public function test_encodeEmail() { $strEmailPrefix = 'user@'; foreach ($this->arrIdnaTests as $strDefaultDomain => $strEncodedDomain) { $this->assertEquals(Idna::encodeEmail($strEmailPrefix . $strDefaultDomain), $strEmailPrefix . $strEncodedDomain); } }
/** * Send a lost password e-mail * @param object */ protected function sendPasswordLink($objMember) { $objNotification = \NotificationCenter\Model\Notification::findByPk($this->nc_notification); if ($objNotification === null) { $this->log('The notification was not found ID ' . $this->nc_notification, __METHOD__, TL_ERROR); return; } $confirmationId = md5(uniqid(mt_rand(), true)); // Store the confirmation ID $objMember = \MemberModel::findByPk($objMember->id); $objMember->activation = $confirmationId; $objMember->save(); $arrTokens = array(); // Add member tokens foreach ($objMember->row() as $k => $v) { $arrTokens['member_' . $k] = $v; } $arrTokens['recipient_email'] = $objMember->email; $arrTokens['domain'] = \Idna::decode(\Environment::get('host')); $arrTokens['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . ($GLOBALS['TL_CONFIG']['disableAlias'] || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId; $objNotification->send($arrTokens); $this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS); // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); }
public function test_isEmail() { $arrEmails = array('*****@*****.**' => true, 'test@test.c' => false, 'test@test.' => false, 'test@test' => false, 'test@' => false, 'test' => false, Idna::encodeEmail('test@tèst.ch') => true); foreach ($arrEmails as $strAddress => $blnValidity) { $this->assertEquals(Validator::isEmail($strAddress), $blnValidity); } }
/** * Generate the widget and return it as string * @return string */ public function generate() { // Hide the Punycode format (see #2750) if ($this->rgxp == 'email' || $this->rgxp == 'url') { $this->varValue = \Idna::decode($this->varValue); } return sprintf('<input type="%s" name="%s" id="ctrl_%s" class="text%s%s" value="%s"%s%s', $this->hideInput ? 'password' : 'text', $this->strName, $this->strId, $this->hideInput ? ' password' : '', strlen($this->strClass) ? ' ' . $this->strClass : '', specialchars($this->varValue), $this->getAttributes(), $this->strTagEnding) . $this->addSubmit(); }
/** * @param $strType * @param null $strForceLanguage */ public function __construct($strType, $strForceLanguage = null) { if (in_array($strType, $GLOBALS['TL_EMAIL'])) { $this->strType = $strType; } $this->strForceLanguage = $strForceLanguage; // Set default parameters $this->addParameter('host', \Idna::decode(\Environment::get('host'))); $this->addParameter('admin_name', \BackendUser::getInstance()->name); }
private function addRecipient($email, $arrChannels, $strMailText, $intJumpTo) { $varInput = \Idna::encodeEmail($email); // Get the existing active subscriptions $arrSubscriptions = array(); if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) { $arrSubscriptions = $objSubscription->fetchEach('pid'); } $arrNew = array_diff($arrChannels, $arrSubscriptions); // Return if there are no new subscriptions if (!is_array($arrNew) || empty($arrNew)) { return; } // Remove old subscriptions that have not been activated yet if (($objOld = \NewsletterRecipientsModel::findBy(array("email=? AND active=''"), $varInput)) !== null) { while ($objOld->next()) { $objOld->delete(); } } $time = time(); $strToken = md5(uniqid(mt_rand(), true)); // Add the new subscriptions foreach ($arrNew as $id) { $objRecipient = new \NewsletterRecipientsModel(); $objRecipient->pid = $id; $objRecipient->tstamp = $time; $objRecipient->email = $varInput; $objRecipient->active = ''; $objRecipient->addedOn = $time; $objRecipient->ip = $this->anonymizeIp(\Environment::get('ip')); $objRecipient->token = $strToken; $objRecipient->confirmed = ''; $objRecipient->save(); } // Get the channels $objChannel = \NewsletterChannelModel::findByIds($arrChannels); // Prepare the e-mail text $strText = str_replace('##token##', $strToken, $strMailText); $strText = str_replace('##domain##', \Environment::get('host'), $strText); //$strText = str_replace('##link##', \Environment::get('base') . \Environment::get('request') . (($GLOBALS['TL_CONFIG']['disableAlias'] || strpos(\Environment::get('request'), '?') !== false) ? '&' : '?') . 'token=' . $strToken, $strText); $objPageConfirm = \PageModel::findByPk($intJumpTo); if ($objPageConfirm === null) { $this->log('Newsletter confirmation page not found, id: ' . $intJumpTo, __CLASS__ . ":" . __METHOD__, TL_NEWSLETTER); } $strText = str_replace('##link##', rtrim(\Environment::get('base'), '/') . '/' . $this->generateFrontendUrl($objPageConfirm->row()) . '?token=' . $strToken, $strText); $strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText); // Activation e-mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Environment::get('host')); $objEmail->text = $strText; $objEmail->sendTo($varInput); }
/** * Send a lost password e-mail * * @param \MemberModel $objMember */ protected function sendPasswordLink($objMember) { $objNotification = \NotificationCenter\Model\Notification::findByPk($this->nc_notification); if ($objNotification === null) { $this->log('The notification was not found ID ' . $this->nc_notification, __METHOD__, TL_ERROR); return; } $confirmationId = md5(uniqid(mt_rand(), true)); // Store the confirmation ID $objMember = \MemberModel::findByPk($objMember->id); $objMember->activation = $confirmationId; $objMember->save(); $arrTokens = array(); // Add member tokens foreach ($objMember->row() as $k => $v) { if (\Validator::isBinaryUuid($v)) { $v = \StringUtil::binToUuid($v); } $arrTokens['member_' . $k] = specialchars($v); } // FIX: Add salutation token $arrTokens['salutation_user'] = NotificationCenterPlus::createSalutation($GLOBALS['TL_LANGUAGE'], $objMember); // ENDFIX $arrTokens['recipient_email'] = $objMember->email; $arrTokens['domain'] = \Idna::decode(\Environment::get('host')); $arrTokens['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . ($GLOBALS['TL_CONFIG']['disableAlias'] || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId; // FIX: Add custom change password jump to if (($objJumpTo = $this->objModel->getRelated('changePasswordJumpTo')) !== null) { $arrTokens['link'] = \Idna::decode(\Environment::get('base')) . \Controller::generateFrontendUrl($objJumpTo->row(), '?token=' . $confirmationId); } // ENDFIX $objNotification->send($arrTokens, $GLOBALS['TL_LANGUAGE']); $this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS); // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } StatusMessage::addSuccess(sprintf($GLOBALS['TL_LANG']['notification_center_plus']['sendPasswordLink']['messageSuccess'], $arrTokens['recipient_email']), $this->objModel->id); $this->reload(); }
/** * Parse the template file and return it as string * @param array * @return string */ public function parse($arrAttributes = null) { if ($this->formcontrol_template) { $this->strTemplate = $this->formcontrol_template; // Hide the Punycode format (see #2750) if ($this->rgxp == 'email' || $this->rgxp == 'friendly' || $this->rgxp == 'url') { $this->varValue = \Idna::decode($this->varValue); } if ($this->hideInput) { $strType = 'password'; } elseif ($this->strFormat != 'xhtml') { // Use the HTML5 types (see #4138) // but not the date, time and datetime types (see #5918) switch ($this->rgxp) { case 'digit': $strType = 'number'; break; case 'phone': $strType = 'tel'; break; case 'email': $strType = 'email'; break; case 'url': $strType = 'url'; break; default: $strType = 'text'; break; } } else { $strType = 'text'; } $this->type = $strType; } return parent::parse($arrAttributes); }
protected function createNewUser($arrData) { $arrData['tstamp'] = time(); $arrData['login'] = $this->reg_allowLogin; $arrData['activation'] = md5(uniqid(mt_rand(), true)); $arrData['dateAdded'] = $arrData['tstamp']; $pw = $this->getRandomPassword(6); $arrData['password'] = \Encryption::hash($pw["clear"]); $arrData['username'] = strtolower($arrData['email']); $arrData['email'] = strtolower($arrData['email']); // Set default groups if (!array_key_exists('groups', $arrData)) { $arrData['groups'] = $this->reg_groups; } // // Disable account // $arrData['disable'] = 1; // Send activation e-mail if ($this->reg_activate) { $arrChunks = array(); $strConfirmation = $this->reg_text; preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks); foreach ($arrChunks[0] as $strChunk) { $strKey = substr($strChunk, 2, -2); switch ($strKey) { case 'domain': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation); break; case 'gen_pw': $strConfirmation = str_replace($strChunk, $pw["clear"], $strConfirmation); break; case 'link': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $arrData['activation'], $strConfirmation); break; // HOOK: support newsletter subscriptions // HOOK: support newsletter subscriptions case 'channel': case 'channels': if (!in_array('newsletter', \ModuleLoader::getActive())) { break; } // Make sure newsletter is an array if (!is_array($arrData['newsletter'])) { if ($arrData['newsletter'] != '') { $arrData['newsletter'] = array($arrData['newsletter']); } else { $arrData['newsletter'] = array(); } } // Replace the wildcard if (!empty($arrData['newsletter'])) { $objChannels = \NewsletterChannelModel::findByIds($arrData['newsletter']); if ($objChannels !== null) { $strConfirmation = str_replace($strChunk, implode("\n", $objChannels->fetchEach('title')), $strConfirmation); } } else { $strConfirmation = str_replace($strChunk, '', $strConfirmation); } break; default: $strConfirmation = str_replace($strChunk, $arrData[$strKey], $strConfirmation); break; } } $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['emailSubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = $strConfirmation; $objEmail->sendTo($arrData['email']); } // Make sure newsletter is an array if (isset($arrData['newsletter']) && !is_array($arrData['newsletter'])) { $arrData['newsletter'] = array($arrData['newsletter']); } // Create the user $objNewUser = new \MemberModel(); $objNewUser->setRow($arrData); $objNewUser->save(); $insertId = $objNewUser->id; // Assign home directory if ($this->reg_assignDir) { $objHomeDir = \FilesModel::findByUuid($this->reg_homeDir); if ($objHomeDir !== null) { $this->import('Files'); $strUserDir = standardize($arrData['username']) ?: 'user_' . $insertId; // Add the user ID if the directory exists while (is_dir(TL_ROOT . '/' . $objHomeDir->path . '/' . $strUserDir)) { $strUserDir .= '_' . $insertId; } // Create the user folder new \Folder($objHomeDir->path . '/' . $strUserDir); $objUserDir = \FilesModel::findByPath($objHomeDir->path . '/' . $strUserDir); // Save the folder ID $objNewUser->assignDir = 1; $objNewUser->homeDir = $objUserDir->uuid; $objNewUser->save(); } } // HOOK: send insert ID and user data if (isset($GLOBALS['TL_HOOKS']['createNewUser']) && is_array($GLOBALS['TL_HOOKS']['createNewUser'])) { foreach ($GLOBALS['TL_HOOKS']['createNewUser'] as $callback) { $this->import($callback[0]); $this->{$callback}[0]->{$callback}[1]($insertId, $arrData, $this); } } // Inform admin if no activation link is sent if (!$this->reg_activate) { $this->sendAdminNotification($insertId, $arrData); } // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); }
/** * Generate the widget and return it as string * @return string */ public function generate() { $type = $this->hideInput ? 'password' : 'text'; if (!$this->multiple) { // Hide the Punycode format (see #2750) if ($this->rgxp == 'email' || $this->rgxp == 'url') { $this->varValue = \Idna::decode($this->varValue); } return sprintf('<input type="%s" name="%s" id="ctrl_%s" class="tl_text%s" value="%s"%s onfocus="Backend.getScrollOffset()">%s', $type, $this->strName, $this->strId, $this->strClass != '' ? ' ' . $this->strClass : '', specialchars($this->varValue), $this->getAttributes(), $this->wizard); } // Return if field size is missing if (!$this->size) { return ''; } if (!is_array($this->varValue)) { $this->varValue = array($this->varValue); } $arrFields = array(); for ($i = 0; $i < $this->size; $i++) { $arrFields[] = sprintf('<input type="%s" name="%s[]" id="ctrl_%s" class="tl_text_%s" value="%s"%s onfocus="Backend.getScrollOffset()">', $type, $this->strName, $this->strId . '_' . $i, $this->size, specialchars(@$this->varValue[$i]), $this->getAttributes()); } return sprintf('<div id="ctrl_%s"%s>%s</div>%s', $this->strId, $this->strClass != '' ? ' class="' . $this->strClass . '"' : '', implode(' ', $arrFields), $this->wizard); }
/** * Replace insert tags with their values * * @param string $strBuffer The text with the tags to be replaced * @param boolean $blnCache If false, non-cacheable tags will be replaced * * @return string The text with the replaced tags */ protected function doReplace($strBuffer, $blnCache) { /** @var PageModel $objPage */ global $objPage; // Preserve insert tags if (\Config::get('disableInsertTags')) { return \StringUtil::restoreBasicEntities($strBuffer); } $tags = preg_split('/{{([^{}]+)}}/', $strBuffer, -1, PREG_SPLIT_DELIM_CAPTURE); if (count($tags) < 2) { return \StringUtil::restoreBasicEntities($strBuffer); } $strBuffer = ''; // Create one cache per cache setting (see #7700) static $arrItCache; $arrCache =& $arrItCache[$blnCache]; for ($_rit = 0, $_cnt = count($tags); $_rit < $_cnt; $_rit += 2) { $strBuffer .= $tags[$_rit]; $strTag = $tags[$_rit + 1]; // Skip empty tags if ($strTag == '') { continue; } $flags = explode('|', $strTag); $tag = array_shift($flags); $elements = explode('::', $tag); // Load the value from cache if (isset($arrCache[$strTag]) && !in_array('refresh', $flags)) { $strBuffer .= $arrCache[$strTag]; continue; } // Skip certain elements if the output will be cached if ($blnCache) { if ($elements[0] == 'date' || $elements[0] == 'ua' || $elements[0] == 'post' || $elements[0] == 'file' || $elements[1] == 'back' || $elements[1] == 'referer' || $elements[0] == 'request_token' || $elements[0] == 'toggle_view' || strncmp($elements[0], 'cache_', 6) === 0 || in_array('uncached', $flags)) { $strBuffer .= '{{' . $strTag . '}}'; continue; } } $arrCache[$strTag] = ''; // Replace the tag switch (strtolower($elements[0])) { // Date case 'date': $arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('dateFormat')); break; // Accessibility tags // Accessibility tags case 'lang': if ($elements[1] == '') { $arrCache[$strTag] = '</span>'; } else { $arrCache[$strTag] = $arrCache[$strTag] = '<span lang="' . $elements[1] . '">'; } break; // Line break // Line break case 'br': $arrCache[$strTag] = '<br>'; break; // E-mail addresses // E-mail addresses case 'email': case 'email_open': case 'email_url': if ($elements[1] == '') { $arrCache[$strTag] = ''; break; } $strEmail = \StringUtil::encodeEmail($elements[1]); // Replace the tag switch (strtolower($elements[0])) { case 'email': $arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" class="email">' . preg_replace('/\\?.*$/', '', $strEmail) . '</a>'; break; case 'email_open': $arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" title="' . $strEmail . '" class="email">'; break; case 'email_url': $arrCache[$strTag] = $strEmail; break; } break; // Label tags // Label tags case 'label': $keys = explode(':', $elements[1]); if (count($keys) < 2) { $arrCache[$strTag] = ''; break; } $file = $keys[0]; // Map the key (see #7217) switch ($file) { case 'CNT': $file = 'countries'; break; case 'LNG': $file = 'languages'; break; case 'MOD': case 'FMD': $file = 'modules'; break; case 'FFL': $file = 'tl_form_field'; break; case 'CACHE': $file = 'tl_page'; break; case 'XPL': $file = 'explain'; break; case 'XPT': $file = 'exception'; break; case 'MSC': case 'ERR': case 'CTE': case 'PTY': case 'FOP': case 'CHMOD': case 'DAYS': case 'MONTHS': case 'UNITS': case 'CONFIRM': case 'DP': case 'COLS': $file = 'default'; break; } \System::loadLanguageFile($file); if (count($keys) == 2) { $arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]]; } else { $arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]][$keys[2]]; } break; // Front end user // Front end user case 'user': if (FE_USER_LOGGED_IN) { $this->import('FrontendUser', 'User'); $value = $this->User->{$elements[1]}; if ($value == '') { $arrCache[$strTag] = $value; break; } $this->loadDataContainer('tl_member'); if ($GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['inputType'] == 'password') { $arrCache[$strTag] = ''; break; } $value = \StringUtil::deserialize($value); // Decrypt the value if ($GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['eval']['encrypt']) { $value = \Encryption::decrypt($value); } $rgxp = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['eval']['rgxp']; $opts = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['options']; $rfrc = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['reference']; if ($rgxp == 'date') { $arrCache[$strTag] = \Date::parse(\Config::get('dateFormat'), $value); } elseif ($rgxp == 'time') { $arrCache[$strTag] = \Date::parse(\Config::get('timeFormat'), $value); } elseif ($rgxp == 'datim') { $arrCache[$strTag] = \Date::parse(\Config::get('datimFormat'), $value); } elseif (is_array($value)) { $arrCache[$strTag] = implode(', ', $value); } elseif (is_array($opts) && array_is_assoc($opts)) { $arrCache[$strTag] = isset($opts[$value]) ? $opts[$value] : $value; } elseif (is_array($rfrc)) { $arrCache[$strTag] = isset($rfrc[$value]) ? is_array($rfrc[$value]) ? $rfrc[$value][0] : $rfrc[$value] : $value; } else { $arrCache[$strTag] = $value; } // Convert special characters (see #1890) $arrCache[$strTag] = \StringUtil::specialchars($arrCache[$strTag]); } break; // Link // Link case 'link': case 'link_open': case 'link_url': case 'link_title': case 'link_target': case 'link_name': $strTarget = null; // Back link if ($elements[1] == 'back') { $strUrl = 'javascript:history.go(-1)'; $strTitle = $GLOBALS['TL_LANG']['MSC']['goBack']; // No language files if the page is cached if (!strlen($strTitle)) { $strTitle = 'Go back'; } $strName = $strTitle; } elseif (strncmp($elements[1], 'http://', 7) === 0 || strncmp($elements[1], 'https://', 8) === 0) { $strUrl = $elements[1]; $strTitle = $elements[1]; $strName = str_replace(array('http://', 'https://'), '', $elements[1]); } else { // User login page if ($elements[1] == 'login') { if (!FE_USER_LOGGED_IN) { break; } $this->import('FrontendUser', 'User'); $elements[1] = $this->User->loginPage; } $objNextPage = \PageModel::findByIdOrAlias($elements[1]); if ($objNextPage === null) { break; } // Page type specific settings (thanks to Andreas Schempp) switch ($objNextPage->type) { case 'redirect': $strUrl = $objNextPage->url; if (strncasecmp($strUrl, 'mailto:', 7) === 0) { $strUrl = \StringUtil::encodeEmail($strUrl); } break; case 'forward': if ($objNextPage->jumpTo) { /** @var PageModel $objNext */ $objNext = $objNextPage->getRelated('jumpTo'); } else { $objNext = \PageModel::findFirstPublishedRegularByPid($objNextPage->id); } if ($objNext instanceof PageModel) { $strUrl = $objNext->getFrontendUrl(); break; } // DO NOT ADD A break; STATEMENT // DO NOT ADD A break; STATEMENT default: $strUrl = $objNextPage->getFrontendUrl(); break; } $strName = $objNextPage->title; $strTarget = $objNextPage->target ? ' target="_blank"' : ''; $strTitle = $objNextPage->pageTitle ?: $objNextPage->title; } // Replace the tag switch (strtolower($elements[0])) { case 'link': $arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>%s</a>', $strUrl, \StringUtil::specialchars($strTitle), $strTarget, $strName); break; case 'link_open': $arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>', $strUrl, \StringUtil::specialchars($strTitle), $strTarget); break; case 'link_url': $arrCache[$strTag] = $strUrl; break; case 'link_title': $arrCache[$strTag] = \StringUtil::specialchars($strTitle); break; case 'link_target': $arrCache[$strTag] = $strTarget; break; case 'link_name': $arrCache[$strTag] = $strName; break; } break; // Closing link tag // Closing link tag case 'link_close': case 'email_close': $arrCache[$strTag] = '</a>'; break; // Insert article // Insert article case 'insert_article': if (($strOutput = $this->getArticle($elements[1], false, true)) !== false) { $arrCache[$strTag] = ltrim($strOutput); } else { $arrCache[$strTag] = '<p class="error">' . sprintf($GLOBALS['TL_LANG']['MSC']['invalidPage'], $elements[1]) . '</p>'; } break; // Insert content element // Insert content element case 'insert_content': $arrCache[$strTag] = $this->getContentElement($elements[1]); break; // Insert module // Insert module case 'insert_module': $arrCache[$strTag] = $this->getFrontendModule($elements[1]); break; // Insert form // Insert form case 'insert_form': $arrCache[$strTag] = $this->getForm($elements[1]); break; // Article // Article case 'article': case 'article_open': case 'article_url': case 'article_title': if (($objArticle = \ArticleModel::findByIdOrAlias($elements[1])) === null || !($objPid = $objArticle->getRelated('pid')) instanceof PageModel) { break; } /** @var PageModel $objPid */ $strUrl = $objPid->getFrontendUrl('/articles/' . ($objArticle->alias ?: $objArticle->id)); // Replace the tag switch (strtolower($elements[0])) { case 'article': $arrCache[$strTag] = sprintf('<a href="%s" title="%s">%s</a>', $strUrl, \StringUtil::specialchars($objArticle->title), $objArticle->title); break; case 'article_open': $arrCache[$strTag] = sprintf('<a href="%s" title="%s">', $strUrl, \StringUtil::specialchars($objArticle->title)); break; case 'article_url': $arrCache[$strTag] = $strUrl; break; case 'article_title': $arrCache[$strTag] = \StringUtil::specialchars($objArticle->title); break; } break; // Article teaser // Article teaser case 'article_teaser': $objTeaser = \ArticleModel::findByIdOrAlias($elements[1]); if ($objTeaser !== null) { $arrCache[$strTag] = \StringUtil::toHtml5($objTeaser->teaser); } break; // Last update // Last update case 'last_update': $strQuery = "SELECT MAX(tstamp) AS tc"; $bundles = \System::getContainer()->getParameter('kernel.bundles'); if (isset($bundles['ContaoNewsBundle'])) { $strQuery .= ", (SELECT MAX(tstamp) FROM tl_news) AS tn"; } if (isset($bundles['ContaoCalendarBundle'])) { $strQuery .= ", (SELECT MAX(tstamp) FROM tl_calendar_events) AS te"; } $strQuery .= " FROM tl_content"; $objUpdate = \Database::getInstance()->query($strQuery); if ($objUpdate->numRows) { $arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('datimFormat'), max($objUpdate->tc, $objUpdate->tn, $objUpdate->te)); } break; // Version // Version case 'version': $arrCache[$strTag] = VERSION . '.' . BUILD; break; // Request token // Request token case 'request_token': $arrCache[$strTag] = REQUEST_TOKEN; break; // POST data // POST data case 'post': $arrCache[$strTag] = \Input::post($elements[1]); break; // Mobile/desktop toggle (see #6469) // Mobile/desktop toggle (see #6469) case 'toggle_view': $strUrl = ampersand(\Environment::get('request')); $strGlue = strpos($strUrl, '?') === false ? '?' : '&'; if (\Input::cookie('TL_VIEW') == 'mobile' || \Environment::get('agent')->mobile && \Input::cookie('TL_VIEW') != 'desktop') { $arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=desktop" class="toggle_desktop" title="' . \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['toggleDesktop'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleDesktop'][0] . '</a>'; } else { $arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=mobile" class="toggle_mobile" title="' . \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['toggleMobile'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleMobile'][0] . '</a>'; } break; // Conditional tags (if) // Conditional tags (if) case 'iflng': if ($elements[1] != '' && $elements[1] != $objPage->language) { for (; $_rit < $_cnt; $_rit += 2) { if ($tags[$_rit + 1] == 'iflng' || $tags[$_rit + 1] == 'iflng::' . $objPage->language) { break; } } } unset($arrCache[$strTag]); break; // Conditional tags (if not) // Conditional tags (if not) case 'ifnlng': if ($elements[1] != '') { $langs = \StringUtil::trimsplit(',', $elements[1]); if (in_array($objPage->language, $langs)) { for (; $_rit < $_cnt; $_rit += 2) { if ($tags[$_rit + 1] == 'ifnlng') { break; } } } } unset($arrCache[$strTag]); break; // Environment // Environment case 'env': switch ($elements[1]) { case 'host': $arrCache[$strTag] = \Idna::decode(\Environment::get('host')); break; case 'http_host': $arrCache[$strTag] = \Idna::decode(\Environment::get('httpHost')); break; case 'url': $arrCache[$strTag] = \Idna::decode(\Environment::get('url')); break; case 'path': $arrCache[$strTag] = \Idna::decode(\Environment::get('base')); break; case 'request': $arrCache[$strTag] = \Environment::get('indexFreeRequest'); break; case 'ip': $arrCache[$strTag] = \Environment::get('ip'); break; case 'referer': $arrCache[$strTag] = $this->getReferer(true); break; case 'files_url': $arrCache[$strTag] = TL_FILES_URL; break; case 'assets_url': case 'plugins_url': case 'script_url': $arrCache[$strTag] = TL_ASSETS_URL; break; case 'base_url': $arrCache[$strTag] = \System::getContainer()->get('request_stack')->getCurrentRequest()->getBaseUrl(); break; } break; // Page // Page case 'page': if ($elements[1] == 'pageTitle' && $objPage->pageTitle == '') { $elements[1] = 'title'; } elseif ($elements[1] == 'parentPageTitle' && $objPage->parentPageTitle == '') { $elements[1] = 'parentTitle'; } elseif ($elements[1] == 'mainPageTitle' && $objPage->mainPageTitle == '') { $elements[1] = 'mainTitle'; } // Do not use \StringUtil::specialchars() here (see #4687) $arrCache[$strTag] = $objPage->{$elements[1]}; break; // User agent // User agent case 'ua': $ua = \Environment::get('agent'); if ($elements[1] != '') { $arrCache[$strTag] = $ua->{$elements[1]}; } else { $arrCache[$strTag] = ''; } break; // Abbreviations // Abbreviations case 'abbr': case 'acronym': if ($elements[1] != '') { $arrCache[$strTag] = '<abbr title="' . $elements[1] . '">'; } else { $arrCache[$strTag] = '</abbr>'; } break; // Images // Images case 'image': case 'picture': $width = null; $height = null; $alt = ''; $class = ''; $rel = ''; $strFile = $elements[1]; $mode = ''; $size = null; $strTemplate = 'picture_default'; // Take arguments if (strpos($elements[1], '?') !== false) { $arrChunks = explode('?', urldecode($elements[1]), 2); $strSource = \StringUtil::decodeEntities($arrChunks[1]); $strSource = str_replace('[&]', '&', $strSource); $arrParams = explode('&', $strSource); foreach ($arrParams as $strParam) { list($key, $value) = explode('=', $strParam); switch ($key) { case 'width': $width = $value; break; case 'height': $height = $value; break; case 'alt': $alt = \StringUtil::specialchars($value); break; case 'class': $class = $value; break; case 'rel': $rel = $value; break; case 'mode': $mode = $value; break; case 'size': $size = (int) $value; break; case 'template': $strTemplate = preg_replace('/[^a-z0-9_]/i', '', $value); break; } } $strFile = $arrChunks[0]; } if (\Validator::isUuid($strFile)) { // Handle UUIDs $objFile = \FilesModel::findByUuid($strFile); if ($objFile === null) { $arrCache[$strTag] = ''; break; } $strFile = $objFile->path; } elseif (is_numeric($strFile)) { // Handle numeric IDs (see #4805) $objFile = \FilesModel::findByPk($strFile); if ($objFile === null) { $arrCache[$strTag] = ''; break; } $strFile = $objFile->path; } else { // Check the path if (\Validator::isInsecurePath($strFile)) { throw new \RuntimeException('Invalid path ' . $strFile); } } // Check the maximum image width if (\Config::get('maxImageWidth') > 0 && $width > \Config::get('maxImageWidth')) { $width = \Config::get('maxImageWidth'); $height = null; } // Generate the thumbnail image try { // Image if (strtolower($elements[0]) == 'image') { $dimensions = ''; $imageObj = \Image::create($strFile, array($width, $height, $mode)); $src = $imageObj->executeResize()->getResizedPath(); $objFile = new \File(rawurldecode($src)); // Add the image dimensions if (($imgSize = $objFile->imageSize) !== false) { $dimensions = ' width="' . $imgSize[0] . '" height="' . $imgSize[1] . '"'; } $arrCache[$strTag] = '<img src="' . TL_FILES_URL . $src . '" ' . $dimensions . ' alt="' . $alt . '"' . ($class != '' ? ' class="' . $class . '"' : '') . '>'; } else { $picture = \Picture::create($strFile, array(0, 0, $size))->getTemplateData(); $picture['alt'] = $alt; $picture['class'] = $class; $pictureTemplate = new \FrontendTemplate($strTemplate); $pictureTemplate->setData($picture); $arrCache[$strTag] = $pictureTemplate->parse(); } // Add a lightbox link if ($rel != '') { if (strncmp($rel, 'lightbox', 8) !== 0) { $attribute = ' rel="' . $rel . '"'; } else { $attribute = ' data-lightbox="' . substr($rel, 8) . '"'; } $arrCache[$strTag] = '<a href="' . TL_FILES_URL . $strFile . '"' . ($alt != '' ? ' title="' . $alt . '"' : '') . $attribute . '>' . $arrCache[$strTag] . '</a>'; } } catch (\Exception $e) { $arrCache[$strTag] = ''; } break; // Files (UUID or template path) // Files (UUID or template path) case 'file': if (\Validator::isUuid($elements[1])) { $objFile = \FilesModel::findByUuid($elements[1]); if ($objFile !== null) { $arrCache[$strTag] = $objFile->path; break; } } $arrGet = $_GET; \Input::resetCache(); $strFile = $elements[1]; // Take arguments and add them to the $_GET array if (strpos($elements[1], '?') !== false) { $arrChunks = explode('?', urldecode($elements[1])); $strSource = \StringUtil::decodeEntities($arrChunks[1]); $strSource = str_replace('[&]', '&', $strSource); $arrParams = explode('&', $strSource); foreach ($arrParams as $strParam) { $arrParam = explode('=', $strParam); $_GET[$arrParam[0]] = $arrParam[1]; } $strFile = $arrChunks[0]; } // Check the path if (\Validator::isInsecurePath($strFile)) { throw new \RuntimeException('Invalid path ' . $strFile); } // Include .php, .tpl, .xhtml and .html5 files if (preg_match('/\\.(php|tpl|xhtml|html5)$/', $strFile) && file_exists(TL_ROOT . '/templates/' . $strFile)) { ob_start(); include TL_ROOT . '/templates/' . $strFile; $arrCache[$strTag] = ob_get_clean(); } $_GET = $arrGet; \Input::resetCache(); break; // HOOK: pass unknown tags to callback functions // HOOK: pass unknown tags to callback functions default: if (isset($GLOBALS['TL_HOOKS']['replaceInsertTags']) && is_array($GLOBALS['TL_HOOKS']['replaceInsertTags'])) { foreach ($GLOBALS['TL_HOOKS']['replaceInsertTags'] as $callback) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($tag, $blnCache, $arrCache[$strTag], $flags, $tags, $arrCache, $_rit, $_cnt); // see #6672 // Replace the tag and stop the loop if ($varValue !== false) { $arrCache[$strTag] = $varValue; break; } } } if (\Config::get('debugMode')) { $GLOBALS['TL_DEBUG']['unknown_insert_tags'][] = $strTag; } break; } // Handle the flags if (!empty($flags)) { foreach ($flags as $flag) { switch ($flag) { case 'addslashes': case 'stripslashes': case 'standardize': case 'ampersand': case 'specialchars': case 'nl2br': case 'nl2br_pre': case 'strtolower': case 'utf8_strtolower': case 'strtoupper': case 'utf8_strtoupper': case 'ucfirst': case 'lcfirst': case 'ucwords': case 'trim': case 'rtrim': case 'ltrim': case 'utf8_romanize': case 'strrev': case 'urlencode': case 'rawurlencode': $arrCache[$strTag] = $flag($arrCache[$strTag]); break; case 'encodeEmail': case 'decodeEntities': $arrCache[$strTag] = \StringUtil::$flag($arrCache[$strTag]); break; case 'number_format': $arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 0); break; case 'currency_format': $arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 2); break; case 'readable_size': $arrCache[$strTag] = \System::getReadableSize($arrCache[$strTag]); break; case 'flatten': if (!is_array($arrCache[$strTag])) { break; } $it = new \RecursiveIteratorIterator(new \RecursiveArrayIterator($arrCache[$strTag])); $result = array(); foreach ($it as $leafValue) { $keys = array(); foreach (range(0, $it->getDepth()) as $depth) { $keys[] = $it->getSubIterator($depth)->key(); } $result[] = implode('.', $keys) . ': ' . $leafValue; } $arrCache[$strTag] = implode(', ', $result); break; // HOOK: pass unknown flags to callback functions // HOOK: pass unknown flags to callback functions default: if (isset($GLOBALS['TL_HOOKS']['insertTagFlags']) && is_array($GLOBALS['TL_HOOKS']['insertTagFlags'])) { foreach ($GLOBALS['TL_HOOKS']['insertTagFlags'] as $callback) { $this->import($callback[0]); $varValue = $this->{$callback[0]}->{$callback[1]}($flag, $tag, $arrCache[$strTag], $flags, $blnCache, $tags, $arrCache, $_rit, $_cnt); // see #5806 // Replace the tag and stop the loop if ($varValue !== false) { $arrCache[$strTag] = $varValue; break; } } } if (\Config::get('debugMode')) { $GLOBALS['TL_DEBUG']['unknown_insert_tag_flags'][] = $flag; } break; } } } $strBuffer .= $arrCache[$strTag]; } return \StringUtil::restoreBasicEntities($strBuffer); }
/** * Extract the e-mail addresses from the func_get_args() arguments * * @param array $arrRecipients The recipients array * * @return array An array of e-mail addresses */ protected function compileRecipients($arrRecipients) { $arrReturn = array(); foreach ($arrRecipients as $varRecipients) { if (!is_array($varRecipients)) { $varRecipients = \String::splitCsv($varRecipients); } // Support friendly name addresses and internationalized domain names foreach ($varRecipients as $v) { list($strName, $strEmail) = \String::splitFriendlyEmail($v); $strName = trim($strName, ' "'); $strEmail = \Idna::encodeEmail($strEmail); if ($strName != '') { $arrReturn[$strEmail] = $strName; } else { $arrReturn[] = $strEmail; } } } return $arrReturn; }
/** * Valid URL with special characters allowed (see #6402) * * @param mixed $varValue The value to be validated * * @return boolean True if the value is a valid URL */ public static function isUrl($varValue) { return preg_match('/^[\\w\\/.*+?$#%:,;{}()[\\]@&!=~-]+$/u', \Idna::encodeUrl($varValue)); }
public function sendUnSubscribeMail($channels, $subject = '', $text = '') { $objChannel = \Database::getInstance()->prepare("SELECT * FROM tl_newsletter_channel WHERE id IN (" . implode(',', $channels) . ")")->limit(1)->execute(); $objEmail = new \Email(); if (empty($subject)) { $subject = $objChannel->first()->nl_unsubscribe_subject; } if (empty($text)) { $text = $objChannel->first()->nl_unsubscribe_text; } $strSubject = str_replace(array('##channel##', '##channels##'), implode(",", $objChannel->fetchEach('title')), $subject); $strText = str_replace('##salutation##', $this->getSalutation(), $text); $strText = str_replace('##domain##', \Idna::decode(\Environment::get('host')), $strText); $strText = str_replace('##link##', \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $this->token, $strText); $strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText); $objEmail->from = $objChannel->first()->nl_unsubscribe_sender_mail ? $objChannel->first()->nl_unsubscribe_sender_mail : $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $objChannel->first()->nl_unsubscribe_sender_name ? $objChannel->first()->nl_unsubscribe_sender_name : $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = $this->replaceInsertTags($strSubject); $objEmail->text = $this->replaceInsertTags($strText); if ($objEmail->sendTo($this->email)) { $_SESSION['UNSUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_removed']; return true; } return false; }
/** * Create a new user and redirect * @param object */ protected function sendPasswordLink($objMember) { $arrChunks = array(); $confirmationId = md5(uniqid(mt_rand(), true)); // Store the confirmation ID $objMember = \MemberModel::findByPk($objMember->id); $objMember->activation = $confirmationId; $objMember->save(); $strConfirmation = $this->reg_password; preg_match_all('/##[^#]+##/', $strConfirmation, $arrChunks); foreach ($arrChunks[0] as $strChunk) { $strKey = substr($strChunk, 2, -2); switch ($strKey) { case 'domain': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('host')), $strConfirmation); break; case 'link': $strConfirmation = str_replace($strChunk, \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId, $strConfirmation); break; default: try { $strConfirmation = str_replace($strChunk, $objMember->{$strKey}, $strConfirmation); } catch (\Exception $e) { $strConfirmation = str_replace($strChunk, '', $strConfirmation); $this->log('Invalid wildcard "' . $strKey . '" used in password request e-mail', __METHOD__, TL_GENERAL, $e->getMessage()); } break; } } // Send e-mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = $strConfirmation; $objEmail->sendTo($objMember->email); $this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS); // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); }
/** * Tries to parse a string and to get the domain name, tld and idn * converted domain name. * * If given string is not a domain name, it will add a default tld. * * Also skips given string if it is longer than 63 characters. * * @throws instance of AbstractException if throwExceptions = true * @param string $unparsedString * @param string $defaultTld * @return void */ public function parse($unparsedString, $defaultTld = 'com') { try { if ($this->loaded === false) { $this->load(); } $matchedDomain = ''; $matchedDomainIdn = ''; $matchedTld = ''; $matchedTldIdn = ''; $validHostname = true; $IdnaConverter = new Idna(array('idn_version' => 2008)); preg_match('/^((http|https|ftp|ftps|news|ssh|sftp|gopher):[\\/]{2,})?([^\\/]+)/', mb_strtolower(trim($unparsedString), $this->encoding), $matches); $parsedString = end($matches); foreach ($this->tldList['content'] as $tld) { if (preg_match('/\\.' . $tld . '$/', $parsedString, $trash)) { $matchedTld = $tld; $matchedTldIdn = $IdnaConverter->encode($tld); $matchedDomain = str_replace('.' . $matchedTld, '', $parsedString); $matchedDomain = rtrim($matchedDomain, '.'); $matchedDomain = ltrim($matchedDomain, '.'); if ($matchedTld != 'name' && strpos($matchedDomain, '.')) { $matchedDomain = str_replace('.', '', strrchr($matchedDomain, '.')); } if (strpos($matchedDomain, ' ')) { $matchedDomain = explode(' ', $matchedDomain); $matchedDomain = end($matchedDomain); } $matchedDomainIdn = $IdnaConverter->encode($matchedDomain); break; } if ($tld == $parsedString) { $matchedTld = $tld; $matchedTldIdn = $IdnaConverter->encode($tld); break; } } if ($matchedDomain == '' && strlen($matchedDomainIdn) <= 63 && $matchedTld == '') { $matchedDomain = $IdnaConverter->decode(preg_replace_callback('/[^a-zA-Z0-9\\-\\.]/', function ($match) use(&$validHostname) { $validHostname = false; }, $IdnaConverter->encode($parsedString))); $matchedDomainIdn = $IdnaConverter->encode($matchedDomain); $matchedTld = $matchedTldIdn = $defaultTld; } elseif ($matchedDomain != '' && strlen($matchedDomainIdn) <= 63 && $matchedTld != '') { $matchedDomain = $IdnaConverter->decode(preg_replace_callback('/[^a-zA-Z0-9\\-\\.]/', function ($match) use(&$validHostname) { $validHostname = false; }, $IdnaConverter->encode($matchedDomain))); $matchedDomainIdn = $IdnaConverter->encode($matchedDomain); } elseif ($matchedDomain == '' && $matchedTld != '') { $validHostname = false; } else { throw \DomainParser\AbstractException::factory('UnparsableString', 'Unparsable domain name.'); } $Result = new Result($matchedDomain, $matchedDomainIdn, $matchedTld, $matchedTldIdn, $validHostname); } catch (\DomainParser\AbstractException $e) { if ($this->throwExceptions) { throw $e; } $Result = new Result(); $Result->error = $e->getMessage(); } return $Result->get($this->format); }
/** * Add a new recipient */ protected function addRecipient() { if (!\Environment::get('isAjaxRequest')) { return parent::addRecipient(); } $arrChannels = \Input::post('channels'); if (!is_array($arrChannels)) { $_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels']; return false; } $arrChannels = array_intersect($arrChannels, $this->nl_channels); // see #3240 // Check the selection if (!is_array($arrChannels) || empty($arrChannels)) { $_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels']; return false; } $varInput = \Idna::encodeEmail(\Input::post('email', true)); // Validate the e-mail address if (!\Validator::isEmail($varInput)) { $_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['email']; return false; } $arrSubscriptions = array(); // Get the existing active subscriptions if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) { $arrSubscriptions = $objSubscription->fetchEach('pid'); } $arrNew = array_diff($arrChannels, $arrSubscriptions); // Return if there are no new subscriptions if (!is_array($arrNew) || empty($arrNew)) { $_SESSION['SUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['subscribed']; return false; } // Remove old subscriptions that have not been activated yet if (($objOld = \NewsletterRecipientsModel::findBy(array("email=? AND active=''"), $varInput)) !== null) { while ($objOld->next()) { $objOld->delete(); } } $time = time(); $strToken = md5(uniqid(mt_rand(), true)); // Add the new subscriptions foreach ($arrNew as $id) { $objRecipient = new \NewsletterRecipientsModel(); $objRecipient->pid = $id; $objRecipient->tstamp = $time; $objRecipient->email = $varInput; $objRecipient->active = ''; $objRecipient->addedOn = $time; $objRecipient->ip = $this->anonymizeIp(\Environment::get('ip')); $objRecipient->token = $strToken; $objRecipient->confirmed = ''; $objRecipient->save(); } // Get the channels $objChannel = \NewsletterChannelModel::findByIds($arrChannels); // Prepare the e-mail text $strText = str_replace('##token##', $strToken, $this->nl_subscribe); $strText = str_replace('##domain##', \Idna::decode(\Environment::get('host')), $strText); $strText = str_replace('##link##', \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $strToken, $strText); $strText = str_replace(array('##channel##', '##channels##'), implode("\n", $objChannel->fetchEach('title')), $strText); // Activation e-mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = $strText; $objEmail->sendTo($varInput); // Redirect to the jumpTo page if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) { $this->redirect($this->generateFrontendUrl($objTarget->row())); } $_SESSION['SUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_confirm']; return true; }
/** * the constructor * * @param array $options * @return boolean * @since 0.5.2 */ public function __construct($options = false) { $this->slast = $this->_sbase + $this->_lcount * $this->_vcount * $this->_tcount; // If parameters are given, pass these to the respective method if (is_array($options)) { $this->set_parameter($options); } // populate mbstring overloading cache if not set if (self::$_mb_string_overload === null) { self::$_mb_string_overload = extension_loaded('mbstring') && (ini_get('mbstring.func_overload') & 0x2) === 0x2; } }
/** * Add a form to create new testimonials * @param \FrontendTemplate * @param \stdClass * @param string * @param integer * @param array */ protected function renderTestimonialForm(\FrontendTemplate $objTemplate, \stdClass $objConfig, $intParent) { $this->import('FrontendUser', 'User'); // Access control if ($objConfig->requireLogin && !BE_USER_LOGGED_IN && !FE_USER_LOGGED_IN) { $objTemplate->requireLogin = true; return; } // Form fields $arrFields = array('name' => array('name' => 'name', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_name'], 'value' => trim($this->User->firstname . ' ' . $this->User->lastname), 'inputType' => 'text', 'eval' => array('mandatory' => true, 'maxlength' => 64, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_name'])), 'email' => array('name' => 'email', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_email'], 'value' => $this->User->email, 'inputType' => 'text', 'eval' => array('rgxp' => 'email', 'mandatory' => true, 'maxlength' => 128, 'decodeEntities' => true, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_email'])), 'url' => array('name' => 'url', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_url'], 'inputType' => 'text', 'eval' => array('rgxp' => 'url', 'maxlength' => 128, 'decodeEntities' => true, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_url'])), 'company' => array('name' => 'company', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_company'], 'inputType' => 'text', 'eval' => array('maxlength' => 128, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_company'])), 'title' => array('name' => 'title', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_title'], 'inputType' => 'text', 'eval' => array('maxlength' => 128, 'placeholder' => $GLOBALS['TL_LANG']['MSC']['tm_title']))); if ($objConfig->enableVoteField1 && $objConfig->addVote) { $arrFields['votefield1'] = array('name' => 'votefield1', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield1'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField2 && $objConfig->addVote) { $arrFields['votefield2'] = array('name' => 'votefield2', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield2'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField3 && $objConfig->addVote) { $arrFields['votefield3'] = array('name' => 'votefield3', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield3'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField4 && $objConfig->addVote) { $arrFields['votefield4'] = array('name' => 'votefield4', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield4'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField5 && $objConfig->addVote) { $arrFields['votefield5'] = array('name' => 'votefield5', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield5'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } if ($objConfig->enableVoteField6 && $objConfig->addVote) { $arrFields['votefield6'] = array('name' => 'votefield6', 'label' => &$GLOBALS['TL_LANG']['MSC']['votefield6'], 'default' => '0.0', 'inputType' => 'text', 'eval' => array('style' => 'display: none;')); } // Captcha if (!$objConfig->disableCaptcha) { $arrFields['captcha'] = array('name' => 'captcha', 'inputType' => 'captcha', 'eval' => array('mandatory' => true)); } // Testimonial field $arrFields['testimonial'] = array('name' => 'testimonial', 'label' => $GLOBALS['TL_LANG']['MSC']['tm_testimonial'], 'inputType' => 'textarea', 'eval' => array('mandatory' => true, 'rows' => 15, 'cols' => 40, 'preserveTags' => true)); $doNotSubmit = false; $arrWidgets = array(); $strFormId = 'jedo_testimonials_' . $intParent; // Initialize the widgets foreach ($arrFields as $arrField) { $strClass = $GLOBALS['TL_FFL'][$arrField['inputType']]; // Continue if the class is not defined if (!class_exists($strClass)) { continue; } $arrField['eval']['required'] = $arrField['eval']['mandatory']; $objWidget = new $strClass($this->prepareForWidget($arrField, $arrField['name'], $arrField['value'])); // Validate the widget if (\Input::post('FORM_SUBMIT') == $strFormId) { $objWidget->validate(); if ($objWidget->hasErrors()) { $doNotSubmit = true; } } $arrWidgets[$arrField['name']] = $objWidget; } $objTemplate->fields = $arrWidgets; $objTemplate->submit = $GLOBALS['TL_LANG']['MSC']['com_submit']; $objTemplate->action = ampersand(\Environment::get('request')); $objTemplate->messages = ''; // Backwards compatibility $objTemplate->formId = $strFormId; $objTemplate->hasError = $doNotSubmit; // Do not index or cache the page with the confirmation message if ($_SESSION['TL_TESTIMONIAL_ADDED']) { global $objPage; $objPage->noSearch = 1; $objPage->cache = 0; $objTemplate->confirm = $GLOBALS['TL_LANG']['MSC']['com_confirm']; $_SESSION['TL_TESTIMONIAL_ADDED'] = false; } // Store the testimonial if (!$doNotSubmit && \Input::post('FORM_SUBMIT') == $strFormId) { $strWebsite = $arrWidgets['url']->value; if ($strWebsite == $GLOBALS['TL_LANG']['MSC']['tm_url']) { $strWebsite = ''; } // Add http:// to the website if ($strWebsite != '' && !preg_match('@^(https?://|ftp://|mailto:|#)@i', $strWebsite)) { $strWebsite = 'http://' . $strWebsite; } // Do not parse any tags in the testimonial $strTestimonial = htmlspecialchars(trim($arrWidgets['testimonial']->value)); $strTestimonial = str_replace(array('&', '<', '>'), array('[&]', '[lt]', '[gt]'), $strTestimonial); // Remove multiple line feeds $strTestimonial = preg_replace('@\\n\\n+@', "\n\n", $strTestimonial); // Parse BBCode if ($objConfig->bbcode) { $strTestimonial = $this->parseBbCode($strTestimonial); } // Prevent cross-site request forgeries $strTestimonial = preg_replace('/(href|src|on[a-z]+)="[^"]*(contao\\/main\\.php|typolight\\/main\\.php|javascript|vbscri?pt|script|alert|document|cookie|window)[^"]*"+/i', '$1="#"', $strTestimonial); $time = time(); if ($objConfig->addVote) { // make the totalvote object $fields = 0; $value = 0.0; if ($objConfig->enableVoteField1) { $arrWidgets['votefield1']->value = $this->getRatingValue($arrWidgets['votefield1']->value); $value = $value + $arrWidgets['votefield1']->value; $fields++; } if ($objConfig->enableVoteField2) { $arrWidgets['votefield2']->value = $this->getRatingValue($arrWidgets['votefield2']->value); $value = $value + $arrWidgets['votefield2']->value; $fields++; } if ($objConfig->enableVoteField3) { $arrWidgets['votefield3']->value = $this->getRatingValue($arrWidgets['votefield3']->value); $value = $value + $arrWidgets['votefield3']->value; $fields++; } if ($objConfig->enableVoteField4) { $arrWidgets['votefield4']->value = $this->getRatingValue($arrWidgets['votefield4']->value); $value = $value + $arrWidgets['votefield4']->value; $fields++; } if ($objConfig->enableVoteField5) { $arrWidgets['votefield5']->value = $this->getRatingValue($arrWidgets['votefield5']->value); $value = $value + $arrWidgets['votefield5']->value; $fields++; } if ($objConfig->enableVoteField6) { $arrWidgets['votefield6']->value = $this->getRatingValue($arrWidgets['votefield6']->value); $value = $value + $arrWidgets['votefield6']->value; $fields++; } $totalvote = $value / $fields; $strTVotes = number_format($totalvote, 2); } if ($arrWidgets['company']->value == $value_company) { $arrWidgets['company']->value = ''; } if ($arrWidgets['title']->value == $value_title) { $arrWidgets['title']->value = ''; } // Prepare the record $arrSet = array('tstamp' => $time, 'name' => $arrWidgets['name']->value, 'email' => $arrWidgets['email']->value, 'company' => $arrWidgets['company']->value, 'title' => $arrWidgets['title']->value, 'url' => $strWebsite, 'testimonial' => $this->convertLineFeeds($strTestimonial), 'ip' => $this->anonymizeIp($this->Environment->ip), 'date' => $time, 'votestotal' => $strTVotes, 'votefield1' => !$objConfig->enableVoteField1 ? '' : $arrWidgets['votefield1']->value, 'votefield2' => !$objConfig->enableVoteField2 ? '' : $arrWidgets['votefield2']->value, 'votefield3' => !$objConfig->enableVoteField3 ? '' : $arrWidgets['votefield3']->value, 'votefield4' => !$objConfig->enableVoteField4 ? '' : $arrWidgets['votefield4']->value, 'votefield5' => !$objConfig->enableVoteField5 ? '' : $arrWidgets['votefield5']->value, 'votefield6' => !$objConfig->enableVoteField6 ? '' : $arrWidgets['votefield6']->value, 'published' => $objConfig->moderate ? '' : 1); // Store the testimonial $objTestimonials = new \TestimonialsModel(); $objTestimonials->setRow($arrSet)->save(); // Prepare the notification mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['tm_subject'], \Idna::decode(\Environment::get('host'))); // Convert the testimonial to plain text $strTestimonial = strip_tags($strTestimonial); $strTestimonial = \StringUtil::decodeEntities($strTestimonial); $strTestimonial = str_replace(array('[&]', '[lt]', '[gt]'), array('&', '<', '>'), $strTestimonial); // Add the testimonial details $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['tm_message'], $arrSet['name'] . ' (' . $arrSet['email'] . ')', $strTestimonial, \Idna::decode(\Environment::get('base')) . \Environment::get('request'), \Idna::decode(\Environment::get('base')) . 'contao/main.php?do=testimonials&act=edit&id=' . $objTestimonials->id); $objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']); // Pending for approval if ($objConfig->moderate) { // FIXME: notify the subscribers when the testimonial is published $_SESSION['TL_TESTIMONIAL_ADDED'] = true; } $this->reload(); } }
/** * Create a new user and redirect * * @param \MemberModel $objMember */ protected function sendPasswordLink($objMember) { $confirmationId = md5(uniqid(mt_rand(), true)); // Store the confirmation ID $objMember = \MemberModel::findByPk($objMember->id); $objMember->activation = $confirmationId; $objMember->save(); // Prepare the simple token data $arrData = $objMember->row(); $arrData['domain'] = \Idna::decode(\Environment::get('host')); $arrData['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (\Config::get('disableAlias') || strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId; // Send e-mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = \String::parseSimpleTokens($this->reg_password, $arrData); $objEmail->sendTo($objMember->email); $this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . $objMember->email . ')', __METHOD__, TL_ACCESS); // Check whether there is a jumpTo page if (($objJumpTo = $this->objModel->getRelated('jumpTo')) !== null) { $this->jumpToOrReload($objJumpTo->row()); } $this->reload(); }
/** * Catch list from server and parse them to array. * * It only uses the official ICANN domain names and adds private * domains and missing official third-levels by using an additional hash. * * The manual added list is not complete. * * @throws ConnectErrorException * @see Novutec\Additional.php $additional * @param boolean $existFile * @return void */ private function catchTlds($existFile) { $content = @file_get_contents($this->tldUrl); if ($content === false) { if (!$existFile) { throw \Novutec\DomainParser\AbstractException::factory('Connect', 'Could not catch file from server.'); } return; } $IdnaConverter = new Idna(array('idn_version' => 2008)); // only match official ICANN domain tlds if (preg_match('/\\/\\/ ===BEGIN ICANN DOMAINS===(.*)(?=\\/\\/ ===END ICANN DOMAINS===)/s', $content, $matches) !== 1) { throw \Novutec\DomainParser\AbstractException::factory('UnparsableString', 'Could not fetch ICANN Domains of Mozilla TLD File.'); } $tlds = array(); $list_str = $matches[1]; foreach (explode("\n", $list_str) as $line) { $line = trim($line); // skip empty or comment lines if ($line == '' || $line[0] == '/' || strpos($line, '!') !== false) { continue; } // reformat prefixed wildcards if ($line[0] == '*') { $line = substr($line, 2); } // convert to xn-- format $tld = $IdnaConverter->encode($line); // validate if toplevel domain $pos = strrpos($tld, '.'); if ($pos === false) { $match = $tld; } else { $match = substr($tld, $pos + 1); } if (!isset($tlds[$match])) { $tlds[$match] = array(); } $tlds[$match][] = $tld; } // load additional to add to list require_once 'Additional.php'; // merge list and sort tlds by length within its group $this->tldList['content'] = array_merge_recursive($tlds, $additional); foreach ($this->tldList['content'] as $tldGroup => $tld) { usort($tld, function ($a, $b) { return strlen($b) - strlen($a); }); $this->tldList['content'][$tldGroup] = $tld; } $this->tldList['timestamp'] = time(); }
/** * Try to login the current user * * @return boolean True if the user could be logged in */ public function login() { \System::loadLanguageFile('default'); // Do not continue if username or password are missing if (empty($_POST['username']) || empty($_POST['password'])) { return false; } // Load the user object if ($this->findBy('username', \Input::post('username', true)) == false) { $blnLoaded = false; // HOOK: pass credentials to callback functions if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) { foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) { $this->import($callback[0], 'objImport', true); $blnLoaded = $this->objImport->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this->strTable); // Load successfull if ($blnLoaded === true) { break; } } } // Return if the user still cannot be loaded if (!$blnLoaded || $this->findBy('username', \Input::post('username', true)) == false) { \Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']); $this->log('Could not find user "' . \Input::post('username', true) . '"', __METHOD__, TL_ACCESS); return false; } } $time = time(); // Set the user language if (\Input::post('language')) { $this->language = \Input::post('language'); } // Lock the account if there are too many login attempts if ($this->loginCount < 1) { $this->locked = $time; $this->loginCount = \Config::get('loginCount'); $this->save(); // Add a log entry and the error message, because checkAccountStatus() will not be called (see #4444) $this->log('User "' . $this->username . '" has been locked for ' . ceil(\Config::get('lockPeriod') / 60) . ' minutes', __METHOD__, TL_ACCESS); \Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['accountLocked'], ceil(($this->locked + \Config::get('lockPeriod') - $time) / 60))); // Send admin notification if (\Config::get('adminEmail') != '') { $objEmail = new \Email(); $objEmail->subject = $GLOBALS['TL_LANG']['MSC']['lockedAccount'][0]; $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['lockedAccount'][1], $this->username, TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name, \Idna::decode(\Environment::get('base')), ceil(\Config::get('lockPeriod') / 60)); $objEmail->sendTo(\Config::get('adminEmail')); } return false; } // Check the account status if ($this->checkAccountStatus() == false) { return false; } // The password has been generated with crypt() if (\Encryption::test($this->password)) { $blnAuthenticated = \Encryption::verify(\Input::postUnsafeRaw('password'), $this->password); } else { list($strPassword, $strSalt) = explode(':', $this->password); $blnAuthenticated = $strSalt == '' ? $strPassword === sha1(\Input::postUnsafeRaw('password')) : $strPassword === sha1($strSalt . \Input::postUnsafeRaw('password')); // Store a SHA-512 encrpyted version of the password if ($blnAuthenticated) { $this->password = \Encryption::hash(\Input::postUnsafeRaw('password')); } } // HOOK: pass credentials to callback functions if (!$blnAuthenticated && isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) { foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) { $this->import($callback[0], 'objAuth', true); $blnAuthenticated = $this->objAuth->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this); // Authentication successfull if ($blnAuthenticated === true) { break; } } } // Redirect if the user could not be authenticated if (!$blnAuthenticated) { --$this->loginCount; $this->save(); \Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']); $this->log('Invalid password submitted for username "' . $this->username . '"', __METHOD__, TL_ACCESS); return false; } $this->setUserFromDb(); // Update the record $this->lastLogin = $this->currentLogin; $this->currentLogin = $time; $this->loginCount = \Config::get('loginCount'); $this->save(); // Generate the session $this->generateSession(); $this->log('User "' . $this->username . '" has logged in', __METHOD__, TL_ACCESS); // HOOK: post login callback if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) { foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) { $this->import($callback[0], 'objLogin', true); $this->objLogin->{$callback[1]}($this); } } return true; }
/** * Notify the subscribers of new comments * * @param \CommentsModel $objComment */ public static function notifyCommentsSubscribers(\CommentsModel $objComment) { // Notified already if ($objComment->notified) { return; } $objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent); // No subscriptions if ($objNotify === null) { return; } while ($objNotify->next()) { // Don't notify the commentor about his own comment if ($objNotify->email == $objComment->email) { continue; } // Prepare the URL $strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url; $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host'))); $objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove); $objEmail->sendTo($objNotify->email); } $objComment->notified = 1; $objComment->save(); }
/** * Valid URL * * @param mixed $varValue The value to be validated * * @return boolean True if the value is a valid URL */ public static function isUrl($varValue) { return preg_match('/^[a-zA-Z0-9\\.\\+\\/\\?#%:,;\\{\\}\\(\\)\\[\\]@&=~_-]*$/', \Idna::encodeUrl($varValue)); }
/** * Encode the domain in an URL * * @param string $strUrl The URL * * @return string The encoded URL * * @deprecated Use Idna::encodeUrl() instead */ protected function idnaEncodeUrl($strUrl) { return \Idna::encodeUrl($strUrl); }
/** * Remove the recipient */ protected function removeRecipient() { $arrChannels = \Input::post('channels'); $arrChannels = array_intersect($arrChannels, $this->nl_channels); // see #3240 // Check the selection if (!is_array($arrChannels) || empty($arrChannels)) { $_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['noChannels']; $this->reload(); } $varInput = \Idna::encodeEmail(\Input::post('email', true)); // Validate e-mail address if (!\Validator::isEmail($varInput)) { $_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['email']; $this->reload(); } $arrSubscriptions = array(); // Get the existing active subscriptions if (($objSubscription = \NewsletterRecipientsModel::findBy(array("email=? AND active=1"), $varInput)) !== null) { $arrSubscriptions = $objSubscription->fetchEach('pid'); } $arrRemove = array_intersect($arrChannels, $arrSubscriptions); // Return if there are no subscriptions to remove if (!is_array($arrRemove) || empty($arrRemove)) { $_SESSION['UNSUBSCRIBE_ERROR'] = $GLOBALS['TL_LANG']['ERR']['unsubscribed']; $this->reload(); } // Remove the subscriptions if (($objRemove = \NewsletterRecipientsModel::findByEmailAndPids($varInput, $arrRemove)) !== null) { while ($objRemove->next()) { $objRemove->delete(); } } // Get the channels $objChannels = \NewsletterChannelModel::findByIds($arrRemove); $arrChannels = $objChannels->fetchEach('title'); // Log activity $this->log($varInput . ' unsubscribed from ' . implode(', ', $arrChannels), 'ModuleUnsubscribe removeRecipient()', TL_NEWSLETTER); // HOOK: post unsubscribe callback if (isset($GLOBALS['TL_HOOKS']['removeRecipient']) && is_array($GLOBALS['TL_HOOKS']['removeRecipient'])) { foreach ($GLOBALS['TL_HOOKS']['removeRecipient'] as $callback) { $this->import($callback[0]); $this->{$callback}[0]->{$callback}[1]($varInput, $arrRemove); } } // Prepare the e-mail text $strText = str_replace('##domain##', \Environment::get('host'), $this->nl_unsubscribe); $strText = str_replace(array('##channel##', '##channels##'), implode("\n", $arrChannels), $strText); // Confirmation e-mail $objEmail = new \Email(); $objEmail->from = $GLOBALS['TL_ADMIN_EMAIL']; $objEmail->fromName = $GLOBALS['TL_ADMIN_NAME']; $objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Environment::get('host')); $objEmail->text = $strText; $objEmail->sendTo($varInput); // Redirect to the jumpTo page if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) { $this->redirect($this->generateFrontendUrl($objTarget->row())); } $_SESSION['UNSUBSCRIBE_CONFIRM'] = $GLOBALS['TL_LANG']['MSC']['nl_removed']; $this->reload(); }
/** * List a particular record * * @param array $arrRow * * @return string */ public function listComments($arrRow) { $title = $GLOBALS['TL_LANG']['tl_comments'][$arrRow['source']] . ' ' . $arrRow['parent']; switch ($arrRow['source']) { case 'tl_content': $objParent = $this->Database->prepare("SELECT id, title FROM tl_article WHERE id=(SELECT pid FROM tl_content WHERE id=?)")->execute($arrRow['parent']); if ($objParent->numRows) { $title .= ' (<a href="contao/main.php?do=article&table=tl_content&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->title . '</a>)'; } break; case 'tl_page': $objParent = $this->Database->prepare("SELECT id, title FROM tl_page WHERE id=?")->execute($arrRow['parent']); if ($objParent->numRows) { $title .= ' (<a href="contao/main.php?do=page&act=edit&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->title . '</a>)'; } break; case 'tl_news': $objParent = $this->Database->prepare("SELECT id, headline FROM tl_news WHERE id=?")->execute($arrRow['parent']); if ($objParent->numRows) { $title .= ' (<a href="contao/main.php?do=news&table=tl_news&act=edit&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->headline . '</a>)'; } break; case 'tl_faq': $objParent = $this->Database->prepare("SELECT id, question FROM tl_faq WHERE id=?")->execute($arrRow['parent']); if ($objParent->numRows) { $title .= ' (<a href="contao/main.php?do=faq&table=tl_faq&act=edit&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->question . '</a>)'; } break; case 'tl_calendar_events': $objParent = $this->Database->prepare("SELECT id, title FROM tl_calendar_events WHERE id=?")->execute($arrRow['parent']); if ($objParent->numRows) { $title .= ' (<a href="contao/main.php?do=calendar&table=tl_calendar_events&act=edit&id=' . $objParent->id . '&rt=' . REQUEST_TOKEN . '">' . $objParent->title . '</a>)'; } break; default: // HOOK: support custom modules if (isset($GLOBALS['TL_HOOKS']['listComments']) && is_array($GLOBALS['TL_HOOKS']['listComments'])) { foreach ($GLOBALS['TL_HOOKS']['listComments'] as $callback) { $this->import($callback[0]); if (($tmp = $this->{$callback[0]}->{$callback[1]}($arrRow)) != '') { $title .= $tmp; break; } } } break; } $key = ($arrRow['published'] ? 'published' : 'unpublished') . ($arrRow['addReply'] ? ' replied' : ''); return ' <div class="comment_wrap"> <div class="cte_type ' . $key . '"><strong><a href="mailto:' . Idna::decodeEmail($arrRow['email']) . '" title="' . specialchars(Idna::decodeEmail($arrRow['email'])) . '">' . $arrRow['name'] . '</a></strong>' . ($arrRow['website'] != '' ? ' (<a href="' . $arrRow['website'] . '" title="' . specialchars($arrRow['website']) . '" target="_blank">' . $GLOBALS['TL_LANG']['MSC']['com_website'] . '</a>)' : '') . ' - ' . Date::parse(Config::get('datimFormat'), $arrRow['date']) . ' - IP ' . specialchars($arrRow['ip']) . '<br>' . $title . '</div> <div class="limit_height mark_links' . (!Config::get('doNotCollapse') ? ' h52' : '') . '"> ' . $arrRow['comment'] . ' </div> </div>' . "\n "; }
/** * Recursively validate an input variable * * @param mixed $varInput The user input * * @return mixed The original or modified user input */ protected function validator($varInput) { if (is_array($varInput)) { foreach ($varInput as $k => $v) { $varInput[$k] = $this->validator($v); } return $varInput; } if (!$this->doNotTrim) { $varInput = trim($varInput); } if ($varInput == '') { if (!$this->mandatory) { return ''; } else { if ($this->strLabel == '') { $this->addError($GLOBALS['TL_LANG']['ERR']['mdtryNoLabel']); } else { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['mandatory'], $this->strLabel)); } } } if ($this->minlength && $varInput != '' && utf8_strlen($varInput) < $this->minlength) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['minlength'], $this->strLabel, $this->minlength)); } if ($this->maxlength && $varInput != '' && utf8_strlen($varInput) > $this->maxlength) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['maxlength'], $this->strLabel, $this->maxlength)); } if ($this->minval && is_numeric($varInput) && $varInput < $this->minval) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['minval'], $this->strLabel, $this->minval)); } if ($this->maxval && is_numeric($varInput) && $varInput > $this->maxval) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['maxval'], $this->strLabel, $this->maxval)); } if ($this->rgxp != '') { switch ($this->rgxp) { // Special validation rule for style sheets case strncmp($this->rgxp, 'digit_', 6) === 0: $textual = explode('_', $this->rgxp); array_shift($textual); if (in_array($varInput, $textual) || strncmp($varInput, '$', 1) === 0) { break; } // DO NOT ADD A break; STATEMENT HERE // Numeric characters (including full stop [.] and minus [-]) // DO NOT ADD A break; STATEMENT HERE // Numeric characters (including full stop [.] and minus [-]) case 'digit': // Support decimal commas and convert them automatically (see #3488) if (substr_count($varInput, ',') == 1 && strpos($varInput, '.') === false) { $varInput = str_replace(',', '.', $varInput); } if (!\Validator::isNumeric($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['digit'], $this->strLabel)); } break; // Natural numbers (positive integers) // Natural numbers (positive integers) case 'natural': if (!\Validator::isNatural($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['natural'], $this->strLabel)); } break; // Alphabetic characters (including full stop [.] minus [-] and space [ ]) // Alphabetic characters (including full stop [.] minus [-] and space [ ]) case 'alpha': if (!\Validator::isAlphabetic($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['alpha'], $this->strLabel)); } break; // Alphanumeric characters (including full stop [.] minus [-], underscore [_] and space [ ]) // Alphanumeric characters (including full stop [.] minus [-], underscore [_] and space [ ]) case 'alnum': if (!\Validator::isAlphanumeric($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['alnum'], $this->strLabel)); } break; // Do not allow any characters that are usually encoded by class Input [=<>()#/]) // Do not allow any characters that are usually encoded by class Input [=<>()#/]) case 'extnd': if (!\Validator::isExtendedAlphanumeric(html_entity_decode($varInput))) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['extnd'], $this->strLabel)); } break; // Check whether the current value is a valid date format // Check whether the current value is a valid date format case 'date': if (!\Validator::isDate($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['date'], \Date::getInputFormat(\Date::getNumericDateFormat()))); } else { // Validate the date (see #5086) try { new \Date($varInput, \Date::getNumericDateFormat()); } catch (\OutOfBoundsException $e) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['invalidDate'], $varInput)); } } break; // Check whether the current value is a valid time format // Check whether the current value is a valid time format case 'time': if (!\Validator::isTime($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['time'], \Date::getInputFormat(\Date::getNumericTimeFormat()))); } break; // Check whether the current value is a valid date and time format // Check whether the current value is a valid date and time format case 'datim': if (!\Validator::isDatim($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['dateTime'], \Date::getInputFormat(\Date::getNumericDatimFormat()))); } else { // Validate the date (see #5086) try { new \Date($varInput, \Date::getNumericDatimFormat()); } catch (\OutOfBoundsException $e) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['invalidDate'], $varInput)); } } break; // Check whether the current value is a valid friendly name e-mail address // Check whether the current value is a valid friendly name e-mail address case 'friendly': list($strName, $varInput) = \String::splitFriendlyEmail($varInput); // no break; // Check whether the current value is a valid e-mail address // no break; // Check whether the current value is a valid e-mail address case 'email': if (!\Validator::isEmail($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['email'], $this->strLabel)); } if ($this->rgxp == 'friendly' && $strName != '') { $varInput = $strName . ' [' . $varInput . ']'; } break; // Check whether the current value is list of valid e-mail addresses // Check whether the current value is list of valid e-mail addresses case 'emails': $arrEmails = trimsplit(',', $varInput); foreach ($arrEmails as $strEmail) { $strEmail = \Idna::encodeEmail($strEmail); if (!\Validator::isEmail($strEmail)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['emails'], $this->strLabel)); break; } } break; // Check whether the current value is a valid URL // Check whether the current value is a valid URL case 'url': if (!\Validator::isUrl($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['url'], $this->strLabel)); } break; // Check whether the current value is a valid alias // Check whether the current value is a valid alias case 'alias': if (!\Validator::isAlias($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['alias'], $this->strLabel)); } break; // Check whether the current value is a valid folder URL alias // Check whether the current value is a valid folder URL alias case 'folderalias': if (!\Validator::isFolderAlias($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['folderalias'], $this->strLabel)); } break; // Phone numbers (numeric characters, space [ ], plus [+], minus [-], parentheses [()] and slash [/]) // Phone numbers (numeric characters, space [ ], plus [+], minus [-], parentheses [()] and slash [/]) case 'phone': if (!\Validator::isPhone(html_entity_decode($varInput))) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['phone'], $this->strLabel)); } break; // Check whether the current value is a percent value // Check whether the current value is a percent value case 'prcnt': if (!\Validator::isPercent($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['prcnt'], $this->strLabel)); } break; // Check whether the current value is a locale // Check whether the current value is a locale case 'locale': if (!\Validator::isLocale($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['locale'], $this->strLabel)); } break; // Check whether the current value is a language code // Check whether the current value is a language code case 'language': if (!\Validator::isLanguage($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['language'], $this->strLabel)); } break; // Check whether the current value is a Google+ ID or vanity name // Check whether the current value is a Google+ ID or vanity name case 'google+': if (!\Validator::isGooglePlusId($varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['invalidGoogleId'], $this->strLabel)); } break; // HOOK: pass unknown tags to callback functions // HOOK: pass unknown tags to callback functions default: if (isset($GLOBALS['TL_HOOKS']['addCustomRegexp']) && is_array($GLOBALS['TL_HOOKS']['addCustomRegexp'])) { foreach ($GLOBALS['TL_HOOKS']['addCustomRegexp'] as $callback) { $this->import($callback[0]); $break = $this->{$callback}[0]->{$callback}[1]($this->rgxp, $varInput, $this); // Stop the loop if a callback returned true if ($break === true) { break; } } } break; } } if ($this->isHexColor && $varInput != '' && strncmp($varInput, '$', 1) !== 0) { $varInput = preg_replace('/[^a-f0-9]+/i', '', $varInput); } if ($this->nospace && preg_match('/[\\t ]+/', $varInput)) { $this->addError(sprintf($GLOBALS['TL_LANG']['ERR']['noSpace'], $this->strLabel)); } if ($this->spaceToUnderscore) { $varInput = preg_replace('/\\s+/', '_', trim($varInput)); } if (is_bool($this->trailingSlash) && $varInput != '') { $varInput = preg_replace('/\\/+$/', '', $varInput) . ($this->trailingSlash ? '/' : ''); } return $varInput; }
/** * Trim the values * * @param mixed $varInput The user input * * @return mixed The validated user input */ protected function validator($varInput) { if (is_array($varInput)) { return parent::validator($varInput); } // Convert to Punycode format (see #5571) if ($this->rgxp == 'url') { $varInput = \Idna::encodeUrl($varInput); } elseif ($this->rgxp == 'email' || $this->rgxp == 'friendly') { $varInput = \Idna::encodeEmail($varInput); } return parent::validator($varInput); }
/** * Valid URL with special characters allowed (see #6402) * * @param mixed $varValue The value to be validated * * @return boolean True if the value is a valid URL */ public static function isUrl($varValue) { if (function_exists('mb_eregi')) { return mb_eregi('^[[:alnum:]\\.\\*\\+\\/\\?\\$#%:,;\\{\\}\\(\\)\\[\\]@&!=~_-]+$', \Idna::encodeUrl($varValue)); } else { return preg_match('/^[\\w\\/.*+?$#%:,;{}()[\\]@&!=~-]+$/u', \Idna::encodeUrl($varValue)); } }