/**
* Constructor
*
* @param string $filename, the filename to use. io::sanitizeAsciiString will be used to clean this filename
* @param string $filepath, the filepath to use (FS relativeà). The path must exists and be writable. Default : PATH_TMP_FS
* @param string $separator, the CSV fields separator (default ;)
* @param string $enclosure, the CSV fields enclosure (default ")
* @return void
*/
function __construct($filename, $filepath = PATH_TMP_FS, $separator = ';', $enclosure = '"')
{
if (is_dir($filepath) && is_writable($filepath)) {
$this->_filepath = $filepath;
} else {
$this->raiseError('File path does not exists or is not writable : ' . $filepath);
return false;
}
$this->_filename = io::sanitizeAsciiString($filename);
$this->_separator = $separator;
$this->_enclosure = $enclosure;
if (!($this->_file = @fopen($this->_filepath . '/' . $this->_filename, 'ab+'))) {
$this->raiseError('Cannot open file ' . ($this->_filepath . '/' . $this->_filename) . ' for writing');
return false;
}
}
/**
* Sets the codename base data.
*
* @param string $data The new base data to set
* @param CMS_profile_user &$user the user who did the edition
* @param boolean $checkForDuplicate : check the codename for website duplication
* @return boolean true on success, false on failure
* @access public
*/
function setCodename($data, &$user, $checkForDuplicate = true)
{
if (!is_a($user, "CMS_profile_user")) {
$this->raiseError("Didn't received a valid user");
return false;
}
if (strtolower(io::sanitizeAsciiString($data)) != $data) {
$this->raiseError("Page codename must be alphanumeric only");
return false;
}
if (strlen($data) > 100) {
$this->raiseError("Page codename must have 100 characters max");
return false;
}
//check if codename already exists
if ($checkForDuplicate && $data) {
$pageId = CMS_tree::getPageByCodename($data, $this->getWebsite(), false, false);
if ($pageId && (!$this->getID() && $pageId || $this->getID() != $pageId)) {
$this->raiseError("Page codename already exists in current website");
return false;
}
}
if (!$this->_checkBaseData(false)) {
return false;
}
$this->_editedBaseData["codename"] = $data;
$this->addEdition(RESOURCE_EDITION_BASEDATA, $user);
return true;
}
/**
* Constructor.
* initializes the linxDisplay.
*
* @param string $innerContent The tag content.
* @return void
* @access public
*/
function __construct($type, $value, $relativeOffset, $crosswebsite = false, $website = '')
{
$authorized_types = array("node", "relative", "codename");
$authorized_string_values = array("self", "brother", "father", "root");
$this->_crosswebsite = $crosswebsite;
if (!SensitiveIO::isInSet($type, $authorized_types)) {
$this->raiseError("Type unknown : " . $type);
return;
}
if ($type == 'node' && !SensitiveIO::isPositiveInteger($value)) {
$this->raiseError("Bad value for 'node' type : " . $value);
return;
}
if ($type == 'relative' && !SensitiveIO::isInSet($value, $authorized_string_values)) {
$this->raiseError("Bad value for 'relative' type : " . $value);
return;
}
if ($type == 'codename' && strtolower(io::sanitizeAsciiString($value)) != $value) {
$this->raiseError("Bad value for 'codename' type : " . $value);
return;
}
if ($type == 'codename' && strtolower(io::sanitizeAsciiString($website)) != $website) {
$this->raiseError("Bad value for 'website' : " . $website);
return;
}
$this->_type = $type;
$this->_value = $value;
$this->_website = $website;
if ($this->_type == 'relative') {
$this->_relativeOffset = $relativeOffset;
}
}
//checks and assignments
$cms_message = "";
if (!$_POST["url"] || $_POST["url"] == "http://" || !$_POST["root"]) {
header("Location: websites.php?cms_message_id=" . MESSAGE_FORM_ERROR_MANDATORY_FIELDS . "&" . session_name() . "=" . session_id());
exit;
} else {
$website->setURL($_POST["url"]);
$website->setAltDomains($_POST["altdomains"]);
if ($website->getID()) {
$page = CMS_tree::getPageByID($_POST["root"]);
$website_root = $website->getRoot();
if ($page->getID() != $website_root->getID()) {
$website->setRoot($page);
}
} else {
if (!$website->setCodename(io::sanitizeAsciiString($_POST["codename"]))) {
$cms_message = $cms_language->getMessage(MESSAGE_PAGE_ERROR_CODENAME);
}
$page = CMS_tree::getPageByID($_POST["root"]);
$website->setRoot($page);
}
//set meta values
$website->setLabel($_POST["label"]);
$website->set404($_POST["page404"]);
$website->set403($_POST["page403"]);
$website->setRedirectAltDomain($_POST["altredir"]);
$website->setMeta('description', $_POST['description']);
$website->setMeta('keywords', $_POST['keywords']);
$website->setMeta('category', $_POST['category']);
$website->setMeta('robots', $_POST['robots']);
$website->setMeta('author', $_POST['author']);
$view->setActionMessage($cms_language->getmessage(MESSAGE_ERROR_MODULE_RIGHTS, array($module->getLabel($cms_language))));
$view->setContent($objectsDatas);
$view->show();
}
//CHECKS objectId
if (!$objectId && !$fieldId) {
CMS_grandFather::raiseError('Missing objectId to list in module ' . $codename);
$view->setContent($objectsDatas);
$view->show();
} elseif (!$objectId && $fieldId) {
$objectId = CMS_poly_object_catalog::getObjectIDForField($fieldId);
}
//load current object definition
$object = CMS_poly_object_catalog::getObjectDefinition($objectId);
//load fields objects for object
$objectFields = CMS_poly_object_catalog::getFieldsDefinition($object->getID());
if ($objectFields[$fieldId]) {
$objectType = $objectFields[$fieldId]->getTypeObject();
if (method_exists($objectType, 'getListOfNamesForObject')) {
$conditions = $query ? array('keywords' => $query) : array();
$objectsNames = $objectType->getListOfNamesForObject(false, $conditions);
$objectsDatas['objects'][] = array('id' => '', 'label' => ' ');
foreach ($objectsNames as $id => $label) {
if (!$query || stripos(io::sanitizeAsciiString(io::decodeEntities($label)), io::sanitizeAsciiString(trim($query))) !== false) {
$objectsDatas['objects'][] = array('id' => $id, 'label' => io::decodeEntities($label));
}
}
}
}
$view->setContent($objectsDatas);
$view->show();
/**
* Clear type cache using metas
*
* @param string $type : the cache type to clear
* @param array $metas : the cache metas to clear
* @param contant $mode : the zend cache constant to clean matching cache
* Zend_Cache::CLEANING_MODE_MATCHING_ANY_TAG (default)
* Zend_Cache::CLEANING_MODE_MATCHING_TAG
* Zend_Cache::CLEANING_MODE_NOT_MATCHING_TAG
* @return boolean
* @access public
* @static
*/
function clearTypeCacheByMetas($type, $metas, $mode = Zend_Cache::CLEANING_MODE_MATCHING_ANY_TAG)
{
$type = io::sanitizeAsciiString($type);
//Convert metas into tags
$tags = CMS_cache::_createTags($metas);
//CMS_grandFather::log('Clear cache '.$type.' for metas '.print_r($tags, true).' ('.io::getCallInfos().')');
$return = true;
//check cache dir
$cachedir = new CMS_file(PATH_CACHE_FS . '/' . $type, CMS_file::FILE_SYSTEM, CMS_file::TYPE_DIRECTORY);
if ($cachedir->exists()) {
//Frontend cache options
$frontendOptions = array('lifetime' => null, 'caching' => true, 'automatic_cleaning_factor' => 10);
//Backend cache options
$backendOptions = array('cache_dir' => PATH_CACHE_FS . '/' . $type, 'cache_file_umask' => octdec(FILES_CHMOD), 'hashed_directory_umask' => octdec(DIRS_CHMOD), 'hashed_directory_level' => 1);
// getting a Zend_Cache_Core object
try {
$cache = Zend_Cache::factory('Core', 'File', $frontendOptions, $backendOptions);
} catch (Zend_Cache_Exception $e) {
CMS_grandFather::raiseError($e->getMessage());
}
if ($cache) {
try {
$return = $cache->clean($mode, $tags);
} catch (Zend_Cache_Exception $e) {
CMS_grandFather::raiseError($e->getMessage());
$return = false;
}
} else {
$return = false;
}
}
return $return;
}
/**
* get sanitized application codename
*
* @return string the sanitized codename
* @access public
*/
function getAppCode()
{
return io::sanitizeAsciiString(APPLICATION_LABEL);
}
/**
* Get autologin cookie name
*
* @return string : the autologin cookie name
* @access public
* @static
*/
public static function getAutoLoginCookieName()
{
$input = APPLICATION_LABEL . "_autologin";
$sanitized = io::sanitizeAsciiString($input, '', '_-');
return $sanitized;
}
/**
* Set the value of an attribute.
*
* @param string $attribute The attribute we want (its the key of the associative array)
* @return boolean
* @access public
*/
function setAttribute($attribute, $value)
{
if (io::sanitizeAsciiString($attribute, '', '') != $attribute) {
$this->raiseError('Tag attribute must be ascii only : ' . $attribute);
return false;
}
$this->_attributes[$attribute] = $value;
$this->_textContentInvalid = true;
return true;
}
/**
* Gets the pages directory. It's derived from the label
*
* @param string $relativeTo Can be PATH_RELATIVETO_WEBROOT for relative to website root, or PATH_RELATIVETO_FILESYSTEM for relative to filesystem root
* @return string The pages directory.
* @access public
*/
function getPagesPath($relativeTo)
{
if ($this->_codename) {
if (SensitiveIO::isInSet($relativeTo, array(PATH_RELATIVETO_WEBROOT, PATH_RELATIVETO_FILESYSTEM))) {
$relative = $relativeTo == PATH_RELATIVETO_WEBROOT ? PATH_PAGES_WR : PATH_PAGES_FS;
if ($this->_isMain) {
if (!is_dir(PATH_PAGES_FS)) {
if (!CMS_file::makeDir(PATH_PAGES_FS)) {
$this->raiseError('Can\'t create pages dir : ' . PATH_PAGES_FS);
}
}
return $relative;
} else {
if (!is_dir(PATH_PAGES_FS . "/" . io::sanitizeAsciiString($this->_codename))) {
if (!CMS_file::makeDir(PATH_PAGES_FS . "/" . io::sanitizeAsciiString($this->_codename))) {
$this->raiseError('Can\'t create pages dir : ' . PATH_PAGES_FS . '/' . io::sanitizeAsciiString($this->_codename));
}
}
return $relative . '/' . io::sanitizeAsciiString($this->_codename);
}
} else {
$this->raiseError("Can't give pages path relative to anything other than WR or FS");
return false;
}
} else {
return false;
}
}
/**
* return the lat and long of a point by is adress
* @param object $language cms_language object
* @param string $address
* @param string sCcTld country top level domain to wich restrain the geocoding
* @return array of coordonate
* @access protected
*/
public static function getCoordinates(&$language, $address = '', $sCcTld = false)
{
$lat = $long = '';
//for the moment the adress is mandatory but we'll set it optionnal in the future
if (!$address) {
CMS_grandFather::raiseError('Address is required for geocoding');
return false;
}
$sGoogleApiUrl = sprintf('http://maps.google.com/maps/api/geocode/json?address=%s&sensor=false&language=%s', urlencode(io::sanitizeAsciiString($address, ' ')), $language->getCode());
if ($sCcTld) {
$sGoogleApiUrl .= '®ion=' . $sCcTld;
}
//creating a call context to limit call duration
$oContext = stream_context_create(array('http' => array('method' => 'GET', 'timeout' => 4)));
$sTmpData = file_get_contents($sGoogleApiUrl, false, $oContext);
if ($sTmpData === false) {
//error trying reading the file
CMS_grandFather::raiseError('Unable to read distant file at address ' . $sGoogleApiUrl);
} else {
//if we can decode the answer
if ($oAnswer = json_decode($sTmpData)) {
if ($oAnswer->status != 'OK') {
CMS_grandFather::raiseError('Error while requesting google maps api ' . $sGoogleApiUrl);
}
//we use the first result
$oPoint = array_shift($oAnswer->results);
unset($oAnswer);
$lat = isset($oPoint->geometry->location->lat) ? $oPoint->geometry->location->lat : '';
$long = isset($oPoint->geometry->location->lng) ? $oPoint->geometry->location->lng : '';
}
}
return array('lat' => $lat, 'long' => $long);
}
/**
* Returns a queried CMS_page value identified by it's codename and a reference page to identify the requested website
* Static function.
*
* @param string $codename The codename of the wanted CMS_page
* @param integer $id The DB ID of the reference CMS_page. This id is used to get the website of reference
* @param string $type The value type to get
* @return CMS_page or false on failure to find it
* @access public
*/
static function getPageCodenameValue($codename, $referencePageId, $type)
{
static $pagesInfos;
if (!SensitiveIO::isPositiveInteger($referencePageId)) {
CMS_grandFather::raiseError("Reference Page id must be positive integer : " . $referencePageId);
return false;
}
if (strtolower(io::sanitizeAsciiString($codename)) != $codename) {
$this->raiseError("Page codename must be alphanumeric only");
return false;
}
if (!isset($pagesInfos[$codename][$referencePageId])) {
//get website of reference page Id
$website = CMS_tree::getPageWebsite($referencePageId);
if (!$website) {
$pagesInfos[$codename][$referencePageId] = false;
} else {
//get page by codename
$pagesInfos[$codename][$referencePageId] = CMS_tree::getPageByCodename($codename, $website, true, false);
}
}
if ($pagesInfos[$codename][$referencePageId]) {
return CMS_tree::getPageValue($pagesInfos[$codename][$referencePageId], $type);
}
return false;
}
/**
* Upload a file with as much as security we can
*
* @param string $fileVarName, var name in which we can found the file in $_FILES
* @param string $destinationDirFS, the destination dir in which we want the file to be moved
* @return array of uploaded file meta datas
*/
function uploadFile($fileVarName = 'Filedata', $destinationDirFS = PATH_UPLOAD_FS)
{
//for security, clean all files older than 4h in both uploads directories
$yesterday = time() - 14400;
//4h
try {
foreach (new DirectoryIterator(PATH_UPLOAD_FS) as $file) {
if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) {
@unlink($file->getPathname());
}
}
} catch (Exception $e) {
}
try {
foreach (new DirectoryIterator(PATH_UPLOAD_VAULT_FS) as $file) {
if ($file->isFile() && $file->getFilename() != ".htaccess" && $file->getMTime() < $yesterday) {
@unlink($file->getPathname());
}
}
} catch (Exception $e) {
}
//init returned file datas
$fileDatas = array('error' => 0, 'filename' => '', 'filepath' => '', 'filesize' => '', 'fileicon' => '', 'success' => false);
// Check if the upload exists
if (!isset($_FILES[$fileVarName]) || !is_uploaded_file($_FILES[$fileVarName]["tmp_name"]) || $_FILES[$fileVarName]["error"] != 0) {
CMS_grandFather::raiseError('Uploaded file has an error : ' . print_r($_FILES, true));
$fileDatas['error'] = CMS_file::UPLOAD_UPLOAD_FAILED;
$view->setContent($fileDatas);
$view->show();
}
//move uploaded file to upload vault (and rename it with a clean name if needed)
$originalFilename = io::sanitizeAsciiString($_FILES[$fileVarName]["name"]);
if (io::strlen($originalFilename) > 250) {
$originalFilename = sensitiveIO::ellipsis($originalFilename, 250, '-');
}
//remove multiple extensions to avoid double extension threat (cf. http://www.acunetix.com/websitesecurity/upload-forms-threat.htm)
if (substr_count('.', $originalFilename) > 1) {
$parts = pathinfo($originalFilename);
$originalFilename = str_replace('.', '-', $parts['filename']) . '.' . $parts['extension'];
}
$count = 2;
$filename = $originalFilename;
while (file_exists(PATH_UPLOAD_VAULT_FS . '/' . $filename) || file_exists($destinationDirFS . '/' . $filename)) {
$pathinfo = pathinfo($originalFilename);
$filename = $pathinfo['filename'] . '-' . $count++ . '.' . $pathinfo['extension'];
}
if (!@move_uploaded_file($_FILES[$fileVarName]["tmp_name"], PATH_UPLOAD_VAULT_FS . '/' . $filename)) {
CMS_grandFather::raiseError('Can\'t move uploaded file to : ' . PATH_UPLOAD_VAULT_FS . '/' . $filename);
$fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED;
return $fileDatas;
}
$file = new CMS_file(PATH_UPLOAD_VAULT_FS . '/' . $filename);
$file->chmod(FILES_CHMOD);
//check uploaded file
if (!$file->checkUploadedFile()) {
$file->delete();
$fileDatas['error'] = CMS_file::UPLOAD_SECURITY_ERROR;
return $fileDatas;
}
//move file to final directory
if (!CMS_file::moveTo(PATH_UPLOAD_VAULT_FS . '/' . $filename, $destinationDirFS . '/' . $filename)) {
$fileDatas['error'] = CMS_file::UPLOAD_FILE_VALIDATION_FAILED;
return $fileDatas;
}
$file = new CMS_file($destinationDirFS . '/' . $filename);
$file->chmod(FILES_CHMOD);
//return file datas
$fileDatas = array('error' => 0, 'filename' => $file->getName(false), 'filepath' => $file->getFilePath(CMS_file::WEBROOT), 'filesize' => $file->getFileSize(), 'fileicon' => $file->getFileIcon(CMS_file::WEBROOT), 'extension' => $file->getExtension(), 'success' => true);
return $fileDatas;
}
