/** * Delete attachment(s) */ public function delete() { // Check for request forgeries JSession::checkToken() or die(JText::_('JINVALID_TOKEN')); // Get ready $app = JFactory::getApplication(); jimport('joomla.filesystem.file'); require_once JPATH_SITE . '/components/com_attachments/helper.php'; // Get the attachments parent manager JPluginHelper::importPlugin('attachments'); $apm = getAttachmentsPluginManager(); // Get attachments to remove from the request $cid = JRequest::getVar('cid', array(), '', 'array'); $deleted_ids = array(); if (count($cid)) { $model = $this->getModel('Attachment'); $attachment = $model->getTable(); // Loop through the attachments and delete them one-by-one foreach ($cid as $attachment_id) { // Load the attachment object $id = (int) $attachment_id; if ($id == 0 or !$attachment->load($id)) { $errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_ATTACHMENT_ID_N', $id) . ' (ERR 166)'; JError::raiseError(500, $errmsg); } $parent_id = $attachment->parent_id; $parent_type = $attachment->parent_type; $parent_entity = $attachment->parent_entity; // Get the article/parent handler JPluginHelper::importPlugin('attachments'); $apm = getAttachmentsPluginManager(); if (!$apm->attachmentsPluginInstalled($parent_type)) { $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 167)'; JError::raiseError(500, $errmsg); } $parent = $apm->getAttachmentsPlugin($parent_type); // If we may not delete it, complain! if ($parent->userMayDeleteAttachment($attachment)) { // Delete the actual file if (JFile::exists($attachment->filename_sys)) { JFile::delete($attachment->filename_sys); AttachmentsHelper::clean_directory($attachment->filename_sys); } $deleted_ids[] = $id; } else { $parent_entity = $parent->getCanonicalEntityId($parent_entity); $errmsg = JText::sprintf('ATTACH_ERROR_NO_PERMISSION_TO_DELETE_S_ATTACHMENT_S_ID_N', $parent_entity, $attachment->filename, $id); $app->enqueueMessage($errmsg, 'warning'); } } // Delete entries in the attachments table for deleted attachments if (!empty($deleted_ids)) { $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->delete('#__attachments')->where("id IN (" . implode(',', $deleted_ids) . ")"); $db->setQuery($query); if (!$db->query()) { $errmsg = $db->getErrorMsg() . ' (ERR 168)'; JError::raiseError(500, $errmsg); } } } // Figure out how to redirect $from = JRequest::getWord('from'); $known_froms = array('frontpage', 'article', 'editor', 'closeme'); if (in_array($from, $known_froms)) { // Get the parent info from the last attachment $parent_id = $attachment->parent_id; $parent_type = $attachment->parent_type; $parent_entity = $attachment->parent_entity; // Get the article/parent handler if (!$apm->attachmentsPluginInstalled($parent_type)) { $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 169)'; JError::raiseError(500, $errmsg); } $parent = $apm->getAttachmentsPlugin($parent_type); $parent_entity = $parent->getCanonicalEntityId($parent_entity); // Make sure the parent exists // NOTE: $parent_id===null means the parent is being created if ($parent_id !== null && !$parent->parentExists($parent_id, $parent_entity)) { $parent_entity_name = JText::_('ATTACH_' . $parent_entity); $errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_S_ID_N', $parent_entity_name, $parent_id) . ' (ERR 170)'; JError::raiseError(500, $errmsg); } // If there is no parent_id, the parent is being created, use the username instead if (!$parent_id) { $pid = 0; } else { $pid = (int) $parent_id; } // Close the iframe and refresh the attachments list in the parent window require_once JPATH_SITE . '/components/com_attachments/javascript.php'; $uri = JFactory::getURI(); $base_url = $uri->base(true); $lang = JRequest::getCmd('lang', ''); AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $pid, $lang, $from); exit; } $this->setRedirect('index.php?option=' . $this->option); }
/** * Save an attachment (from editing) */ public function save($key = null, $urlVar = null) { // Check for request forgeries JSession::checkToken() or die(JText::_('JINVALID_TOKEN')); // Access check. $user = JFactory::getUser(); if (!($user->authorise('core.edit', 'com_attachments') or $user->authorise('core.edit.own', 'com_attachments'))) { return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 134)'); } $model = $this->getModel(); $attachment = $model->getTable(); // Make sure the article ID is valid $attachment_id = JRequest::getInt('id'); if (!$attachment->load($attachment_id)) { $errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_UPDATE_ATTACHMENT_INVALID_ID_N', $id) . ' (ERR 135)'; JError::raiseError(500, $errmsg); } // Note the old uri type $old_uri_type = $attachment->uri_type; // Get the data from the form if (!$attachment->bind(JRequest::get('post'))) { $errmsg = $attachment->getError() . ' (ERR 136)'; JError::raiseError(500, $errmsg); } // Get the parent handler for this attachment JPluginHelper::importPlugin('attachments'); $apm = getAttachmentsPluginManager(); if (!$apm->attachmentsPluginInstalled($attachment->parent_type)) { $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $attachment->parent_type) . ' (ERR 135B)'; JError::raiseError(500, $errmsg); } $parent = $apm->getAttachmentsPlugin($attachment->parent_type); // See if the parent ID has been changed $parent_changed = false; $old_parent_id = JRequest::getString('old_parent_id'); if ($old_parent_id == '') { $old_parent_id = null; } else { $old_parent_id = JRequest::getInt('old_parent_id'); } // Handle new parents (in process of creation) if ($parent->newParent($attachment)) { $attachment->parent_id = null; } // Deal with updating an orphaned attachment if ($old_parent_id == null && is_numeric($attachment->parent_id)) { $parent_changed = true; } // Check for normal parent changes if ($old_parent_id && $attachment->parent_id != $old_parent_id) { $parent_changed = true; } // See if we are updating a file or URL $new_uri_type = JRequest::getWord('update'); if ($new_uri_type && !in_array($new_uri_type, AttachmentsDefines::$LEGAL_URI_TYPES)) { // Make sure only legal values are entered $new_uri_type = ''; } // See if the parent type has changed $new_parent_type = JRequest::getCmd('new_parent_type'); $new_parent_entity = JRequest::getCmd('new_parent_entity'); $old_parent_type = JRequest::getCmd('old_parent_type'); $old_parent_entity = JRequest::getCmd('old_parent_entity'); if ($new_parent_type && ($new_parent_type != $old_parent_type || $new_parent_entity != $old_parent_entity)) { $parent_changed = true; } // If the parent has changed, make sure they have selected the new parent if ($parent_changed && (int) $attachment->parent_id == -1) { $errmsg = JText::sprintf('ATTACH_ERROR_MUST_SELECT_PARENT'); echo "<script type=\"text/javascript\"> alert('{$errmsg}'); window.history.go(-1); </script>\n"; exit; } // If the parent has changed, switch the parent, rename files if necessary if ($parent_changed) { if ($new_uri_type == 'url' && $old_uri_type == 'file') { // If we are changing parents and converting from file to URL, delete the old file jimport('joomla.filesystem.file'); // Load the attachment so we can get its filename_sys $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select('filename_sys, id')->from('#__attachments')->where('id=' . (int) $attachment->id); $db->setQuery($query, 0, 1); $filename_sys = $db->loadResult(); JFile::delete($filename_sys); AttachmentsHelper::clean_directory($filename_sys); } else { // Otherwise switch the file/url to the new parent if ($old_parent_id == null) { $old_parent_id = 0; // NOTE: When attaching a file to an article during creation, // the article_id (parent_id) is initially null until // the article is saved (at that point the // parent_id/article_id updated). If the attachment is // added and creating the article is canceled, the // attachment exists but is orhpaned since it does not // have a parent. It's article_id is null, but it is // saved in directory as if its article_id is 0: // article/0/file.txt. Therefore, if the parent has // changed, we pretend the old_parent_id=0 for file // renaming/moving. } $error_msg = AttachmentsHelper::switch_parent($attachment, $old_parent_id, $attachment->parent_id, $new_parent_type, $new_parent_entity); if ($error_msg != '') { $errmsg = JText::_($error_msg) . ' (ERR 137)'; $link = 'index.php?option=com_attachments'; $this->setRedirect($link, $errmsg, 'error'); return; } } } // Update parent type/entity, if needed if ($new_parent_type && $new_parent_type != $old_parent_type) { $attachment->parent_type = $new_parent_type; } if ($new_parent_type && $new_parent_entity != $old_parent_entity) { $attachment->parent_entity = $new_parent_entity; } // Get the article/parent handler if ($new_parent_type) { $parent_type = $new_parent_type; $parent_entity = $new_parent_entity; } else { $parent_type = JRequest::getCmd('parent_type', 'com_content'); $parent_entity = JRequest::getCmd('parent_entity', 'default'); } $parent = $apm->getAttachmentsPlugin($parent_type); $parent_entity = $parent->getCanonicalEntityId($parent_entity); // Get the title of the article/parent $new_parent = JRequest::getBool('new_parent', false); $parent->new = $new_parent; if ($new_parent) { $attachment->parent_id = null; $parent->title = ''; } else { $parent->title = $parent->getTitle($attachment->parent_id, $parent_entity); } // Check to make sure the user has permissions to edit the attachment if (!$parent->userMayEditAttachment($attachment)) { // ??? Add better error message return JError::raiseError(403, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 139)'); } // Double-check to see if the URL changed $old_url = JRequest::getString('old_url'); if (!$new_uri_type && $old_url && $old_url != $attachment->url) { $new_uri_type = 'url'; } // If this is a URL, get settings $verify_url = false; $relative_url = false; if ($new_uri_type == 'url') { // See if we need to verify the URL (if applicable) if (JRequest::getWord('verify_url') == 'verify') { $verify_url = true; } // Allow relative URLs? if (JRequest::getWord('url_relative') == 'relative') { $relative_url = true; } } // Compute the update time $now = JFactory::getDate(); // Update create/modify info $attachment->modified_by = $user->get('id'); $attachment->modified = $now->toSql(); // Upload new file/url and create/update the attachment $msg = null; $msgType = 'message'; if ($new_uri_type == 'file') { // Upload a new file $result = AttachmentsHelper::upload_file($attachment, $parent, $attachment_id, 'update'); if (is_object($result)) { $msg = $result->error_msg . ' (ERR 140)'; $msgType = 'error'; } else { $msg = $result; } // NOTE: store() is not needed if upload_file() is called since it does it } elseif ($new_uri_type == 'url') { // Upload/add the new URL $result = AttachmentsHelper::add_url($attachment, $parent, $verify_url, $relative_url, $old_uri_type, $attachment_id); // NOTE: store() is not needed if add_url() is called since it does it if (is_object($result)) { $msg = $result->error_msg . ' (ERR 141)'; $msgType = 'error'; } else { $msg = $result; } } else { // Extra handling for checkboxes for URLs if ($attachment->uri_type == 'url') { // Update the url_relative field $attachment->url_relative = $relative_url; $attachment->url_verify = $verify_url; } // Remove any extraneous fields if (isset($attachment->parent_entity_name)) { unset($attachment->parent_entity_name); } // Save the updated attachment info if (!$attachment->store()) { $errmsg = $attachment->getError() . ' (ERR 142)'; JError::raiseError(500, $errmsg); } } switch ($this->getTask()) { case 'apply': if (!$msg) { $msg = JText::_('ATTACH_CHANGES_TO_ATTACHMENT_SAVED'); } $link = 'index.php?option=com_attachments&task=attachment.edit&cid[]=' . (int) $attachment->id; break; case 'save': default: if (!$msg) { $msg = JText::_('ATTACH_ATTACHMENT_UPDATED'); } $link = 'index.php?option=com_attachments'; break; } // If invoked from an iframe popup, close it and refresh the attachments list $from = JRequest::getWord('from'); $known_froms = $parent->knownFroms(); if (in_array($from, $known_froms)) { // If there has been a problem, alert the user and redisplay if ($msgType == 'error') { $errmsg = $msg; if (DIRECTORY_SEPARATOR == "\\") { // Fix filename on Windows system so alert can display it $errmsg = str_replace(DIRECTORY_SEPARATOR, "\\\\", $errmsg); } $errmsg = str_replace("'", "\\'", $errmsg); $errmsg = str_replace("<br />", "\\n", $errmsg); echo "<script type=\"text/javascript\"> alert('{$errmsg}'); window.history.go(-1); </script>"; exit; } // Can only refresh the old parent if ($parent_changed) { $parent_type = $old_parent_type; $parent_entity = $old_parent_entity; $parent_id = $old_parent_id; } else { $parent_id = (int) $attachment->parent_id; } // Close the iframe and refresh the attachments list in the parent window $uri = JFactory::getURI(); $base_url = $uri->base(true); $lang = JRequest::getCmd('lang', ''); AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $parent_id, $lang, $from); exit; } $this->setRedirect($link, $msg, $msgType); }
/** * Delete an attachment */ public function delete() { $db = JFactory::getDBO(); // Make sure we have a valid attachment ID $id = JRequest::getInt('id'); if (is_numeric($id)) { $id = (int) $id; } else { $errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_ATTACHMENT_ID_N', $id) . ' (ERR 13)'; JError::raiseError(500, $errmsg); } // Get the attachment info require_once JPATH_COMPONENT_SITE . '/models/attachment.php'; $model = new AttachmentsModelAttachment(); $model->setId($id); $attachment = $model->getAttachment(); if (!$attachment) { $errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_ATTACHMENT_ID_N', $id) . ' (ERR 14)'; JError::raiseError(500, $errmsg); } $filename_sys = $attachment->filename_sys; $filename = $attachment->filename; $parent_id = $attachment->parent_id; $parent_type = $attachment->parent_type; $parent_entity = $attachment->parent_entity; // Get the article/parent handler JPluginHelper::importPlugin('attachments'); $apm = getAttachmentsPluginManager(); if (!$apm->attachmentsPluginInstalled($parent_type)) { $errmsg = JText::sprintf('ATTACH_ERROR_INVALID_PARENT_TYPE_S', $parent_type) . ' (ERR 15)'; JError::raiseError(500, $errmsg); } $parent = $apm->getAttachmentsPlugin($parent_type); $parent_entity_name = JText::_('ATTACH_' . $parent_entity); // Check to make sure we can edit it if (!$parent->userMayDeleteAttachment($attachment)) { return JError::raiseError(404, JText::_('JERROR_ALERTNOAUTHOR') . ' (ERR 16)'); } // Make sure the parent exists // NOTE: $parent_id===null means the parent is being created if ($parent_id !== null && !$parent->parentExists($parent_id, $parent_entity)) { $errmsg = JText::sprintf('ATTACH_ERROR_CANNOT_DELETE_INVALID_S_ID_N', $parent_entity_name, $parent_id) . ' (ERR 17)'; JError::raiseError(500, $errmsg); } // See if this user can edit (or delete) the attachment if (!$parent->userMayDeleteAttachment($attachment)) { $errmsg = JText::sprintf('ATTACH_ERROR_NO_PERMISSION_TO_DELETE_S', $parent_entity_name) . ' (ERR 18)'; JError::raiseError(500, $errmsg); } // First delete the actual attachment files (if any) if ($filename_sys) { jimport('joomla.filesystem.file'); if (JFile::exists($filename_sys)) { JFile::delete($filename_sys); } } // Delete the entries in the attachments table $query = $db->getQuery(true); $query->delete('#__attachments')->where('id = ' . (int) $id); $db->setQuery($query); if (!$db->query()) { $errmsg = $db->getErrorMsg() . ' (ERR 19)'; JError::raiseError(500, $errmsg); } // Clean up after ourselves AttachmentsHelper::clean_directory($filename_sys); // Get the Itemid $Itemid = JRequest::getInt('Itemid', 1); $msg = JText::_('ATTACH_DELETED_ATTACHMENT') . " '{$filename}'"; // Figure out how to redirect $from = JRequest::getWord('from', 'closeme'); $uri = JFactory::getURI(); if (in_array($from, $parent->knownFroms())) { // If there is no parent_id, the parent is being created, use the username instead if (!$parent_id) { $pid = 0; } else { $pid = (int) $parent_id; } // Close the iframe and refresh the attachments list in the parent window $base_url = $uri->root(true); $lang = JRequest::getCmd('lang', ''); AttachmentsJavascript::closeIframeRefreshAttachments($base_url, $parent_type, $parent_entity, $pid, $lang, $from); exit; } else { $redirect_to = $uri->root(true); } $this->setRedirect($redirect_to, $msg); }