function save($data = 0) { $fileModel = VmModel::getModel('media'); //Now we try to determine to which this media should be long to $data = array_merge(vRequest::getRequest(), vRequest::get('media')); //$data['file_title'] = vRequest::getVar('file_title','','post','STRING',JREQUEST_ALLOWHTML); if (!empty($data['file_description'])) { $data['file_description'] = JComponentHelper::filterText($data['file_description']); //vRequest::filter(); vRequest::getHtml('file_description',''); } /*$data['media_action'] = vRequest::getCmd('media[media_action]'); $data['media_attributes'] = vRequest::getCmd('media[media_attributes]'); $data['file_type'] = vRequest::getCmd('media[file_type]');*/ if (empty($data['file_type'])) { $data['file_type'] = $data['media_attributes']; } $msg = ''; if ($id = $fileModel->store($data)) { $msg = vmText::_('COM_VIRTUEMART_FILE_SAVED_SUCCESS'); } $cmd = vRequest::getCmd('task'); if ($cmd == 'apply') { $redirection = 'index.php?option=com_virtuemart&view=media&task=edit&virtuemart_media_id=' . $id; } else { $redirection = 'index.php?option=com_virtuemart&view=media'; } $this->setRedirect($redirection, $msg); }
/** * Sanitize a value * * @param mixed $value Input string/array-of-string to be 'cleaned' * @return mixed 'Cleaned' version of input parameter */ public function sanitize($value) { $value = (string) $value; if (!empty($value)) { $value = JComponentHelper::filterText($value); } return $value; }
protected function getInputData() { $data = parent::getInputData(); $params = JComponentHelper::getParams('com_k2'); if ($params->get('mergeEditors')) { $data['text'] = JComponentHelper::filterText($this->input->get('text', '', 'raw')); } else { $data['introtext'] = JComponentHelper::filterText($this->input->get('introtext', '', 'raw')); $data['fulltext'] = JComponentHelper::filterText($this->input->get('fulltext', '', 'raw')); } $data['media'] = JComponentHelper::filterText($this->input->get('media', '', 'raw')); return $data; }
/** * We want to allow html so we need to overwrite some request data * * @author Max Milbers */ function save($data = 0) { $data = JRequest::get('post'); if (!class_exists('Permissions')) { require JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'permissions.php'; } if (Permissions::getInstance()->check('admin')) { $data['product_desc'] = JRequest::getVar('product_desc', '', 'post', 'STRING', 2); $data['product_s_desc'] = JRequest::getVar('product_s_desc', '', 'post', 'STRING', 2); $data['customtitle'] = JRequest::getVar('customtitle', '', 'post', 'STRING', 2); } else { $data['product_desc'] = JRequest::getVar('product_desc', '', 'post', 'STRING', 2); $data['product_desc'] = JComponentHelper::filterText($data['product_desc']); //Why we have this? $multix = Vmconfig::get('multix', 'none'); if ($multix != 'none') { //in fact this shoudl be used, when the mode is administrated and the sysetm is so that //every product must be approved by an admin. unset($data['published']); //unset($data['childs']); } } parent::save($data); }
function saveAddressInCart($data, $type, $putIntoSession = true,$prefix='') { // VirtueMartModelUserfields::getUserFields() won't work if(!class_exists('VirtueMartModelUserfields')) require(VMPATH_ADMIN.DS.'models'.DS.'userfields.php' ); $userFieldsModel = VmModel::getModel('userfields'); if ($type == 'STaddress' or $type == 'BTaddress'){ vmTrace('STaddress found, seek and destroy'); } $prepareUserFields = $userFieldsModel->getUserFieldsFor('cart',$type); if(!is_array($data)){ $data = get_object_vars($data); } if ($type =='ST') { $this->STsameAsBT = 0; } else { // BT if(empty($data['email'])){ $jUser = JFactory::getUser(); $address['email'] = $jUser->email; } } $address = array(); if(!class_exists('vmFilter'))require(VMPATH_ADMIN.DS.'helpers'.DS.'vmfilter.php'); foreach ($prepareUserFields as $fld) { if(!empty($fld->name)){ $name = $fld->name; if(!isset($data[$prefix.$name])){ $tmp = vRequest::getString($prefix.$name,false); if($tmp){ $data[$prefix.$name] = $tmp; } else if($fld->required and isset($this->{$type}[$name])){ //Why we have this fallback to the already stored value? $data[$prefix.$name] = $this->{$type}[$name]; } /*if($fld->type=='text'){ } else { vmdebug('my fld ',$fld); }*/ } if(isset($data[$prefix.$name])){ if(!empty($data[$prefix.$name])){ $value = vmFilter::hl( $data[$prefix.$name],array('deny_attribute'=>'*')); //to strong /* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */ //lets use instead $value = JComponentHelper::filterText($value); $value = (string)preg_replace('#on[a-z](.+?)\)#si','',$value);//replace start of script onclick() onload()... $value = trim(str_replace('"', ' ', $value),"'") ; $data[$prefix.$name] = (string)preg_replace('#^\'#si','',$value); } $address[$name] = $data[$prefix.$name]; } else { vmdebug('Data not found for type '.$type.' and name '.$prefix.$name.' '); } } } //dont store passwords in the session unset($address['password']); unset($address['password2']); $this->{$type} = $address; if($putIntoSession){ $this->setCartIntoSession(true); } }
function saveForm() { $template = new stdClass(); $template->tempid = acymailing_getCID('tempid'); $formData = JRequest::getVar('data', array(), '', 'array'); if (!empty($formData['template']['category']) && $formData['template']['category'] == -1) { $formData['template']['category'] = JRequest::getString('newcategory', ''); } foreach ($formData['template'] as $column => $value) { acymailing_secureField($column); $template->{$column} = strip_tags($value); } $styles = JRequest::getVar('styles', array(), '', 'array'); foreach ($styles as $class => $oneStyle) { $styles[$class] = str_replace('"', "'", $oneStyle); if (empty($oneStyle)) { unset($styles[$class]); } } $newStyles = JRequest::getVar('otherstyles', array(), '', 'array'); if (!empty($newStyles)) { foreach ($newStyles['classname'] as $id => $className) { if (!empty($className) and $className != JText::_('CLASS_NAME') and !empty($newStyles['style'][$id]) and $newStyles['style'][$id] != JText::_('CSS_STYLE')) { $className = str_replace(array(',', ' ', ':', '.', '#'), '', $className); $styles[$className] = str_replace('"', "'", $newStyles['style'][$id]); } } } $template->styles = serialize($styles); if (empty($template->thumb)) { unset($template->thumb); } elseif ($template->thumb == 'delete') { $template->thumb = ''; } if (empty($template->readmore)) { unset($template->readmore); } elseif ($template->readmore == 'delete') { $template->readmore = ''; } $template->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW); if (ACYMAILING_J25) { $template->body = JComponentHelper::filterText($template->body); } if (!empty($styles['color_bg'])) { $pat1 = '#^([^<]*<[^>]*background-color:)([^;">]{1,30})#i'; $found = false; if (preg_match($pat1, $template->body)) { $template->body = preg_replace($pat1, '$1' . $styles['color_bg'], $template->body); $found = true; } $pat2 = '#^([^<]*<[^>]*bgcolor=")([^;">]{1,10})#i'; if (preg_match($pat2, $template->body)) { $template->body = preg_replace($pat2, '$1' . $styles['color_bg'], $template->body); $found = true; } if (!$found) { $template->body = '<div style="background-color:' . $styles['color_bg'] . ';" width="100%">' . $template->body . '</div>'; } } $acypluginsHelper = acymailing_get('helper.acyplugins'); $acypluginsHelper->cleanHtml($template->body); $template->description = JRequest::getVar('editor_description', '', '', 'string', JREQUEST_ALLOWHTML); $tempid = $this->save($template); if (!$tempid) { return false; } if (empty($template->tempid)) { $orderClass = acymailing_get('helper.order'); $orderClass->pkey = 'tempid'; $orderClass->table = 'template'; $orderClass->reOrder(); } $this->createTemplateFile($tempid); JRequest::setVar('tempid', $tempid); return true; }
protected function getInputData() { $data = parent::getInputData(); $data['description'] = JComponentHelper::filterText($this->input->get('description', '', 'raw')); return $data; }
/** * Add a product to the cart * * @author RolandD * @author Max Milbers * @access public */ public function add($virtuemart_product_ids = null, &$errorMsg = '') { $mainframe = JFactory::getApplication(); $success = false; $post = JRequest::get('default'); if (empty($virtuemart_product_ids)) { $virtuemart_product_ids = JRequest::getVar('virtuemart_product_id', array(), 'default', 'array'); //is sanitized then } if (empty($virtuemart_product_ids)) { $mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_CART_ERROR_NO_PRODUCT_IDS', false)); return false; } $pModel = VmModel::getModel('product'); //Iterate through the prod_id's and perform an add to cart for each one foreach ($virtuemart_product_ids as $p_key => $virtuemart_product_id) { $quantityPost = (int) $post['quantity'][$p_key]; if ($quantityPost === 0) { continue; } //$pModel->setId($virtuemart_product_id); $tmpProduct = $pModel->getProduct($virtuemart_product_id, true, false, true, $quantityPost); if (VmConfig::get('oncheckout_show_images')) { $pModel->addImages($tmpProduct, 1); } // trying to save some space in the session table $product = new stdClass(); $product->virtuemart_manufacturer_id = $tmpProduct->virtuemart_manufacturer_id; // $product -> mf_name = $tmpProduct -> mf_name; $product->slug = $tmpProduct->slug; // $product -> mf_desc = $tmpProduct -> mf_desc; // $product -> mf_url = $tmpProduct -> mf_url; $product->published = $tmpProduct->published; $product->virtuemart_product_price_id = $tmpProduct->virtuemart_product_price_id; $product->virtuemart_product_id = $tmpProduct->virtuemart_product_id; $product->virtuemart_shoppergroup_id = $tmpProduct->virtuemart_shoppergroup_id; $product->product_price = $tmpProduct->product_price; $product->override = $tmpProduct->override; $product->product_override_price = $tmpProduct->product_override_price; $product->product_tax_id = $tmpProduct->product_tax_id; $product->product_discount_id = $tmpProduct->product_discount_id; $product->product_currency = $tmpProduct->product_currency; // $product -> product_price_vdate = $tmpProduct -> product_price_vdate; // $product -> product_price_edate = $tmpProduct -> product_price_edate; $product->virtuemart_vendor_id = $tmpProduct->virtuemart_vendor_id; $product->product_parent_id = $tmpProduct->product_parent_id; $product->product_sku = $tmpProduct->product_sku; $product->product_name = $tmpProduct->product_name; $product->product_s_desc = $tmpProduct->product_s_desc; $product->product_weight = $tmpProduct->product_weight; $product->product_weight_uom = $tmpProduct->product_weight_uom; $product->product_length = $tmpProduct->product_length; $product->product_width = $tmpProduct->product_width; $product->product_height = $tmpProduct->product_height; $product->product_lwh_uom = $tmpProduct->product_lwh_uom; $product->product_in_stock = $tmpProduct->product_in_stock; $product->product_ordered = $tmpProduct->product_ordered; $product->product_available_date = $tmpProduct->product_available_date; $product->product_availability = $tmpProduct->product_availability; $product->product_sales = $tmpProduct->product_sales; $product->product_unit = $tmpProduct->product_unit; $product->product_packaging = $tmpProduct->product_packaging; $product->min_order_level = $tmpProduct->min_order_level; $product->max_order_level = $tmpProduct->max_order_level; $product->virtuemart_media_id = $tmpProduct->virtuemart_media_id; $product->step_order_level = $tmpProduct->step_order_level; if (!empty($tmpProduct->images)) { $product->image = $tmpProduct->images[0]; } $product->categories = $tmpProduct->categories; $product->virtuemart_category_id = $tmpProduct->virtuemart_category_id; $product->category_name = $tmpProduct->category_name; $product->link = $tmpProduct->link; $product->packaging = $tmpProduct->packaging; //$product -> customfields = empty($tmpProduct -> customfields)? array():$tmpProduct -> customfields ; //$product -> customfieldsCart = empty($tmpProduct -> customfieldsCart)? array(): $tmpProduct -> customfieldsCart; if (!empty($tmpProduct->customfieldsCart)) { $product->customfieldsCart = true; } //$product -> customsChilds = empty($tmpProduct -> customsChilds)? array(): $tmpProduct -> customsChilds; //Why reloading the product wiht same name $product ? // passed all from $tmpProduct and relaoding it second time ???? // $tmpProduct = $this->getProduct((int) $virtuemart_product_id); seee before !!! // $product = $this->getProduct((int) $virtuemart_product_id); // Who ever noted that, yes that is exactly right that way, before we have a full object, with all functions // of all its parents, we only need the data of the product, so we create a dummy class which contains only the data // This is extremly important for performance reasons, else the sessions becomes too big. // Check if we have a product if ($product) { if (!empty($post['virtuemart_category_id'][$p_key])) { $virtuemart_category_idPost = (int) $post['virtuemart_category_id'][$p_key]; $product->virtuemart_category_id = $virtuemart_category_idPost; } $productKey = $product->virtuemart_product_id; // INDEX NOT FOUND IN JSON HERE // changed name field you know exactly was this is if (isset($post['customPrice'])) { $product->customPrices = $post['customPrice']; if (isset($post['customPlugin'])) { //if(!class_exists('vmFilter'))require(JPATH_VM_ADMINISTRATOR.DS.'helpers'.DS.'vmfilter.php'); if (!is_array($post['customPlugin'])) { $customPluginPost = (array) $post['customPlugin']; } else { $customPluginPost = $post['customPlugin']; } foreach ($customPluginPost as &$customPlugin) { if (is_array($customPlugin)) { foreach ($customPlugin as &$customPlug) { if (is_array($customPlug)) { foreach ($customPlug as &$customPl) { //$value = vmFilter::hl( $customPl,array('deny_attribute'=>'*')); //to strong /* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */ //lets use instead $value = JComponentHelper::filterText($customPl); $value = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $value); //replace start of script onclick() onload()... $value = trim(str_replace('"', ' ', $value), "'"); $customPl = (string) preg_replace('#^\'#si', '', $value); } } } } } $product->customPlugin = json_encode($customPluginPost); } $productKey .= '::'; foreach ($product->customPrices as $customPrice) { foreach ($customPrice as $customId => $custom_fieldId) { //MarkerVarMods if (is_array($custom_fieldId)) { foreach ($custom_fieldId as $userfieldId => $userfield) { //$productKey .= (int)$customId . ':' . (int)$userfieldId . ';'; $productKey .= (int) $custom_fieldId . ':' . (int) $customId . ';'; } } else { //TODO productCartId $productKey .= (int) $custom_fieldId . ':' . (int) $customId . ';'; } } } } // Add in the quantity in case the customfield plugins need it $product->quantity = (int) $quantityPost; if (!class_exists('vmCustomPlugin')) { require JPATH_VM_PLUGINS . DS . 'vmcustomplugin.php'; } JPluginHelper::importPlugin('vmcustom'); $dispatcher = JDispatcher::getInstance(); // on returning false the product have not to be added to cart $addToCartReturnValues = $dispatcher->trigger('plgVmOnAddToCart', array(&$product)); foreach ($addToCartReturnValues as $returnValue) { if ($returnValue === false) { continue 2; } } if (array_key_exists($productKey, $this->products) && empty($product->customPlugin)) { $errorMsg = JText::_('COM_VIRTUEMART_CART_PRODUCT_UPDATED'); $totalQuantity = $this->products[$productKey]->quantity + $quantityPost; if ($this->checkForQuantities($product, $totalQuantity, $errorMsg)) { $this->products[$productKey]->quantity = $totalQuantity; } else { continue; } } else { if (!empty($product->customPlugin)) { $productKey .= count($this->products); } if ($this->checkForQuantities($product, $quantityPost, $errorMsg)) { $this->products[$productKey] = $product; $product->quantity = $quantityPost; //$mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_CART_PRODUCT_ADDED')); } else { // $errorMsg = JText::_('COM_VIRTUEMART_CART_PRODUCT_OUT_OF_STOCK'); continue; } } $success = true; } else { $mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_PRODUCT_NOT_FOUND', false)); return false; } } if ($success == false) { return false; } // End Iteration through Prod id's $this->setCartIntoSession(); return $tmpProduct; }
function saveastmpl() { $tmplClass = acymailing_get('class.template'); $newTmpl = new stdClass(); $formData = JRequest::getVar('data', array(), '', 'array'); if (!empty($formData['mail']['tempid'])) { $template = $tmplClass->get($formData['mail']['tempid']); $newTmpl->styles = $template->styles; $newTmpl->stylesheet = $template->stylesheet; $newTmpl->category = $template->category; } if (!empty($formData['mail']['subject'])) { $formData['mail']['subject'] = str_replace(chr(226) . chr(128) . chr(168), '', $formData['mail']['subject']); $newTmpl->subject = strip_tags($formData['mail']['subject']); $newTmpl->name = strip_tags($formData['mail']['subject']); } $newTmpl->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW); if (ACYMAILING_J25) { $newTmpl->body = JComponentHelper::filterText($newTmpl->body); } $acypluginsHelper = acymailing_get('helper.acyplugins'); $acypluginsHelper->cleanHtml($newTmpl->body); if (!empty($formData['mail']['thumb']) && $formData['mail']['thumb'] == 'delete') { $newTmpl->thumb = null; } elseif (!empty($formData['mail']['thumb'])) { $newTmpl->thumb = strip_tags($formData['mail']['thumb']); } else { $mailid = acymailing_getCID('mailid'); if (!empty($mailid)) { $mail = $this->get($mailid); $newTmpl->thumb = $mail->thumb; } } if (!empty($formData['mail']['altbody'])) { $newTmpl->altbody = strip_tags($formData['mail']['altbody']); } if (!empty($formData['mail']['fromname'])) { $newTmpl->fromname = strip_tags($formData['mail']['fromname']); } if (!empty($formData['mail']['fromemail'])) { $newTmpl->fromemail = strip_tags($formData['mail']['fromemail']); } if (!empty($formData['mail']['replyname'])) { $newTmpl->replyname = strip_tags($formData['mail']['replyname']); } if (!empty($formData['mail']['replyemail'])) { $newTmpl->replyemail = strip_tags($formData['mail']['replyemail']); } if (!empty($formData['mail']['summary'])) { $newTmpl->description = strip_tags($formData['mail']['summary']); } $newTmpl->ordering = 1; $tempid = $tmplClass->save($newTmpl); if (!empty($tempid)) { $formData['mail']['tempid'] = $tempid; acymailing_enqueueMessage(JText::_('ACY_SAVEASTMPL_VALID'), 'message'); } else { acymailing_enqueueMessage(JText::_('ERROR_SAVING'), 'error'); } return true; }
function cleanText($text) { if (version_compare(JVERSION, '2.5.0', 'ge')) { $text = JComponentHelper::filterText($text); } else { if (version_compare(JVERSION, '2.5.0', 'lt') && version_compare(JVERSION, '1.6.0', 'ge')) { JLoader::register('ContentHelper', JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_content' . DS . 'helpers' . DS . 'content.php'); $text = ContentHelper::filterText($text); } else { $config = JComponentHelper::getParams('com_content'); $user = JFactory::getUser(); $gid = $user->get('gid'); $filterGroups = $config->get('filter_groups'); // convert to array if one group selected if (!is_array($filterGroups) && (int) $filterGroups > 0) { $filterGroups = array($filterGroups); } if (is_array($filterGroups) && in_array($gid, $filterGroups)) { $filterType = $config->get('filter_type'); $filterTags = preg_split('#[,\\s]+#', trim($config->get('filter_tags'))); $filterAttrs = preg_split('#[,\\s]+#', trim($config->get('filter_attritbutes'))); switch ($filterType) { case 'NH': $filter = new JFilterInput(); break; case 'WL': $filter = new JFilterInput($filterTags, $filterAttrs, 0, 0, 0); break; case 'BL': default: $filter = new JFilterInput($filterTags, $filterAttrs, 1, 1); break; } $text = $filter->clean($text); } elseif (empty($filterGroups) && $gid != '25') { // no default filtering for super admin (gid=25) $filter = new JFilterInput(array(), array(), 1, 1); $text = $filter->clean($text); } } } return $text; }
/** * - Encodes all characters that has a numerical value <32. * - keeps "secure" html */ public static function getHtml($name, $default = ''){ $tmp = self::get($name, $default,FILTER_UNSAFE_RAW,FILTER_FLAG_ENCODE_LOW); return JComponentHelper::filterText($tmp); }
function save($data) { $db = $this->getDbo(); $row = $this->getTable('igallery_img'); if (!$row->bind($data)) { $this->setError($db->getErrorMsg()); return false; } if (strpos($row->description, 'class="des_div"') > 0) { JError::raise(2, 500, 'Error: Html formatting has been copied from the gallery frontend into the description, please paste plain text'); } $row->alt_text = htmlspecialchars($row->alt_text, ENT_QUOTES); $raw = JRequest::getVar('jform', array(), 'post', 'NONE', JREQUEST_ALLOWRAW); $row->description = JComponentHelper::filterText($raw['description']); if (!$row->store()) { $this->setError($db->getErrorMsg()); return false; } if (JFactory::getApplication()->isSite()) { $data = JRequest::getVar('jform', array(), 'post', 'NONE', 4); $id = (int) $data['id']; } else { $id = JRequest::getInt('id', 0); } $query = 'SELECT gallery_id, ordering from #__igallery_img WHERE id = ' . (int) $id; $db->setQuery($query); $currentRow = $db->loadObject(); $nextOrdering = $currentRow->ordering + 1; $query = 'SELECT id from #__igallery_img WHERE gallery_id = ' . (int) $currentRow->gallery_id . ' AND ordering = ' . (int) $nextOrdering . ' LIMIT 1'; $db->setQuery($query); $nextRow = $db->loadObject(); return $nextRow->id; }
public static function getHtml($name, $default = '') { $tmp = self::get($name, $default); return JComponentHelper::filterText($tmp); }
function saveForm() { $app = JFactory::getApplication(); $config = acymailing_config(); $template = new stdClass(); $template->tempid = acymailing_getCID('tempid'); $formData = JRequest::getVar('data', array(), '', 'array'); foreach ($formData['template'] as $column => $value) { acymailing_secureField($column); $template->{$column} = strip_tags($value); } $styles = JRequest::getVar('styles', array(), '', 'array'); foreach ($styles as $class => $oneStyle) { $styles[$class] = str_replace('"', "'", $oneStyle); if (empty($oneStyle)) { unset($styles[$class]); } } $newStyles = JRequest::getVar('otherstyles', array(), '', 'array'); if (!empty($newStyles)) { foreach ($newStyles['classname'] as $id => $className) { if (!empty($className) and $className != JText::_('CLASS_NAME') and !empty($newStyles['style'][$id]) and $newStyles['style'][$id] != JText::_('CSS_STYLE')) { $className = str_replace(array(',', ' ', ':', '.', '#'), '', $className); $styles[$className] = str_replace('"', "'", $newStyles['style'][$id]); } } } $template->styles = serialize($styles); $files = JRequest::getVar('pictures', array(), 'files', 'array'); if (!empty($files)) { jimport('joomla.filesystem.file'); $uploadFolder = JPath::clean(html_entity_decode($config->get('uploadfolder'))); $uploadFolder = trim($uploadFolder, DS . ' ') . DS; $uploadPath = JPath::clean(ACYMAILING_ROOT . $uploadFolder); acymailing_createDir($uploadPath, true); if (!is_writable($uploadPath)) { @chmod($uploadPath, '0755'); if (!is_writable($uploadPath)) { $app->enqueueMessage(JText::sprintf('WRITABLE_FOLDER', $uploadPath), 'notice'); } } $allowedExtensions = array('jpg', 'gif', 'png', 'jpeg', 'ico', 'bmp'); foreach ($files['name'] as $id => $filename) { if (empty($filename)) { continue; } $extension = strtolower(substr($filename, strrpos($filename, '.') + 1)); if (!in_array($extension, $allowedExtensions)) { $app->enqueueMessage(JText::sprintf('ACCEPTED_TYPE', $extension, implode(', ', $allowedExtensions)), 'notice'); continue; } $pictname = strtolower(substr(JFile::makeSafe($filename), 0, strrpos($filename, '.') + 1)); $pictname = preg_replace('#[^0-9a-z]#i', '_', $pictname); $pictfullname = $pictname . '.' . $extension; if (file_exists($uploadPath . $pictfullname)) { $pictfullname = $pictname . time() . '.' . $extension; } if (!JFile::upload($files['tmp_name'][$id], $uploadPath . $pictfullname)) { if (!move_uploaded_file($files['tmp_name'][$id], $uploadPath . $pictfullname)) { $app->enqueueMessage(JText::sprintf('FAIL_UPLOAD', '<b><i>' . $files['tmp_name'][$id] . '</i></b>', '<b><i>' . $uploadPath . $pictfullname . '</i></b>'), 'error'); continue; } } $template->{$id} = str_replace(DS, '/', $uploadFolder) . $pictfullname; } } $template->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW); if (ACYMAILING_J25) { $template->body = JComponentHelper::filterText($template->body); } if (!empty($styles['color_bg'])) { $pat1 = '#^([^<]*<[^>]*background-color:)([^;">]{1,30})#i'; $found = false; if (preg_match($pat1, $template->body)) { $template->body = preg_replace($pat1, '$1' . $styles['color_bg'], $template->body); $found = true; } $pat2 = '#^([^<]*<[^>]*bgcolor=")([^;">]{1,10})#i'; if (preg_match($pat2, $template->body)) { $template->body = preg_replace($pat2, '$1' . $styles['color_bg'], $template->body); $found = true; } if (!$found) { $template->body = '<div style="background-color:' . $styles['color_bg'] . ';" width="100%">' . $template->body . '</div>'; } } $acypluginsHelper = acymailing_get('helper.acyplugins'); $acypluginsHelper->cleanHtml($template->body); $template->description = JRequest::getVar('editor_description', '', '', 'string', JREQUEST_ALLOWHTML); $tempid = $this->save($template); if (!$tempid) { return false; } if (empty($template->tempid)) { $orderClass = acymailing_get('helper.order'); $orderClass->pkey = 'tempid'; $orderClass->table = 'template'; $orderClass->reOrder(); } $this->createTemplateFile($tempid); JRequest::setVar('tempid', $tempid); return true; }
protected function filterText($var) { $text = JRequest::getVar($var, '', 'post', 'STRING', 2); return JComponentHelper::filterText($text); }
/** * Applies the text filters to arbitrary text as per settings for current user groups * * @param text $text The string to filter * * @return string The filtered string */ public static function filterText($text) { return JComponentHelper::filterText($text); }
public function saveAttributes($data, &$table) { $db = JFactory::getDbo(); if (!empty($data)) { $non_empty_fields = array(0); foreach ($data as $k => $v) { if (!empty($v)) { $non_empty_fields[] = (int) $k; } } $app = JFactory::getApplication(); $task = $app->input->getCmd('task'); $non_empty_fields = array_unique($non_empty_fields); $non_empty_fields_ids = implode(',', $non_empty_fields); if ($task != 'import') { $query = $db->getQuery(true); $query->delete(); $query->from('#__djc2_items_extra_fields_values_text'); //$query->where('item_id ='.$table->id.' and field_id not in (select id from #__djc2_items_extra_fields where group_id = '.$table->group_id.' or group_id = 0)'); $query->where('item_id =' . $table->id . ' and field_id not in (' . $non_empty_fields_ids . ')'); $db->setQuery($query); $db->query(); $query = $db->getQuery(true); $query->delete(); $query->from('#__djc2_items_extra_fields_values_int'); //$query->where('item_id ='.$table->id.' and field_id not in (select id from #__djc2_items_extra_fields where group_id = '.$table->group_id.' or group_id = 0)'); $query->where('item_id =' . $table->id . ' and field_id not in (' . $non_empty_fields_ids . ')'); $db->setQuery($query); $db->query(); $query = $db->getQuery(true); $query->delete(); $query->from('#__djc2_items_extra_fields_values_date'); //$query->where('item_id ='.$table->id.' and field_id not in (select id from #__djc2_items_extra_fields where group_id = '.$table->group_id.' or group_id = 0)'); $query->where('item_id =' . $table->id . ' and field_id not in (' . $non_empty_fields_ids . ')'); $db->setQuery($query); $db->query(); } $query = $db->getQuery(true); $query->select('ef.*'); $query->from('#__djc2_items_extra_fields as ef'); //$query->where('ef.group_id='.$table->group_id.' OR ef.group_id=0'); $query->where('ef.id in (' . $non_empty_fields_ids . ')'); $db->setQuery($query); $attribs = $db->loadObjectList(); $itemId = $table->id; $rows = array(); $text_types = array('text', 'textarea', 'html'); $int_types = array('select', 'checkbox', 'radio'); $date_types = array('calendar'); /* foreach ($attribs as $k=>$v) { $fieldId = $v->id; $className = DJCatalog2CustomField.ucfirst($v->type); if (class_exists($className) == false ){ continue; } $field = new $className($fieldId, $itemId, $v->name, $v->required); if (array_key_exists($fieldId, $data) && !empty($data[$fieldId])) { $field->setValue($data[$fieldId]); $field->save(); } else { $field->delete(); } } return true;*/ foreach ($attribs as $k => $v) { $fv_table = null; $type_table_name = null; $table_type = null; if (in_array($v->type, $text_types)) { $fv_table = JTable::getInstance('FieldValuesText', 'Djcatalog2Table', array()); $type_table_name = '#__djc2_items_extra_fields_values_text'; $table_type = 'text'; } else { if (in_array($v->type, $int_types)) { $fv_table = JTable::getInstance('FieldValuesInt', 'Djcatalog2Table', array()); $type_table_name = '#__djc2_items_extra_fields_values_int'; $table_type = 'int'; } else { if (in_array($v->type, $date_types)) { $fv_table = JTable::getInstance('FieldValuesDate', 'Djcatalog2Table', array()); $type_table_name = '#__djc2_items_extra_fields_values_date'; $table_type = 'date'; } else { continue; } } } $fieldId = $v->id; if (array_key_exists($fieldId, $data) && !empty($data[$fieldId])) { // add/alter data $value = null; $id = null; if (is_array($data[$fieldId])) { $db->setQuery(' SELECT id FROM ' . $type_table_name . ' WHERE item_id=' . (int) $itemId . ' AND field_id=' . $fieldId . ' order by id '); $values = $db->loadColumn(); $count = count($values) > count($data[$fieldId]) ? count($values) : count($data[$fieldId]); for ($i = 0; $i < $count; $i++) { if (isset($data[$fieldId][$i])) { $id = null; if (isset($values[$i])) { $id = $values[$i]; } $rows[] = array('id' => $id, 'item_id' => $itemId, 'field_id' => $fieldId, 'value' => $data[$fieldId][$i], 'type' => $table_type); } else { $db->setQuery(' DELETE FROM ' . $type_table_name . ' WHERE id=' . (int) $values[$i]); $db->query(); } } } else { if ($v->type == 'html') { $data[$fieldId] = JComponentHelper::filterText($data[$fieldId]); $data[$fieldId] = preg_replace('/&(?![A-Za-z0-9#]{1,7};)/', '&', $data[$fieldId]); } if ($fv_table->load(array('item_id' => $itemId, 'field_id' => $fieldId))) { $id = $fv_table->id; } $rows[] = array('id' => $id, 'item_id' => $itemId, 'field_id' => $fieldId, 'value' => $data[$fieldId], 'type' => $table_type); } } else { // remove data $db->setQuery(' DELETE FROM ' . $type_table_name . ' WHERE field_id=' . (int) $fieldId . ' AND item_id=' . (int) $itemId); $db->query(); } } foreach ($rows as $key => $row) { $fv_table = null; if (isset($row['type'])) { if ($row['type'] == 'text' || $row['type'] == 'int' || $row['type'] == 'date') { $fv_table = JTable::getInstance('FieldValues' . ucfirst($row['type']), 'Djcatalog2Table', array()); unset($row['type']); } else { continue; } } else { continue; } $isNew = true; // Load the row if saving an existing record. if ($row['id'] > 0) { $fv_table->load($row['id'], true); $isNew = false; } // Bind the data. if (!$fv_table->bind($row)) { $this->setError($fv_table->getError()); return false; } // Check the data. if (!$fv_table->check()) { $this->setError($fv_table->getError()); return false; } // Store the data. if (!$fv_table->store()) { $this->setError($fv_table->getError()); return false; } } } return true; }
function saveForm() { $app = JFactory::getApplication(); $db = JFactory::getDBO(); $config =& acymailing_config(); $mail = new stdClass(); $mail->mailid = acymailing_getCID('mailid'); $formData = JRequest::getVar('data', array(), '', 'array'); foreach ($formData['mail'] as $column => $value) { if ($app->isAdmin() or in_array($column, $this->allowedFields)) { acymailing_secureField($column); if ($column == 'params') { $mail->{$column} = $value; } else { $mail->{$column} = strip_tags($value, '<ADV>'); } } } $mail->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW); if (ACYMAILING_J25) { $mail->body = JComponentHelper::filterText($mail->body); } $acypluginsHelper = acymailing_get('helper.acyplugins'); $acypluginsHelper->cleanHtml($mail->body); $mail->attach = array(); $attachments = JRequest::getVar('attachments', array(), 'files', 'array'); if (!empty($attachments['name'][0]) or !empty($attachments['name'][1])) { jimport('joomla.filesystem.file'); $uploadFolder = JPath::clean(html_entity_decode($config->get('uploadfolder'))); $uploadFolder = trim($uploadFolder, DS . ' ') . DS; $uploadPath = JPath::clean(ACYMAILING_ROOT . $uploadFolder); acymailing_createDir($uploadPath, true); if (!is_writable($uploadPath)) { @chmod($uploadPath, '0755'); if (!is_writable($uploadPath)) { $app->enqueueMessage(JText::sprintf('WRITABLE_FOLDER', $uploadPath), 'notice'); } } foreach ($attachments['name'] as $id => $filename) { if (empty($filename)) { continue; } $attachment = new stdClass(); $attachment->filename = strtolower(JFile::makeSafe($filename)); $attachment->size = $attachments['size'][$id]; if (!preg_match('#\\.(' . str_replace(array(',', '.'), array('|', '\\.'), $config->get('allowedfiles')) . ')$#Ui', $attachment->filename, $extension) || preg_match('#\\.(php.?|.?htm.?|pl|py|jsp|asp|sh|cgi)#Ui', $attachment->filename)) { $app->enqueueMessage(JText::sprintf('ACCEPTED_TYPE', substr($attachment->filename, strrpos($attachment->filename, '.') + 1), $config->get('allowedfiles')), 'notice'); continue; } $attachment->filename = str_replace(array('.', ' '), '_', substr($attachment->filename, 0, strpos($attachment->filename, $extension[0]))) . $extension[0]; if (!JFile::upload($attachments['tmp_name'][$id], $uploadPath . $attachment->filename)) { if (!move_uploaded_file($attachments['tmp_name'][$id], $uploadPath . $attachment->filename)) { $app->enqueueMessage(JText::sprintf('FAIL_UPLOAD', '<b><i>' . $attachments['tmp_name'][$id] . '</i></b>', '<b><i>' . $uploadPath . $attachment->filename . '</i></b>'), 'error'); continue; } } $mail->attach[] = $attachment; } } if (isset($mail->filter)) { $mail->filter = array(); $filterData = JRequest::getVar('filter'); foreach ($filterData['type'] as $num => $oneType) { if (empty($oneType)) { continue; } $mail->filter['type'][$num] = $oneType; $mail->filter[$num][$oneType] = $filterData[$num][$oneType]; } } $toggleHelper = acymailing_get('helper.toggle'); if (!empty($mail->type) && $mail->type == 'followup' && !empty($mail->mailid)) { $oldMail = $this->get($mail->mailid); if (!empty($mail->published) and !$oldMail->published) { $this->_publishfollowup($mail); } if ($oldMail->senddate != $mail->senddate) { $text = JText::_('FOLLOWUP_CHANGED_DELAY_INFORMED'); $text .= ' ' . $toggleHelper->toggleText('update', $mail->mailid, 'followup', JText::_('FOLLOWUP_CHANGED_DELAY')); $app->enqueueMessage($text, 'notice'); } } if (preg_match('#<a[^>]*subid=[0-9].*</a>#Uis', $mail->body, $pregResult)) { $app->enqueueMessage('There is a personal link in your Newsletter ( ' . $pregResult[0] . ' ) instead of a tag...<br />Please make sure to not copy/paste the link you received in your e-mail as it may break your unsubscribe or confirmation links.<br />Use our tags instead!', 'notice'); } $mailid = $this->save($mail); if (!$mailid) { return false; } JRequest::setVar('mailid', $mailid); $status = true; if (!empty($formData['listmail'])) { $receivers = array(); $remove = array(); foreach ($formData['listmail'] as $listid => $receiveme) { if (!empty($receiveme)) { $receivers[] = $listid; } else { $remove[] = $listid; } } $listMailClass = acymailing_get('class.listmail'); $status = $listMailClass->save($mailid, $receivers, $remove); } if (!empty($mail->type) && $mail->type == 'followup' && empty($mail->mailid) && !empty($mail->published)) { $mail->mailid = $mailid; $this->_publishfollowup($mail); } return $status; }
/** * Applies the content tag filters to arbitrary text as per settings for current user group * * @param text $text The string to filter * * @return string The filtered string * * @deprecated 4.0 Use JComponentHelper::filterText() instead. */ public static function filterText($text) { JLog::add('ContentHelper::filterText() is deprecated. Use JComponentHelper::filterText() instead.', JLog::WARNING, 'deprecated'); return JComponentHelper::filterText($text); }
private function filterCartInput($v) { $v = vmFilter::hl($v, array('deny_attribute' => '*')); //to strong /* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */ //lets use instead $v = JComponentHelper::filterText($v); $v = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $v); //replace start of script onclick() onload()... $v = str_replace(array('"', "\t", "\n", "\r", "", "\v"), ' ', trim($v)); return (string) preg_replace('#^\'#si', '', $v); }
/** * - Encodes all characters that has a numerical value <32. * - keeps "secure" html */ public static function getHtml($name, $default = '', $input = 0) { $tmp = self::get($name, $default, FILTER_UNSAFE_RAW, FILTER_FLAG_ENCODE_LOW, $input); if (is_array($tmp)) { foreach ($tmp as $k => $v) { $tmp[$k] = JComponentHelper::filterText($v); } return $tmp; } else { return JComponentHelper::filterText($tmp); } }
function saveForm() { $app = JFactory::getApplication(); $config =& acymailing_config(); $mail = new stdClass(); $mail->mailid = acymailing_getCID('mailid'); $formData = JRequest::getVar('data', array(), '', 'array'); if (!empty($formData['mail']['subject'])) { $formData['mail']['subject'] = str_replace(chr(226) . chr(128) . chr(168), '', $formData['mail']['subject']); } foreach ($formData['mail'] as $column => $value) { if (!$app->isAdmin() && !in_array($column, $this->allowedFields)) { continue; } acymailing_secureField($column); if (in_array($column, array('params', 'summary'))) { $mail->{$column} = $value; } else { $mail->{$column} = strip_tags($value, '<ADV>'); } } $mail->body = JRequest::getVar('editor_body', '', '', 'string', JREQUEST_ALLOWRAW); if (ACYMAILING_J25) { $mail->body = JComponentHelper::filterText($mail->body); } $acypluginsHelper = acymailing_get('helper.acyplugins'); $acypluginsHelper->cleanHtml($mail->body); $mail->attach = array(); $attachments = JRequest::getVar('attachments', array(), '', 'array'); if (!empty($attachments)) { foreach ($attachments as $id => $filepath) { if (empty($filepath)) { continue; } $attachment = new stdClass(); $attachment->filename = strtolower($filepath); $attachment->size = filesize(JPATH_SITE . '/' . $filepath); $extension = substr($attachment->filename, strrpos($attachment->filename, '.')); if (preg_match('#\\.(php.?|.?htm.?|pl|py|jsp|asp|sh|cgi)#Ui', $attachment->filename)) { acymailing_enqueueMessage(JText::sprintf('ACCEPTED_TYPE', substr($attachment->filename, strrpos($attachment->filename, '.') + 1), $config->get('allowedfiles')), 'notice'); continue; } $attachment->filename = str_replace(array('.', ' '), '_', substr($attachment->filename, 0, strpos($attachment->filename, $extension))) . $extension; $mail->attach[] = $attachment; } } if (isset($mail->filter)) { $mail->filter = array(); $filterData = JRequest::getVar('filter'); foreach ($filterData['type'] as $num => $oneType) { if (empty($oneType)) { continue; } $mail->filter['type'][$num] = $oneType; $mail->filter[$num][$oneType] = $filterData[$num][$oneType]; } } $toggleHelper = acymailing_get('helper.toggle'); if (!empty($mail->type) && $mail->type == 'followup' && !empty($mail->mailid)) { $oldMail = $this->get($mail->mailid); if (!empty($mail->published) and !$oldMail->published) { $this->_publishfollowup($mail); } if ($oldMail->senddate != $mail->senddate) { $text = JText::_('FOLLOWUP_CHANGED_DELAY_INFORMED'); $text .= ' ' . $toggleHelper->toggleText('update', $mail->mailid, 'followup', JText::_('FOLLOWUP_CHANGED_DELAY')); acymailing_enqueueMessage($text, 'notice'); } } if (preg_match('#<a[^>]*subid=[0-9].*</a>#Uis', $mail->body, $pregResult)) { acymailing_enqueueMessage('There is a personal link in your Newsletter ( ' . $pregResult[0] . ' ) instead of a tag...<br />Please make sure to not copy/paste the link you received in your e-mail as it may break your unsubscribe or confirmation links.<br />Use our tags instead!', 'notice'); } if (empty($mail->thumb)) { unset($mail->thumb); } elseif ($mail->thumb == 'delete') { $mail->thumb = ''; } $mailid = $this->save($mail); if (!$mailid) { return false; } JRequest::setVar('mailid', $mailid); $status = true; if (!empty($formData['listmail'])) { $receivers = array(); $remove = array(); foreach ($formData['listmail'] as $listid => $receiveme) { if (!empty($receiveme)) { $receivers[] = $listid; } else { $remove[] = $listid; } } $listMailClass = acymailing_get('class.listmail'); $status = $listMailClass->save($mailid, $receivers, $remove); } if (!empty($mail->type) && $mail->type == 'followup' && empty($mail->mailid) && !empty($mail->published)) { $mail->mailid = $mailid; $this->_publishfollowup($mail); } return $status; }
/** * Method to store an image * * @param array $data The data of the image to store, if null we will use the data of the current request * @param array $files Image files to upload, if null we will use the data of the current request * @param array $params Additional parameters of the image, if null we will use the data of the current request * @return int The image ID on success, boolean false otherwise * @since 1.5.5 */ public function store($data = null, $files = null, $params = null) { $row = $this->getTable('joomgalleryimages'); $validate = true; if (is_null($data)) { $data = JRequest::get('post', 2); } else { // No validation in case of e.g. 'editimage' view $validate = false; } if (is_null($params)) { $params = JRequest::getVar('params', array(), 'post', 'array'); } // Check for validation errors if ($validate) { $form = $this->getForm($data); $data = $this->_validate($form, $data); if ($data === false) { return false; } } else { // Sanitize image description here because JForm didn't take care of it above if (isset($data['imgtext'])) { $data['imgtext'] = JComponentHelper::filterText($data['imgtext']); } } // Check whether it is a new image if ($id = intval($data['cid'])) { $isNew = false; // Read image from database $row->load($id); // Check whether we are allowed to edit it $asset = _JOOM_OPTION . '.image.' . $id; if (!$this->_user->authorise('core.edit', $asset) && (!$this->_user->authorise('core.edit.own', $asset) || !$row->owner || $row->owner != $this->_user->get('id'))) { $this->setError(JText::_('COM_JOOMGALLERY_COMMON_MSG_NOT_ALLOWED_TO_EDIT_IMAGE')); return false; } // Read old category ID $catid_old = $row->catid; } else { $isNew = true; } // Bind the form fields to the image table if (!$row->bind($data)) { $this->setError($row->getError()); return false; } // Additional parameters, if set if (count($params)) { // Build parameter INI string $txt = array(); foreach ($params as $k => $v) { $txt[] = $k . '=' . $v; } $row->params = implode("\n", $txt); } // Bind the rules if (isset($data['rules'])) { $rules = new JAccessRules($data['rules']); $row->setRules($rules); } // Load category information for permission checks $query = $this->_db->getQuery(true)->select('cid, owner')->from(_JOOM_TABLE_CATEGORIES)->where('cid = ' . $row->catid); $this->_db->setQuery($query); $category = $this->_db->loadObject(); if ($isNew) { // Check whether we are allowed to create the image in the selected category $asset = _JOOM_OPTION . '.category.' . $row->catid; if (!$this->_user->authorise('joom.upload', $asset) && (!$this->_user->authorise('joom.upload.inown', $asset) || !$category->owner || $category->owner != $this->_user->get('id'))) { $this->setError(JText::_('COM_JOOMGALLERY_COMMON_MSG_NOT_ALLOWED_TO_CREATE_IMAGE')); return false; } // Approve image $row->approved = 1; // Set date of image $date = JFactory::getDate(); $row->imgdate = $date->toSQL(); // Make sure the record is valid if (!$row->check()) { $this->setError($row->getError()); return false; } // Category path for destination category $catpath = JoomHelper::getCatPath($row->catid); // Source path for original and detail image $detail_catpath = JoomHelper::getCatPath($data['detail_catid']); // Source path for thumbnail $thumb_catpath = JoomHelper::getCatPath($data['thumb_catid']); // Make sure the record is valid if (!$row->check()) { $this->setError($row->getError()); return false; } // Copy the image files, the row will be stored, too if (!$this->_newImage($row, $catpath, $detail_catpath, $thumb_catpath, $data['copy_original'])) { $this->setError(JText::_('COM_JOOMGALLERY_IMGMAN_MSG_ERROR_CREATING_NEW_IMAGES')); return false; } // Successfully stored new image $row->reorder('catid = ' . $row->catid); $this->_mainframe->triggerEvent('onContentAfterSave', array(_JOOM_OPTION . '.image', &$row, true)); return $row->id; } // Get new image files if (is_null($files)) { $files = JRequest::getVar('files', '', 'files'); } // Clear votes if 'clearvotes' is checked if (isset($data['clearvotes']) && $data['clearvotes']) { $row->imgvotes = 0; $row->imgvotesum = 0; // Delete votes for image $query = $this->_db->getQuery(true)->delete()->from(_JOOM_TABLE_VOTES)->where('picid = ' . $row->id); $this->_db->setQuery($query); if (!$this->_db->query()) { $this->setError($row->getError()); return false; } } // Clear hits if 'clearhits' is checked if (isset($data['clearhits']) && $data['clearhits']) { $row->hits = 0; } // Clear downloads if 'cleardownloads' is checked if (isset($data['cleardownloads']) && $data['cleardownloads']) { $row->downloads = 0; } // Upload and handle new image files $types = array('thumb', 'img', 'orig'); foreach ($types as $type) { if (isset($files['tmp_name']) && isset($files['tmp_name'][$type]) && $files['tmp_name'][$type]) { jimport('joomla.filesystem.file'); // Possibly the file name has to be changed because of another image format $temp_filename = $files['name'][$type]; $columnname = 'imgfilename'; if ($type == 'thumb') { $columnname = 'imgthumbname'; } $filename = $row->{$columnname}; $new_ext = JFile::getExt($temp_filename); $old_ext = JFile::getExt($filename); if ($new_ext != $old_ext) { $row->{$columnname} = substr_replace($row->{$columnname}, '.' . $new_ext, -(strlen($old_ext) + 1)); } // Upload the file $file = $this->_ambit->getImg($type . '_path', $row); //JFile::delete($file); if (!JFile::upload($files['tmp_name'][$type], $file)) { JError::raiseWarning(500, JText::sprintf('COM_JOOMGALLERY_UPLOAD_ERROR_UPLOADING', $this->_ambit->getImg($type . '_path', $row))); // Revert database entry $row->{$columnname} = $filename; } // Resize image $debugoutput = ''; switch ($type) { case 'thumb': $return = JoomFile::resizeImage($debugoutput, $file, $file, $this->_config->get('jg_useforresizedirection'), $this->_config->get('jg_thumbwidth'), $this->_config->get('jg_thumbheight'), $this->_config->get('jg_thumbcreation'), $this->_config->get('jg_thumbquality')); break; case 'img': $return = JoomFile::resizeImage($debugoutput, $file, $file, false, $this->_config->get('jg_maxwidth'), false, $this->_config->get('jg_thumbcreation'), $this->_config->get('jg_picturequality'), true); break; default: break; } } } $move = false; if (isset($catid_old) && $catid_old != $row->catid) { $move = true; // Check whether the new category is a valid one if (!$category) { // If that's not the case store the image in the old category and leave a message $move = false; $row->catid = $catid_old; $this->_mainframe->enqueueMessage(JText::_('COM_JOOMGALLERY_COMMON_MSG_NO_VALID_CATEGORY_SELECTED'), 'notice'); } else { // Access check for the selected new category if (!$this->_user->authorise('joom.upload', _JOOM_OPTION . '.category.' . $row->catid) && (!$this->_user->authorise('joom.upload.inown', _JOOM_OPTION . '.category.' . $row->catid) || !$category->owner || $category->owner != $this->_user->get('id'))) { $move = false; $row->catid = $catid_old; $this->_mainframe->enqueueMessage(JText::_('COM_JOOMGALLERY_COMMON_MSG_NOT_ALLOWED_STORE_IMAGE_IN_CATEGORY'), 'notice'); } } } // Move the image if necessary (the data is stored in function moveImage because // we have ensured that the old and new category ID are different from each other) if ($move && !$this->moveImage($row, $row->catid, $catid_old)) { $this->_mainframe->enqueueMessage(JText::_('COM_JOOMGALLERY_COULD_NOT_MOVE_IMAGE'), 'notice'); return false; } else { // Make sure the record is valid if (!$row->check()) { $this->setError($row->getError()); return false; } // Store the entry to the database if (!$row->store()) { $this->setError($row->getError()); return false; } } // Successfully stored image (and moved) $row->reorder('catid = ' . $row->catid); if (isset($catid_old) and $catid_old != $row->catid) { $row->reorder('catid = ' . $catid_old); } $this->_mainframe->triggerEvent('onContentAfterSave', array(_JOOM_OPTION . '.image', &$row, false)); return $row->id; }
static function dataFilter($v, $maxlength = 0, $validation = 'string', $check_callable = 0) { if ($validation == '-1') { return flexicontent_html::striptagsandcut($v, $maxlength); } $v = $maxlength ? substr($v, 0, $maxlength) : $v; if ($check_callable) { if (strpos($validation, '::') !== false && is_callable(explode('::', $validation))) { return call_user_func(explode('::', $validation), $v); } elseif (function_exists($validation)) { return call_user_func($validation, $v); } // A callback function } // Do filtering if ($validation == '1') { $safeHtmlFilter = JFilterInput::getInstance(null, null, 1, 1); } else { if ($validation != '2') { $noHtmlFilter = JFilterInput::getInstance(); } } switch ($validation) { case '1': // Allow safe HTML $v = $safeHtmlFilter->clean($v, 'string'); break; case '2': // Filter according to user group Text Filters $v = JComponentHelper::filterText($v); break; case 'URL': case 'url': // This cleans some of the more dangerous characters but leaves special characters that are valid. $v = trim($noHtmlFilter->clean($v, 'HTML')); // <>" are never valid in a uri see http://www.ietf.org/rfc/rfc1738.txt. $v = str_replace(array('<', '>', '"'), '', $v); // Convert to Punycode string $v = FLEXI_J30GE ? JStringPunycode::urlToPunycode($v) : $v; break; case 'EMAIL': case 'email': // This cleans some of the more dangerous characters but leaves special characters that are valid. $v = trim($noHtmlFilter->clean($v, 'HTML')); // <>" are never valid in a email ? $v = str_replace(array('<', '>', '"'), '', $v); // Convert to Punycode string $v = FLEXI_J30GE ? JStringPunycode::emailToPunycode($v) : $v; // Check for valid email (punycode is ASCII so this should work with UTF-8 too) $email_regexp = "/^[a-zA-Z0-9.!#\$%&'*+\\/=?^_`{|}~-]+@[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(?:\\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\$/"; if (!preg_match($email_regexp, $v)) { $v = ''; } break; default: // Filter using JFilterInput $v = $noHtmlFilter->clean($v, $validation); break; } $v = trim($v); return $v; }
function save($data) { $db = $this->getDbo(); $row = $this->getTable('igallery'); $user = JFactory::getUser(); $app = JFactory::getApplication(); $params = JComponentHelper::getParams('com_igallery'); $isSite = JFactory::getApplication()->isSite(); if (!$row->bind($data)) { $this->setError($db->getErrorMsg()); return false; } if (strlen($_FILES['jform']['name']['upload_image']) > 2) { $fileName = $_FILES['jform']['name']['upload_image']; $tmpPath = $_FILES['jform']['tmp_name']['upload_image']; $uploadError = $_FILES['jform']['error']['upload_image']; if (!($fileArray = igFileHelper::processUploadedImage($fileName, $tmpPath, $uploadError, 'igallery', true))) { return false; } $row->menu_image_filename = $fileArray['filename']; $params = JComponentHelper::getParams('com_igallery'); } if (empty($row->id)) { $firstLast = $params->get('new_cat_ordering', 'last'); $row->ordering = $firstLast == 'first' ? 0 : $row->getNextOrder('parent = ' . (int) $row->parent); $row->profile = empty($row->profile) ? $params->get('default_profile', 1) : $row->profile; $row->parent = empty($row->parent) ? $params->get('default_parent', 0) : $row->parent; } $row->moderate = $params->get('moderate_cat', 0) == 0 || $isSite == false ? 1 : 0; $row->user = empty($row->user) ? $user->id : $row->user; $row->alias = empty($row->alias) ? JFilterOutput::stringURLSafe($row->name) : JFilterOutput::stringURLSafe($row->alias); $row->name = empty($row->name) ? '____' : $row->name; $raw = JRequest::getVar('jform', array(), 'post', 'NONE', JREQUEST_ALLOWRAW); $row->menu_description = JComponentHelper::filterText($raw['menu_description']); $row->gallery_description = JComponentHelper::filterText($raw['gallery_description']); if ($data['remove_menu_image'] == 1) { $query = 'SELECT menu_image_filename FROM #__igallery WHERE id = ' . (int) $data['id']; $db->setQuery($query); $category = $db->loadObject(); $query = 'SELECT menu_image_filename FROM #__igallery WHERE menu_image_filename = ' . $this->_db->Quote($category->menu_image_filename); $db->setQuery($query); $db->query(); $numRows = $db->getNumRows(); $deleteImg = $numRows > 1 ? false : true; if ($deleteImg) { igFileHelper::deleteImage($category->menu_image_filename, $deleteImg); } $row->menu_image_filename = ''; } if (!$row->store()) { $this->setError($db->getErrorMsg()); return false; } if (trim(str_replace('-', '', $row->alias)) == '') { $row->alias = 'category-' . (int) $row->id; if (!$row->store()) { $this->setError($db->getErrorMsg()); return false; } } $query = 'SELECT alias from #__igallery where alias = "' . $db->escape($row->alias) . '"'; $db->setQuery($query); $rows = $db->loadObjectList(); if (count($rows) > 1) { $row->alias = $row->alias . '-' . (int) $row->id; if (!$row->store()) { $this->setError($db->getErrorMsg()); return false; } } if ($firstLast == 'first') { $row->reorder('parent = ' . (int) $row->parent); } if ($params->get('notify_new_category', 0) == 1 && $isSite == true) { $siteConfig = JFactory::getConfig(); $from = $siteConfig->get('config.mailfrom'); $fromname = $siteConfig->get('config.fromname'); $recipient = explode(',', $params->get('notify_emails', '')); $subject = $siteConfig->get('config.sitename') . ' : ' . JText::_('NEW_CATEGORY_ADDED'); $body = JText::_('JGLOBAL_USERNAME') . ': ' . $user->name . " \n\n " . JText::_('JCATEGORY') . ': ' . $row->name . " \n\n " . IG_HOST . 'administrator/index.php?option=com_igallery&view=icategory&id=' . $row->id . " \n\n " . IG_HOST . 'index.php?option=com_igallery&view=category&igid=' . $row->id; $mail = JFactory::getMailer(); for ($i = 0; $i < count($recipient); $i++) { $mail->sendMail($from, $fromname, $recipient[$i], $subject, $body); if ($i > 5) { break; } } } return true; }