public function test_encodeEmail()
{
$strEmailPrefix = 'user@';
foreach ($this->arrIdnaTests as $strDefaultDomain => $strEncodedDomain) {
$this->assertEquals(Idna::encodeEmail($strEmailPrefix . $strDefaultDomain), $strEmailPrefix . $strEncodedDomain);
}
}
/**
* Send a lost password e-mail
* @param object
*/
protected function sendPasswordLink($objMember)
{
$objNotification = \NotificationCenter\Model\Notification::findByPk($this->nc_notification);
if ($objNotification === null) {
$this->log('The notification was not found ID ' . $this->nc_notification, __METHOD__, TL_ERROR);
return;
}
$confirmationId = md5(uniqid(mt_rand(), true));
// Store the confirmation ID
$objMember = \MemberModel::findByPk($objMember->id);
$objMember->activation = $confirmationId;
$objMember->save();
$arrTokens = array();
// Add member tokens
foreach ($objMember->row() as $k => $v) {
$arrTokens['member_' . $k] = $v;
}
$arrTokens['recipient_email'] = $objMember->email;
$arrTokens['domain'] = \Idna::decode(\Environment::get('host'));
$arrTokens['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . ($GLOBALS['TL_CONFIG']['disableAlias'] || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId;
$objNotification->send($arrTokens);
$this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS);
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
public function test_isEmail()
{
$arrEmails = array('*****@*****.**' => true, 'test@test.c' => false, 'test@test.' => false, 'test@test' => false, 'test@' => false, 'test' => false, Idna::encodeEmail('test@tèst.ch') => true);
foreach ($arrEmails as $strAddress => $blnValidity) {
$this->assertEquals(Validator::isEmail($strAddress), $blnValidity);
}
}
/**
* Generate the widget and return it as string
* @return string
*/
public function generate()
{
// Hide the Punycode format (see #2750)
if ($this->rgxp == 'email' || $this->rgxp == 'url') {
$this->varValue = \Idna::decode($this->varValue);
}
return sprintf('<input type="%s" name="%s" id="ctrl_%s" class="text%s%s" value="%s"%s%s', $this->hideInput ? 'password' : 'text', $this->strName, $this->strId, $this->hideInput ? ' password' : '', strlen($this->strClass) ? ' ' . $this->strClass : '', specialchars($this->varValue), $this->getAttributes(), $this->strTagEnding) . $this->addSubmit();
}
/**
* @param $strType
* @param null $strForceLanguage
*/
public function __construct($strType, $strForceLanguage = null)
{
if (in_array($strType, $GLOBALS['TL_EMAIL'])) {
$this->strType = $strType;
}
$this->strForceLanguage = $strForceLanguage;
// Set default parameters
$this->addParameter('host', \Idna::decode(\Environment::get('host')));
$this->addParameter('admin_name', \BackendUser::getInstance()->name);
}
private function addRecipient($email, $arrChannels, $strMailText, $intJumpTo)
{
$varInput = \Idna::encodeEmail($email);
// Get the existing active subscriptions
$arrSubscriptions = array();
if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) {
$arrSubscriptions = $objSubscription->fetchEach('pid');
}
$arrNew = array_diff($arrChannels, $arrSubscriptions);
// Return if there are no new subscriptions
if (!is_array($arrNew) || empty($arrNew)) {
return;
}
// Remove old subscriptions that have not been activated yet
if (($objOld = \NewsletterRecipientsModel::findBy(array("email=? AND active=''"), $varInput)) !== null) {
while ($objOld->next()) {
$objOld->delete();
}
}
$time = time();
$strToken = md5(uniqid(mt_rand(), true));
// Add the new subscriptions
foreach ($arrNew as $id) {
$objRecipient = new \NewsletterRecipientsModel();
$objRecipient->pid = $id;
$objRecipient->tstamp = $time;
$objRecipient->email = $varInput;
$objRecipient->active = '';
$objRecipient->addedOn = $time;
$objRecipient->ip = $this->anonymizeIp(\Environment::get('ip'));
$objRecipient->token = $strToken;
$objRecipient->confirmed = '';
$objRecipient->save();
}
// Get the channels
$objChannel = \NewsletterChannelModel::findByIds($arrChannels);
// Prepare the e-mail text
$strText = str_replace('##token##', $strToken, $strMailText);
$strText = str_replace('##domain##', \Environment::get('host'), $strText);
//$strText = str_replace('##link##', \Environment::get('base') . \Environment::get('request') . (($GLOBALS['TL_CONFIG']['disableAlias'] || strpos(\Environment::get('request'), '?') !== false) ? '&' : '?') . 'token=' . $strToken, $strText);
$objPageConfirm = \PageModel::findByPk($intJumpTo);
if ($objPageConfirm === null) {
$this->log('Newsletter confirmation page not found, id: ' . $intJumpTo, __CLASS__ . ":" . __METHOD__, TL_NEWSLETTER);
}
$strText = str_replace('##link##', rtrim(\Environment::get('base'), '/') . '/' . $this->generateFrontendUrl($objPageConfirm->row()) . '?token=' . $strToken, $strText);
$strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText);
// Activation e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Environment::get('host'));
$objEmail->text = $strText;
$objEmail->sendTo($varInput);
}
/**
* Send a lost password e-mail
*
* @param \MemberModel $objMember
*/
protected function sendPasswordLink($objMember)
{
$objNotification = \NotificationCenter\Model\Notification::findByPk($this->nc_notification);
if ($objNotification === null) {
$this->log('The notification was not found ID ' . $this->nc_notification, __METHOD__, TL_ERROR);
return;
}
$confirmationId = md5(uniqid(mt_rand(), true));
// Store the confirmation ID
$objMember = \MemberModel::findByPk($objMember->id);
$objMember->activation = $confirmationId;
$objMember->save();
$arrTokens = array();
// Add member tokens
foreach ($objMember->row() as $k => $v) {
if (\Validator::isBinaryUuid($v)) {
$v = \StringUtil::binToUuid($v);
}
$arrTokens['member_' . $k] = specialchars($v);
}
// FIX: Add salutation token
$arrTokens['salutation_user'] = NotificationCenterPlus::createSalutation($GLOBALS['TL_LANGUAGE'], $objMember);
// ENDFIX
$arrTokens['recipient_email'] = $objMember->email;
$arrTokens['domain'] = \Idna::decode(\Environment::get('host'));
$arrTokens['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . ($GLOBALS['TL_CONFIG']['disableAlias'] || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId;
// FIX: Add custom change password jump to
if (($objJumpTo = $this->objModel->getRelated('changePasswordJumpTo')) !== null) {
$arrTokens['link'] = \Idna::decode(\Environment::get('base')) . \Controller::generateFrontendUrl($objJumpTo->row(), '?token=' . $confirmationId);
}
// ENDFIX
$objNotification->send($arrTokens, $GLOBALS['TL_LANGUAGE']);
$this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS);
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
StatusMessage::addSuccess(sprintf($GLOBALS['TL_LANG']['notification_center_plus']['sendPasswordLink']['messageSuccess'], $arrTokens['recipient_email']), $this->objModel->id);
$this->reload();
}
/**
* Parse the template file and return it as string
* @param array
* @return string
*/
public function parse($arrAttributes = null)
{
if ($this->formcontrol_template) {
$this->strTemplate = $this->formcontrol_template;
// Hide the Punycode format (see #2750)
if ($this->rgxp == 'email' || $this->rgxp == 'friendly' || $this->rgxp == 'url') {
$this->varValue = \Idna::decode($this->varValue);
}
if ($this->hideInput) {
$strType = 'password';
} elseif ($this->strFormat != 'xhtml') {
// Use the HTML5 types (see #4138)
// but not the date, time and datetime types (see #5918)
switch ($this->rgxp) {
case 'digit':
$strType = 'number';
break;
case 'phone':
$strType = 'tel';
break;
case 'email':
$strType = 'email';
break;
case 'url':
$strType = 'url';
break;
default:
$strType = 'text';
break;
}
} else {
$strType = 'text';
}
$this->type = $strType;
}
return parent::parse($arrAttributes);
}
protected function createNewUser($arrData)
{
$arrData['tstamp'] = time();
$arrData['login'] = $this->reg_allowLogin;
$arrData['activation'] = md5(uniqid(mt_rand(), true));
$arrData['dateAdded'] = $arrData['tstamp'];
$pw = $this->getRandomPassword(6);
$arrData['password'] = \Encryption::hash($pw["clear"]);
$arrData['username'] = strtolower($arrData['email']);
$arrData['email'] = strtolower($arrData['email']);
// Set default groups
if (!array_key_exists('groups', $arrData)) {
$arrData['groups'] = $this->reg_groups;
}
// // Disable account
// $arrData['disable'] = 1;
// Send activation e-mail
if ($this->reg_activate) {
$arrChunks = array();
$strConfirmation = $this->reg_text;
preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks);
foreach ($arrChunks[0] as $strChunk) {
$strKey = substr($strChunk, 2, -2);
switch ($strKey) {
case 'domain':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation);
break;
case 'gen_pw':
$strConfirmation = str_replace($strChunk, $pw["clear"], $strConfirmation);
break;
case 'link':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $arrData['activation'], $strConfirmation);
break;
// HOOK: support newsletter subscriptions
// HOOK: support newsletter subscriptions
case 'channel':
case 'channels':
if (!in_array('newsletter', \ModuleLoader::getActive())) {
break;
}
// Make sure newsletter is an array
if (!is_array($arrData['newsletter'])) {
if ($arrData['newsletter'] != '') {
$arrData['newsletter'] = array($arrData['newsletter']);
} else {
$arrData['newsletter'] = array();
}
}
// Replace the wildcard
if (!empty($arrData['newsletter'])) {
$objChannels = \NewsletterChannelModel::findByIds($arrData['newsletter']);
if ($objChannels !== null) {
$strConfirmation = str_replace($strChunk, implode("\n", $objChannels->fetchEach('title')), $strConfirmation);
}
} else {
$strConfirmation = str_replace($strChunk, '', $strConfirmation);
}
break;
default:
$strConfirmation = str_replace($strChunk, $arrData[$strKey], $strConfirmation);
break;
}
}
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['emailSubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = $strConfirmation;
$objEmail->sendTo($arrData['email']);
}
// Make sure newsletter is an array
if (isset($arrData['newsletter']) && !is_array($arrData['newsletter'])) {
$arrData['newsletter'] = array($arrData['newsletter']);
}
// Create the user
$objNewUser = new \MemberModel();
$objNewUser->setRow($arrData);
$objNewUser->save();
$insertId = $objNewUser->id;
// Assign home directory
if ($this->reg_assignDir) {
$objHomeDir = \FilesModel::findByUuid($this->reg_homeDir);
if ($objHomeDir !== null) {
$this->import('Files');
$strUserDir = standardize($arrData['username']) ?: 'user_' . $insertId;
// Add the user ID if the directory exists
while (is_dir(TL_ROOT . '/' . $objHomeDir->path . '/' . $strUserDir)) {
$strUserDir .= '_' . $insertId;
}
// Create the user folder
new \Folder($objHomeDir->path . '/' . $strUserDir);
$objUserDir = \FilesModel::findByPath($objHomeDir->path . '/' . $strUserDir);
// Save the folder ID
$objNewUser->assignDir = 1;
$objNewUser->homeDir = $objUserDir->uuid;
$objNewUser->save();
}
}
// HOOK: send insert ID and user data
if (isset($GLOBALS['TL_HOOKS']['createNewUser']) && is_array($GLOBALS['TL_HOOKS']['createNewUser'])) {
foreach ($GLOBALS['TL_HOOKS']['createNewUser'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($insertId, $arrData, $this);
}
}
// Inform admin if no activation link is sent
if (!$this->reg_activate) {
$this->sendAdminNotification($insertId, $arrData);
}
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
/**
* Generate the widget and return it as string
* @return string
*/
public function generate()
{
$type = $this->hideInput ? 'password' : 'text';
if (!$this->multiple) {
// Hide the Punycode format (see #2750)
if ($this->rgxp == 'email' || $this->rgxp == 'url') {
$this->varValue = \Idna::decode($this->varValue);
}
return sprintf('<input type="%s" name="%s" id="ctrl_%s" class="tl_text%s" value="%s"%s onfocus="Backend.getScrollOffset()">%s', $type, $this->strName, $this->strId, $this->strClass != '' ? ' ' . $this->strClass : '', specialchars($this->varValue), $this->getAttributes(), $this->wizard);
}
// Return if field size is missing
if (!$this->size) {
return '';
}
if (!is_array($this->varValue)) {
$this->varValue = array($this->varValue);
}
$arrFields = array();
for ($i = 0; $i < $this->size; $i++) {
$arrFields[] = sprintf('<input type="%s" name="%s[]" id="ctrl_%s" class="tl_text_%s" value="%s"%s onfocus="Backend.getScrollOffset()">', $type, $this->strName, $this->strId . '_' . $i, $this->size, specialchars(@$this->varValue[$i]), $this->getAttributes());
}
return sprintf('<div id="ctrl_%s"%s>%s</div>%s', $this->strId, $this->strClass != '' ? ' class="' . $this->strClass . '"' : '', implode(' ', $arrFields), $this->wizard);
}
/**
* Replace insert tags with their values
*
* @param string $strBuffer The text with the tags to be replaced
* @param boolean $blnCache If false, non-cacheable tags will be replaced
*
* @return string The text with the replaced tags
*/
protected function doReplace($strBuffer, $blnCache)
{
/** @var PageModel $objPage */
global $objPage;
// Preserve insert tags
if (\Config::get('disableInsertTags')) {
return \StringUtil::restoreBasicEntities($strBuffer);
}
$tags = preg_split('/{{([^{}]+)}}/', $strBuffer, -1, PREG_SPLIT_DELIM_CAPTURE);
if (count($tags) < 2) {
return \StringUtil::restoreBasicEntities($strBuffer);
}
$strBuffer = '';
// Create one cache per cache setting (see #7700)
static $arrItCache;
$arrCache =& $arrItCache[$blnCache];
for ($_rit = 0, $_cnt = count($tags); $_rit < $_cnt; $_rit += 2) {
$strBuffer .= $tags[$_rit];
$strTag = $tags[$_rit + 1];
// Skip empty tags
if ($strTag == '') {
continue;
}
$flags = explode('|', $strTag);
$tag = array_shift($flags);
$elements = explode('::', $tag);
// Load the value from cache
if (isset($arrCache[$strTag]) && !in_array('refresh', $flags)) {
$strBuffer .= $arrCache[$strTag];
continue;
}
// Skip certain elements if the output will be cached
if ($blnCache) {
if ($elements[0] == 'date' || $elements[0] == 'ua' || $elements[0] == 'post' || $elements[0] == 'file' || $elements[1] == 'back' || $elements[1] == 'referer' || $elements[0] == 'request_token' || $elements[0] == 'toggle_view' || strncmp($elements[0], 'cache_', 6) === 0 || in_array('uncached', $flags)) {
$strBuffer .= '{{' . $strTag . '}}';
continue;
}
}
$arrCache[$strTag] = '';
// Replace the tag
switch (strtolower($elements[0])) {
// Date
case 'date':
$arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('dateFormat'));
break;
// Accessibility tags
// Accessibility tags
case 'lang':
if ($elements[1] == '') {
$arrCache[$strTag] = '</span>';
} else {
$arrCache[$strTag] = $arrCache[$strTag] = '<span lang="' . $elements[1] . '">';
}
break;
// Line break
// Line break
case 'br':
$arrCache[$strTag] = '<br>';
break;
// E-mail addresses
// E-mail addresses
case 'email':
case 'email_open':
case 'email_url':
if ($elements[1] == '') {
$arrCache[$strTag] = '';
break;
}
$strEmail = \StringUtil::encodeEmail($elements[1]);
// Replace the tag
switch (strtolower($elements[0])) {
case 'email':
$arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" class="email">' . preg_replace('/\\?.*$/', '', $strEmail) . '</a>';
break;
case 'email_open':
$arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" title="' . $strEmail . '" class="email">';
break;
case 'email_url':
$arrCache[$strTag] = $strEmail;
break;
}
break;
// Label tags
// Label tags
case 'label':
$keys = explode(':', $elements[1]);
if (count($keys) < 2) {
$arrCache[$strTag] = '';
break;
}
$file = $keys[0];
// Map the key (see #7217)
switch ($file) {
case 'CNT':
$file = 'countries';
break;
case 'LNG':
$file = 'languages';
break;
case 'MOD':
case 'FMD':
$file = 'modules';
break;
case 'FFL':
$file = 'tl_form_field';
break;
case 'CACHE':
$file = 'tl_page';
break;
case 'XPL':
$file = 'explain';
break;
case 'XPT':
$file = 'exception';
break;
case 'MSC':
case 'ERR':
case 'CTE':
case 'PTY':
case 'FOP':
case 'CHMOD':
case 'DAYS':
case 'MONTHS':
case 'UNITS':
case 'CONFIRM':
case 'DP':
case 'COLS':
$file = 'default';
break;
}
\System::loadLanguageFile($file);
if (count($keys) == 2) {
$arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]];
} else {
$arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]][$keys[2]];
}
break;
// Front end user
// Front end user
case 'user':
if (FE_USER_LOGGED_IN) {
$this->import('FrontendUser', 'User');
$value = $this->User->{$elements[1]};
if ($value == '') {
$arrCache[$strTag] = $value;
break;
}
$this->loadDataContainer('tl_member');
if ($GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['inputType'] == 'password') {
$arrCache[$strTag] = '';
break;
}
$value = \StringUtil::deserialize($value);
// Decrypt the value
if ($GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['eval']['encrypt']) {
$value = \Encryption::decrypt($value);
}
$rgxp = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['eval']['rgxp'];
$opts = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['options'];
$rfrc = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['reference'];
if ($rgxp == 'date') {
$arrCache[$strTag] = \Date::parse(\Config::get('dateFormat'), $value);
} elseif ($rgxp == 'time') {
$arrCache[$strTag] = \Date::parse(\Config::get('timeFormat'), $value);
} elseif ($rgxp == 'datim') {
$arrCache[$strTag] = \Date::parse(\Config::get('datimFormat'), $value);
} elseif (is_array($value)) {
$arrCache[$strTag] = implode(', ', $value);
} elseif (is_array($opts) && array_is_assoc($opts)) {
$arrCache[$strTag] = isset($opts[$value]) ? $opts[$value] : $value;
} elseif (is_array($rfrc)) {
$arrCache[$strTag] = isset($rfrc[$value]) ? is_array($rfrc[$value]) ? $rfrc[$value][0] : $rfrc[$value] : $value;
} else {
$arrCache[$strTag] = $value;
}
// Convert special characters (see #1890)
$arrCache[$strTag] = \StringUtil::specialchars($arrCache[$strTag]);
}
break;
// Link
// Link
case 'link':
case 'link_open':
case 'link_url':
case 'link_title':
case 'link_target':
case 'link_name':
$strTarget = null;
// Back link
if ($elements[1] == 'back') {
$strUrl = 'javascript:history.go(-1)';
$strTitle = $GLOBALS['TL_LANG']['MSC']['goBack'];
// No language files if the page is cached
if (!strlen($strTitle)) {
$strTitle = 'Go back';
}
$strName = $strTitle;
} elseif (strncmp($elements[1], 'http://', 7) === 0 || strncmp($elements[1], 'https://', 8) === 0) {
$strUrl = $elements[1];
$strTitle = $elements[1];
$strName = str_replace(array('http://', 'https://'), '', $elements[1]);
} else {
// User login page
if ($elements[1] == 'login') {
if (!FE_USER_LOGGED_IN) {
break;
}
$this->import('FrontendUser', 'User');
$elements[1] = $this->User->loginPage;
}
$objNextPage = \PageModel::findByIdOrAlias($elements[1]);
if ($objNextPage === null) {
break;
}
// Page type specific settings (thanks to Andreas Schempp)
switch ($objNextPage->type) {
case 'redirect':
$strUrl = $objNextPage->url;
if (strncasecmp($strUrl, 'mailto:', 7) === 0) {
$strUrl = \StringUtil::encodeEmail($strUrl);
}
break;
case 'forward':
if ($objNextPage->jumpTo) {
/** @var PageModel $objNext */
$objNext = $objNextPage->getRelated('jumpTo');
} else {
$objNext = \PageModel::findFirstPublishedRegularByPid($objNextPage->id);
}
if ($objNext instanceof PageModel) {
$strUrl = $objNext->getFrontendUrl();
break;
}
// DO NOT ADD A break; STATEMENT
// DO NOT ADD A break; STATEMENT
default:
$strUrl = $objNextPage->getFrontendUrl();
break;
}
$strName = $objNextPage->title;
$strTarget = $objNextPage->target ? ' target="_blank"' : '';
$strTitle = $objNextPage->pageTitle ?: $objNextPage->title;
}
// Replace the tag
switch (strtolower($elements[0])) {
case 'link':
$arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>%s</a>', $strUrl, \StringUtil::specialchars($strTitle), $strTarget, $strName);
break;
case 'link_open':
$arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>', $strUrl, \StringUtil::specialchars($strTitle), $strTarget);
break;
case 'link_url':
$arrCache[$strTag] = $strUrl;
break;
case 'link_title':
$arrCache[$strTag] = \StringUtil::specialchars($strTitle);
break;
case 'link_target':
$arrCache[$strTag] = $strTarget;
break;
case 'link_name':
$arrCache[$strTag] = $strName;
break;
}
break;
// Closing link tag
// Closing link tag
case 'link_close':
case 'email_close':
$arrCache[$strTag] = '</a>';
break;
// Insert article
// Insert article
case 'insert_article':
if (($strOutput = $this->getArticle($elements[1], false, true)) !== false) {
$arrCache[$strTag] = ltrim($strOutput);
} else {
$arrCache[$strTag] = '<p class="error">' . sprintf($GLOBALS['TL_LANG']['MSC']['invalidPage'], $elements[1]) . '</p>';
}
break;
// Insert content element
// Insert content element
case 'insert_content':
$arrCache[$strTag] = $this->getContentElement($elements[1]);
break;
// Insert module
// Insert module
case 'insert_module':
$arrCache[$strTag] = $this->getFrontendModule($elements[1]);
break;
// Insert form
// Insert form
case 'insert_form':
$arrCache[$strTag] = $this->getForm($elements[1]);
break;
// Article
// Article
case 'article':
case 'article_open':
case 'article_url':
case 'article_title':
if (($objArticle = \ArticleModel::findByIdOrAlias($elements[1])) === null || !($objPid = $objArticle->getRelated('pid')) instanceof PageModel) {
break;
}
/** @var PageModel $objPid */
$strUrl = $objPid->getFrontendUrl('/articles/' . ($objArticle->alias ?: $objArticle->id));
// Replace the tag
switch (strtolower($elements[0])) {
case 'article':
$arrCache[$strTag] = sprintf('<a href="%s" title="%s">%s</a>', $strUrl, \StringUtil::specialchars($objArticle->title), $objArticle->title);
break;
case 'article_open':
$arrCache[$strTag] = sprintf('<a href="%s" title="%s">', $strUrl, \StringUtil::specialchars($objArticle->title));
break;
case 'article_url':
$arrCache[$strTag] = $strUrl;
break;
case 'article_title':
$arrCache[$strTag] = \StringUtil::specialchars($objArticle->title);
break;
}
break;
// Article teaser
// Article teaser
case 'article_teaser':
$objTeaser = \ArticleModel::findByIdOrAlias($elements[1]);
if ($objTeaser !== null) {
$arrCache[$strTag] = \StringUtil::toHtml5($objTeaser->teaser);
}
break;
// Last update
// Last update
case 'last_update':
$strQuery = "SELECT MAX(tstamp) AS tc";
$bundles = \System::getContainer()->getParameter('kernel.bundles');
if (isset($bundles['ContaoNewsBundle'])) {
$strQuery .= ", (SELECT MAX(tstamp) FROM tl_news) AS tn";
}
if (isset($bundles['ContaoCalendarBundle'])) {
$strQuery .= ", (SELECT MAX(tstamp) FROM tl_calendar_events) AS te";
}
$strQuery .= " FROM tl_content";
$objUpdate = \Database::getInstance()->query($strQuery);
if ($objUpdate->numRows) {
$arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('datimFormat'), max($objUpdate->tc, $objUpdate->tn, $objUpdate->te));
}
break;
// Version
// Version
case 'version':
$arrCache[$strTag] = VERSION . '.' . BUILD;
break;
// Request token
// Request token
case 'request_token':
$arrCache[$strTag] = REQUEST_TOKEN;
break;
// POST data
// POST data
case 'post':
$arrCache[$strTag] = \Input::post($elements[1]);
break;
// Mobile/desktop toggle (see #6469)
// Mobile/desktop toggle (see #6469)
case 'toggle_view':
$strUrl = ampersand(\Environment::get('request'));
$strGlue = strpos($strUrl, '?') === false ? '?' : '&';
if (\Input::cookie('TL_VIEW') == 'mobile' || \Environment::get('agent')->mobile && \Input::cookie('TL_VIEW') != 'desktop') {
$arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=desktop" class="toggle_desktop" title="' . \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['toggleDesktop'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleDesktop'][0] . '</a>';
} else {
$arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=mobile" class="toggle_mobile" title="' . \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['toggleMobile'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleMobile'][0] . '</a>';
}
break;
// Conditional tags (if)
// Conditional tags (if)
case 'iflng':
if ($elements[1] != '' && $elements[1] != $objPage->language) {
for (; $_rit < $_cnt; $_rit += 2) {
if ($tags[$_rit + 1] == 'iflng' || $tags[$_rit + 1] == 'iflng::' . $objPage->language) {
break;
}
}
}
unset($arrCache[$strTag]);
break;
// Conditional tags (if not)
// Conditional tags (if not)
case 'ifnlng':
if ($elements[1] != '') {
$langs = \StringUtil::trimsplit(',', $elements[1]);
if (in_array($objPage->language, $langs)) {
for (; $_rit < $_cnt; $_rit += 2) {
if ($tags[$_rit + 1] == 'ifnlng') {
break;
}
}
}
}
unset($arrCache[$strTag]);
break;
// Environment
// Environment
case 'env':
switch ($elements[1]) {
case 'host':
$arrCache[$strTag] = \Idna::decode(\Environment::get('host'));
break;
case 'http_host':
$arrCache[$strTag] = \Idna::decode(\Environment::get('httpHost'));
break;
case 'url':
$arrCache[$strTag] = \Idna::decode(\Environment::get('url'));
break;
case 'path':
$arrCache[$strTag] = \Idna::decode(\Environment::get('base'));
break;
case 'request':
$arrCache[$strTag] = \Environment::get('indexFreeRequest');
break;
case 'ip':
$arrCache[$strTag] = \Environment::get('ip');
break;
case 'referer':
$arrCache[$strTag] = $this->getReferer(true);
break;
case 'files_url':
$arrCache[$strTag] = TL_FILES_URL;
break;
case 'assets_url':
case 'plugins_url':
case 'script_url':
$arrCache[$strTag] = TL_ASSETS_URL;
break;
case 'base_url':
$arrCache[$strTag] = \System::getContainer()->get('request_stack')->getCurrentRequest()->getBaseUrl();
break;
}
break;
// Page
// Page
case 'page':
if ($elements[1] == 'pageTitle' && $objPage->pageTitle == '') {
$elements[1] = 'title';
} elseif ($elements[1] == 'parentPageTitle' && $objPage->parentPageTitle == '') {
$elements[1] = 'parentTitle';
} elseif ($elements[1] == 'mainPageTitle' && $objPage->mainPageTitle == '') {
$elements[1] = 'mainTitle';
}
// Do not use \StringUtil::specialchars() here (see #4687)
$arrCache[$strTag] = $objPage->{$elements[1]};
break;
// User agent
// User agent
case 'ua':
$ua = \Environment::get('agent');
if ($elements[1] != '') {
$arrCache[$strTag] = $ua->{$elements[1]};
} else {
$arrCache[$strTag] = '';
}
break;
// Abbreviations
// Abbreviations
case 'abbr':
case 'acronym':
if ($elements[1] != '') {
$arrCache[$strTag] = '<abbr title="' . $elements[1] . '">';
} else {
$arrCache[$strTag] = '</abbr>';
}
break;
// Images
// Images
case 'image':
case 'picture':
$width = null;
$height = null;
$alt = '';
$class = '';
$rel = '';
$strFile = $elements[1];
$mode = '';
$size = null;
$strTemplate = 'picture_default';
// Take arguments
if (strpos($elements[1], '?') !== false) {
$arrChunks = explode('?', urldecode($elements[1]), 2);
$strSource = \StringUtil::decodeEntities($arrChunks[1]);
$strSource = str_replace('[&]', '&', $strSource);
$arrParams = explode('&', $strSource);
foreach ($arrParams as $strParam) {
list($key, $value) = explode('=', $strParam);
switch ($key) {
case 'width':
$width = $value;
break;
case 'height':
$height = $value;
break;
case 'alt':
$alt = \StringUtil::specialchars($value);
break;
case 'class':
$class = $value;
break;
case 'rel':
$rel = $value;
break;
case 'mode':
$mode = $value;
break;
case 'size':
$size = (int) $value;
break;
case 'template':
$strTemplate = preg_replace('/[^a-z0-9_]/i', '', $value);
break;
}
}
$strFile = $arrChunks[0];
}
if (\Validator::isUuid($strFile)) {
// Handle UUIDs
$objFile = \FilesModel::findByUuid($strFile);
if ($objFile === null) {
$arrCache[$strTag] = '';
break;
}
$strFile = $objFile->path;
} elseif (is_numeric($strFile)) {
// Handle numeric IDs (see #4805)
$objFile = \FilesModel::findByPk($strFile);
if ($objFile === null) {
$arrCache[$strTag] = '';
break;
}
$strFile = $objFile->path;
} else {
// Check the path
if (\Validator::isInsecurePath($strFile)) {
throw new \RuntimeException('Invalid path ' . $strFile);
}
}
// Check the maximum image width
if (\Config::get('maxImageWidth') > 0 && $width > \Config::get('maxImageWidth')) {
$width = \Config::get('maxImageWidth');
$height = null;
}
// Generate the thumbnail image
try {
// Image
if (strtolower($elements[0]) == 'image') {
$dimensions = '';
$imageObj = \Image::create($strFile, array($width, $height, $mode));
$src = $imageObj->executeResize()->getResizedPath();
$objFile = new \File(rawurldecode($src));
// Add the image dimensions
if (($imgSize = $objFile->imageSize) !== false) {
$dimensions = ' width="' . $imgSize[0] . '" height="' . $imgSize[1] . '"';
}
$arrCache[$strTag] = '<img src="' . TL_FILES_URL . $src . '" ' . $dimensions . ' alt="' . $alt . '"' . ($class != '' ? ' class="' . $class . '"' : '') . '>';
} else {
$picture = \Picture::create($strFile, array(0, 0, $size))->getTemplateData();
$picture['alt'] = $alt;
$picture['class'] = $class;
$pictureTemplate = new \FrontendTemplate($strTemplate);
$pictureTemplate->setData($picture);
$arrCache[$strTag] = $pictureTemplate->parse();
}
// Add a lightbox link
if ($rel != '') {
if (strncmp($rel, 'lightbox', 8) !== 0) {
$attribute = ' rel="' . $rel . '"';
} else {
$attribute = ' data-lightbox="' . substr($rel, 8) . '"';
}
$arrCache[$strTag] = '<a href="' . TL_FILES_URL . $strFile . '"' . ($alt != '' ? ' title="' . $alt . '"' : '') . $attribute . '>' . $arrCache[$strTag] . '</a>';
}
} catch (\Exception $e) {
$arrCache[$strTag] = '';
}
break;
// Files (UUID or template path)
// Files (UUID or template path)
case 'file':
if (\Validator::isUuid($elements[1])) {
$objFile = \FilesModel::findByUuid($elements[1]);
if ($objFile !== null) {
$arrCache[$strTag] = $objFile->path;
break;
}
}
$arrGet = $_GET;
\Input::resetCache();
$strFile = $elements[1];
// Take arguments and add them to the $_GET array
if (strpos($elements[1], '?') !== false) {
$arrChunks = explode('?', urldecode($elements[1]));
$strSource = \StringUtil::decodeEntities($arrChunks[1]);
$strSource = str_replace('[&]', '&', $strSource);
$arrParams = explode('&', $strSource);
foreach ($arrParams as $strParam) {
$arrParam = explode('=', $strParam);
$_GET[$arrParam[0]] = $arrParam[1];
}
$strFile = $arrChunks[0];
}
// Check the path
if (\Validator::isInsecurePath($strFile)) {
throw new \RuntimeException('Invalid path ' . $strFile);
}
// Include .php, .tpl, .xhtml and .html5 files
if (preg_match('/\\.(php|tpl|xhtml|html5)$/', $strFile) && file_exists(TL_ROOT . '/templates/' . $strFile)) {
ob_start();
include TL_ROOT . '/templates/' . $strFile;
$arrCache[$strTag] = ob_get_clean();
}
$_GET = $arrGet;
\Input::resetCache();
break;
// HOOK: pass unknown tags to callback functions
// HOOK: pass unknown tags to callback functions
default:
if (isset($GLOBALS['TL_HOOKS']['replaceInsertTags']) && is_array($GLOBALS['TL_HOOKS']['replaceInsertTags'])) {
foreach ($GLOBALS['TL_HOOKS']['replaceInsertTags'] as $callback) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($tag, $blnCache, $arrCache[$strTag], $flags, $tags, $arrCache, $_rit, $_cnt);
// see #6672
// Replace the tag and stop the loop
if ($varValue !== false) {
$arrCache[$strTag] = $varValue;
break;
}
}
}
if (\Config::get('debugMode')) {
$GLOBALS['TL_DEBUG']['unknown_insert_tags'][] = $strTag;
}
break;
}
// Handle the flags
if (!empty($flags)) {
foreach ($flags as $flag) {
switch ($flag) {
case 'addslashes':
case 'stripslashes':
case 'standardize':
case 'ampersand':
case 'specialchars':
case 'nl2br':
case 'nl2br_pre':
case 'strtolower':
case 'utf8_strtolower':
case 'strtoupper':
case 'utf8_strtoupper':
case 'ucfirst':
case 'lcfirst':
case 'ucwords':
case 'trim':
case 'rtrim':
case 'ltrim':
case 'utf8_romanize':
case 'strrev':
case 'urlencode':
case 'rawurlencode':
$arrCache[$strTag] = $flag($arrCache[$strTag]);
break;
case 'encodeEmail':
case 'decodeEntities':
$arrCache[$strTag] = \StringUtil::$flag($arrCache[$strTag]);
break;
case 'number_format':
$arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 0);
break;
case 'currency_format':
$arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 2);
break;
case 'readable_size':
$arrCache[$strTag] = \System::getReadableSize($arrCache[$strTag]);
break;
case 'flatten':
if (!is_array($arrCache[$strTag])) {
break;
}
$it = new \RecursiveIteratorIterator(new \RecursiveArrayIterator($arrCache[$strTag]));
$result = array();
foreach ($it as $leafValue) {
$keys = array();
foreach (range(0, $it->getDepth()) as $depth) {
$keys[] = $it->getSubIterator($depth)->key();
}
$result[] = implode('.', $keys) . ': ' . $leafValue;
}
$arrCache[$strTag] = implode(', ', $result);
break;
// HOOK: pass unknown flags to callback functions
// HOOK: pass unknown flags to callback functions
default:
if (isset($GLOBALS['TL_HOOKS']['insertTagFlags']) && is_array($GLOBALS['TL_HOOKS']['insertTagFlags'])) {
foreach ($GLOBALS['TL_HOOKS']['insertTagFlags'] as $callback) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($flag, $tag, $arrCache[$strTag], $flags, $blnCache, $tags, $arrCache, $_rit, $_cnt);
// see #5806
// Replace the tag and stop the loop
if ($varValue !== false) {
$arrCache[$strTag] = $varValue;
break;
}
}
}
if (\Config::get('debugMode')) {
$GLOBALS['TL_DEBUG']['unknown_insert_tag_flags'][] = $flag;
}
break;
}
}
}
$strBuffer .= $arrCache[$strTag];
}
return \StringUtil::restoreBasicEntities($strBuffer);
}
/**
* Extract the e-mail addresses from the func_get_args() arguments
*
* @param array $arrRecipients The recipients array
*
* @return array An array of e-mail addresses
*/
protected function compileRecipients($arrRecipients)
{
$arrReturn = array();
foreach ($arrRecipients as $varRecipients) {
if (!is_array($varRecipients)) {
$varRecipients = \String::splitCsv($varRecipients);
}
// Support friendly name addresses and internationalized domain names
foreach ($varRecipients as $v) {
list($strName, $strEmail) = \String::splitFriendlyEmail($v);
$strName = trim($strName, ' "');
$strEmail = \Idna::encodeEmail($strEmail);
if ($strName != '') {
$arrReturn[$strEmail] = $strName;
} else {
$arrReturn[] = $strEmail;
}
}
}
return $arrReturn;
}
/**
* Valid URL with special characters allowed (see #6402)
*
* @param mixed $varValue The value to be validated
*
* @return boolean True if the value is a valid URL
*/
public static function isUrl($varValue)
{
return preg_match('/^[\\w\\/.*+?$#%:,;{}()[\\]@&!=~-]+$/u', \Idna::encodeUrl($varValue));
}
public function sendUnSubscribeMail($channels, $subject = '', $text = '')
{
$objChannel = \Database::getInstance()->prepare("SELECT * FROM tl_newsletter_channel WHERE id IN (" . implode(',', $channels) . ")")->limit(1)->execute();
$objEmail = new \Email();
if (empty($subject)) {
$subject = $objChannel->first()->nl_unsubscribe_subject;
}
if (empty($text)) {
$text = $objChannel->first()->nl_unsubscribe_text;
}
$strSubject = str_replace(array('##channel##', '##channels##'), implode(",", $objChannel->fetchEach('title')), $subject);
$strText = str_replace('##salutation##', $this->getSalutation(), $text);
$strText = str_replace('##domain##', \Idna::decode(\Environment::get('host')), $strText);
$strText = str_replace('##link##', \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $this->token, $strText);
$strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText);
$objEmail->from = $objChannel->first()->nl_unsubscribe_sender_mail ? $objChannel->first()->nl_unsubscribe_sender_mail : $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $objChannel->first()->nl_unsubscribe_sender_name ? $objChannel->first()->nl_unsubscribe_sender_name : $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = $this->replaceInsertTags($strSubject);
$objEmail->text = $this->replaceInsertTags($strText);
if ($objEmail->sendTo($this->email)) {
$_SESSION['UNSUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_removed'];
return true;
}
return false;
}
/**
* Create a new user and redirect
* @param object
*/
protected function sendPasswordLink($objMember)
{
$arrChunks = array();
$confirmationId = md5(uniqid(mt_rand(), true));
// Store the confirmation ID
$objMember = \MemberModel::findByPk($objMember->id);
$objMember->activation = $confirmationId;
$objMember->save();
$strConfirmation = $this->reg_password;
preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks);
foreach ($arrChunks[0] as $strChunk) {
$strKey = substr($strChunk, 2, -2);
switch ($strKey) {
case 'domain':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation);
break;
case 'link':
$strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId, $strConfirmation);
break;
default:
try {
$strConfirmation = str_replace($strChunk, $objMember->{$strKey}, $strConfirmation);
} catch (\Exception $e) {
$strConfirmation = str_replace($strChunk, '', $strConfirmation);
$this->log('Invalid wildcard "' . $strKey . '" used in password request e-mail', __METHOD__, TL_GENERAL, $e->getMessage());
}
break;
}
}
// Send e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = $strConfirmation;
$objEmail->sendTo($objMember->email);
$this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS);
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
/**
* Tries to parse a string and to get the domain name, tld and idn
* converted domain name.
*
* If given string is not a domain name, it will add a default tld.
*
* Also skips given string if it is longer than 63 characters.
*
* @throws instance of AbstractException if throwExceptions = true
* @param string $unparsedString
* @param string $defaultTld
* @return void
*/
public function parse($unparsedString, $defaultTld = 'com')
{
try {
if ($this->loaded === false) {
$this->load();
}
$matchedDomain = '';
$matchedDomainIdn = '';
$matchedTld = '';
$matchedTldIdn = '';
$validHostname = true;
$IdnaConverter = new Idna(array('idn_version' => 2008));
preg_match('/^((http|https|ftp|ftps|news|ssh|sftp|gopher):[\\/]{2,})?([^\\/]+)/', mb_strtolower(trim($unparsedString), $this->encoding), $matches);
$parsedString = end($matches);
foreach ($this->tldList['content'] as $tld) {
if (preg_match('/\\.' . $tld . '$/', $parsedString, $trash)) {
$matchedTld = $tld;
$matchedTldIdn = $IdnaConverter->encode($tld);
$matchedDomain = str_replace('.' . $matchedTld, '', $parsedString);
$matchedDomain = rtrim($matchedDomain, '.');
$matchedDomain = ltrim($matchedDomain, '.');
if ($matchedTld != 'name' && strpos($matchedDomain, '.')) {
$matchedDomain = str_replace('.', '', strrchr($matchedDomain, '.'));
}
if (strpos($matchedDomain, ' ')) {
$matchedDomain = explode(' ', $matchedDomain);
$matchedDomain = end($matchedDomain);
}
$matchedDomainIdn = $IdnaConverter->encode($matchedDomain);
break;
}
if ($tld == $parsedString) {
$matchedTld = $tld;
$matchedTldIdn = $IdnaConverter->encode($tld);
break;
}
}
if ($matchedDomain == '' && strlen($matchedDomainIdn) <= 63 && $matchedTld == '') {
$matchedDomain = $IdnaConverter->decode(preg_replace_callback('/[^a-zA-Z0-9\\-\\.]/', function ($match) use(&$validHostname) {
$validHostname = false;
}, $IdnaConverter->encode($parsedString)));
$matchedDomainIdn = $IdnaConverter->encode($matchedDomain);
$matchedTld = $matchedTldIdn = $defaultTld;
} elseif ($matchedDomain != '' && strlen($matchedDomainIdn) <= 63 && $matchedTld != '') {
$matchedDomain = $IdnaConverter->decode(preg_replace_callback('/[^a-zA-Z0-9\\-\\.]/', function ($match) use(&$validHostname) {
$validHostname = false;
}, $IdnaConverter->encode($matchedDomain)));
$matchedDomainIdn = $IdnaConverter->encode($matchedDomain);
} elseif ($matchedDomain == '' && $matchedTld != '') {
$validHostname = false;
} else {
throw \DomainParser\AbstractException::factory('UnparsableString', 'Unparsable domain name.');
}
$Result = new Result($matchedDomain, $matchedDomainIdn, $matchedTld, $matchedTldIdn, $validHostname);
} catch (\DomainParser\AbstractException $e) {
if ($this->throwExceptions) {
throw $e;
}
$Result = new Result();
$Result->error = $e->getMessage();
}
return $Result->get($this->format);
}
/**
* Add a new recipient
*/
protected function addRecipient()
{
if (!\Environment::get('isAjaxRequest')) {
return parent::addRecipient();
}
$arrChannels = \Input::post('channels');
if (!is_array($arrChannels)) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels'];
return false;
}
$arrChannels = array_intersect($arrChannels, $this->nl_channels);
// see #3240
// Check the selection
if (!is_array($arrChannels) || empty($arrChannels)) {
$_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels'];
return false;
}
$varInput = \Idna::encodeEmail(\Input::post('email', true));
// Validate the e-mail address
if (!\Validator::isEmail($varInput)) {
$_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['email'];
return false;
}
$arrSubscriptions = array();
// Get the existing active subscriptions
if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) {
$arrSubscriptions = $objSubscription->fetchEach('pid');
}
$arrNew = array_diff($arrChannels, $arrSubscriptions);
// Return if there are no new subscriptions
if (!is_array($arrNew) || empty($arrNew)) {
$_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['subscribed'];
return false;
}
// Remove old subscriptions that have not been activated yet
if (($objOld = \NewsletterRecipientsModel::findBy(array("email=? AND active=''"), $varInput)) !== null) {
while ($objOld->next()) {
$objOld->delete();
}
}
$time = time();
$strToken = md5(uniqid(mt_rand(), true));
// Add the new subscriptions
foreach ($arrNew as $id) {
$objRecipient = new \NewsletterRecipientsModel();
$objRecipient->pid = $id;
$objRecipient->tstamp = $time;
$objRecipient->email = $varInput;
$objRecipient->active = '';
$objRecipient->addedOn = $time;
$objRecipient->ip = $this->anonymizeIp(\Environment::get('ip'));
$objRecipient->token = $strToken;
$objRecipient->confirmed = '';
$objRecipient->save();
}
// Get the channels
$objChannel = \NewsletterChannelModel::findByIds($arrChannels);
// Prepare the e-mail text
$strText = str_replace('##token##', $strToken, $this->nl_subscribe);
$strText = str_replace('##domain##', \Idna::decode(\Environment::get('host')), $strText);
$strText = str_replace('##link##', \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $strToken, $strText);
$strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText);
// Activation e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = $strText;
$objEmail->sendTo($varInput);
// Redirect to the jumpTo page
if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) {
$this->redirect($this->generateFrontendUrl($objTarget->row()));
}
$_SESSION['SUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_confirm'];
return true;
}
/**
* the constructor
*
* @param array $options
* @return boolean
* @since 0.5.2
*/
public function __construct($options = false)
{
$this->slast = $this->_sbase + $this->_lcount * $this->_vcount * $this->_tcount;
// If parameters are given, pass these to the respective method
if (is_array($options)) {
$this->set_parameter($options);
}
// populate mbstring overloading cache if not set
if (self::$_mb_string_overload === null) {
self::$_mb_string_overload = extension_loaded('mbstring') && (ini_get('mbstring.func_overload') & 0x2) === 0x2;
}
}
/**
* Add a form to create new testimonials
* @param \FrontendTemplate
* @param \stdClass
* @param string
* @param integer
* @param array
*/
protected function renderTestimonialForm(\FrontendTemplate $objTemplate, \stdClass $objConfig, $intParent)
{
$this->import('FrontendUser', 'User');
// Access control
if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) {
$objTemplate->requireLogin = true;
return;
}
// Form fields
$arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_name'])), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_email'])), 'url' => array('name' => 'url', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_url'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_url'])), 'company' => array('name' => 'company', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_company'], 'inputType' => 'text', 'eval' => array('maxlength' => 128, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_company'])), 'title' => array('name' => 'title', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_title'], 'inputType' => 'text', 'eval' => array('maxlength' => 128, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_title'])));
if ($objConfig->enableVoteField1 && $objConfig->addVote) {
$arrFields['votefield1'] = array('name' => 'votefield1', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield1'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField2 && $objConfig->addVote) {
$arrFields['votefield2'] = array('name' => 'votefield2', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield2'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField3 && $objConfig->addVote) {
$arrFields['votefield3'] = array('name' => 'votefield3', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield3'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField4 && $objConfig->addVote) {
$arrFields['votefield4'] = array('name' => 'votefield4', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield4'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField5 && $objConfig->addVote) {
$arrFields['votefield5'] = array('name' => 'votefield5', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield5'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
if ($objConfig->enableVoteField6 && $objConfig->addVote) {
$arrFields['votefield6'] = array('name' => 'votefield6', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield6'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;'));
}
// Captcha
if (!$objConfig->disableCaptcha) {
$arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true));
}
// Testimonial field
$arrFields['testimonial'] = array('name' => 'testimonial', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_testimonial'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 15, 'cols' => 40, 'preserveTags' => true));
$doNotSubmit = false;
$arrWidgets = array();
$strFormId = 'jedo_testimonials_' . $intParent;
// Initialize the widgets
foreach ($arrFields as $arrField) {
$strClass = $GLOBALS['TL_FFL'][$arrField['inputType']];
// Continue if the class is not defined
if (!class_exists($strClass)) {
continue;
}
$arrField['eval']['required'] = $arrField['eval']['mandatory'];
$objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value']));
// Validate the widget
if (\Input::post('FORM_SUBMIT') == $strFormId) {
$objWidget->validate();
if ($objWidget->hasErrors()) {
$doNotSubmit = true;
}
}
$arrWidgets[$arrField['name']] = $objWidget;
}
$objTemplate->fields = $arrWidgets;
$objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit'];
$objTemplate->action = ampersand(\Environment::get('request'));
$objTemplate->messages = '';
// Backwards compatibility
$objTemplate->formId = $strFormId;
$objTemplate->hasError = $doNotSubmit;
// Do not index or cache the page with the confirmation message
if ($_SESSION['TL_TESTIMONIAL_ADDED']) {
global $objPage;
$objPage->noSearch = 1;
$objPage->cache = 0;
$objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm'];
$_SESSION['TL_TESTIMONIAL_ADDED'] = false;
}
// Store the testimonial
if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) {
$strWebsite = $arrWidgets['url']->value;
if ($strWebsite == $GLOBALS['TL_LANG']['MSC']['tm_url']) {
$strWebsite = '';
}
// Add http:// to the website
if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) {
$strWebsite = 'http://' . $strWebsite;
}
// Do not parse any tags in the testimonial
$strTestimonial = htmlspecialchars(trim($arrWidgets['testimonial']->value));
$strTestimonial = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strTestimonial);
// Remove multiple line feeds
$strTestimonial = preg_replace('@\\n\\n+@', "\n\n", $strTestimonial);
// Parse BBCode
if ($objConfig->bbcode) {
$strTestimonial = $this->parseBbCode($strTestimonial);
}
// Prevent cross-site request forgeries
$strTestimonial = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strTestimonial);
$time = time();
if ($objConfig->addVote) {
// make the totalvote object
$fields = 0;
$value = 0.0;
if ($objConfig->enableVoteField1) {
$arrWidgets['votefield1']->value = $this->getRatingValue($arrWidgets['votefield1']->value);
$value = $value + $arrWidgets['votefield1']->value;
$fields++;
}
if ($objConfig->enableVoteField2) {
$arrWidgets['votefield2']->value = $this->getRatingValue($arrWidgets['votefield2']->value);
$value = $value + $arrWidgets['votefield2']->value;
$fields++;
}
if ($objConfig->enableVoteField3) {
$arrWidgets['votefield3']->value = $this->getRatingValue($arrWidgets['votefield3']->value);
$value = $value + $arrWidgets['votefield3']->value;
$fields++;
}
if ($objConfig->enableVoteField4) {
$arrWidgets['votefield4']->value = $this->getRatingValue($arrWidgets['votefield4']->value);
$value = $value + $arrWidgets['votefield4']->value;
$fields++;
}
if ($objConfig->enableVoteField5) {
$arrWidgets['votefield5']->value = $this->getRatingValue($arrWidgets['votefield5']->value);
$value = $value + $arrWidgets['votefield5']->value;
$fields++;
}
if ($objConfig->enableVoteField6) {
$arrWidgets['votefield6']->value = $this->getRatingValue($arrWidgets['votefield6']->value);
$value = $value + $arrWidgets['votefield6']->value;
$fields++;
}
$totalvote = $value / $fields;
$strTVotes = number_format($totalvote, 2);
}
if ($arrWidgets['company']->value == $value_company) {
$arrWidgets['company']->value = '';
}
if ($arrWidgets['title']->value == $value_title) {
$arrWidgets['title']->value = '';
}
// Prepare the record
$arrSet = array('tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'company' => $arrWidgets['company']->value, 'title' => $arrWidgets['title']->value, 'url' => $strWebsite, 'testimonial' => $this->convertLineFeeds($strTestimonial), 'ip' => $this->anonymizeIp($this->Environment->ip), 'date' => $time, 'votestotal' => $strTVotes, 'votefield1' => !$objConfig->enableVoteField1 ? '' : $arrWidgets['votefield1']->value, 'votefield2' => !$objConfig->enableVoteField2 ? '' : $arrWidgets['votefield2']->value, 'votefield3' => !$objConfig->enableVoteField3 ? '' : $arrWidgets['votefield3']->value, 'votefield4' => !$objConfig->enableVoteField4 ? '' : $arrWidgets['votefield4']->value, 'votefield5' => !$objConfig->enableVoteField5 ? '' : $arrWidgets['votefield5']->value, 'votefield6' => !$objConfig->enableVoteField6 ? '' : $arrWidgets['votefield6']->value, 'published' => $objConfig->moderate ? '' : 1);
// Store the testimonial
$objTestimonials = new \TestimonialsModel();
$objTestimonials->setRow($arrSet)->save();
// Prepare the notification mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['tm_subject'], \Idna::decode(\Environment::get('host')));
// Convert the testimonial to plain text
$strTestimonial = strip_tags($strTestimonial);
$strTestimonial = \StringUtil::decodeEntities($strTestimonial);
$strTestimonial = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strTestimonial);
// Add the testimonial details
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['tm_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strTestimonial, \Idna::decode(\Environment::get('base')) . \Environment::get('request'), \Idna::decode(\Environment::get('base')) . 'contao/main.php?do=testimonials&act=edit&id=' . $objTestimonials->id);
$objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']);
// Pending for approval
if ($objConfig->moderate) {
// FIXME: notify the subscribers when the testimonial is published
$_SESSION['TL_TESTIMONIAL_ADDED'] = true;
}
$this->reload();
}
}
/**
* Create a new user and redirect
*
* @param \MemberModel $objMember
*/
protected function sendPasswordLink($objMember)
{
$confirmationId = md5(uniqid(mt_rand(), true));
// Store the confirmation ID
$objMember = \MemberModel::findByPk($objMember->id);
$objMember->activation = $confirmationId;
$objMember->save();
// Prepare the simple token data
$arrData = $objMember->row();
$arrData['domain'] = \Idna::decode(\Environment::get('host'));
$arrData['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId;
// Send e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = \String::parseSimpleTokens($this->reg_password, $arrData);
$objEmail->sendTo($objMember->email);
$this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS);
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
/**
* Catch list from server and parse them to array.
*
* It only uses the official ICANN domain names and adds private
* domains and missing official third-levels by using an additional hash.
*
* The manual added list is not complete.
*
* @throws ConnectErrorException
* @see Novutec\Additional.php $additional
* @param boolean $existFile
* @return void
*/
private function catchTlds($existFile)
{
$content = @file_get_contents($this->tldUrl);
if ($content === false) {
if (!$existFile) {
throw \Novutec\DomainParser\AbstractException::factory('Connect', 'Could not catch file from server.');
}
return;
}
$IdnaConverter = new Idna(array('idn_version' => 2008));
// only match official ICANN domain tlds
if (preg_match('/\\/\\/ ===BEGIN ICANN DOMAINS===(.*)(?=\\/\\/ ===END ICANN DOMAINS===)/s', $content, $matches) !== 1) {
throw \Novutec\DomainParser\AbstractException::factory('UnparsableString', 'Could not fetch ICANN Domains of Mozilla TLD File.');
}
$tlds = array();
$list_str = $matches[1];
foreach (explode("\n", $list_str) as $line) {
$line = trim($line);
// skip empty or comment lines
if ($line == '' || $line[0] == '/' || strpos($line, '!') !== false) {
continue;
}
// reformat prefixed wildcards
if ($line[0] == '*') {
$line = substr($line, 2);
}
// convert to xn-- format
$tld = $IdnaConverter->encode($line);
// validate if toplevel domain
$pos = strrpos($tld, '.');
if ($pos === false) {
$match = $tld;
} else {
$match = substr($tld, $pos + 1);
}
if (!isset($tlds[$match])) {
$tlds[$match] = array();
}
$tlds[$match][] = $tld;
}
// load additional to add to list
require_once 'Additional.php';
// merge list and sort tlds by length within its group
$this->tldList['content'] = array_merge_recursive($tlds, $additional);
foreach ($this->tldList['content'] as $tldGroup => $tld) {
usort($tld, function ($a, $b) {
return strlen($b) - strlen($a);
});
$this->tldList['content'][$tldGroup] = $tld;
}
$this->tldList['timestamp'] = time();
}
/**
* Try to login the current user
*
* @return boolean True if the user could be logged in
*/
public function login()
{
\System::loadLanguageFile('default');
// Do not continue if username or password are missing
if (empty($_POST['username']) || empty($_POST['password'])) {
return false;
}
// Load the user object
if ($this->findBy('username', \Input::post('username', true)) == false) {
$blnLoaded = false;
// HOOK: pass credentials to callback functions
if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) {
foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) {
$this->import($callback[0], 'objImport', true);
$blnLoaded = $this->objImport->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this->strTable);
// Load successfull
if ($blnLoaded === true) {
break;
}
}
}
// Return if the user still cannot be loaded
if (!$blnLoaded || $this->findBy('username', \Input::post('username', true)) == false) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Could not find user "' . \Input::post('username', true) . '"', __METHOD__, TL_ACCESS);
return false;
}
}
$time = time();
// Set the user language
if (\Input::post('language')) {
$this->language = \Input::post('language');
}
// Lock the account if there are too many login attempts
if ($this->loginCount < 1) {
$this->locked = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Add a log entry and the error message, because checkAccountStatus() will not be called (see #4444)
$this->log('User "' . $this->username . '" has been locked for ' . ceil(\Config::get('lockPeriod') / 60) . ' minutes', __METHOD__, TL_ACCESS);
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['accountLocked'], ceil(($this->locked + \Config::get('lockPeriod') - $time) / 60)));
// Send admin notification
if (\Config::get('adminEmail') != '') {
$objEmail = new \Email();
$objEmail->subject = $GLOBALS['TL_LANG']['MSC']['lockedAccount'][0];
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['lockedAccount'][1], $this->username, TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name, \Idna::decode(\Environment::get('base')), ceil(\Config::get('lockPeriod') / 60));
$objEmail->sendTo(\Config::get('adminEmail'));
}
return false;
}
// Check the account status
if ($this->checkAccountStatus() == false) {
return false;
}
// The password has been generated with crypt()
if (\Encryption::test($this->password)) {
$blnAuthenticated = \Encryption::verify(\Input::postUnsafeRaw('password'), $this->password);
} else {
list($strPassword, $strSalt) = explode(':', $this->password);
$blnAuthenticated = $strSalt == '' ? $strPassword === sha1(\Input::postUnsafeRaw('password')) : $strPassword === sha1($strSalt . \Input::postUnsafeRaw('password'));
// Store a SHA-512 encrpyted version of the password
if ($blnAuthenticated) {
$this->password = \Encryption::hash(\Input::postUnsafeRaw('password'));
}
}
// HOOK: pass credentials to callback functions
if (!$blnAuthenticated && isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) {
foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) {
$this->import($callback[0], 'objAuth', true);
$blnAuthenticated = $this->objAuth->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this);
// Authentication successfull
if ($blnAuthenticated === true) {
break;
}
}
}
// Redirect if the user could not be authenticated
if (!$blnAuthenticated) {
--$this->loginCount;
$this->save();
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Invalid password submitted for username "' . $this->username . '"', __METHOD__, TL_ACCESS);
return false;
}
$this->setUserFromDb();
// Update the record
$this->lastLogin = $this->currentLogin;
$this->currentLogin = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Generate the session
$this->generateSession();
$this->log('User "' . $this->username . '" has logged in', __METHOD__, TL_ACCESS);
// HOOK: post login callback
if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) {
foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) {
$this->import($callback[0], 'objLogin', true);
$this->objLogin->{$callback[1]}($this);
}
}
return true;
}
/**
* Notify the subscribers of new comments
*
* @param \CommentsModel $objComment
*/
public static function notifyCommentsSubscribers(\CommentsModel $objComment)
{
// Notified already
if ($objComment->notified) {
return;
}
$objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent);
// No subscriptions
if ($objNotify === null) {
return;
}
while ($objNotify->next()) {
// Don't notify the commentor about his own comment
if ($objNotify->email == $objComment->email) {
continue;
}
// Prepare the URL
$strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url;
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove);
$objEmail->sendTo($objNotify->email);
}
$objComment->notified = 1;
$objComment->save();
}
/**
* Valid URL
*
* @param mixed $varValue The value to be validated
*
* @return boolean True if the value is a valid URL
*/
public static function isUrl($varValue)
{
return preg_match('/^[a-zA-Z0-9\\.\\+\\/\\?#%:,;\\{\\}\\(\\)\\[\\]@&=~_-]*$/', \Idna::encodeUrl($varValue));
}
/**
* Encode the domain in an URL
*
* @param string $strUrl The URL
*
* @return string The encoded URL
*
* @deprecated Use Idna::encodeUrl() instead
*/
protected function idnaEncodeUrl($strUrl)
{
return \Idna::encodeUrl($strUrl);
}
/**
* Remove the recipient
*/
protected function removeRecipient()
{
$arrChannels = \Input::post('channels');
$arrChannels = array_intersect($arrChannels, $this->nl_channels);
// see #3240
// Check the selection
if (!is_array($arrChannels) || empty($arrChannels)) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels'];
$this->reload();
}
$varInput = \Idna::encodeEmail(\Input::post('email', true));
// Validate e-mail address
if (!\Validator::isEmail($varInput)) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['email'];
$this->reload();
}
$arrSubscriptions = array();
// Get the existing active subscriptions
if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) {
$arrSubscriptions = $objSubscription->fetchEach('pid');
}
$arrRemove = array_intersect($arrChannels, $arrSubscriptions);
// Return if there are no subscriptions to remove
if (!is_array($arrRemove) || empty($arrRemove)) {
$_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['unsubscribed'];
$this->reload();
}
// Remove the subscriptions
if (($objRemove = \NewsletterRecipientsModel::findByEmailAndPids($varInput, $arrRemove)) !== null) {
while ($objRemove->next()) {
$objRemove->delete();
}
}
// Get the channels
$objChannels = \NewsletterChannelModel::findByIds($arrRemove);
$arrChannels = $objChannels->fetchEach('title');
// Log activity
$this->log($varInput . ' unsubscribed from ' . implode(', ', $arrChannels), 'ModuleUnsubscribe removeRecipient()', TL_NEWSLETTER);
// HOOK: post unsubscribe callback
if (isset($GLOBALS['TL_HOOKS']['removeRecipient']) && is_array($GLOBALS['TL_HOOKS']['removeRecipient'])) {
foreach ($GLOBALS['TL_HOOKS']['removeRecipient'] as $callback) {
$this->import($callback[0]);
$this->{$callback}[0]->{$callback}[1]($varInput, $arrRemove);
}
}
// Prepare the e-mail text
$strText = str_replace('##domain##', \Environment::get('host'), $this->nl_unsubscribe);
$strText = str_replace(array('##channel##', '##channels##'), implode("\n", $arrChannels), $strText);
// Confirmation e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Environment::get('host'));
$objEmail->text = $strText;
$objEmail->sendTo($varInput);
// Redirect to the jumpTo page
if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) {
$this->redirect($this->generateFrontendUrl($objTarget->row()));
}
$_SESSION['UNSUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_removed'];
$this->reload();
}
/**
* List a particular record
*
* @param array $arrRow
*
* @return string
*/
public function listComments($arrRow)
{
$title = $GLOBALS['TL_LANG']['tl_comments'][$arrRow['source']] . ' ' . $arrRow['parent'];
switch ($arrRow['source']) {
case 'tl_content':
$objParent = $this->Database->prepare("SELECT id, title FROM tl_article WHERE id=(SELECT pid FROM tl_content WHERE id=?)")->execute($arrRow['parent']);
if ($objParent->numRows) {
$title .= ' (<a href="contao/main.php?do=article&table=tl_content&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->title . '</a>)';
}
break;
case 'tl_page':
$objParent = $this->Database->prepare("SELECT id, title FROM tl_page WHERE id=?")->execute($arrRow['parent']);
if ($objParent->numRows) {
$title .= ' (<a href="contao/main.php?do=page&act=edit&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->title . '</a>)';
}
break;
case 'tl_news':
$objParent = $this->Database->prepare("SELECT id, headline FROM tl_news WHERE id=?")->execute($arrRow['parent']);
if ($objParent->numRows) {
$title .= ' (<a href="contao/main.php?do=news&table=tl_news&act=edit&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->headline . '</a>)';
}
break;
case 'tl_faq':
$objParent = $this->Database->prepare("SELECT id, question FROM tl_faq WHERE id=?")->execute($arrRow['parent']);
if ($objParent->numRows) {
$title .= ' (<a href="contao/main.php?do=faq&table=tl_faq&act=edit&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->question . '</a>)';
}
break;
case 'tl_calendar_events':
$objParent = $this->Database->prepare("SELECT id, title FROM tl_calendar_events WHERE id=?")->execute($arrRow['parent']);
if ($objParent->numRows) {
$title .= ' (<a href="contao/main.php?do=calendar&table=tl_calendar_events&act=edit&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->title . '</a>)';
}
break;
default:
// HOOK: support custom modules
if (isset($GLOBALS['TL_HOOKS']['listComments']) && is_array($GLOBALS['TL_HOOKS']['listComments'])) {
foreach ($GLOBALS['TL_HOOKS']['listComments'] as $callback) {
$this->import($callback[0]);
if (($tmp = $this->{$callback[0]}->{$callback[1]}($arrRow)) != '') {
$title .= $tmp;
break;
}
}
}
break;
}
$key = ($arrRow['published'] ? 'published' : 'unpublished') . ($arrRow['addReply'] ? ' replied' : '');
return '
<div class="comment_wrap">
<div class="cte_type ' . $key . '"><strong><a href="mailto:' . Idna::decodeEmail($arrRow['email']) . '" title="' . specialchars(Idna::decodeEmail($arrRow['email'])) . '">' . $arrRow['name'] . '</a></strong>' . ($arrRow['website'] != '' ? ' (<a href="' . $arrRow['website'] . '" title="' . specialchars($arrRow['website']) . '" target="_blank">' . $GLOBALS['TL_LANG']['MSC']['com_website'] . '</a>)' : '') . ' - ' . Date::parse(Config::get('datimFormat'), $arrRow['date']) . ' - IP ' . specialchars($arrRow['ip']) . '<br>' . $title . '</div>
<div class="limit_height mark_links' . (!Config::get('doNotCollapse') ? ' h52' : '') . '">
' . $arrRow['comment'] . '
</div>
</div>' . "\n ";
}
/**
* Recursively validate an input variable
*
* @param mixed $varInput The user input
*
* @return mixed The original or modified user input
*/
protected function validator($varInput)
{
if (is_array($varInput)) {
foreach ($varInput as $k => $v) {
$varInput[$k] = $this->validator($v);
}
return $varInput;
}
if (!$this->doNotTrim) {
$varInput = trim($varInput);
}
if ($varInput == '') {
if (!$this->mandatory) {
return '';
} else {
if ($this->strLabel == '') {
$this->addError($GLOBALS['TL_LANG']['ERR']['mdtryNoLabel']);
} else {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['mandatory'], $this->strLabel));
}
}
}
if ($this->minlength && $varInput != '' && utf8_strlen($varInput) < $this->minlength) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['minlength'], $this->strLabel, $this->minlength));
}
if ($this->maxlength && $varInput != '' && utf8_strlen($varInput) > $this->maxlength) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['maxlength'], $this->strLabel, $this->maxlength));
}
if ($this->minval && is_numeric($varInput) && $varInput < $this->minval) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['minval'], $this->strLabel, $this->minval));
}
if ($this->maxval && is_numeric($varInput) && $varInput > $this->maxval) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['maxval'], $this->strLabel, $this->maxval));
}
if ($this->rgxp != '') {
switch ($this->rgxp) {
// Special validation rule for style sheets
case strncmp($this->rgxp, 'digit_', 6) === 0:
$textual = explode('_', $this->rgxp);
array_shift($textual);
if (in_array($varInput, $textual) || strncmp($varInput, '$', 1) === 0) {
break;
}
// DO NOT ADD A break; STATEMENT HERE
// Numeric characters (including full stop [.] and minus [-])
// DO NOT ADD A break; STATEMENT HERE
// Numeric characters (including full stop [.] and minus [-])
case 'digit':
// Support decimal commas and convert them automatically (see #3488)
if (substr_count($varInput, ',') == 1 && strpos($varInput, '.') === false) {
$varInput = str_replace(',', '.', $varInput);
}
if (!\Validator::isNumeric($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['digit'], $this->strLabel));
}
break;
// Natural numbers (positive integers)
// Natural numbers (positive integers)
case 'natural':
if (!\Validator::isNatural($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['natural'], $this->strLabel));
}
break;
// Alphabetic characters (including full stop [.] minus [-] and space [ ])
// Alphabetic characters (including full stop [.] minus [-] and space [ ])
case 'alpha':
if (!\Validator::isAlphabetic($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['alpha'], $this->strLabel));
}
break;
// Alphanumeric characters (including full stop [.] minus [-], underscore [_] and space [ ])
// Alphanumeric characters (including full stop [.] minus [-], underscore [_] and space [ ])
case 'alnum':
if (!\Validator::isAlphanumeric($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['alnum'], $this->strLabel));
}
break;
// Do not allow any characters that are usually encoded by class Input [=<>()#/])
// Do not allow any characters that are usually encoded by class Input [=<>()#/])
case 'extnd':
if (!\Validator::isExtendedAlphanumeric(html_entity_decode($varInput))) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['extnd'], $this->strLabel));
}
break;
// Check whether the current value is a valid date format
// Check whether the current value is a valid date format
case 'date':
if (!\Validator::isDate($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['date'], \Date::getInputFormat(\Date::getNumericDateFormat())));
} else {
// Validate the date (see #5086)
try {
new \Date($varInput, \Date::getNumericDateFormat());
} catch (\OutOfBoundsException $e) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['invalidDate'], $varInput));
}
}
break;
// Check whether the current value is a valid time format
// Check whether the current value is a valid time format
case 'time':
if (!\Validator::isTime($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['time'], \Date::getInputFormat(\Date::getNumericTimeFormat())));
}
break;
// Check whether the current value is a valid date and time format
// Check whether the current value is a valid date and time format
case 'datim':
if (!\Validator::isDatim($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['dateTime'], \Date::getInputFormat(\Date::getNumericDatimFormat())));
} else {
// Validate the date (see #5086)
try {
new \Date($varInput, \Date::getNumericDatimFormat());
} catch (\OutOfBoundsException $e) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['invalidDate'], $varInput));
}
}
break;
// Check whether the current value is a valid friendly name e-mail address
// Check whether the current value is a valid friendly name e-mail address
case 'friendly':
list($strName, $varInput) = \String::splitFriendlyEmail($varInput);
// no break;
// Check whether the current value is a valid e-mail address
// no break;
// Check whether the current value is a valid e-mail address
case 'email':
if (!\Validator::isEmail($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['email'], $this->strLabel));
}
if ($this->rgxp == 'friendly' && $strName != '') {
$varInput = $strName . ' [' . $varInput . ']';
}
break;
// Check whether the current value is list of valid e-mail addresses
// Check whether the current value is list of valid e-mail addresses
case 'emails':
$arrEmails = trimsplit(',', $varInput);
foreach ($arrEmails as $strEmail) {
$strEmail = \Idna::encodeEmail($strEmail);
if (!\Validator::isEmail($strEmail)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['emails'], $this->strLabel));
break;
}
}
break;
// Check whether the current value is a valid URL
// Check whether the current value is a valid URL
case 'url':
if (!\Validator::isUrl($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['url'], $this->strLabel));
}
break;
// Check whether the current value is a valid alias
// Check whether the current value is a valid alias
case 'alias':
if (!\Validator::isAlias($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['alias'], $this->strLabel));
}
break;
// Check whether the current value is a valid folder URL alias
// Check whether the current value is a valid folder URL alias
case 'folderalias':
if (!\Validator::isFolderAlias($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['folderalias'], $this->strLabel));
}
break;
// Phone numbers (numeric characters, space [ ], plus [+], minus [-], parentheses [()] and slash [/])
// Phone numbers (numeric characters, space [ ], plus [+], minus [-], parentheses [()] and slash [/])
case 'phone':
if (!\Validator::isPhone(html_entity_decode($varInput))) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['phone'], $this->strLabel));
}
break;
// Check whether the current value is a percent value
// Check whether the current value is a percent value
case 'prcnt':
if (!\Validator::isPercent($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['prcnt'], $this->strLabel));
}
break;
// Check whether the current value is a locale
// Check whether the current value is a locale
case 'locale':
if (!\Validator::isLocale($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['locale'], $this->strLabel));
}
break;
// Check whether the current value is a language code
// Check whether the current value is a language code
case 'language':
if (!\Validator::isLanguage($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['language'], $this->strLabel));
}
break;
// Check whether the current value is a Google+ ID or vanity name
// Check whether the current value is a Google+ ID or vanity name
case 'google+':
if (!\Validator::isGooglePlusId($varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['invalidGoogleId'], $this->strLabel));
}
break;
// HOOK: pass unknown tags to callback functions
// HOOK: pass unknown tags to callback functions
default:
if (isset($GLOBALS['TL_HOOKS']['addCustomRegexp']) && is_array($GLOBALS['TL_HOOKS']['addCustomRegexp'])) {
foreach ($GLOBALS['TL_HOOKS']['addCustomRegexp'] as $callback) {
$this->import($callback[0]);
$break = $this->{$callback}[0]->{$callback}[1]($this->rgxp, $varInput, $this);
// Stop the loop if a callback returned true
if ($break === true) {
break;
}
}
}
break;
}
}
if ($this->isHexColor && $varInput != '' && strncmp($varInput, '$', 1) !== 0) {
$varInput = preg_replace('/[^a-f0-9]+/i', '', $varInput);
}
if ($this->nospace && preg_match('/[\\t ]+/', $varInput)) {
$this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['noSpace'], $this->strLabel));
}
if ($this->spaceToUnderscore) {
$varInput = preg_replace('/\\s+/', '_', trim($varInput));
}
if (is_bool($this->trailingSlash) && $varInput != '') {
$varInput = preg_replace('/\\/+$/', '', $varInput) . ($this->trailingSlash ? '/' : '');
}
return $varInput;
}
/**
* Trim the values
*
* @param mixed $varInput The user input
*
* @return mixed The validated user input
*/
protected function validator($varInput)
{
if (is_array($varInput)) {
return parent::validator($varInput);
}
// Convert to Punycode format (see #5571)
if ($this->rgxp == 'url') {
$varInput = \Idna::encodeUrl($varInput);
} elseif ($this->rgxp == 'email' || $this->rgxp == 'friendly') {
$varInput = \Idna::encodeEmail($varInput);
}
return parent::validator($varInput);
}
/**
* Valid URL with special characters allowed (see #6402)
*
* @param mixed $varValue The value to be validated
*
* @return boolean True if the value is a valid URL
*/
public static function isUrl($varValue)
{
if (function_exists('mb_eregi')) {
return mb_eregi('^[[:alnum:]\\.\\*\\+\\/\\?\\$#%:,;\\{\\}\\(\\)\\[\\]@&!=~_-]+$', \Idna::encodeUrl($varValue));
} else {
return preg_match('/^[\\w\\/.*+?$#%:,;{}()[\\]@&!=~-]+$/u', \Idna::encodeUrl($varValue));
}
}
