3'], 4000, 'STRING', 0); $newpost[$new]['state'] = !$use_usstate || !isset($v['state']) ? '' : flexicontent_html::dataFilter($v['state'], 200, 'STRING', 0); $newpost[$new]['country'] = !$use_country || !isset($v['country']) ? '' : flexicontent_html::dataFilter($v['country'], 2, 'STRING', 0); $newpost[$new]['province'] = !$use_province || !isset($v['province']) ? '' : flexicontent_html::dataFilter($v['province'], 200, 'STRING', 0); $newpost[$new]['zip_suffix'] = !$use_zip_suffix || !isset($v['zip_suffix']) ? '' : flexicontent_html::dataFilter($v['zip_suffix'], 10, 'STRING', 0); $new++; } $post = $newpost; // Serialize multi-property data before storing them into the DB foreach ($post as $i => $v) { $post[$i] = serialize($v); } }
function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } // Server side validation $validation = $field->parameters->get('validation', 'HTML'); $maxlength = (int) $field->parameters->get('maxlength', 0); // Make sure posted data is an array $post = !is_array($post) ? array($post) : $post; // Reformat the posted data $newpost = array(); $new = 0; foreach ($post as $n => $v) { // Do server-side validation and skip empty values $post[$n] = flexicontent_html::dataFilter($post[$n], $maxlength, $validation, 0); if (!strlen($post[$n]) && !$use_ingroup) { continue; } // skip empty values $newpost[$new] = $post[$n]; $new++; } $post = $newpost; /*if ($use_ingroup) { $app = JFactory::getApplication(); $app->enqueueMessage( print_r($post, true), 'warning'); }*/ }