function publishHandlerObject($element, &$params)
{
$ret = null;
$objectID = $element->getAttribute('id');
// protection from self-embedding
if ($objectID == $this->contentObjectID) {
$this->isInputValid = false;
$this->Messages[] = ezpI18n::tr('kernel/classes/datatypes', 'Object %1 can not be embeded to itself.', false, array($objectID));
return $ret;
}
if (!in_array($objectID, $this->relatedObjectIDArray)) {
$this->relatedObjectIDArray[] = $objectID;
}
// If there are any image object with links.
$href = $element->getAttributeNS($this->Namespaces['image'], 'ezurl_href');
//washing href. single and double quotes inside url replaced with their urlencoded form
$href = str_replace(array('\'', '"'), array('%27', '%22'), $href);
$urlID = $element->getAttributeNS($this->Namespaces['image'], 'ezurl_id');
if ($href != null) {
$urlID = eZURL::registerURL($href);
$element->setAttributeNS($this->Namespaces['image'], 'image:ezurl_id', $urlID);
$element->removeAttributeNS($this->Namespaces['image'], 'ezurl_href');
}
if ($urlID != null) {
$this->urlIDArray[] = $urlID;
}
$this->convertCustomAttributes($element);
return $ret;
}
function modify($tpl, $operatorName, $operatorParameters, $rootNamespace, $currentNamespace, &$operatorValue, $namedParameters)
{
switch ($operatorName) {
case $this->ININameHasVariable:
case $this->ININame:
if (count($operatorParameters) > 0) {
$iniGroup = $tpl->elementValue($operatorParameters[0], $rootNamespace, $currentNamespace);
if (count($operatorParameters) == 1) {
$tpl->error($operatorName, "Missing variable name parameter");
return;
}
$iniVariable = $tpl->elementValue($operatorParameters[1], $rootNamespace, $currentNamespace);
$iniName = isset($operatorParameters[2]) ? $tpl->elementValue($operatorParameters[2], $rootNamespace, $currentNamespace) : false;
$iniPath = isset($operatorParameters[3]) ? $tpl->elementValue($operatorParameters[3], $rootNamespace, $currentNamespace) : false;
// If we should check for existence of variable.
// You can use like:
// ezini( <BlockName>, <SettingName>, <FileName>, <IniPath>, _use under template compiling mode_ , <Should We Check for existence: 'hasVariable' or true()> )
// ezini_hasvariable( <BlockName>, <SettingName>, <FileName>, <IniPath>... )
if ($operatorName == $this->ININameHasVariable) {
$checkExistence = true;
} else {
$checkExistence = isset($operatorParameters[5]) ? ($tpl->elementValue($operatorParameters[5], $rootNamespace, $currentNamespace) === true or $tpl->elementValue($operatorParameters[5], $rootNamespace, $currentNamespace) == 'hasVariable') ? true : false : false;
}
if ($iniPath !== false) {
$ini = eZINI::instance($iniName, $iniPath, null, null, null, true);
} elseif ($iniName !== false) {
$ini = eZINI::instance($iniName);
} else {
$ini = eZINI::instance();
}
if ($ini->hasVariable($iniGroup, $iniVariable)) {
$operatorValue = !$checkExistence ? $ini->variable($iniGroup, $iniVariable) : true;
} else {
if ($checkExistence) {
$operatorValue = false;
return;
}
if ($iniPath !== false) {
// Return empty string instead of displaying error when using 'path' parameter
// and DirectAccess mode for ezini.
$operatorValue = '';
} else {
if ($iniName === false) {
$iniName = 'site.ini';
}
$tpl->error($operatorName, "!!!No such variable '{$iniVariable}' in group '{$iniGroup}' for {$iniName}");
}
}
return;
} else {
$tpl->error($operatorName, "Missing group name parameter");
}
break;
case $this->HTTPNameHasVariable:
case $this->HTTPName:
$http = eZHTTPTool::instance();
if (count($operatorParameters) > 0) {
$httpType = eZURLOperator::HTTP_OPERATOR_TYPE_POST;
$httpName = $tpl->elementValue($operatorParameters[0], $rootNamespace, $currentNamespace);
if (count($operatorParameters) > 1) {
$httpTypeName = strtolower($tpl->elementValue($operatorParameters[1], $rootNamespace, $currentNamespace));
if ($httpTypeName == 'post') {
$httpType = eZURLOperator::HTTP_OPERATOR_TYPE_POST;
} else {
if ($httpTypeName == 'get') {
$httpType = eZURLOperator::HTTP_OPERATOR_TYPE_GET;
} else {
if ($httpTypeName == 'session') {
$httpType = eZURLOperator::HTTP_OPERATOR_TYPE_SESSION;
} else {
if ($httpTypeName == 'cookie') {
$httpType = eZURLOperator::HTTP_OPERATOR_TYPE_COOKIE;
} else {
$tpl->warning($operatorName, "Unknown http type '{$httpTypeName}'");
}
}
}
}
}
// If we should check for existence of http variable
// You can use like:
// ezhttp( <Variable>, <Method: post, get, session>, <Should We Check for existence: 'hasVariable' or true()> )
// ezhttp_hasvariable( <Variable>, <Method> )
if ($operatorName == $this->HTTPNameHasVariable) {
$checkExistence = true;
} else {
$checkExistence = isset($operatorParameters[2]) ? ($tpl->elementValue($operatorParameters[2], $rootNamespace, $currentNamespace) === true or $tpl->elementValue($operatorParameters[2], $rootNamespace, $currentNamespace) == 'hasVariable') ? true : false : false;
}
switch ($httpType) {
case eZURLOperator::HTTP_OPERATOR_TYPE_POST:
if ($http->hasPostVariable($httpName)) {
$operatorValue = !$checkExistence ? $http->postVariable($httpName) : true;
} else {
// If only check for existence - return false
if ($checkExistence) {
$operatorValue = false;
return;
}
$tpl->error($operatorName, "Unknown post variable '{$httpName}'");
}
break;
case eZURLOperator::HTTP_OPERATOR_TYPE_GET:
if ($http->hasGetVariable($httpName)) {
$operatorValue = !$checkExistence ? $http->getVariable($httpName) : true;
} else {
if ($checkExistence) {
$operatorValue = false;
return;
}
$tpl->error($operatorName, "Unknown get variable '{$httpName}'");
}
break;
case eZURLOperator::HTTP_OPERATOR_TYPE_SESSION:
if ($http->hasSessionVariable($httpName)) {
$operatorValue = !$checkExistence ? $http->sessionVariable($httpName) : true;
} else {
if ($checkExistence) {
$operatorValue = false;
return;
}
$tpl->error($operatorName, "Unknown session variable '{$httpName}'");
}
break;
case eZURLOperator::HTTP_OPERATOR_TYPE_COOKIE:
if (array_key_exists($httpName, $_COOKIE)) {
$operatorValue = !$checkExistence ? $_COOKIE[$httpName] : true;
} else {
if ($checkExistence) {
$operatorValue = false;
return;
}
$tpl->error($operatorName, "Unknown cookie variable '{$httpName}'");
}
break;
}
} else {
$operatorValue = $http;
}
return;
break;
case $this->URLName:
eZURI::transformURI($operatorValue, false, $namedParameters['server_url']);
break;
case $this->URLRootName:
if (preg_match("#^[a-zA-Z0-9]+:#", $operatorValue) or substr($operatorValue, 0, 2) == '//') {
break;
}
if (strlen($operatorValue) > 0 and $operatorValue[0] != '/') {
$operatorValue = '/' . $operatorValue;
}
// Same as "ezurl" without "index.php" and the siteaccess name in the returned address.
eZURI::transformURI($operatorValue, true, $namedParameters['server_url']);
break;
case $this->SysName:
if (count($operatorParameters) == 0) {
$tpl->warning('eZURLOperator' . $operatorName, 'Requires attributename');
} else {
$sysAttribute = $tpl->elementValue($operatorParameters[0], $rootNamespace, $currentNamespace);
if (!$this->Sys->hasAttribute($sysAttribute)) {
$tpl->warning('eZURLOperator' . $operatorName, "No such attribute '{$sysAttribute}' for eZSys");
} else {
$operatorValue = $this->Sys->attribute($sysAttribute);
}
}
return;
break;
case $this->ImageName:
if (count($operatorParameters) == 2 && $tpl->elementValue($operatorParameters[1], $rootNamespace, $currentNamespace) == true && strlen($this->Sys->wwwDir()) == 0) {
$skipSlash = true;
} else {
$skipSlash = false;
}
$operatorValue = $this->eZImage($tpl, $operatorValue, $operatorName, $skipSlash);
break;
case $this->ExtName:
$urlMD5 = md5($operatorValue);
$url = eZURL::urlByMD5($urlMD5);
if ($url === false) {
eZURL::registerURL($operatorValue);
} else {
$operatorValue = $url;
}
break;
case $this->DesignName:
$operatorValue = $this->eZDesign($tpl, $operatorValue, $operatorName);
break;
}
$quote = "\"";
$val = $namedParameters['quote_val'];
if ($val == 'single') {
$quote = "'";
} else {
if ($val == 'no') {
$quote = false;
}
}
$http = eZHTTPTool::instance();
if (isset($http->UseFullUrl) and $http->UseFullUrl and strncasecmp($operatorValue, '/', 1) === 0) {
$operatorValue = $http->createRedirectUrl($operatorValue, array('pre_url' => false));
}
if ($quote !== false) {
$operatorValue = $quote . $operatorValue . $quote;
}
}
function unserializeContentObjectAttribute($package, $objectAttribute, $attributeNode)
{
$urlNode = $attributeNode->getElementsByTagName('url')->item(0);
if (is_object($urlNode)) {
unset($url);
$url = urldecode($urlNode->textContent);
$urlID = eZURL::registerURL($url);
if ($urlID) {
$urlObject = eZURL::fetch($urlID);
$urlObject->setAttribute('original_url_md5', $urlNode->getAttribute('original-url-md5'));
$urlObject->setAttribute('is_valid', $urlNode->getAttribute('is-valid'));
$urlObject->setAttribute('last_checked', $urlNode->getAttribute('last-checked'));
$urlObject->setAttribute('created', time());
$urlObject->setAttribute('modified', time());
$urlObject->store();
$objectAttribute->setAttribute('data_int', $urlID);
}
}
$textNode = $attributeNode->getElementsByTagName('text')->item(0);
if ($textNode) {
$objectAttribute->setAttribute('data_text', $textNode->textContent);
}
}
/**
* publishHandlerLink (Publish handler, pass 2 after schema validation)
* Publish handler for link element, converts href to [object|node|link]_id.
*
* @param DOMElement $element
* @param array $param parameters for xml element
* @return null|array changes structure if it contains 'result' key
*/
function publishHandlerLink($element, &$params)
{
$ret = null;
$href = $element->getAttribute('href');
if ($href) {
$objectID = false;
if (strpos($href, 'ezobject') === 0 && preg_match("@^ezobject://([0-9]+)/?(#.+)?@i", $href, $matches)) {
$objectID = $matches[1];
if (isset($matches[2])) {
$anchorName = substr($matches[2], 1);
}
$element->setAttribute('object_id', $objectID);
if (!eZContentObject::exists($objectID)) {
$this->Messages[] = ezpI18n::tr('design/standard/ezoe/handler', 'Object %1 does not exist.', false, array($objectID));
}
} elseif (strpos($href, 'eznode') === 0 && preg_match("@^eznode://([^#]+)(#.+)?@i", $href, $matches)) {
$nodePath = trim($matches[1], '/');
if (isset($matches[2])) {
$anchorName = substr($matches[2], 1);
}
if (is_numeric($nodePath)) {
$nodeID = $nodePath;
$node = eZContentObjectTreeNode::fetch($nodeID);
if (!$node instanceof eZContentObjectTreeNode) {
$this->Messages[] = ezpI18n::tr('design/standard/ezoe/handler', 'Node %1 does not exist.', false, array($nodeID));
}
} else {
$node = eZContentObjectTreeNode::fetchByURLPath($nodePath);
if (!$node instanceof eZContentObjectTreeNode) {
$this->Messages[] = ezpI18n::tr('design/standard/ezoe/handler', 'Node '%1' does not exist.', false, array($nodePath));
} else {
$nodeID = $node->attribute('node_id');
}
$element->setAttribute('show_path', 'true');
}
if (isset($nodeID) && $nodeID) {
$element->setAttribute('node_id', $nodeID);
}
if (isset($node) && $node instanceof eZContentObjectTreeNode) {
$objectID = $node->attribute('contentobject_id');
}
} elseif (strpos($href, '#') === 0) {
$anchorName = substr($href, 1);
} else {
$temp = explode('#', $href);
$url = $temp[0];
if (isset($temp[1])) {
$anchorName = $temp[1];
}
if ($url) {
// Protection from XSS attack
if (preg_match("/^(java|vb)script:.*/i", $url)) {
$this->isInputValid = false;
$this->Messages[] = "Using scripts in links is not allowed, '{$url}' has been removed";
$element->removeAttribute('href');
return $ret;
}
// Check mail address validity following RFC 5322 and RFC 5321
if (preg_match("/^mailto:([^.][a-z0-9!#\$%&'*+-\\/=?`{|}~^]+@([a-z0-9.-]+))/i", $url, $mailAddr)) {
if (!eZMail::validate($mailAddr[1])) {
$this->isInputValid = false;
if ($this->errorLevel >= 0) {
$this->Messages[] = ezpI18n::tr('kernel/classes/datatypes/ezxmltext', "Invalid e-mail address: '%1'", false, array($mailAddr[1]));
}
$element->removeAttribute('href');
return $ret;
}
}
// Store urlID instead of href
$url = str_replace(array('&', '%28', '%29'), array('&', '(', ')'), $url);
$urlID = eZURL::registerURL($url);
if ($urlID) {
if (!in_array($urlID, $this->urlIDArray)) {
$this->urlIDArray[] = $urlID;
}
$element->setAttribute('url_id', $urlID);
}
}
}
if ($objectID && !in_array($objectID, $this->linkedObjectIDArray)) {
$this->linkedObjectIDArray[] = $objectID;
}
if (isset($anchorName) && $anchorName) {
$element->setAttribute('anchor_name', $anchorName);
}
}
return $ret;
}
/**
* Test scenario for issue #018211: URL datatype is not case sensitive
*
* @link http://issues.ez.no/18211
* @group issue18211
*/
public function testUrlCaseSensitivity()
{
$url = 'http://ez.no/EZPUBLISH';
$urlId = eZURL::registerURL($url);
$urlObject = eZURL::fetch($urlId);
self::assertEquals($url, $urlObject->attribute('url'));
unset($urlId, $urlObject);
$url2 = 'http://ez.no/ezpublish';
$url2Id = eZURL::registerURL($url2);
$url2Object = eZURL::fetch($url2Id);
self::assertEquals($url2, $url2Object->attribute('url'));
self::assertEquals(md5($url2), $url2Object->attribute('original_url_md5'));
unset($url2Id, $url2Object);
}
/**
* Imports a value to an attribute adapting it to the proper type.
* Not written by me, downloaded from ez.no! Extended it only!
* @param data The value (string/int/float).
* @param contentObjectAttribute The attribute to modify.
*/
function importAttribute($data, &$contentObjectAttribute)
{
$contentClassAttribute = $contentObjectAttribute->attribute('contentclass_attribute');
$dataTypeString = $contentClassAttribute->attribute('data_type_string');
ezDebug::writeDebug("Converting " . $data . " to expected " . $dataTypeString);
switch ($dataTypeString) {
case 'ezfloat':
case 'ezprice':
$contentObjectAttribute->setAttribute('data_float', $data);
$contentObjectAttribute->store();
break;
case 'ezboolean':
case 'ezdate':
case 'ezdatetime':
case 'ezinteger':
case 'ezsubtreesubscription':
case 'eztime':
$contentObjectAttribute->setAttribute('data_int', $data);
$contentObjectAttribute->store();
break;
case 'ezobjectrelation':
// $data is contentobject_id to relate to
// $oldData = $contentObjectAttribute->attribute( 'data_int' );
$contentObjectAttribute->setAttribute('data_int', $data);
$contentObjectAttribute->store();
$object = $contentObjectAttribute->object();
$contentObjectVersion = $contentObjectAttribute->attribute('version');
$contentClassAttributeID = $contentObjectAttribute->attribute('contentclassattribute_id');
// Problem with translations if removing old relations ?!
// $object->removeContentObjectRelation( $oldData, $contentObjectVersion, $contentClassAttributeID, eZContentObject::RELATION_ATTRIBUTE );
$object->addContentObjectRelation($data, $contentObjectVersion, $contentClassAttributeID, RELATION_ATTRIBUTE);
break;
case 'ezurl':
$urlID = eZURL::registerURL($data);
$contentObjectAttribute->setAttribute('data_int', $urlID);
// Fall through to set data_text
// Fall through to set data_text
case 'ezemail':
case 'ezisbn':
case 'ezstring':
case 'eztext':
$contentObjectAttribute->setAttribute('data_text', $data);
$contentObjectAttribute->store();
break;
case 'ezxmltext':
/* $parser = new eZXMLInputParser();
$document = $parser->process( $data );
$data = eZXMLTextType::domString( $document );
$contentObjectAttribute->fromString( $data );*/
$contentObjectAttribute->setAttribute('data_text', $data);
$contentObjectAttribute->store();
break;
// case 'ezimage':
// $this->saveImage( $data, $contentObjectAttribute );
// break;
// case 'ezbinaryfile':
// $this->saveFile( $data, $contentObjectAttribute );
// break;
// case 'ezenum':
//removed enum - function can be found at ez.no
// break;
// case 'ezimage':
// $this->saveImage( $data, $contentObjectAttribute );
// break;
// case 'ezbinaryfile':
// $this->saveFile( $data, $contentObjectAttribute );
// break;
// case 'ezenum':
//removed enum - function can be found at ez.no
// break;
case 'ezuser':
// $data is assumed to be an associative array( login, password, email );
$user = new eZUser($contentObjectAttribute->attribute('contentobject_id'));
if (isset($data['login'])) {
$user->setAttribute('login', $data['login']);
}
if (isset($data['email'])) {
$user->setAttribute('email', $data['email']);
}
if (isset($data['password'])) {
$hashType = eZUser::hashType() . '';
$newHash = $user->createHash($data['login'], $data['password'], eZUser::site(), $hashType);
$user->setAttribute('password_hash_type', $hashType);
$user->setAttribute('password_hash', $newHash);
}
$user->store();
break;
default:
die('Can not store ' . $data . ' as datatype: ' . $dataTypeString);
}
}
/**
* Bug in link rendering related to GET parameters (& double encoded to &amp;)
*
* @link http://issues.ez.no/016668: links in ezxmltext double escapes.
* @note Test depends on template output!!
*/
public function testLinkEscape()
{
$url = '/index.php?c=6&kat=company';
$urlID = eZURL::registerURL( $url );
$XMLString = '<?xml version="1.0" encoding="utf-8"?>
<section xmlns:image="http://ez.no/namespaces/ezpublish3/image/" xmlns:xhtml="http://ez.no/namespaces/ezpublish3/xhtml/" xmlns:custom="http://ez.no/namespaces/ezpublish3/custom/"><paragraph xmlns:tmp="http://ez.no/namespaces/ezpublish3/temporary/"><link url_id="' . $urlID . '">My link</link></paragraph></section>';
$outputHandler = new eZXHTMLXMLOutput( $XMLString, false );
$result = $outputHandler->outputText();
$expected = '<p><a href="/index.php?c=6&kat=company" target="_self">My link</a></p>';
$this->assertEquals( $expected, $result );
}
