function _save($params) { $this->action = 'index'; $isNew = Sanitize::getInt($this->data['FieldOption'], 'optionid') ? false : true; $text = Sanitize::getString($this->data['FieldOption'], 'text'); $value = Sanitize::stripAll($this->data['FieldOption'], 'value'); $field_id = Sanitize::getInt($this->data['FieldOption'], 'fieldid'); $location = Sanitize::getString($this->data, 'location', 'content'); $limit = $this->limit; $limitstart = $this->offset; $total = 0; // Begin validation $validation_ids = array(); $text == '' and $validation_ids[] = "option_text"; $value == '' and $validation_ids[] = "option_value"; if (!empty($validation_ids)) { return json_encode(compact('validation_ids')); } // Begin save $result = $this->FieldOption->save($this->data); if ($result != 'success') { $msg = "An option with this value already exists for this field."; return $this->ajaxError($msg); } // Begin update display $option_id = $this->data['FieldOption']['optionid']; $field_id = $this->data['FieldOption']['fieldid']; $rows = $this->FieldOption->getList($field_id, $limitstart, $limit, $total); $this->_db->setQuery("\n SELECT \n fieldid,type,name,title,groupid,location \n FROM \n #__jreviews_fields \n WHERE \n fieldid = " . $field_id); $field = current($this->_db->loadAssocList()); // Reloads the whole list to display the new/updated record $page = Sanitize::stripWhitespace($this->listViewTable($rows, $total, $field)); $action = 'success'; return json_encode(compact('action', 'page', 'option_id')); }
function _addOption() { $this->autoRender = false; $this->autoLayout = false; $response = array(); $option = $this->data['FieldOption']['text'] = Sanitize::getString($this->data, 'text'); $value = $this->data['FieldOption']['value'] = Sanitize::stripAll($this->data, 'text'); $fieldid = $this->data['FieldOption']['fieldid'] = Sanitize::getInt($this->data, 'field_id'); $fieldName = Sanitize::getString($this->data, 'name'); // Begin validation if ($value == '') { $validation = __t("The field is empty.", true); $response[] = "jQuery('#jr_fieldOption{$fieldid}').siblings('.jr_loadingSmall').after('<span class=\"jr_validation\"> " . $validation . "</span>');"; return $this->ajaxResponse($response); } // Save $result = $this->FieldOption->save($this->data); switch ($result) { case 'success': // Begin update display $option = $this->data['FieldOption']['text']; $value = $this->data['FieldOption']['value']; $response = "\n jQuery('#{$fieldName}').addOption('{$value}','" . addslashes($option) . "');\n jQuery('#jr_fieldOption{$fieldid}').val(''); \n jQuery('#submitButton{$fieldid}').removeAttr('disabled');\n "; return $this->ajaxResponse($response); case 'duplicate': $validation = sprintf(__t("%s already exists", true), $value); break; case 'db_error': $validation = s2Messages::submitErrorGeneric(); break; } $response[] = "jQuery('#{$fieldName}').selectOptions('" . addslashes($option) . "');"; $response[] = "jQuery('#jr_fieldOption{$fieldid}').siblings('.jr_loadingSmall').after('<span class=\"jr_validation\"> " . $validation . "</span>');"; return $this->ajaxResponse($response); }
public function tmp1() { $this->modelClass = null; if ($this->request->data) { $result = Sanitize::stripAll($this->request->data['text1']); } else { $result = "no data."; } $this->set("result", $result); }
public function search() { if ($this->request->is('post')) { $date = Sanitize::stripAll($this->request->data["SanmaData"]['date']); $company = Sanitize::stripAll($this->request->data['SanmaData']['company']); $person_c = Sanitize::stripAll($this->request->data['SanmaData']['person_c']); $contact = Sanitize::stripAll($this->request->data['SanmaData']['contact']); $person_m = Sanitize::stripAll($this->request->data['SanmaData']['person_m']); $this->redirect("./table/" . $company . "/" . $person_c . "/" . $contact . "/" . $person_m); } else { $result = "no data."; } $this->set("result", $result); }
public function index() { $details = false; $mstr = @$this->request->query['mstr']; $mid = @$this->request->query['mid']; $kod = @$this->request->query['kod']; $this->set('mstr', $mstr); $this->set('mid', $mid); $this->set('kod', $kod); if ($kod) { $code = $this->Dataobject->find('all', array('conditions' => array('dataset' => 'kody_pocztowe', 'kody_pocztowe.kod' => $kod))); if ($code && $code[0]) { return $this->redirect('/dane/kody_pocztowe/' . $code[0]->getId()); } else { $this->Session->setFlash('Podany kod pocztowy nie zostały odnaleziony'); } } elseif ($mid) { $details = true; $miejscowosc = $this->API->Dane()->getObject('miejscowosci', $mid); $this->set('miejscowosc', $miejscowosc->getData()); $ustr = @$this->request->query['ustr']; $this->set('ustr', $ustr); if ($miejscowosc) { $this->addStatusbarCrumb(array('text' => $miejscowosc->getData('nazwa'))); $adresy = $this->API->searchAddresses($miejscowosc->getId(), $ustr); $this->set('adresy', $adresy); } } elseif ($mstr) { $details = true; $this->paginate = array('conditions' => array('dataset' => 'miejscowosci', 'q' => Sanitize::stripAll($mstr)), 'paramType' => 'querystring'); $miejscowosci = $this->Paginator->paginate('Dataobject'); $pagination = $this->Dataobject->pagination; $total = $this->Dataobject->total; if (!$total) { $this->Session->setFlash('Podana miejscowość nie została odnaleziona'); } elseif ($total === 1 && ($mid = $miejscowosci[0]['Dataobject']->object_id)) { $this->redirect('/kody_pocztowe?mstr=' . $mstr . '&mid=' . $mid); } else { $this->set('miejscowosci', $miejscowosci); } $this->set(compact('pagination', 'total')); } $this->set('details', $details); $application = $this->getApplication(); $this->set('title_for_layout', $application['name']); }
/** * testStripAll method * * @return void */ public function testStripAll() { $string = '<img """><script>alert("xss")</script>"/>'; $expected = '"/>'; $result = Sanitize::stripAll($string); $this->assertEquals($expected, $result); $string = '<IMG SRC=javascript:alert('XSS')>'; $expected = ''; $result = Sanitize::stripAll($string); $this->assertEquals($expected, $result); $string = '<<script>alert("XSS");//<</script>'; $expected = '<'; $result = Sanitize::stripAll($string); $this->assertEquals($expected, $result); $string = '<img src="http://google.com/images/logo.gif" onload="window.location=\'http://sam.com/\'" />' . "\n" . "<p>This is ok \t\n text</p>\n" . '<link rel="stylesheet" href="/css/master.css" type="text/css" media="screen" title="my sheet" charset="utf-8">' . "\n" . '<script src="xss.js" type="text/javascript" charset="utf-8"></script>'; $expected = '<p>This is ok text</p>'; $result = Sanitize::stripAll($string); $this->assertEquals($expected, $result); }
/** * [ADMIN] 検索インデックス登録 * * TODO 2013/8/8 ryuring * この機能は、URLより、baserCMSで管理されたコンテンツのタイトルとコンテンツ本体を取得し、検索インデックスに登録する為の機能だったが、 * CakePHP2より、Viewの扱いが変更となった(ClassRegistryで管理されなくなった)為、requestAction 時のタイトルを取得できなくなった。 * よって機能自体を一旦廃止する事とする。 * 実装の際は、自動取得ではなく、手動で、タイトルとコンテンツ本体等を取得する仕様に変更する。 * * @return void * @access public */ public function admin_add() { $this->pageTitle = '検索インデックス登録'; if ($this->request->data) { $url = $this->request->data['Content']['url']; $url = str_replace(FULL_BASE_URL . $this->request->base, '', $url); if (!$this->Content->find('count', array('conditions' => array('Content.url' => $url)))) { // ルーティングのデフォルト設定を再読み込み(requestActionでルーティング設定がダブって登録されてしまう為) Router::reload(); // URLのデータを取得 try { $content = $this->requestAction($url, array('return' => 1)); } catch (Exception $e) { $content = $e; } Router::reload(); // 元の設定を復元 Router::setRequestInfo($this->request); if (!is_a($content, 'Exception')) { $content = preg_replace('/<!-- BaserPageTagBegin -->.*?<!-- BaserPageTagEnd -->/is', '', $content); } elseif (preg_match('/\\.html/', $url)) { App::uses('HttpSocket', 'Network/Http'); $socket = new HttpSocket(); // ※ Router::url() では、スマートURLオフの場合、/app/webroot/ 内のURLが正常に取得できない $HttpSocketResponse = $socket->get(siteUrl() . preg_replace('/^\\//', '', $url)); $code = $HttpSocketResponse->code; if ($code != 200) { unset($content); } else { if (preg_match('/<body>(.*?)<\\/body>/is', $HttpSocketResponse->body, $matches)) { $content = $matches[1]; } else { $content = ''; } } } else { unset($content); } if (isset($content)) { $content = Sanitize::stripAll($content); $content = strip_tags($content); $data = array('Content' => array('title' => $this->request->data['Content']['title'], 'detail' => $content, 'url' => $url, 'type' => 'その他', 'status' => true, 'priority' => 0.5)); $this->Content->create($data); if ($this->Content->save()) { $this->setMessage('検索インデックスに ' . $url . ' を追加しました。'); $this->redirect(array('action' => 'index')); } else { $this->setMessage('保存中にエラーが発生しました。', true); } } else { $this->Content->invalidate('url', '入力したURLは存在しないか、検索インデックスに登録できるURLではありません。'); $this->setMessage('保存中にエラーが発生しました。', true); } } else { $this->Content->invalidate('url', '既に登録済のURLです。'); $this->setMessage('入力エラーです。内容を修正してください。', true); } } $this->help = 'contents_add'; }
function onBeforeDisplayContent(&$article, &$params) { if (!class_exists('cmsFramework')) { return; } // Make sure this is a Joomla article page $option = Sanitize::getString($_REQUEST, 'option', ''); $view = Sanitize::getString($_REQUEST, 'view', ''); $layout = Sanitize::getString($_REQUEST, 'layout', ''); $id = Sanitize::getInt($_REQUEST, 'id'); if (!($option == 'com_content' && $view == 'article' && $id)) { return; } /** * Retrieve $listing array from memory */ $_this =& cmsFramework::getInstance(); $Config = Configure::read('JreviewsSystem.Config'); $title = trim(Sanitize::getString($Config, 'type_metatitle')); $keywords = trim(Sanitize::getString($Config, 'type_metakey')); $description = trim(Sanitize::getString($Config, 'type_metadesc')); $listing =& $_this->listing; // Has all the data that's also available in the detail.thtml theme file so you can create any sort of conditionals with it if ($title != '' || $keywords != '' || $description != '') { if (isset($_this->listing) && is_array($_this->listing)) { // Instantiate the CustomFields helper class $CustomFields =& RegisterClass::getInstance('CustomFieldsHelper'); // Get and process all tags $tags = plgContentJreviews::extractTags($title . $keywords . $description); $tags_array = array(); foreach ($tags as $tag) { switch ($tag) { case 'title': $tags_array['{title}'] = Sanitize::stripAll($listing['Listing'], 'title'); break; case 'section': $tags_array['{section}'] = Sanitize::stripAll($listing['Section'], 'title'); break; case 'category': $tags_array['{category}'] = Sanitize::stripAll($listing['Category'], 'title'); break; case 'metakey': $tags_array['{metakey}'] = Sanitize::stripAll($listing['Listing'], 'metakey'); break; case 'metadesc': $tags_array['{metadesc}'] = Sanitize::stripAll($listing['Listing'], 'metadesc'); break; default: if (substr($tag, 0, 3) == 'jr_') { $field = $CustomFields->fieldText($tag, $listing, false, false, ','); $tags_array['{' . $tag . '}'] = !empty($field) ? $field : ''; } break; } } # Process title $title != '' and $title = str_replace(array_keys($tags_array), $tags_array, $title) and cmsFramework::meta('title', $title); # Process description $description != '' and $description = str_replace(array_keys($tags_array), $tags_array, $description) and cmsFramework::meta('description', $description); # Process keywords $keywords != '' and $keywords = str_replace(array_keys($tags_array), $tags_array, $keywords) and cmsFramework::meta('keywords', $keywords); } } elseif (isset($article->parameters) && $article->parameters->get('show_page_title') && $article->parameters->get('num_leading_articles') == '' && $article->parameters->get('filter_type') == '') { $title = $article->parameters->get('page_title'); $title != '' and cmsFramework::meta('title', $title); } if (isset($_this->crumbs) && !empty($_this->crumbs)) { cmsFramework::setPathway($_this->crumbs); } unset($_this); }
/** * [ADMIN] 検索インデックス登録 * * @return void * @access public */ function admin_add() { $this->pageTitle = '検索インデックス コンテンツ登録'; if ($this->data) { $url = $this->data['Content']['url']; $url = str_replace(FULL_BASE_URL . $this->base, '', $url); if (!$this->Content->find('count', array('conditions' => array('Content.url' => $url)))) { // ルーティングのデフォルト設定を再読み込み(requestActionでルーティング設定がダブって登録されてしまう為) Router::reload(); // URLのデータを取得 $content = $this->requestAction($url, array('return' => 1)); $View =& ClassRegistry::getObject('View'); // requestActionでインスタンス化されたViewを削除 // (管理システムではなく公開ページのView情報になっている可能性がある為) ClassRegistry::removeObject('View'); // ルーティングのデフォルト設定を再読み込み(元の設定に復元する為) Router::reload(); // 元の設定を復元 Router::setRequestInfo(array($this->params, array('base' => $this->base, 'webroot' => $this->webroot))); $title = ''; if (!is_a($content, 'ErrorHandler')) { $content = preg_replace('/<!-- BaserPageTagBegin -->.*?<!-- BaserPageTagEnd -->/is', '', $content); $title = $View->pageTitle; } elseif (preg_match('/\\.html/', $url)) { App::import('Core', 'HttpSocket'); $socket = new HttpSocket(); // ※ Router::url() では、スマートURLオフの場合、/app/webroot/ 内のURLが正常に取得できない $content = $socket->get(siteUrl() . $url); $code = $socket->response['status']['code']; if ($code != 200) { unset($content); } else { if (preg_match('/<title>([^<]+)<\\/title>/', $content, $matches)) { $title = $matches[1]; $content = preg_replace('/<title>[^<]+<\\/title>/', '', $content); } } } else { unset($content); } if (isset($content)) { $content = Sanitize::stripAll($content); $content = strip_tags($content); $data = array('Content' => array('title' => $title, 'detail' => $content, 'url' => $url, 'type' => 'その他', 'status' => true, 'priority' => 0.5)); $this->Content->create($data); if ($this->Content->save()) { $this->Session->setFlash('検索インデックスに ' . $url . ' を追加しました。'); $this->redirect('index'); } else { $this->Session->setFlash('保存中にエラーが発生しました。'); } } else { $this->Content->invalidate('url', '入力したURLは存在しないか、検索インデックスに登録できるURLではありません。'); $this->Session->setFlash('保存中にエラーが発生しました。'); } } else { $this->Content->invalidate('url', '既に登録済のURLです。'); $this->Session->setFlash('入力エラーです。内容を修正してください。'); } } }
function _save() { /******************************************************************* * This method is processed inside an iframe * To access any of the DOM elements via jQuery it's necessary to prepend * all jQuery calls with $parentFrame (i.e. $parentFrame.jQuery) ********************************************************************/ $this->autoRender = false; $this->autoLayout = false; $response = array(); $parentFrame = 'window.parent'; $validation = ''; $listing_id = Sanitize::getInt($this->data['Listing'], 'id', 0); $isNew = $this->Listing->isNew = $listing_id == 0 ? true : false; $this->data['email'] = Sanitize::getString($this->data, 'email'); $this->data['name'] = Sanitize::getString($this->data, 'name'); $this->data['categoryid_hidden'] = Sanitize::getInt($this->data['Listing'], 'categoryid_hidden'); $cat_id = Sanitize::getVar($this->data['Listing'], 'catid'); $this->data['Listing']['catid'] = is_array($cat_id) ? (int) array_pop(array_filter($cat_id)) : (int) $cat_id; /*J16*/ $this->data['Listing']['title'] = Sanitize::getString($this->data['Listing'], 'title', ''); $this->data['Listing']['created_by_alias'] = Sanitize::getString($this->data, 'name', ''); if ($this->cmsVersion == CMS_JOOMLA15) { $this->data['sectionid_hidden'] = Sanitize::getInt($this->data['Listing'], 'sectionid_hidden'); $this->data['Listing']['sectionid'] = Sanitize::getInt($this->data['Listing'], 'sectionid'); } else { $this->data['Listing']['language'] = '*'; $this->data['Listing']['access'] = 1; } $category_id = $this->data['Listing']['catid'] ? $this->data['Listing']['catid'] : $this->data['categoryid_hidden']; # Get criteria info $criteria = $this->Criteria->findRow(array('conditions' => array('Criteria.id = (SELECT criteriaid FROM #__jreviews_categories WHERE id = ' . (int) $category_id . ' AND `option` = "com_content") '))); if (!$criteria) { $validation = __t("The category selected is invalid.", true, true); $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');"; $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();"; return $this->makeJS($response); } $this->data['Criteria']['id'] = $criteria['Criteria']['criteria_id']; # Override global configuration isset($criteria['ListingType']) and $this->Config->override($criteria['ListingType']['config']); # Perform access checks if ($isNew && !$this->Access->canAddListing()) { return $this->makeJS("{$parentFrame}.s2Alert('" . __t("You are not allowed to submit listings in this category.", true, true) . "')"); } elseif (!$isNew) { $query = "SELECT created_by FROM #__content WHERE id = " . $listing_id; $this->_db->setQuery($query); $listing_owner = $this->_db->loadResult(); if (!$this->Access->canEditListing($listing_owner)) { return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::accessDenied() . "')"); } } # Load the notifications observer model component and initialize it. # Done here so it only loads on save and not for all controlller actions. $this->components = array('security', 'notifications'); $this->__initComponents(); if ($this->invalidToken == true) { return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::invalidToken() . "')"); } # Override configuration $category = $this->Category->findRow(array('conditions' => array('Category.id = ' . $this->data['Listing']['catid']))); $this->Config->override($category['ListingType']['config']); if ($this->Access->loadWysiwygEditor()) { $this->data['Listing']['introtext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'introtext'))); $this->data['Listing']['fulltext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'fulltext'))); $this->data['Listing']['introtext'] = html_entity_decode($this->data['Listing']['introtext'], ENT_QUOTES, cmsFramework::getCharset()); $this->data['Listing']['fulltext'] = html_entity_decode($this->data['Listing']['fulltext'], ENT_QUOTES, cmsFramework::getCharset()); } else { $this->data['Listing']['introtext'] = Sanitize::stripAll($this->data['Listing'], 'introtext', ''); if (isset($this->data['Listing']['fulltext'])) { $this->data['Listing']['fulltext'] = Sanitize::stripAll($this->data['Listing'], 'fulltext', ''); } else { $this->data['Listing']['fulltext'] = ''; } } $this->data['Listing']['introtext'] = str_replace('<br>', '<br />', $this->data['Listing']['introtext']); $this->data['Listing']['fulltext'] = str_replace('<br>', '<br />', $this->data['Listing']['fulltext']); if ($this->Access->canAddMeta()) { $this->data['Listing']['metadesc'] = Sanitize::getString($this->data['Listing'], 'metadesc'); $this->data['Listing']['metakey'] = Sanitize::getString($this->data['Listing'], 'metakey'); } // Title alias handling $slug = ''; $alias = Sanitize::getString($this->data['Listing'], 'alias'); if ($isNew && $alias == '') { $slug = S2Router::sefUrlEncode($this->data['Listing']['title']); if (trim(str_replace('-', '', $slug)) == '') { $slug = date("Y-m-d-H-i-s"); } } elseif ($alias != '') { // Alias filled in so we convert it to a valid alias $slug = S2Router::sefUrlEncode($alias); if (trim(str_replace('-', '', $slug)) == '') { $slug = date("Y-m-d-H-i-s"); } } $slug != '' and $this->data['Listing']['alias'] = $slug; # Check for duplicates switch ($this->Config->content_title_duplicates) { case 'category': // Checks for duplicates in the same category $query = "\r\n SELECT \r\n count(*) \r\n FROM \r\n #__content AS Listing WHERE Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n AND Listing.state >= 0 \r\n AND Listing.catid = " . $this->data['Listing']['catid'] . (!$isNew ? " AND Listing.id <> " . $listing_id : ''); $this->_db->setQuery($query); $titleExists = $this->_db->loadResult(); break; case 'no': // Checks for duplicates all over the place $query = "\r\n SELECT \r\n count(*) \r\n FROM \r\n #__content AS Listing\r\n WHERE \r\n Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n AND Listing.state >= 0\r\n " . (!$isNew ? " AND Listing.id <> " . $listing_id : ''); $this->_db->setQuery($query); $titleExists = $this->_db->loadResult(); break; case 'yes': // Duplicates are allowed, no checking necessary $titleExists = false; break; } if ($titleExists && $this->data['Listing']['title'] != '') { // if listing exists $validation = '<span>' . __t("A listing with that title already exists.", true, true) . "</span>"; $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');"; $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();"; return $this->makeJS($response); } // Review form display check logic used several times below $revFormSetting = $this->Config->content_show_reviewform; if ($revFormSetting == 'noteditors' && !$this->Config->author_review) { $revFormSetting = 'all'; } $revFormEnabled = !isset($this->data['review_optional']) && $this->Access->canAddReview() && $isNew && ($revFormSetting == 'all' && ($this->Config->author_review || $this->Config->user_reviews) || $revFormSetting == 'authors' && $this->Access->isJreviewsEditor($this->_user->id) || $revFormSetting == 'noteditors' && !$this->Access->isJreviewsEditor($this->_user->id)); // Validation of content default input fields if ($this->cmsVersion == CMS_JOOMLA15) { if (!$this->data['Listing']['catid'] || !$this->data['Listing']['sectionid']) { $this->Listing->validateSetError("sec_cat", __t("You need to select both a section and a category.", true)); } } else { !$this->data['Listing']['catid'] and $this->Listing->validateSetError("sec_cat", __t("You need to select a category.", true)); } // Validate only if it's a new listing if ($isNew) { if (!$this->_user->id) { $this->Listing->validateInput($this->data['name'], "name", "text", __t("You must fill in your name.", true), $this->Config->content_name == "required" ? 1 : 0); $this->Listing->validateInput($this->data['email'], "email", "email", __t("You must fill in a valid email address.", true), $this->Config->content_email == "required" ? 1 : 0); $this->data['name'] = Sanitize::getString($this->data, 'name', ''); $this->data['email'] = Sanitize::getString($this->data, 'email', ''); } else { $this->data['name'] = $this->_user->name; $this->data['email'] = $this->_user->email; } } $this->Listing->validateInput($this->data['Listing']['title'], "title", "text", __t("You must fill in a title for the new listing.", true, true), 1); # Validate listing custom fields $listing_valid_fields =& $this->Field->validate($this->data, 'listing', $this->Access); $this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors); $this->Listing->validateInput($this->data['Listing']['introtext'], "introtext", "text", __t("You must fill in a summary for the new listing.", true, true), $this->Config->content_summary == "required" ? 1 : 0); $this->Listing->validateInput($this->data['Listing']['fulltext'], "fulltext", "text", __t("You must fill in a description for the new listing.", true, true), $this->Config->content_description == "required" ? 1 : 0); # Validate review custom fields if ($revFormEnabled && $criteria['Criteria']['state']) { // Review inputs $this->data['Review']['userid'] = $this->_user->id; $this->data['Review']['email'] = $this->data['email']; $this->data['Review']['name'] = $this->data['name']; $this->data['Review']['username'] = Sanitize::getString($this->data, 'name', ''); $this->data['Review']['title'] = Sanitize::getString($this->data['Review'], 'title'); $this->data['Review']['location'] = Sanitize::getString($this->data['Review'], 'location'); // deprecated $this->data['Review']['comments'] = Sanitize::getString($this->data['Review'], 'comments'); // Review standard fields $this->Listing->validateInput($this->data['Review']['title'], "rev_title", "text", __t("You must fill in a title for the review.", true, true), $this->Config->reviewform_title == 'required' ? true : false); if ($criteria['Criteria']['state'] == 1) { $criteria_qty = $criteria['Criteria']['quantity']; $ratingErr = 0; if (!isset($this->data['Rating'])) { $ratingErr = $criteria_qty; } else { for ($i = 0; $i < $criteria_qty; $i++) { if (!isset($this->data['Rating']['ratings'][$i]) || (empty($this->data['Rating']['ratings'][$i]) || $this->data['Rating']['ratings'][$i] == 'undefined' || (double) $this->data['Rating']['ratings'][$i] > $this->Config->rating_scale)) { $ratingErr++; } } } $this->Listing->validateInput('', "rating", "text", sprintf(__t("You are missing a rating in %s criteria.", true, true), $ratingErr), $ratingErr); } // Review custom fields $this->Field->validateErrors = array(); // Clear any previous validation errors $review_valid_fields = $this->Field->validate($this->data, 'review', $this->Access); $this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors); $this->Listing->validateInput($this->data['Review']['comments'], "comments", "text", __t("You must fill in your comment.", true, true), $this->Config->reviewform_comment == 'required' ? true : false); } // if ($revFormEnabled && $criteria['Criteria']['state']) # Validate image fields $this->Uploads->validateImages(); # Validate Captcha security code if ($isNew && $this->Access->showCaptcha()) { if (!isset($this->data['Captcha']['code'])) { $this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true)); } elseif ($this->data['Captcha']['code'] == '') { $this->Listing->validateInput($this->data['Captcha']['code'], "code", "text", __t("You must fill in the security code.", true), 1); } else { if (!$this->Captcha->checkCode($this->data['Captcha']['code'], $this->ipaddress)) { $this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true)); } } } # Get all validation messages $validation = $this->Listing->validateGetError() . $this->Uploads->getMsg(); # Validation failed if ($validation != '') { $response[] = "var parentForm = {$parentFrame}.jQuery('#jr_listingForm');"; $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "parentForm.find('.button').removeAttr('disabled');"; // Transform textareas into wysiwyg editors if ($this->Access->loadWysiwygEditor()) { App::import('Helper', 'Editor', 'jreviews'); $Editor = new EditorHelper(); $response[] = $parentFrame . '.' . $Editor->transform(true); } // Replace captcha with new instance if ($this->Access->in_groups($this->Config->security_image)) { $captcha = $this->Captcha->displayCode(); $response[] = "{$parentFrame}.jQuery('#captcha').attr('src','{$captcha['src']}');"; $response[] = "{$parentFrame}.jQuery('#jr_captchaCode').val('');"; } $response[] = "parentForm.find('.jr_loadingSmall').hide();"; return $this->makeJS($response); // Can't use ajaxResponse b/c we are in an iframe } # Validation passed, continue... if ($isNew) { $this->data['Listing']['created'] = _CURRENT_SERVER_TIME; //gmdate('Y-m-d H:i:s'); $this->data['Listing']['publish_up'] = _CURRENT_SERVER_TIME; //gmdate('Y-m-d H:i:s'); $this->data['Listing']['created_by'] = $this->_user->id; $this->data['Listing']['publish_down'] = NULL_DATE; $this->data['Field']['Listing']['email'] = $this->data['email']; // If visitor, assign name field to content Alias if (!$this->_user->id) { $this->data['Listing']['created_by_alias'] = $this->data['name']; } // Check moderation settings $this->data['Listing']['state'] = (int) (!$this->Access->moderateListing()); // If listing moderation is enabled, then the review is also moderated if (!$this->data['Listing']['state']) { $this->Config->moderation_reviews = $this->Config->moderation_editor_reviews = $this->Config->moderation_item; } } else { if ($this->Config->moderation_item_edit) { $this->data['Listing']['state'] = (int) (!$this->Access->moderateListing()); } $this->data['Listing']['modified'] = _CURRENT_SERVER_TIME; //gmdate('Y-m-d H:i:s'); $this->data['Listing']['modified_by'] = $this->_user->id; $query = 'SELECT images FROM #__content WHERE id = ' . $this->data['Listing']['id']; $this->_db->setQuery($query); $this->data['Listing']['images'] = $this->_db->loadResult(); // Check total number of images if (!$this->Uploads->checkImageCount($this->data['Listing']['images'])) { $validation .= '<span>' . sprintf(__t("The total number of images is limited to %s", true, true), $this->Config->content_images) . '</span><br />'; $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');"; $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();"; return $this->makeJS($response); } } // Process images and update data array if ($this->Uploads->success) { $imageUploadPath = PATH_ROOT . _JR_PATH_IMAGES . 'jreviews' . DS; $this->Uploads->uploadImages($this->data['Listing']['id'], $imageUploadPath); if ($isNew) { // New item $currImages = $this->Uploads->images; } elseif ($this->data['Listing']['images'] != '') { // Editing and there are existing images $currImages = array_merge(explode("\n", $this->data['Listing']['images']), $this->Uploads->images); } else { // Editing and there are no existing images $currImages = $this->Uploads->images; } $this->data['Listing']['images'] = implode("\n", $currImages); } # Save listing $savedListing = $this->Listing->store($this->data); $listing_id = $this->data['Listing']['id']; if (!$savedListing) { $validation .= __t("The was a problem saving the listing", true, true); } // Error on listing save if ($validation != '') { $response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');"; $response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');"; $response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();"; return $this->makeJS($response); } # Save listing custom fields $this->data['Field']['Listing']['contentid'] = $this->data['Listing']['id']; $this->Field->save($this->data, 'listing', $isNew, $listing_valid_fields); # Begin insert review in table if ($revFormEnabled && $criteria['Criteria']['state']) { // Get reviewer type, for now editor reviews don't work in Everywhere components $this->data['Review']['author'] = (int) $this->Access->isJreviewsEditor($this->_user->id); $this->data['Review']['mode'] = 'com_content'; $this->data['Review']['pid'] = (int) $this->data['Listing']['id']; // Force plugin loading on Review model $this->_initPlugins('Review'); $this->Review->isNew = true; $savedReview = $this->Review->save($this->data, $this->Access, $review_valid_fields); } # Before render callback if ($isNew && isset($this->Listing->plgBeforeRenderListingSaveTrigger)) { $plgBeforeRenderListingSave = $this->Listing->plgBeforeRenderListingSave(); switch ($plgBeforeRenderListingSave) { case '0': $this->data['Listing']['state'] = 1; break; case '1': $this->data['Listing']['state'] = 0; break; case '': break; default: return $plgBeforeRenderListingSave; break; } } # Moderation disabled if (!isset($this->data['Listing']['state']) || $this->data['Listing']['state']) { $fields = array('Criteria.criteria AS `Criteria.criteria`', 'Criteria.tooltips AS `Criteria.tooltips`'); $listing = $this->Listing->findRow(array('fields' => $fields, 'conditions' => array('Listing.id = ' . $listing_id)), array('afterFind')); # Facebook wall integration $fb_checkbox = Sanitize::getBool($this->data, 'fb_publish'); $facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_listings') && $fb_checkbox; $token = cmsFramework::getCustomToken($listing_id); $facebook_integration and $response[] = $parentFrame . '.jQuery.get(' . $parentFrame . '.s2AjaxUri+' . $parentFrame . '.jreviews.ajax_params()+\'&url=facebook/_postListing/id:' . $listing_id . '&' . $token . '=1\'); '; $url = cmsFramework::route($listing['Listing']['url']); $update_text = $isNew ? __t("Thank you for your submission.", true, true) : __t("The listing was successfully saved.", true, true); //JOEYG CODE //THE FOLLOWING GETS THE LISTING TYPE FROM THE DB FOR THE NEWLY SAVED LISTING //IF THE TYPE IS BUSINESS PROFILE OR PROJECT LISTING THEN DISPLAY THE after_submit.thtml file //ELSE DISPLAY NORMAL MESSAGE //IF WE ONLY WANT TO ADD THE after_submit.thtml if the listing is new then add if ($isNew) { $query = "SELECT `listing_type` FROM `jos_vpbd_content_criteria` WHERE `jos_vpbd_content_criteria`.`listing_id` = " . $this->data['Listing']['id']; $this->_db->setQuery($query); $jg_listing_type = $this->_db->loadResult(); if ($jg_listing_type == 2 || $jg_listing_type == 7) { $update_html = $this->render('listings', 'after_submit'); } else { $update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>"; } //ends if/else } else { //not new $update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>"; } //ends if($isNew) //ENDS JOEYG ALTER CODE $jsonObject = json_encode(compact('target_id', 'update_text', 'update_html')); $response[] = ' var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\'); $parentForm.scrollTo({duration:400,offset:-100}); $parentForm.s2ShowUpdate(' . $jsonObject . '); '; return $this->makeJS($response); } # Moderation enabled $update_text = __t("Thank you for your submission. It will be published once it is verified.", true); $update_html = '<div id=\\"s2Msgjr_listingForm\\" class=\\"jr_postUpdate\\">' . $update_text . '</div>'; $response[] = ' var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\'); $parentForm.scrollTo({duration:400,offset:-100},function(){ $parentForm.fadeOut(250,function(){$parentForm.html("' . $update_html . '").show();}); }); '; return $this->makeJS($response); }
/** * Facebook Open Graph implementation * * @param mixed $listing * @param mixed $meta */ function facebookOpenGraph(&$listing, $meta) { // http://developers.facebook.com/docs/opengraph/ $option = Sanitize::getString($_REQUEST, 'option', ''); $view = Sanitize::getString($_REQUEST, 'view', ''); $id = Sanitize::getInt($_REQUEST, 'id'); // Make sure this is a Joomla article page if (!($option == 'com_content' && $view == 'article' && $id)) { return; } $Config = Configure::read('JreviewsSystem.Config'); if (empty($Config)) { $cache_file = 'jreviews_config_' . md5(cmsFramework::getConfig('secret')); $Config = S2Cache::read($cache_file); } $facebook_xfbml = Sanitize::getBool($Config, 'facebook_opengraph') && Sanitize::getBool($Config, 'facebook_appid'); // Make sure FB is enabled and we have an FB App Id if (!$facebook_xfbml) { return; } extract($meta); $title == '' and $title = $listing['Listing']['title']; $description == '' and $description = Sanitize::htmlClean(Sanitize::stripAll($listing['Listing'], 'summary')); $image = isset($listing['Listing']['images'][0]) ? cmsFramework::makeAbsUrl(_DS . _JR_WWW_IMAGES . $listing['Listing']['images'][0]['path']) : null; if (!$image) { $img_src = '/<img[^>]+src[\\s=\'"]+([^"\'>\\s]+(jpg)+)/is'; preg_match($img_src, $listing['Listing']['summary'], $matches); if (isset($matches[1])) { $image = $matches[1]; } } $url = cmsFramework::makeAbsUrl($listing['Listing']['url'], array('sef' => true, 'ampreplace' => true)); $fields = $listing['Field']['pairs']; // You can add other Open Graph meta tags by adding the attribute, custom field pair to the array below $tags = array('title' => $title, 'url' => $url, 'image' => $image, 'site_name' => cmsFramework::getConfig('sitename'), 'description' => $description, 'type' => Sanitize::getString($listing['ListingType']['config'], 'facebook_opengraph_type'), 'latitude' => Sanitize::getString($Config, 'geomaps.latitude'), 'longitude' => Sanitize::getString($Config, 'geomaps.longitude'), 'street-address' => Sanitize::getString($Config, 'geomaps.address1'), 'locality' => Sanitize::getString($Config, 'geomaps.city'), 'region' => Sanitize::getString($Config, 'geomaps.state'), 'postal-code' => Sanitize::getString($Config, 'geomaps.postal_code'), 'country-name' => Sanitize::getString($Config, 'geomaps.country', Sanitize::getString($Config, 'geomaps.default_country'))); cmsFramework::addScript('<meta property="fb:app_id" content="' . Sanitize::getString($Config, 'facebook_appid') . '"/>'); Sanitize::getString($Config, 'facebook_admins') != '' and cmsFramework::addScript('<meta property="fb:admins" content="' . str_replace(' ', '', $Config->facebook_admins) . '"/>'); // cmsFramework::addScript('<meta property="fb:admins" content="YOUR-ADMIN-ID"/>'); // It's app_id or this, not both # Loop through the tags array to add the additional FB meta tags foreach ($tags as $attr => $fname) { $content = ''; if (substr($fname, 0, 3) == 'jr_') { // It's a custom field $content = isset($fields[$fname]) ? htmlspecialchars($fields[$fname]['text'][0], ENT_QUOTES, 'utf-8') : ''; } elseif ($fname != '') { // It's a static text, not a custom field $content = htmlspecialchars($fname); } $content != '' and cmsFramework::addScript('<meta property="og:' . $attr . '" content="' . $content . '"/>'); } }
function processNewFieldOptions($options, $field) { $processedOptions = array(); // Process new field options and modify the $data array $FieldOption = ClassRegistry::getClass('FieldOptionModel'); $click2add = Sanitize::getBool($field['_params'], 'click2add'); !is_array($options) and $options = array($options); foreach ($options as $option) { if ($click2add && strstr($option, '|click2add')) { $data = array(); $option_parts = explode('|', $option); // Build array to pass to the FieldOptions model $data['FieldOption']['fieldid'] = Sanitize::getInt($field, 'fieldid'); $data['FieldOption']['value'] = Sanitize::stripAll($option_parts, 0); $data['FieldOption']['text'] = trim(Sanitize::getString($option_parts, 0)); // If it's a dependent field add the relevant control field data if (count($option_parts) == 4) { $option_parts[3] == 'null' and $option_parts[3] = ''; $controlledBy = $data['FieldOption']['controlledBy'] = array($option_parts[2] => $option_parts[3]); $control_field = key($controlledBy); $control_value = is_array(current($controlledBy)) ? array_values(current($controlledBy)) : array(current($controlledBy)); if ($control_field != '' && $control_value != '**') { $data['FieldOption']['control_field'] = $control_field; $data['FieldOption']['control_value'] = $control_value; } } if (in_array($FieldOption->save($data), array('success', 'duplicate'))) { $processedOptions[] = $data['FieldOption']['value']; } } else { $processedOptions[] = $option; } } return $processedOptions; }