/** * Method to toggle the featured setting of a list of articles. * * @return void * @since 1.6 */ function featured() { // Check for request forgeries Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $ids = Request::getVar('cid', array(), '', 'array'); $values = array('featured' => 1, 'unfeatured' => 0); $task = $this->getTask(); $value = \Hubzero\Utility\Arr::getValue($values, $task, 0, 'int'); // Access checks. foreach ($ids as $i => $id) { if (!$user->authorise('core.edit.state', 'com_content.article.' . (int) $id)) { // Prune items that you can't change. unset($ids[$i]); Notify::warning(Lang::txt('JLIB_APPLICATION_ERROR_EDITSTATE_NOT_PERMITTED')); } } if (empty($ids)) { Notify::error(Lang::txt('JERROR_NO_ITEMS_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Publish the items. if (!$model->featured($ids, $value)) { throw new Exception($model->getError(), 500); } } $this->setRedirect('index.php?option=com_content&view=articles'); }
/** * Method to set the home property for a list of items * * @since 1.6 */ function setDefault() { // Check for request forgeries Session::checkToken('request') or die(Lang::txt('JINVALID_TOKEN')); // Get items to publish from the request. $cid = Request::getVar('cid', array(), '', 'array'); $data = array('setDefault' => 1, 'unsetDefault' => 0); $task = $this->getTask(); $value = \Hubzero\Utility\Arr::getValue($data, $task, 0, 'int'); if (empty($cid)) { throw new Exception(Lang::txt($this->text_prefix . '_NO_ITEM_SELECTED'), 500); } else { // Get the model. $model = $this->getModel(); // Make sure the item ids are integers \Hubzero\Utility\Arr::toInteger($cid); // Publish the items. if (!$model->setHome($cid, $value)) { throw new Exception($model->getError(), 500); } else { if ($value == 1) { $ntext = 'COM_MENUS_ITEMS_SET_HOME'; } else { $ntext = 'COM_MENUS_ITEMS_UNSET_HOME'; } $this->setMessage(Lang::txts($ntext, count($cid))); } } $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_list, false)); }
/** * Removes an item */ function delete() { // Check for request forgeries Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $ids = Request::getVar('cid', array(), '', 'array'); // Access checks. foreach ($ids as $i => $id) { if (!User::authorise('core.delete', 'com_content.article.' . (int) $id)) { // Prune items that you can't delete. unset($ids[$i]); Notify::warning(Lang::txt('JERROR_CORE_DELETE_NOT_PERMITTED')); } } if (empty($ids)) { Notify::error(Lang::txt('JERROR_NO_ITEMS_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Remove the items. if (!$model->featured($ids, 0)) { throw new Exception($model->getError(), 500); } } $this->setRedirect('index.php?option=com_content&view=featured'); }
/** * Method to request a username reminder. * * @since 1.6 */ public function remind() { // Check the request token. Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN')); $app = JFactory::getApplication(); $model = $this->getModel('Remind', 'UsersModel'); $data = Request::getVar('jform', array(), 'post', 'array'); // Submit the password reset request. $return = $model->processRemindRequest($data); // Check for a hard error. if ($return == false) { // The request failed. // Get the route to the next page. $itemid = UsersHelperRoute::getRemindRoute(); $itemid = $itemid !== null ? '&Itemid=' . $itemid : ''; $route = 'index.php?option=com_users&view=remind' . $itemid; // Go back to the request form. $message = Lang::txt('COM_USERS_REMIND_REQUEST_FAILED', $model->getError()); $this->setRedirect(Route::url($route, false), $message, 'warning'); return false; } else { // The request succeeded. // Get the route to the next page. $itemid = UsersHelperRoute::getRemindRoute(); $itemid = $itemid !== null ? '&Itemid=' . $itemid : ''; $route = 'index.php?option=com_users&view=login' . $itemid; // Proceed to step two. $message = Lang::txt('COM_USERS_REMIND_REQUEST_SUCCESS'); $this->setRedirect(Route::url($route, false), $message); return true; } }
/** * Method to run batch operations. * * @param object $model The model. * * @return boolean True if successful, false otherwise and internal error is set. * * @since 2.5 */ public function batch($model = null) { Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Set the model $model = $this->getModel('Newsfeed', '', array()); // Preset the redirect $this->setRedirect(Route::url('index.php?option=com_newsfeeds&view=newsfeeds' . $this->getRedirectToListAppend(), false)); return parent::batch($model); }
/** * Rebuild the menu tree. * * @return bool False on failure or error, true on success. */ public function rebuild() { Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); $this->setRedirect('index.php?option=com_menus&view=menus'); // Initialise variables. $model = $this->getModel('Item'); if ($model->rebuild()) { // Reorder succeeded. $this->setMessage(Lang::txt('JTOOLBAR_REBUILD_SUCCESS')); return true; } else { // Rebuild failed. $this->setMessage(Lang::txt('JTOOLBAR_REBUILD_FAILED', $model->getMessage())); return false; } }
/** * task to set the default language */ function setDefault() { // Check for request forgeries Session::checkToken() or exit(Lang::txt('JInvalid_Token')); $cid = Request::getCmd('cid', ''); $model = $this->getModel('installed'); if ($model->publish($cid)) { $msg = Lang::txt('COM_LANGUAGES_MSG_DEFAULT_LANGUAGE_SAVED'); $type = 'message'; } else { $msg = $this->getError(); $type = 'error'; } $client = $model->getClient(); $clientId = $model->getState('filter.client_id'); $this->setredirect('index.php?option=com_languages&view=installed&client=' . $clientId, $msg, $type); }
/** * Method to clone an existing module. * @since 1.6 */ public function duplicate() { // Check for request forgeries Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $pks = Request::getVar('cid', array(), 'post', 'array'); \Hubzero\Utility\Arr::toInteger($pks); try { if (empty($pks)) { throw new Exception(Lang::txt('COM_MODULES_ERROR_NO_MODULES_SELECTED')); } $model = $this->getModel(); $model->duplicate($pks); $this->setMessage(Lang::txts('COM_MODULES_N_MODULES_DUPLICATED', count($pks))); } catch (Exception $e) { Notify::error($e->getMessage()); } $this->setRedirect(Route::url('index.php?option=com_modules&view=modules', false)); }
/** * Method for deleting one or more overrides * * @return void * * @since 2.5 */ public function delete() { // Check for request forgeries Session::checkToken() or die(Lang::txt('JINVALID_TOKEN')); // Get items to dlete from the request $cid = Request::getVar('cid', array(), '', 'array'); if (!is_array($cid) || count($cid) < 1) { $this->setMessage(Lang::txt($this->text_prefix . '_NO_ITEM_SELECTED'), 'warning'); } else { // Get the model $model = $this->getModel('overrides'); // Remove the items if ($model->delete($cid)) { $this->setMessage(Lang::txts($this->text_prefix . '_N_ITEMS_DELETED', count($cid))); } else { $this->setMessage($model->getError()); } } $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_list, false)); }
/** * Method to unset the default template for a client and for a language * * @since 1.6 */ public function unsetDefault() { // Check for request forgeries Session::checkToken('request') or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $pks = Request::getVar('cid', array(), 'get', 'array'); \Hubzero\Utility\Arr::toInteger($pks); try { if (empty($pks)) { throw new Exception(Lang::txt('COM_TEMPLATES_NO_TEMPLATE_SELECTED')); } // Pop off the first element. $id = array_shift($pks); $model = $this->getModel(); $model->unsetHome($id); $this->setMessage(Lang::txt('COM_TEMPLATES_SUCCESS_HOME_UNSET')); } catch (Exception $e) { Notify::error(500, $e->getMessage()); } $this->setRedirect('index.php?option=com_templates&view=styles'); }
/** Deletes and returns correctly. * * @return void * @since 2.5.12 */ public function delete() { Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Get items to remove from the request. $cid = Request::getVar('cid', array(), '', 'array'); $extension = Request::getVar('extension', null); if (!is_array($cid) || count($cid) < 1) { Notify::error(Lang::txt($this->text_prefix . '_NO_ITEM_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Make sure the item ids are integers \Hubzero\Utility\Arr::toInteger($cid); // Remove the items. if ($model->delete($cid)) { $this->setMessage(Lang::txts($this->text_prefix . '_N_ITEMS_DELETED', count($cid))); } else { $this->setMessage($model->getError()); } } $this->setRedirect(Route::url('index.php?option=' . $this->option . '&extension=' . $extension, false)); }
/** * Method to remove a record. */ public function delete() { // Check for request forgeries. Session::checkToken() or exit(Lang::txt('JInvalid_Token')); // Initialise variables. $ids = Request::getVar('cid', array(), '', 'array'); if (!User::authorise('core.admin', $this->option)) { throw new Exception(Lang::txt('JERROR_ALERTNOAUTHOR'), 403); } elseif (empty($ids)) { throw new Exception(Lang::txt('COM_USERS_NO_LEVELS_SELECTED'), 500); } else { // Get the model. $model = $this->getModel(); \Hubzero\Utility\Arr::toInteger($ids); // Remove the items. if (!$model->delete($ids)) { throw new Exception($model->getError(), 500); } else { $this->setMessage(Lang::txts('COM_USERS_N_LEVELS_DELETED', count($ids))); } } $this->setRedirect('index.php?option=com_users&view=levels'); }
/** * Method to login a user. * * @since 1.6 */ public function resend() { // Check for request forgeries Session::checkToken('post'); }
/** * Method to complete the password reset process. * * @since 1.6 */ public function complete() { // Check for request forgeries Session::checkToken('post') or exit(Lang::txt('JINVALID_TOKEN')); $app = JFactory::getApplication(); $model = $this->getModel('Reset', 'UsersModel'); $data = Request::getVar('jform', array(), 'post', 'array'); // Complete the password reset request. $return = $model->processResetComplete($data); // Check for a hard error. if ($return instanceof Exception) { // Get the error message to display. if ($app->getCfg('error_reporting')) { $message = $return->getMessage(); } else { $message = Lang::txt('COM_USERS_RESET_COMPLETE_ERROR'); } // Get the route to the next page. $itemid = UsersHelperRoute::getResetRoute(); $itemid = $itemid !== null ? '&Itemid=' . $itemid : ''; $route = 'index.php?option=com_users&view=reset&layout=complete' . $itemid; // Go back to the complete form. $this->setRedirect(Route::url($route, false), $message, 'error'); return false; } elseif ($return === false) { // Complete failed. // Get the route to the next page. $itemid = UsersHelperRoute::getResetRoute(); $itemid = $itemid !== null ? '&Itemid=' . $itemid : ''; $route = 'index.php?option=com_users&view=reset&layout=complete' . $itemid; // Go back to the complete form. $message = Lang::txt('COM_USERS_RESET_COMPLETE_FAILED', $model->getError()); $this->setRedirect(Route::url($route, false), $message, 'error'); return false; } else { // Complete succeeded. // Get the route to the next page. $itemid = UsersHelperRoute::getLoginRoute(); $itemid = $itemid !== null ? '&Itemid=' . $itemid : ''; $route = 'index.php?option=com_users&view=login' . $itemid; // Proceed to the login form. $message = Lang::txt('COM_USERS_RESET_COMPLETE_SUCCESS'); $this->setRedirect(Route::url($route, false), $message); return true; } }
/** * Method to register a user. * * @return boolean True on success, false on failure. * @since 1.6 */ public function register() { App::abort(403, Lang::txt('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN')); return false; // Check for request forgeries. Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // If registration is disabled - Redirect to login page. if (Component::params('com_users')->get('allowUserRegistration') == 0) { $this->setRedirect(Route::url('index.php?option=com_users&view=login', false)); return false; } // Initialise variables. $app = JFactory::getApplication(); $model = $this->getModel('Registration', 'UsersModel'); // Get the user data. $requestData = Request::getVar('jform', array(), 'post', 'array'); // Validate the posted data. $form = $model->getForm(); if (!$form) { App::abort(500, $model->getError()); return false; } $data = $model->validate($form, $requestData); // Check for validation errors. if ($data === false) { // Get the validation messages. $errors = $model->getErrors(); // Push up to three validation messages out to the user. for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { if ($errors[$i] instanceof Exception) { $app->enqueueMessage($errors[$i]->getMessage(), 'warning'); } else { $app->enqueueMessage($errors[$i], 'warning'); } } // Save the data in the session. $app->setUserState('com_users.registration.data', $requestData); // Redirect back to the registration screen. $this->setRedirect(Route::url('index.php?option=com_users&view=registration', false)); return false; } // Attempt to save the data. $return = $model->register($data); // Check for errors. if ($return === false) { // Save the data in the session. $app->setUserState('com_users.registration.data', $data); // Redirect back to the edit screen. $this->setMessage($model->getError(), 'warning'); $this->setRedirect(Route::url('index.php?option=com_users&view=registration', false)); return false; } // Flush the data from the session. $app->setUserState('com_users.registration.data', null); // Redirect to the profile screen. if ($return === 'adminactivate') { $this->setMessage(Lang::txt('COM_USERS_REGISTRATION_COMPLETE_VERIFY')); $this->setRedirect(Route::url('index.php?option=com_users&view=registration&layout=complete', false)); } elseif ($return === 'useractivate') { $this->setMessage(Lang::txt('COM_USERS_REGISTRATION_COMPLETE_ACTIVATE')); $this->setRedirect(Route::url('index.php?option=com_users&view=registration&layout=complete', false)); } else { $this->setMessage(Lang::txt('COM_USERS_REGISTRATION_SAVE_SUCCESS')); $this->setRedirect(Route::url('index.php?option=com_users&view=login', false)); } return true; }
/** * Delete Import * * @return void */ public function removeTask() { // check token Session::checkToken(); // get request vars $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // loop through all ids posted $i = 0; foreach ($ids as $id) { // make sure we have an object $import = Import::oneOrFail($id); if (!$import->get('id')) { continue; } // attempt to delete import if (!$import->destroy()) { Notify::error($import->getError()); continue; } $i++; } if ($i) { Notify::success(Lang::txt('COM_MEMBERS_IMPORT_REMOVED')); } //inform user & redirect $this->cancelTask(); }
/** * Method to save a user's profile data. * * @return void * @since 1.6 */ public function save() { // Check for request forgeries. Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $app = JFactory::getApplication(); $model = $this->getModel('Profile', 'UsersModel'); $user = User::getRoot(); $userId = (int) $user->get('id'); // Get the user data. $data = Request::getVar('jform', array(), 'post', 'array'); // Force the ID to this user. $data['id'] = $userId; // Validate the posted data. $form = $model->getForm(); if (!$form) { App::abort(500, $model->getError()); return false; } // Validate the posted data. $data = $model->validate($form, $data); // Check for errors. if ($data === false) { // Get the validation messages. $errors = $model->getErrors(); // Push up to three validation messages out to the user. for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { if ($errors[$i] instanceof Exception) { Notify::warning($errors[$i]->getMessage()); } else { Notify::warning($errors[$i]); } } // Save the data in the session. $app->setUserState('com_users.edit.profile.data', $data); // Redirect back to the edit screen. $userId = (int) User::setState('com_users.edit.profile.id'); $this->setRedirect(Route::url('index.php?option=com_users&view=profile&layout=edit&user_id=' . $userId, false)); return false; } // Attempt to save the data. $return = $model->save($data); // Check for errors. if ($return === false) { // Save the data in the session. User::setState('com_users.edit.profile.data', $data); // Redirect back to the edit screen. $userId = (int) User::getState('com_users.edit.profile.id'); $this->setMessage(Lang::txt('COM_USERS_PROFILE_SAVE_FAILED', $model->getError()), 'warning'); $this->setRedirect(Route::url('index.php?option=com_users&view=profile&layout=edit&user_id=' . $userId, false)); return false; } // Redirect the user and adjust session state based on the chosen task. switch ($this->getTask()) { case 'apply': // Check out the profile. User::setState('com_users.edit.profile.id', $return); $model->checkout($return); // Redirect back to the edit screen. $this->setMessage(Lang::txt('COM_USERS_PROFILE_SAVE_SUCCESS')); $this->setRedirect(Route::url(($redirect = User::getState('com_users.edit.profile.redirect')) ? $redirect : 'index.php?option=com_users&view=profile&layout=edit&hidemainmenu=1', false)); break; default: // Check in the profile. $userId = (int) User::getState('com_users.edit.profile.id'); if ($userId) { $model->checkin($userId); } // Clear the profile id from the session. User::setState('com_users.edit.profile.id', null); // Redirect to the list screen. $this->setMessage(Lang::txt('COM_USERS_PROFILE_SAVE_SUCCESS')); $this->setRedirect(Route::url(($redirect = User::getState('com_users.edit.profile.redirect')) ? $redirect : 'index.php?option=com_users&view=profile&user_id=' . $return, false)); break; } // Flush the data from the session. User::setState('com_users.edit.profile.data', null); }
/** * Method to approve users * * @return void */ public function approve() { // Check for request forgeries. Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $ids = Request::getVar('cid', array(), '', 'array'); if (empty($ids)) { throw new Exception(Lang::txt('COM_USERS_USERS_NO_ITEM_SELECTED'), 500); } else { // Get the model. $model = $this->getModel(); // Change the state of the records. if (!$model->approve($ids)) { throw new Exception($model->getError(), 500); } else { $this->setMessage(Lang::txts('COM_USERS_N_USERS_APPROVED', count($ids))); } } $this->setRedirect('index.php?option=com_users&view=users'); }
/** * Delete Import * * @return void */ public function removeTask() { // check token Session::checkToken(); // get request vars $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // loop through all ids posted foreach ($ids as $id) { // make sure we have an object if (!($resourceImport = new \Components\Members\Models\Import($id))) { continue; } // attempt to delete import if (!$resourceImport->delete()) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=display', false), $resourceImport->getError(), 'error'); return; } } //inform user & redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=display', false), Lang::txt('COM_MEMBERS_IMPORT_REMOVED'), 'passed'); }
/** * Deletes paths from the current path * * @since 1.5 */ public function delete() { Session::checkToken(['get', 'post']); // Get some data from the request $tmpl = Request::getCmd('tmpl'); $paths = Request::getVar('rm', array(), '', 'array'); $folder = Request::getVar('folder', '', '', 'path'); $redirect = 'index.php?option=com_media&folder=' . $folder; if ($tmpl == 'component') { // We are inside the iframe $redirect .= '&view=mediaList&tmpl=component'; } $this->setRedirect($redirect); // Nothing to delete if (empty($paths)) { return true; } // Authorize the user if (!$this->authoriseUser('delete')) { return false; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Initialise variables. $ret = true; foreach ($paths as $path) { if ($path !== Filesystem::clean($path)) { // filename is not safe $filename = htmlspecialchars($path, ENT_COMPAT, 'UTF-8'); Notify::warning(Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FILE_WARNFILENAME', substr($filename, strlen(COM_MEDIA_BASE)))); continue; } $fullPath = Filesystem::cleanPath(implode(DIRECTORY_SEPARATOR, array(COM_MEDIA_BASE, $folder, $path))); $object_file = new \Hubzero\Base\Object(array('filepath' => $fullPath)); if (is_file($fullPath)) { // Trigger the onContentBeforeDelete event. $result = Event::trigger('content.onContentBeforeDelete', array('com_media.file', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins Notify::warning(Lang::txts('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); continue; } $ret &= Filesystem::delete($fullPath); // Trigger the onContentAfterDelete event. Event::trigger('content.onContentAfterDelete', array('com_media.file', &$object_file)); $this->setMessage(Lang::txt('COM_MEDIA_DELETE_COMPLETE', substr($fullPath, strlen(COM_MEDIA_BASE)))); } elseif (is_dir($fullPath)) { $contents = Filesystem::files($fullPath, '.', true, false, array('.svn', 'CVS', '.DS_Store', '__MACOSX', 'index.html')); if (empty($contents)) { // Trigger the onContentBeforeDelete event. $result = Event::trigger('content.onContentBeforeDelete', array('com_media.folder', &$object_file)); if (in_array(false, $result, true)) { // There are some errors in the plugins Notify::warning(Lang::txts('COM_MEDIA_ERROR_BEFORE_DELETE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); continue; } $ret &= Filesystem::deleteDirectory($fullPath); // Trigger the onContentAfterDelete event. Event::trigger('content.onContentAfterDelete', array('com_media.folder', &$object_file)); $this->setMessage(Lang::txt('COM_MEDIA_DELETE_COMPLETE', substr($fullPath, strlen(COM_MEDIA_BASE)))); } else { // This makes no sense... Notify::warning(Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_DELETE_FOLDER_NOT_EMPTY', substr($fullPath, strlen(COM_MEDIA_BASE)))); } } } return $ret; }
/** * Upload a file * * @since 1.5 */ function upload() { $params = Component::params('com_media'); // Check for request forgeries if (!Session::checkToken(['get', 'post'], true)) { $response = array('status' => '0', 'error' => Lang::txt('JINVALID_TOKEN')); echo json_encode($response); return; } // Get the user $log = JLog::getInstance('upload.error.php'); // Get some data from the request $file = Request::getVar('Filedata', '', 'files', 'array'); $folder = Request::getVar('folder', '', '', 'path'); $return = Request::getVar('return-url', null, 'post', 'base64'); if ($_SERVER['CONTENT_LENGTH'] > $params->get('upload_maxsize', 0) * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('upload_max_filesize') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('post_max_size') * 1024 * 1024 || $_SERVER['CONTENT_LENGTH'] > (int) ini_get('memory_limit') * 1024 * 1024) { $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_WARNFILETOOLARGE')); echo json_encode($response); return; } // Set FTP credentials, if given JClientHelper::setCredentialsFromRequest('ftp'); // Make the filename safe $file['name'] = Filesystem::clean($file['name']); if (isset($file['name'])) { // The request is valid $err = null; $filepath = \Hubzero\Filesystem\Util::normalizePath(COM_MEDIA_BASE . '/' . $folder . '/' . strtolower($file['name'])); if (!MediaHelper::canUpload($file, $err)) { $log->addEntry(array('comment' => 'Invalid: ' . $filepath . ': ' . $err)); $response = array('status' => '0', 'error' => Lang::txt($err)); echo json_encode($response); return; } // Trigger the onContentBeforeSave event. $object_file = new \Hubzero\Base\Object($file); $object_file->filepath = $filepath; $result = Event::trigger('content.onContentBeforeSave', array('com_media.file', &$object_file, true)); if (in_array(false, $result, true)) { // There are some errors in the plugins $log->addEntry(array('comment' => 'Errors before save: ' . $filepath . ' : ' . implode(', ', $object_file->getErrors()))); $response = array('status' => '0', 'error' => Lang::txts('COM_MEDIA_ERROR_BEFORE_SAVE', count($errors = $object_file->getErrors()), implode('<br />', $errors))); echo json_encode($response); return; } if (Filesystem::exists($filepath)) { // File exists $log->addEntry(array('comment' => 'File exists: ' . $filepath . ' by user_id ' . User::get('id'))); $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_FILE_EXISTS')); echo json_encode($response); return; } elseif (!User::authorise('core.create', 'com_media')) { // File does not exist and user is not authorised to create $log->addEntry(array('comment' => 'Create not permitted: ' . $filepath . ' by user_id ' . User::get('id'))); $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_CREATE_NOT_PERMITTED')); echo json_encode($response); return; } $file = (array) $object_file; if (!Filesystem::upload($file['tmp_name'], $file['filepath'])) { // Error in upload $log->addEntry(array('comment' => 'Error on upload: ' . $filepath)); $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_UNABLE_TO_UPLOAD_FILE')); echo json_encode($response); return; } else { // Trigger the onContentAfterSave event. Event::trigger('content.onContentAfterSave', array('com_media.file', &$object_file, true)); $log->addEntry(array('comment' => $folder)); $response = array('status' => '1', 'error' => Lang::txt('COM_MEDIA_UPLOAD_COMPLETE', substr($file['filepath'], strlen(COM_MEDIA_BASE)))); echo json_encode($response); return; } } else { $response = array('status' => '0', 'error' => Lang::txt('COM_MEDIA_ERROR_BAD_REQUEST')); echo json_encode($response); return; } }
/** * Method to save a record. * * @param string $key The name of the primary key of the URL variable. * @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions). * * @return boolean True if successful, false otherwise. * * @since 1.6 */ public function save($key = null, $urlVar = null) { // Check for request forgeries. Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $app = JFactory::getApplication(); $model = $this->getModel('Item', '', array()); $data = Request::getVar('jform', array(), 'post', 'array'); $task = $this->getTask(); $context = 'com_menus.edit.item'; $recordId = Request::getInt('id'); if (!$this->checkEditId($context, $recordId)) { // Somehow the person just went to the form and saved it - we don't allow that. $this->setError(Lang::txt('JLIB_APPLICATION_ERROR_UNHELD_ID', $recordId)); $this->setMessage($this->getError(), 'error'); $this->setRedirect(Route::url('index.php?option=com_menus&view=items' . $this->getRedirectToListAppend(), false)); return false; } // Populate the row id from the session. $data['id'] = $recordId; // The save2copy task needs to be handled slightly differently. if ($task == 'save2copy') { // Check-in the original row. if ($model->checkin($data['id']) === false) { // Check-in failed, go back to the item and display a notice. $this->setMessage(Lang::txt('JLIB_APPLICATION_ERROR_CHECKIN_FAILED', $model->getError()), 'warning'); return false; } // Reset the ID and then treat the request as for Apply. $data['id'] = 0; $data['associations'] = array(); $task = 'apply'; } // Validate the posted data. // This post is made up of two forms, one for the item and one for params. $form = $model->getForm($data); if (!$form) { throw new Exception($model->getError(), 500); return false; } if ($data['type'] == 'url') { $data['link'] = str_replace(array('"', '>', '<'), '', $data['link']); if (strstr($data['link'], ':') && substr($data['link'], 0, 1) != '/') { $segments = explode(':', $data['link']); $protocol = strtolower($segments[0]); $scheme = array('http', 'https', 'ftp', 'ftps', 'gopher', 'mailto', 'news', 'prospero', 'telnet', 'rlogin', 'tn3270', 'wais', 'url', 'mid', 'cid', 'nntp', 'tel', 'urn', 'ldap', 'file', 'fax', 'modem', 'git'); if (!in_array($protocol, $scheme)) { $app->enqueueMessage(Lang::txt('JLIB_APPLICATION_ERROR_SAVE_NOT_PERMITTED'), 'warning'); $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_item . $this->getRedirectToItemAppend($recordId), false)); return false; } } } $data = $model->validate($form, $data); // Check for the special 'request' entry. if ($data['type'] == 'component' && isset($data['request']) && is_array($data['request']) && !empty($data['request'])) { // Parse the submitted link arguments. $args = array(); parse_str(parse_url($data['link'], PHP_URL_QUERY), $args); // Merge in the user supplied request arguments. $args = array_merge($args, $data['request']); $data['link'] = 'index.php?' . urldecode(http_build_query($args, '', '&')); unset($data['request']); } // Check for validation errors. if ($data === false) { // Get the validation messages. $errors = $model->getErrors(); // Push up to three validation messages out to the user. for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { if ($errors[$i] instanceof Exception) { $app->enqueueMessage($errors[$i]->getMessage(), 'warning'); } else { $app->enqueueMessage($errors[$i], 'warning'); } } // Save the data in the session. $app->setUserState('com_menus.edit.item.data', $data); // Redirect back to the edit screen. $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_item . $this->getRedirectToItemAppend($recordId), false)); return false; } // Attempt to save the data. if (!$model->save($data)) { // Save the data in the session. $app->setUserState('com_menus.edit.item.data', $data); // Redirect back to the edit screen. $this->setMessage(Lang::txt('JLIB_APPLICATION_ERROR_SAVE_FAILED', $model->getError()), 'warning'); $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_item . $this->getRedirectToItemAppend($recordId), false)); return false; } // Save succeeded, check-in the row. if ($model->checkin($data['id']) === false) { // Check-in failed, go back to the row and display a notice. $this->setMessage(Lang::txt('JLIB_APPLICATION_ERROR_CHECKIN_FAILED', $model->getError()), 'warning'); $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_item . $this->getRedirectToItemAppend($recordId), false)); return false; } $this->setMessage(Lang::txt('COM_MENUS_SAVE_SUCCESS')); // Redirect the user and adjust session state based on the chosen task. switch ($task) { case 'apply': // Set the row data in the session. $recordId = $model->getState($this->context . '.id'); $this->holdEditId($context, $recordId); $app->setUserState('com_menus.edit.item.data', null); $app->setUserState('com_menus.edit.item.type', null); $app->setUserState('com_menus.edit.item.link', null); // Redirect back to the edit screen. $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_item . $this->getRedirectToItemAppend($recordId), false)); break; case 'save2new': // Clear the row id and data in the session. $this->releaseEditId($context, $recordId); $app->setUserState('com_menus.edit.item.data', null); $app->setUserState('com_menus.edit.item.type', null); $app->setUserState('com_menus.edit.item.link', null); $app->setUserState('com_menus.edit.item.menutype', $model->getState('item.menutype')); // Redirect back to the edit screen. $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_item . $this->getRedirectToItemAppend(), false)); break; default: // Clear the row id and data in the session. $this->releaseEditId($context, $recordId); $app->setUserState('com_menus.edit.item.data', null); $app->setUserState('com_menus.edit.item.type', null); $app->setUserState('com_menus.edit.item.link', null); // Redirect to the list screen. $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_list . $this->getRedirectToListAppend(), false)); break; } }
/** * Method to save a menu item. * * @return void */ public function save($key = null, $urlVar = null) { // Check for request forgeries. Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $data = Request::getVar('jform', array(), 'post', 'array'); $context = 'com_menus.edit.menu'; $task = $this->getTask(); $recordId = Request::getInt('id'); if (!$this->checkEditId($context, $recordId)) { // Somehow the person just went to the form and saved it - we don't allow that. $this->setError(Lang::txt('JLIB_APPLICATION_ERROR_UNHELD_ID', $recordId)); $this->setMessage($this->getError(), 'error'); $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_list . $this->getRedirectToListAppend(), false)); return false; } // Make sure we are not trying to modify an administrator menu. if (isset($data['client_id']) && $data['client_id'] == 1 || strtolower($data['menutype']) == 'menu' || strtolower($data['menutype']) == 'main') { Notify::warning(Lang::txt('COM_MENUS_MENU_TYPE_NOT_ALLOWED')); // Redirect back to the edit screen. $this->setRedirect(Route::url('index.php?option=com_menus&view=menu&layout=edit', false)); return false; } // Populate the row id from the session. $data['id'] = $recordId; // Get the model and attempt to validate the posted data. $model = $this->getModel('Menu'); $form = $model->getForm(); if (!$form) { throw new Exception($model->getError(), 500); return false; } $data = $model->validate($form, $data); // Check for validation errors. if ($data === false) { // Get the validation messages. $errors = $model->getErrors(); // Push up to three validation messages out to the user. for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { if ($errors[$i] instanceof Exception) { Notify::warning($errors[$i]->getMessage()); } else { Notify::warning($errors[$i]); } } // Save the data in the session. User::setState('com_menus.edit.menu.data', $data); // Redirect back to the edit screen. $this->setRedirect(Route::url('index.php?option=com_menus&view=menu&layout=edit', false)); return false; } // Attempt to save the data. if (!$model->save($data)) { // Save the data in the session. User::setState('com_menus.edit.menu.data', $data); // Redirect back to the edit screen. $this->setMessage(Lang::txt('JLIB_APPLICATION_ERROR_SAVE_FAILED', $model->getError()), 'warning'); $this->setRedirect(Route::url('index.php?option=com_menus&view=menu&layout=edit', false)); return false; } $this->setMessage(Lang::txt('COM_MENUS_MENU_SAVE_SUCCESS')); // Redirect the user and adjust session state based on the chosen task. switch ($task) { case 'apply': // Set the record data in the session. $recordId = $model->getState($this->context . '.id'); $this->holdEditId($context, $recordId); // Redirect back to the edit screen. $this->setRedirect(Route::url('index.php?option=com_menus&view=menu&layout=edit' . $this->getRedirectToItemAppend($recordId), false)); break; case 'save2new': // Clear the record id and data from the session. $this->releaseEditId($context, $recordId); User::setState($context . '.data', null); // Redirect back to the edit screen. $this->setRedirect(Route::url('index.php?option=com_menus&view=menu&layout=edit', false)); break; default: // Clear the record id and data from the session. $this->releaseEditId($context, $recordId); User::setState($context . '.data', null); // Redirect to the list screen. $this->setRedirect(Route::url('index.php?option=com_menus&view=menus', false)); break; } }
/** * Save the configuration * * @return void */ public function saveTask() { // Check for request forgeries. \Session::checkToken(); // Set FTP credentials, if given. \JClientHelper::setCredentialsFromRequest('ftp'); // Initialise variables. $model = new Models\Component(); $form = $model->getForm(); $data = Request::getVar('jform', array(), 'post', 'array'); $id = Request::getInt('id'); $option = Request::getCmd('component'); // Check if the user is authorized to do this. if (!User::authorise('core.admin', $option)) { App::redirect('index.php', \Lang::txt('JERROR_ALERTNOAUTHOR')); return; } // Validate the posted data. $return = $model->validate($form, $data); // Check for validation errors. if ($return === false) { // Get the validation messages. $errors = $model->getErrors(); // Push up to three validation messages out to the user. for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { if ($errors[$i] instanceof Exception) { Notify::warning($errors[$i]->getMessage()); } else { Notify::warning($errors[$i]); } } // Save the data in the session. User::setState($this->_option . '.config.global.data', $data); // Redirect back to the edit screen. App::redirect(Route::url('index.php?option=' . $this->_option . '&view=component&component=' . $option . '&tmpl=component&path=' . $model->getState('component.path'), false)); return false; } // Attempt to save the configuration. $data = array('params' => $return, 'id' => $id, 'option' => $option); $return = $model->save($data); // Check the return value. if ($return === false) { // Save the data in the session. User::setState($this->_option . '.config.global.data', $data); // Save failed, go back to the screen and display a notice. App::redirect(Route::url('index.php?option=' . $this->_option . '&view=component&component=' . $option . '&tmpl=component&path=' . $model->getState('component.path'), false), Lang::txt('JERROR_SAVE_FAILED', $model->getError()), 'error'); return false; } // Set the redirect based on the task. switch (Request::getCmd('task')) { case 'apply': App::redirect(Route::url('index.php?option=' . $this->_option . '&view=component&component=' . $option . '&tmpl=component&path=' . $model->getState('component.path') . '&refresh=1', false), Lang::txt('COM_CONFIG_SAVE_SUCCESS')); break; case 'save': default: App::redirect(Route::url('index.php?option=' . $this->_option . '&view=close&tmpl=component&path=' . $model->getState('component.path'), false)); break; } }
/** * Send the message and display a notice * * @access public * @since 1.5 */ function send() { // Check for request forgeries Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); $timeout = Session::get('com_mailto.formtime', 0); if ($timeout == 0 || time() - $timeout < 20) { throw new Exception(Lang::txt('COM_MAILTO_EMAIL_NOT_SENT'), 500); return $this->mailto(); } $SiteName = Config::get('sitename'); $MailFrom = Config::get('mailfrom'); $FromName = Config::get('fromname'); $link = MailtoHelper::validateHash(Request::getCMD('link', '', 'post')); // Verify that this is a local link if (!$link || !JURI::isInternal($link)) { //Non-local url... throw new Exception(Lang::txt('COM_MAILTO_EMAIL_NOT_SENT'), 500); return $this->mailto(); } // An array of email headers we do not want to allow as input $headers = array('Content-Type:', 'MIME-Version:', 'Content-Transfer-Encoding:', 'bcc:', 'cc:'); // An array of the input fields to scan for injected headers $fields = array('mailto', 'sender', 'from', 'subject'); /* * Here is the meat and potatoes of the header injection test. We * iterate over the array of form input and check for header strings. * If we find one, send an unauthorized header and die. */ foreach ($fields as $field) { foreach ($headers as $header) { if (strpos($_POST[$field], $header) !== false) { App::abort(403, ''); } } } // Free up memory unset($headers, $fields); $email = Request::getString('mailto', '', 'post'); $sender = Request::getString('sender', '', 'post'); $from = Request::getString('from', '', 'post'); $subject_default = Lang::txt('COM_MAILTO_SENT_BY', $sender); $subject = Request::getString('subject', $subject_default, 'post'); // Check for a valid to address $error = false; if (!$email || !JMailHelper::isEmailAddress($email)) { $error = Lang::txt('COM_MAILTO_EMAIL_INVALID', $email); Notify::warning($error); } // Check for a valid from address if (!$from || !JMailHelper::isEmailAddress($from)) { $error = Lang::txt('COM_MAILTO_EMAIL_INVALID', $from); Notify::warning($error); } if ($error) { return $this->mailto(); } // Build the message to send $msg = Lang::txt('COM_MAILTO_EMAIL_MSG'); $body = sprintf($msg, $SiteName, $sender, $from, $link); // Clean the email data $subject = JMailHelper::cleanSubject($subject); $body = JMailHelper::cleanBody($body); $sender = JMailHelper::cleanAddress($sender); // Send the email if (JFactory::getMailer()->sendMail($from, $sender, $email, $subject, $body) !== true) { throw new Exception(Lang::txt('COM_MAILTO_EMAIL_NOT_SENT'), 500); return $this->mailto(); } Request::setVar('view', 'sent'); $this->display(); }
/** * Method to cancel an edit * * @param string $key The name of the primary key of the URL variable (not used here). * * @return void * * @since 2.5 */ public function cancel($key = null, $test = null) { Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialize variables $context = "{$this->option}.edit.{$this->context}"; User::setState($context . '.data', null); $this->setRedirect(Route::url('index.php?option=' . $this->option . '&view=' . $this->view_list . $this->getRedirectToListAppend(), false)); }
/** * Method to remove the root property from the configuration. * * @return bool True on success, false on failure. */ public function removerootTask() { // Check for request forgeries. \Session::checkToken('get'); // Check if the user is authorized to do this. if (!User::authorise('core.admin')) { App::redirect(Route::url('index.php', false), Lang::txt('JERROR_ALERTNOAUTHOR')); return; } // Initialise model. $model = new Models\Application(); // Attempt to save the configuration and remove root. $return = $model->removeroot(); // Check the return value. if ($return === false) { // Save failed, go back to the screen and display a notice. App::redirect(Route::url('index.php', false), Lang::txt('JERROR_SAVE_FAILED', $model->getError()), 'error'); return; } // Set the redirect based on the task. App::redirect(Route::url('index.php', false), Lang::txt('COM_CONFIG_SAVE_SUCCESS')); }
/** * Delete Import * * @return void */ public function removeTask() { // check token \Session::checkToken(); // get request vars $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // loop through all ids posted foreach ($ids as $id) { // make sure we have an object if (!($hook = new Models\Import\Hook($id))) { continue; } // attempt to delete hook $hook->set('state', 2); if (!$hook->store(true)) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=display', false), $hook->getError(), 'error'); return; } } //inform user & redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=display', false), Lang::txt('COM_RESOURCES_IMPORTHOOK_REMOVED'), 'passed'); }
/** * Import, validate and parse data * * @param integer $dryRun * @return void */ public function processTask($dryRun = 0) { // check token \Session::checkToken(); // Incoming $id = Request::getInt('projectid', 0); $file = Request::getVar('file', array(), 'FILES'); $dryRun = Request::getInt('dryrun', 1); $this->data = NULL; // Project ID must be supplied $this->project = new \Components\Projects\Models\Project($id); if ($this->project->exists()) { echo json_encode(array('result' => 'error', 'error' => Lang::txt('COM_PUBLICATIONS_BATCH_ERROR_NO_PROJECT_ID'), 'records' => NULL)); exit; } // Check for file if (!is_array($file) || $file['size'] == 0 || $file['error'] != 0) { echo json_encode(array('result' => 'error', 'error' => Lang::txt('COM_PUBLICATIONS_BATCH_ERROR_NO_FILE'), 'records' => NULL)); exit; } // Check for correct type if (!in_array($file['type'], array('application/xml', 'text/xml'))) { echo json_encode(array('result' => 'error', 'error' => Lang::txt('COM_PUBLICATIONS_BATCH_ERROR_WRONG_FORMAT'), 'records' => NULL)); exit; } // Get data from XML file if (is_uploaded_file($file['tmp_name'])) { $this->data = file_get_contents($file['tmp_name']); } if (!$this->data) { echo json_encode(array('result' => 'error', 'error' => Lang::txt('COM_PUBLICATIONS_BATCH_ERROR_NO_DATA'), 'records' => NULL)); exit; } // Load reader libxml_use_internal_errors(true); $this->reader = new \XMLReader(); // Open and validate XML against schema if (!$this->reader->XML($this->data, 'UTF-8', \XMLReader::VALIDATE | \XMLReader::SUBST_ENTITIES)) { echo json_encode(array('result' => 'error', 'error' => Lang::txt('COM_PUBLICATIONS_BATCH_ERROR_XML_VALIDATION_FAILED'), 'records' => NULL)); exit; } // Set schema $schema = $this->getSchema(); if (file_exists($schema)) { $this->reader->setSchema($schema); } // Validation $outputData = $this->validateTask(); // Parse data if passed validations if (!$this->getError()) { $outputData = $this->parse($dryRun); } // Parsing errors if ($this->getError()) { echo json_encode(array('result' => 'error', 'error' => $this->getError(), 'records' => $outputData, 'dryrun' => $dryRun)); exit; } // return results to user echo json_encode(array('result' => 'success', 'error' => NULL, 'records' => $outputData, 'dryrun' => $dryRun)); exit; }
/** * Method to run batch operations. * * @param object $model The model. * * @return boolean True if successful, false otherwise and internal error is set. * * @since 1.6 */ public function batch($model = null) { Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Set the model $model = $this->getModel('Category'); // Preset the redirect $this->setRedirect('index.php?option=com_categories&view=categories&extension=' . $this->extension); return parent::batch($model); }