/** * upload files for the specified object * * @param $post_files array data from JInput 'files' + form fields * @param $object object identification (should be event<eventid>, etc...) */ static function postUpload($post_files, $object) { jimport('joomla.filesystem.file'); jimport('joomla.filesystem.folder'); require_once JPATH_SITE . '/components/com_jem/classes/image.class.php'; $user = JFactory::getUser(); $jemsettings = JemHelper::config(); $path = JPATH_SITE . '/' . $jemsettings->attachments_path . '/' . $object; if (!(is_array($post_files) && count($post_files))) { return false; } $allowed = explode(",", $jemsettings->attachments_types); foreach ($allowed as $k => $v) { $allowed[$k] = trim($v); } $maxsizeinput = $jemsettings->attachments_maxsize * 1024; //size in kb foreach ($post_files['name'] as $k => $file) { if (empty($file)) { continue; } # check if the filetype is valid $fileext = strtolower(JFile::getExt($file)); if (!in_array($fileext, $allowed)) { JError::raiseWarning(0, JText::_('COM_JEM_ERROR_ATTACHEMENT_EXTENSION_NOT_ALLOWED') . ': ' . $file); continue; } # check size if ($post_files['size'][$k] > $maxsizeinput) { JError::raiseWarning(0, JText::sprintf('COM_JEM_ERROR_ATTACHEMENT_FILE_TOO_BIG', $file, $post_files['size'][$k], $maxsizeinput)); continue; } if (!JFolder::exists($path)) { # try to create it $res = JFolder::create($path); if (!$res) { JError::raiseWarning(0, JText::_('COM_JEM_ERROR_COULD_NOT_CREATE_FOLDER') . ': ' . $path); return false; } $file_content = '<!DOCTYPE html><title></title>'; JFile::write($path . '/index.html', $file_content); } $sanitizedFilename = JemHelper::sanitize($path, $file); # Make sure that the full file path is safe. $filepath = JPath::clean($path . '/' . $sanitizedFilename); JFile::upload($post_files['tmp_name'][$k], $filepath); $table = JTable::getInstance('Attachments', 'JEMTable'); $table->file = $sanitizedFilename; $table->object = $object; if (isset($post_files['customname'][$k]) && !empty($post_files['customname'][$k])) { $table->name = $post_files['customname'][$k]; } if (isset($post_files['description'][$k]) && !empty($post_files['description'][$k])) { $table->description = $post_files['description'][$k]; } if (isset($post_files['access'][$k])) { $table->access = intval($post_files['access'][$k]); } $table->added = strftime('%F %T'); $table->added_by = $user->get('id'); if (!($table->check() && $table->store())) { JError::raiseWarning(0, JText::_('COM_JEM_ATTACHMENT_ERROR_SAVING_TO_DB') . ': ' . $table->getError()); } } return true; }
/** * Store */ public function store($updateNulls = false) { $date = JFactory::getDate(); $user = JFactory::getUser(); $app = JFactory::getApplication(); $jinput = JFactory::getApplication()->input; $jemsettings = JEMHelper::config(); // Check if we're in the front or back if ($app->isAdmin()) { $backend = true; } else { $backend = false; } if ($this->id) { // Existing event $this->modified = $date->toSql(); $this->modified_by = $user->get('id'); } else { // New event if (!intval($this->created)) { $this->created = $date->toSql(); } if (empty($this->created_by)) { $this->created_by = $user->get('id'); } } // Check if image was selected jimport('joomla.filesystem.file'); $image_dir = JPATH_SITE . '/images/jem/venues/'; $allowable = array('gif', 'jpg', 'png'); // get image (frontend) - allow "removal on save" (Hoffi, 2014-06-07) if (!$backend) { if ($jemsettings->imageenabled == 2 || $jemsettings->imageenabled == 1) { $file = JFactory::getApplication()->input->files->get('userfile', '', 'array'); $removeimage = JFactory::getApplication()->input->get('removeimage', '', 'int'); if (!empty($file['name'])) { //check the image $check = JEMImage::check($file, $jemsettings); if ($check !== false) { //sanitize the image filename $filename = JemHelper::sanitize($image_dir, $file['name']); $filepath = $image_dir . $filename; if (JFile::upload($file['tmp_name'], $filepath)) { $image_to_delete = $this->locimage; // delete previous image $this->locimage = $filename; } } } elseif (!empty($removeimage)) { // if removeimage is non-zero remove image from venue // (file will be deleted later (e.g. housekeeping) if unused) $image_to_delete = $this->locimage; $this->locimage = ''; } } // end image if } // if (!backend) $format = JFile::getExt($image_dir . $this->locimage); if (!in_array($format, $allowable)) { $this->locimage = ''; } /* if (!$backend) { # check if the user has the required rank for autopublish $autopublgroups = JEMUser::venuegroups('publish'); $autopublloc = JEMUser::validate_user($jemsettings->locpubrec, $jemsettings->autopublocate); if (!($autopublloc || $autopublgroups || $user->authorise('core.edit','com_jem'))) { $this->published = 0; } } */ return parent::store($updateNulls); }
/** * Store */ public function store($updateNulls = true) { $date = JFactory::getDate(); $user = JFactory::getUser(); $jinput = JFactory::getApplication()->input; $app = JFactory::getApplication(); $jemsettings = JEMHelper::config(); $settings = JemHelper::globalattribs(); $valguest = JEMUser::validate_guest(); $guest_fldstatus = $settings->get('guest_fldstatus', '0'); // Check if we're in the front or back if ($app->isAdmin()) { $backend = true; } else { $backend = false; } if ($this->id) { // Existing event $this->modified = $date->toSql(); $this->modified_by = $user->get('id'); } else { // New event if (!intval($this->created)) { $this->created = $date->toSql(); } if (empty($this->created_by)) { $this->created_by = $user->get('id'); } } // Check if image was selected jimport('joomla.filesystem.file'); $image_dir = JPATH_SITE . '/images/jem/events/'; $allowable = array('gif', 'jpg', 'png'); $image_to_delete = false; // get image (frontend) - allow "removal on save" (Hoffi, 2014-06-07) if (!$backend) { if ($jemsettings->imageenabled == 2 || $jemsettings->imageenabled == 1) { $file = JFactory::getApplication()->input->files->get('userfile', '', 'array'); $removeimage = JFactory::getApplication()->input->get('removeimage', '', 'int'); if (!empty($file['name'])) { //check the image $check = JEMImage::check($file, $jemsettings); if ($check !== false) { //sanitize the image filename $filename = JemHelper::sanitize($image_dir, $file['name']); $filepath = $image_dir . $filename; if (JFile::upload($file['tmp_name'], $filepath)) { $image_to_delete = $this->datimage; // delete previous image $this->datimage = $filename; } } } elseif (!empty($removeimage)) { // if removeimage is non-zero remove image from event // (file will be deleted later (e.g. housekeeping) if unused) $image_to_delete = $this->datimage; $this->datimage = ''; } } // end image if } // if (!backend) $format = JFile::getExt($image_dir . $this->datimage); if (!in_array($format, $allowable)) { $this->datimage = ''; } if (!$backend) { /* check if the user has the required rank for autopublish */ $maintainer = JEMUser::ismaintainer('publish'); $autopubev = JEMUser::validate_user($jemsettings->evpubrec, $jemsettings->autopubl); if (!($autopubev || $maintainer || $user->authorise('core.edit', 'com_jem'))) { if ($valguest) { $this->published = $guest_fldstatus; } else { $this->published = 0; } } } ################ ## RECURRENCE ## ################ # check if recurrence_groupcheck is true $rec_groupcheck = $jinput->getInt('recurrence_check'); if ($rec_groupcheck) { # the check returned true, so it's considered as an edit # Retrieve id of current event from recurrence_table # as the check was true we can skip the groupid=groupid_ref from the where statement # but to be sure it's added here too $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('id'); $query->from($db->quoteName('#__jem_recurrence')); $query->where(array('groupid = groupid_ref ', 'itemid= ' . $this->id)); $db->setQuery($query); $recurrenceid = $db->loadResult(); if ($recurrenceid) { # Retrieve recurrence-table $recurrence_table = JTable::getInstance('Recurrence', 'JEMTable'); # Load row-data $recurrence_table->load($recurrenceid); # We want to skip this event from Ical output /* $recurrence_table->exdate = $this->dates.'T'.$this->times; */ # it's a delete of the set so groupid_ref will be blanked /* $recurrence_table->groupid_ref = ""; */ # it's an edit and not a delete so groupid_ref won't be adjusted # but we will set the recurrence_id field, as this event has been adjusted and contains # info that's not inline with original recurrence-info $var2 = $recurrence_table->startdate_org; $var3 = new JDate($var2); $var4 = $var3->format('Ymd\\THis\\Z'); $recurrence_table->recurrence_id = $var4; # Store fields $recurrence_table->store(); } } # check if the field recurrence_group is filled and if the recurrence_type has been set # if the type has been set then it's part of recurrence and we should have a recurrence_group number if (empty($this->recurrence_group) && $this->recurrence_freq) { $this->recurrence_group = mt_rand(0, 9999); } ## END RECURRENCE ## return parent::store($updateNulls); }