/** * Ajax actions that do require a data container object * @param DataContainer */ public function executePostActions(DataContainer $dc) { header('Content-Type: text/html; charset=' . $GLOBALS['TL_CONFIG']['characterSet']); switch ($this->strAction) { // Load nodes of the page structure tree case 'loadStructure': echo $dc->ajaxTreeView($this->strAjaxId, intval($this->Input->post('level'))); exit; break; // Load nodes of the file manager tree // Load nodes of the file manager tree case 'loadFileManager': echo $dc->ajaxTreeView($this->Input->post('folder', true), intval($this->Input->post('level'))); exit; break; // Load nodes of the page tree // Load nodes of the page tree case 'loadPagetree': $arrData['strTable'] = $dc->table; $arrData['id'] = strlen($this->strAjaxName) ? $this->strAjaxName : $dc->id; $arrData['name'] = $this->Input->post('name'); $objWidget = new $GLOBALS['BE_FFL']['pageTree']($arrData, $dc); echo $objWidget->generateAjax($this->strAjaxId, $this->Input->post('field'), intval($this->Input->post('level'))); exit; break; // Load nodes of the file tree // Load nodes of the file tree case 'loadFiletree': $arrData['strTable'] = $dc->table; $arrData['id'] = strlen($this->strAjaxName) ? $this->strAjaxName : $dc->id; $arrData['name'] = $this->Input->post('name'); $objWidget = new $GLOBALS['BE_FFL']['fileTree']($arrData, $dc); // Load a particular node if ($this->Input->post('folder', true) != '') { echo $objWidget->generateAjax($this->Input->post('folder', true), $this->Input->post('field'), intval($this->Input->post('level'))); exit; break; } // Reload the whole tree $this->import('BackendUser', 'User'); $tree = ''; // Set a custom path if (strlen($GLOBALS['TL_DCA'][$dc->table]['fields'][$this->Input->post('field')]['eval']['path'])) { $tree = $objWidget->generateAjax($GLOBALS['TL_DCA'][$dc->table]['fields'][$this->Input->post('field')]['eval']['path'], $this->Input->post('field'), intval($this->Input->post('level'))); } elseif ($this->User->isAdmin) { $tree = $objWidget->generateAjax($GLOBALS['TL_CONFIG']['uploadPath'], $this->Input->post('field'), intval($this->Input->post('level'))); } else { foreach ($this->eliminateNestedPaths($this->User->filemounts) as $node) { $tree .= $objWidget->generateAjax($node, $this->Input->post('field'), intval($this->Input->post('level')), true); } } echo $tree; exit; break; // Feature/unfeature an element // Feature/unfeature an element case 'toggleFeatured': if (class_exists($dc->table, false)) { $dca = new $dc->table(); if (method_exists($dca, 'toggleFeatured')) { $dca->toggleFeatured($this->Input->post('id'), $this->Input->post('state') == 1 ? true : false); } } exit; break; // Toggle subpalettes // Toggle subpalettes case 'toggleSubpalette': $this->import('BackendUser', 'User'); // Check whether the field is a selector field and allowed for regular users (thanks to Fabian Mihailowitsch) (see #4427) if (!is_array($GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || !in_array($this->Input->post('field'), $GLOBALS['TL_DCA'][$dc->table]['palettes']['__selector__']) || $GLOBALS['TL_DCA'][$dc->table]['fields'][$this->Input->post('field')]['exclude'] && !$this->User->hasAccess($dc->table . '::' . $this->Input->post('field'), 'alexf')) { $this->log('Field "' . $this->Input->post('field') . '" is not an allowed selector field (possible SQL injection attempt)', 'Ajax executePostActions()', TL_ERROR); header('HTTP/1.1 400 Bad Request'); die('Bad Request'); } if ($dc instanceof DC_Table) { if ($this->Input->get('act') == 'editAll') { $this->strAjaxId = preg_replace('/.*_([0-9a-zA-Z]+)$/i', '$1', $this->Input->post('id')); $this->Database->prepare("UPDATE " . $dc->table . " SET " . $this->Input->post('field') . "='" . (intval($this->Input->post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($this->strAjaxId); if ($this->Input->post('load')) { echo $dc->editAll($this->strAjaxId, $this->Input->post('id')); } } else { $this->Database->prepare("UPDATE " . $dc->table . " SET " . $this->Input->post('field') . "='" . (intval($this->Input->post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($dc->id); if ($this->Input->post('load')) { echo $dc->edit(false, $this->Input->post('id')); } } } elseif ($dc instanceof DC_File) { $val = intval($this->Input->post('state') == 1) ? true : false; $this->Config->update("\$GLOBALS['TL_CONFIG']['" . $this->Input->post('field') . "']", $val); if ($this->Input->post('load')) { $GLOBALS['TL_CONFIG'][$this->Input->post('field')] = $val; echo $dc->edit(false, $this->Input->post('id')); } } exit; break; // HOOK: pass unknown actions to callback functions // HOOK: pass unknown actions to callback functions default: if (isset($GLOBALS['TL_HOOKS']['executePostActions']) && is_array($GLOBALS['TL_HOOKS']['executePostActions'])) { foreach ($GLOBALS['TL_HOOKS']['executePostActions'] as $callback) { $this->import($callback[0]); $this->{$callback}[0]->{$callback}[1]($this->strAction, $dc); } } exit; break; } }
/** * Ajax actions that do require a data container object * @param object */ public function executePostActions(DataContainer $dc) { header('Content-Type: text/html; charset=' . $GLOBALS['TL_CONFIG']['characterSet']); switch ($this->strAction) { // Load nodes of the page structure tree case 'loadStructure': echo json_encode(array('content' => $dc->ajaxTreeView($this->strAjaxId, intval($this->Input->post('level'))), 'token' => REQUEST_TOKEN)); exit; break; // Load nodes of the file manager tree // Load nodes of the file manager tree case 'loadFileManager': echo json_encode(array('content' => $dc->ajaxTreeView($this->Input->post('folder', true), intval($this->Input->post('level'))), 'token' => REQUEST_TOKEN)); exit; break; // Load nodes of the page tree // Load nodes of the page tree case 'loadPagetree': $arrData['strTable'] = $dc->table; $arrData['id'] = strlen($this->strAjaxName) ? $this->strAjaxName : $dc->id; $arrData['name'] = $this->Input->post('name'); $objWidget = new $GLOBALS['BE_FFL']['pageTree']($arrData, $dc); echo json_encode(array('content' => $objWidget->generateAjax($this->strAjaxId, $this->Input->post('field'), intval($this->Input->post('level'))), 'token' => REQUEST_TOKEN)); exit; break; // Load nodes of the file tree // Load nodes of the file tree case 'loadFiletree': $arrData['strTable'] = $dc->table; $arrData['id'] = strlen($this->strAjaxName) ? $this->strAjaxName : $dc->id; $arrData['name'] = $this->Input->post('name'); $objWidget = new $GLOBALS['BE_FFL']['fileTree']($arrData, $dc); // Load a particular node if ($this->Input->post('folder', true) != '') { echo json_encode(array('content' => $objWidget->generateAjax($this->Input->post('folder', true), $this->Input->post('field'), intval($this->Input->post('level'))), 'token' => REQUEST_TOKEN)); exit; break; } // Reload the whole tree $this->import('BackendUser', 'User'); $tree = ''; // Set a custom path if (strlen($GLOBALS['TL_DCA'][$dc->table]['fields'][$this->Input->post('field')]['eval']['path'])) { $tree = $objWidget->generateAjax($GLOBALS['TL_DCA'][$dc->table]['fields'][$this->Input->post('field')]['eval']['path'], $this->Input->post('field'), intval($this->Input->post('level'))); } elseif ($this->User->isAdmin) { $tree = $objWidget->generateAjax($GLOBALS['TL_CONFIG']['uploadPath'], $this->Input->post('field'), intval($this->Input->post('level'))); } else { foreach ($this->eliminateNestedPaths($this->User->filemounts) as $node) { $tree .= $objWidget->generateAjax($node, $this->Input->post('field'), intval($this->Input->post('level')), true); } } echo json_encode(array('content' => $tree, 'token' => REQUEST_TOKEN)); exit; break; // Upload files via FancyUpload // Upload files via FancyUpload case 'fancyUpload': $dc->move(true); exit; break; // Feature/unfeature an element // Feature/unfeature an element case 'toggleFeatured': if (class_exists($dc->table, false)) { $dca = new $dc->table(); if (method_exists($dca, 'toggleFeatured')) { $dca->toggleFeatured($this->Input->post('id'), $this->Input->post('state') == 1 ? true : false); } } echo json_encode(array('token' => REQUEST_TOKEN)); exit; break; // Toggle subpalettes // Toggle subpalettes case 'toggleSubpalette': if ($dc instanceof DC_Table) { if ($this->Input->get('act') == 'editAll') { $this->strAjaxId = preg_replace('/.*_([0-9a-zA-Z]+)$/i', '$1', $this->Input->post('id')); $this->Database->prepare("UPDATE " . $dc->table . " SET " . $this->Input->post('field') . "='" . (intval($this->Input->post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($this->strAjaxId); if ($this->Input->post('load')) { echo json_encode(array('content' => $dc->editAll($this->strAjaxId, $this->Input->post('id')), 'token' => REQUEST_TOKEN)); exit; break; } } else { $this->Database->prepare("UPDATE " . $dc->table . " SET " . $this->Input->post('field') . "='" . (intval($this->Input->post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($dc->id); if ($this->Input->post('load')) { echo json_encode(array('content' => $dc->edit(false, $this->Input->post('id')), 'token' => REQUEST_TOKEN)); exit; break; } } } elseif ($dc instanceof DC_File) { $val = intval($this->Input->post('state') == 1) ? true : false; $this->Config->update("\$GLOBALS['TL_CONFIG']['" . $this->Input->post('field') . "']", $val); if ($this->Input->post('load')) { $GLOBALS['TL_CONFIG'][$this->Input->post('field')] = $val; echo json_encode(array('content' => $dc->edit(false, $this->Input->post('id')), 'token' => REQUEST_TOKEN)); exit; break; } } echo json_encode(array('token' => REQUEST_TOKEN)); exit; break; // HOOK: pass unknown actions to callback functions // HOOK: pass unknown actions to callback functions default: if (isset($GLOBALS['TL_HOOKS']['executePostActions']) && is_array($GLOBALS['TL_HOOKS']['executePostActions'])) { foreach ($GLOBALS['TL_HOOKS']['executePostActions'] as $callback) { $this->import($callback[0]); $this->{$callback}[0]->{$callback}[1]($this->strAction, $dc); } } echo json_encode(array('token' => REQUEST_TOKEN)); exit; break; } }
/** * Ajax actions that do require a data container object * @param object */ public function executePostActions(DataContainer $dc) { header('Content-Type: text/html; charset=' . $GLOBALS['TL_CONFIG']['characterSet']); switch ($this->strAction) { // Load nodes of the page structure tree case 'loadStructure': echo $dc->ajaxTreeView($this->strAjaxId, intval($this->Input->post('level'))); exit; break; // Load nodes of the file manager tree // Load nodes of the file manager tree case 'loadFileManager': echo $dc->ajaxTreeView($this->Input->post('folder', DECODE_ENTITIES), intval($this->Input->post('level'))); exit; break; // Load nodes of the page tree // Load nodes of the page tree case 'loadPagetree': $arrData['strTable'] = $dc->table; $arrData['id'] = strlen($this->strAjaxName) ? $this->strAjaxName : $dc->id; $arrData['name'] = $this->Input->post('name'); $objWidget = new $GLOBALS['BE_FFL']['pageTree']($arrData, $dc); echo $objWidget->generateAjax($this->strAjaxId, $this->Input->post('field'), intval($this->Input->post('level'))); exit; break; // Load nodes of the file tree // Load nodes of the file tree case 'loadFiletree': $arrData['strTable'] = $dc->table; $arrData['id'] = strlen($this->strAjaxName) ? $this->strAjaxName : $dc->id; $arrData['name'] = $this->Input->post('name'); $objWidget = new $GLOBALS['BE_FFL']['fileTree']($arrData, $dc); echo $objWidget->generateAjax($this->Input->post('folder', DECODE_ENTITIES), $this->Input->post('field'), intval($this->Input->post('level'))); exit; break; // Toggle subpalettes // Toggle subpalettes case 'toggleSubpalette': if ($dc instanceof DC_Table) { if ($this->Input->get('act') == 'editAll') { $this->strAjaxId = preg_replace('/.*_([0-9a-zA-Z]+)$/i', '$1', $this->Input->post('id')); $this->Database->prepare("UPDATE " . $dc->table . " SET " . $this->Input->post('field') . "='" . (intval($this->Input->post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($this->strAjaxId); if ($this->Input->post('load')) { echo $dc->editAll($this->strAjaxId, $this->Input->post('id')); } } else { $this->Database->prepare("UPDATE " . $dc->table . " SET " . $this->Input->post('field') . "='" . (intval($this->Input->post('state') == 1) ? 1 : '') . "' WHERE id=?")->execute($dc->id); if ($this->Input->post('load')) { echo $dc->edit(false, $this->Input->post('id')); } } } elseif ($dc instanceof DC_File) { $val = intval($this->Input->post('state') == 1) ? true : false; $this->Config->update("\$GLOBALS['TL_CONFIG']['" . $this->Input->post('field') . "']", $val); if ($this->Input->post('load')) { $GLOBALS['TL_CONFIG'][$this->Input->post('field')] = $val; echo $dc->edit(false, $this->Input->post('id')); } } exit; break; // HOOK: pass unknown actions to callback functions // HOOK: pass unknown actions to callback functions default: if (array_key_exists('executePostActions', $GLOBALS['TL_HOOKS']) && is_array($GLOBALS['TL_HOOKS']['executePostActions'])) { foreach ($GLOBALS['TL_HOOKS']['executePostActions'] as $callback) { $this->import($callback[0]); $this->{$callback}[0]->{$callback}[1]($this->strAction, $dc); } } exit; break; } }