/** * Compute an atm-blockvar tag * * @param array $tag : the reference tag to compute * @return string the PHP / HTML content computed * @access private */ protected function _blockVarTag(&$tag) { //check tags requirements if (!$this->checkTagRequirements($tag, array('id' => true, 'varname' => 'alphanum', 'vartype' => true, 'label' => true, 'mandatory' => '(true)|(false)'))) { return; } switch ($tag['attributes']['vartype']) { case 'string': if (!$this->checkTagValues($tag, array('maxLength' => array('value' => '([-+]?[0-9]+)', 'mandatory' => false), 'default' => array('value' => 'alphanum', 'mandatory' => false)))) { return; } break; case 'integer': if (!$this->checkTagValues($tag, array('maxValue' => array('value' => '([-+]?[0-9]+)', 'mandatory' => false), 'minValue' => array('value' => '([-+]?[0-9]+)', 'mandatory' => false), 'default' => array('value' => '([-+]?[0-9]+)', 'mandatory' => false)))) { return; } break; case 'boolean': if (!$this->checkTagValues($tag, array('default' => array('value' => '[0-1]', 'mandatory' => false)))) { return; } break; case 'date': // do nothing break; case 'float': $pattern = '[-+]?[0-9]*\\.?[0-9]+'; if (isset($tag['attributes']['separator'])) { if ($tag['attributes']['separator'] != '.') { $pattern = '[-+]?[0-9]*' . $tag['attributes']['separator'] . '?[0-9]+'; } } if (!$this->checkTagValues($tag, array('separator' => array('value' => '\\.|,', 'mandatory' => false), 'default' => array('value' => $pattern, 'mandatory' => false)))) { return; } break; case 'page': if (!$this->checkTagValues($tag, array('root' => array('value' => 'page', 'mandatory' => false), 'default' => array('value' => 'page', 'mandatory' => false)))) { return; } break; default: // handle polymod stuff if (strpos($tag['attributes']['vartype'], 'fields') !== false) { if (!$this->checkTagValues($tag, array('vartype' => array('value' => 'field', 'mandatory' => true)))) { return; } } else { // Assume it's an object if (!$this->checkTagValues($tag, array('vartype' => array('value' => 'object', 'mandatory' => true)))) { return; } } break; } if ($this->_mode == self::BLOCK_PARAM_MODE) { // handle i18n on label and description $tag['attributes']['label'] = eval(sensitiveIO::sanitizeExecCommand('return "' . CMS_polymod_definition_parsing::preReplaceVars($tag['attributes']['label']) . '";')); if (isset($tag['attributes']['description'])) { $tag['attributes']['description'] = eval(sensitiveIO::sanitizeExecCommand('return "' . CMS_polymod_definition_parsing::preReplaceVars($tag['attributes']['description']) . '";')); } if (isset($tag['attributes']['possibleValues'])) { $tag['attributes']['possibleValues'] = eval(sensitiveIO::sanitizeExecCommand('return "' . CMS_polymod_definition_parsing::preReplaceVars($tag['attributes']['possibleValues']) . '";')); } $this->_blockParams['var'][$tag['attributes']['id']][$tag['attributes']['varname']] = $tag['attributes']; } $tag['attributes']['value'] = '".@$blockAttributes[\'var\'][\'' . $tag['attributes']['id'] . '\'][\'' . $tag['attributes']['varname'] . '\']."'; return ' $varname_' . $tag['attributes']['id'] . ' = "' . $this->replaceVars($tag['attributes']['varname'], null) . '"; ${$varname_' . $tag['attributes']['id'] . '} = CMS_polymod_definition_parsing::replaceVars("' . $this->replaceVars($tag['attributes']['value'], null) . '", @$replace); unset($varname_' . $tag['attributes']['id'] . ');' . "\n"; }
/** * Recursive method to add all selected values into a multidimentionnal array representing a formular source * * @param multidimentionnal array &$definition : the XML definition to treat (by reference) * @param array $fields : all form fields to get default values * @param array $fieldsError : all form fields malformed or required * @param (inplicit) the current global $_POST values * @access private * @return void */ protected function _fillSelectedFormValues(&$definition, $fields, $fieldsError) { global $mod_cms_forms, $cms_user; if (is_array($definition) && is_array($definition[0])) { //loop on subtags foreach (array_keys($definition) as $key) { $fieldValue = null; if (isset($definition[$key]['attributes']['name'])) { if (in_array($definition[$key]['attributes']['id'], $fieldsError)) { //set class cms_field_error to field $definition[$key]['attributes']['class'] = 'cms_field_error'; } if (isset($_POST[$definition[$key]['attributes']['name']])) { //set value from POST $fieldValue = $_POST[$definition[$key]['attributes']['name']]; } else { //set value from default field value foreach ($fields as $field) { if ($field->getAttribute('name') == $definition[$key]['attributes']['name'] && $field->getAttribute('value')) { //set current page ID as a parameter $parameters['pageID'] = sensitiveIO::isPositiveInteger($mod_cms_forms['pageID']) ? $mod_cms_forms['pageID'] : 1; //evaluate default value if needed $fieldValue = eval(sensitiveIO::sanitizeExecCommand('return "' . CMS_polymod_definition_parsing::preReplaceVars($field->getAttribute('value')) . '";')); } } } } if (isset($definition[$key]['nodename']) && $definition[$key]['nodename'] == 'input' && $definition[$key]['attributes']['type'] == 'file') { unset($definition[$key]['attributes']['value']); } if (isset($fieldValue)) { switch ($definition[$key]['nodename']) { case 'select': foreach (array_keys($definition[$key]['childrens']) as $optionKey) { if (isset($definition[$key]['childrens'][$optionKey]['attributes']['value']) && $definition[$key]['childrens'][$optionKey]['attributes']['value'] == $fieldValue) { $definition[$key]['childrens'][$optionKey]['attributes']['selected'] = 'selected'; } } break; case 'textarea': $definition[$key]['childrens']['0']['textnode'] = sensitiveIO::sanitizeHTMLString($fieldValue); break; case 'input': if ($definition[$key]['attributes']['type'] == 'text' || $definition[$key]['attributes']['type'] == 'hidden') { $definition[$key]['attributes']['value'] = sensitiveIO::sanitizeHTMLString($fieldValue); } elseif ($definition[$key]['attributes']['type'] == 'checkbox') { $definition[$key]['attributes']['checked'] = 'checked'; } break; } } if (isset($definition[$key]['childrens'])) { $this->_fillSelectedFormValues($definition[$key]['childrens'], $fields, $fieldsError); } } } else { $this->raiseError("Malformed definition to compute : " . print_r($definition, true)); return false; } }
/** * filter array of categories ID with user clearance * * @param array $categories, IDs of categories to filter * @param integer $clearance, default is CLEARANCE_MODULE_VIEW * @param string $module : the module codename * @param boolean $strict : strict filtering of categories : do not allow parent categories of lower levels * @return array * @access public */ function filterModuleCategoriesClearance($categories, $clearance = CLEARANCE_MODULE_VIEW, $module = false, $strict = false) { if (!is_array($categories)) { return array(); } $filteredCategories = array(); //get denied cats (including deleted cats) $deniedCats = $this->getRootModuleCategoriesDenied($module); if (!is_array($deniedCats)) { $deniedCats = array(); } if (!$strict) { switch ($clearance) { case CLEARANCE_MODULE_VIEW: $matchingCats = $this->getRootModuleCategoriesReadable($module); break; case CLEARANCE_MODULE_EDIT: $matchingCats = $this->getRootModuleCategoriesWritable($module); break; case CLEARANCE_MODULE_MANAGE: $matchingCats = $this->getRootModuleCategoriesManagable($module); break; } if (!is_array($matchingCats)) { $matchingCats = array(); } if ($this->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) { //only remove catsDenied foreach ($deniedCats as $deniedCatID) { unset($categories[$deniedCatID]); } return $categories; } //construct n level tree with all of these categories and array of lineages $nLevelArray = array(); foreach ($categories as $catID) { //get category lineage $lineage = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($catID); if ($lineage) { $lineageArray[$catID] = $lineage; //then create n level table $ln = sensitiveIO::sanitizeExecCommand('if (!isset($nLevelArray[' . str_replace(';', '][', $lineage) . '])) $nLevelArray[' . str_replace(';', '][', $lineage) . '] = array();'); eval($ln); } } $filteredCategories = $this->_filterModuleCategoriesClearanceRecursion($nLevelArray, $matchingCats, $deniedCats, false); $returnedFilteredCategories = array(); foreach ($filteredCategories as $catID) { $returnedFilteredCategories[$catID] = $catID; } } else { $returnedFilteredCategories = array(); foreach ($categories as $catID) { if (!in_array($catID, $deniedCats) && $this->hasModuleCategoryClearance($catID, $clearance, $module)) { $returnedFilteredCategories[$catID] = $catID; } } } return $returnedFilteredCategories; }
/** * Return sub tree of a given category * * @param array $values : parameters values array(parameterName => parameterValue) in : * root : the category id to get subtree. If none set, use the defined root category for field * maxlevel : the maximum number of level to get (optional) * selected : the current selected category id (optional) * usedcategories : display only used categories (optional, default : true) * @param multidimentionnal array $tags : xml2Array content of atm-function tag * <item>...{lvl}...{id}...{label}...{sublevel}...</item> * <itemselected>...{lvl}...{id}...{label}...{sublevel}...</itemselected> * <template>...{sublevel}...</template> * @return string : the sub tree of the given category * @access public */ function categoriesTree($values, $tags) { global $cms_user, $cms_language; if (!isset($values['usedcategories']) || $values['usedcategories'] == 'true' || $values['usedcategories'] == '1') { $restrictToUsedCategories = true; } else { $restrictToUsedCategories = false; } $return = ""; $params = $this->getParamsValues(); if ((!isset($values['root']) || !sensitiveIO::isPositiveInteger($values['root'])) && (!isset($params['rootCategory']) || !sensitiveIO::IsPositiveInteger($params['rootCategory']))) { $this->raiseError("Root value parameter must be a valid category ID"); return false; } elseif ((!isset($values['root']) || !sensitiveIO::isPositiveInteger($values['root'])) && (isset($params['rootCategory']) && sensitiveIO::IsPositiveInteger($params['rootCategory']))) { $values['root'] = $params['rootCategory']; } $usedCategories = $this->getAllUsedCategoriesForField(); if (!$usedCategories) { return $return; } $xml2Array = new CMS_XML2Array(); $itemPattern = $xml2Array->getXMLInTag($tags, 'item'); $templatePattern = $xml2Array->getXMLInTag($tags, 'template'); $selectedPattern = $xml2Array->getXMLInTag($tags, 'itemselected'); $maxlevel = isset($values['maxlevel']) ? (int) $values['maxlevel'] : 0; if (isset($values['selected'])) { $selectedIDs = is_array($values['selected']) ? $values['selected'] : array($values['selected']); } else { $selectedIDs = array(); } //$disableCategories = isset($values['disable']) ? explode(';',$values['disable']) : array(); $disableCategories = array(); if (isset($values['disable'])) { $disableCategories = explode(';', $values['disable']); if (count($disableCategories) == 1) { $disableCategories = explode(',', $values['disable']); } } if (!$itemPattern) { $this->raiseError("No 'item' tag found or tag empty"); return false; } if (!$templatePattern) { $this->raiseError("No 'template' tag found or tag empty"); return false; } $module = CMS_poly_object_catalog::getModuleCodenameForField($this->_field->getID()); if (isset($values['editableonly']) && ($values['editableonly'] == 'true' || $values['editableonly'] == '1')) { $viewvableCategoriesForProfile = CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($cms_user, $module, true, CLEARANCE_MODULE_EDIT, true); } else { $viewvableCategoriesForProfile = CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($cms_user, $module, true); } if ($restrictToUsedCategories || is_array($disableCategories) && $disableCategories) { //unset unused categories (keep categories parents in lineage) $usedCategoriesTree = array(); foreach ($usedCategories as $usedCategory) { if (isset($viewvableCategoriesForProfile[$usedCategory]) && $viewvableCategoriesForProfile[$usedCategory]) { $usedCategoriesTree = array_merge($usedCategoriesTree, explode(';', $viewvableCategoriesForProfile[$usedCategory])); } } $usedCategoriesTree = array_flip(array_unique($usedCategoriesTree)); foreach ($viewvableCategoriesForProfile as $catID => $lineage) { //restrict to used categories if ($restrictToUsedCategories) { if (!isset($usedCategoriesTree[$catID])) { unset($viewvableCategoriesForProfile[$catID]); } } // Disable categories if (is_array($disableCategories) && $disableCategories) { $lineageTab = explode(';', $lineage); foreach ($disableCategories as $disableCategory) { if (SensitiveIO::isPositiveInteger($disableCategory)) { if (in_array($disableCategory, $lineageTab)) { unset($viewvableCategoriesForProfile[$catID]); } } } } } } $rootLineage = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($values['root'], $separator = ";"); //old method, seems buggy, keep it for now //$rootLineage = ($viewvableCategoriesForProfile[$values['root']]) ? $viewvableCategoriesForProfile[$values['root']] : $values['root']; //create recursive categories array foreach ($viewvableCategoriesForProfile as $catID => $lineage) { //this must be ^...;rootID;...$ or ^rootID;...$ if (io::strpos($lineage, ';' . $values['root'] . ';') !== false || io::strpos($lineage, $values['root'] . ';') === 0) { $lineage = preg_replace('#^' . $rootLineage . ';#', '', $lineage); $ln = sensitiveIO::sanitizeExecCommand('if (!isset($nLevelArray[' . str_replace(';', '][', $lineage) . '])) $nLevelArray[' . str_replace(';', '][', $lineage) . '] = array();'); eval($ln); } } //pr($nLevelArray); if (isset($nLevelArray) && is_array($nLevelArray) && $nLevelArray) { $return = $this->_createCategoriesTree($nLevelArray, $itemPattern, $templatePattern, $selectedPattern, $maxlevel, $selectedIDs); } return $return; }
/** * Returns a multidimentionnal array of categories viewvable * If access control is active, we need to limit serch to user's * permissions on categories * * @access public * @param CMS_profile $cms_user, the profile concerned by these restrictions * @param string $module the module codename we want * @param boolean $returnLineageArray return array like array(catID => catLineage) instead * @param mixed $clearanceLevel * - false : CLEARANCE_MODULE_VIEW * - true : CLEARANCE_MODULE_EDIT * - constant value : clearanceLevel value * @param boolean $strict return only categories from this clearance (default : false, else, return complete categories tree until given clearance) * @return array(catID => array(catID => array(...))) * @static */ static function getViewvableCategoriesForProfile(&$cms_user, $module = false, $returnLineageArray = false, $clearanceLevel = false, $strict = false) { static $viewvableCats; $type = $module ? $module : 'all'; if ($clearanceLevel === false || $clearanceLevel === '' || $clearanceLevel === null) { $clearanceLevel = CLEARANCE_MODULE_VIEW; } elseif ($clearanceLevel === true) { $clearanceLevel = CLEARANCE_MODULE_EDIT; } $type = $type . (string) $clearanceLevel . ($strict ? 'strict' : '') . ($cms_user instanceof CMS_profile ? $cms_user->getId() : ''); //check if result is not allready in global var if (!isset($viewvableCats[$type])) { //first we get an array of all categories id for this module $catsID = array(); $s_where = $module ? " and module_mca = '" . $module . "'" : ""; $sql = "\n\t\t\t\tselect\n\t\t\t\t\tid_mca as id\n\t\t\t\tfrom\n\t\t\t\t\tmodulesCategories\n\t\t\t\twhere\n\t\t\t\t\tparent_mca != '" . CMS_moduleCategory::LINEAGE_PARK_POSITION . "'\n\t\t\t\t\t{$s_where}\n\t\t\t"; $q = new CMS_query($sql); while ($id = $q->getValue('id')) { $catsID[$id] = $id; } //then for each category, check if user have right to view it //if not, unset category if ($cms_user instanceof CMS_profile) { $categories = array(); if (is_array($catsID) && $catsID) { $categories = $cms_user->filterModuleCategoriesClearance($catsID, $clearanceLevel, $module, $strict); } } else { $categories = $catsID; } //then create returned arrays $nLevelArray = $lineageArray = array(); if (is_array($categories) && $categories) { foreach ($categories as $catID) { //construct n level tree with all of these categories and array of lineages //get category lineage $lineage = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($catID); if ($lineage) { $lineageArray[$catID] = $lineage; //then create n level table $ln = sensitiveIO::sanitizeExecCommand('if (!isset($nLevelArray[' . str_replace(';', '][', $lineage) . '])) $nLevelArray[' . str_replace(';', '][', $lineage) . '] = array();'); eval($ln); } } } $viewvableCats[$type]["lineageArray"] = $lineageArray; $viewvableCats[$type]["nLevelArray"] = $nLevelArray; } return $returnLineageArray ? $viewvableCats[$type]["lineageArray"] : $viewvableCats[$type]["nLevelArray"]; }
/** * Return a wysiwyg plugin output for given parameters * * @param integer $pluginID : the plugin id to use * @param integer $itemID : the item id to use * @param string $selection : the selected wysiwyg text if any * @param boolean $public : the data status * @param boolean $pluginView : is this plugin is intended to be shown in wysiwyg view ? (default false) * @return string : the plugin output * @access public * @static */ static function pluginCode($pluginID, $itemID, $selection, $public = false, $pluginView = false) { global $cms_user; //then create the code to paste for the current selected object if any if (sensitiveIO::isPositiveInteger($itemID) && sensitiveIO::isPositiveInteger($pluginID)) { //get plugin $plugin = new CMS_poly_plugin_definitions($pluginID); //set execution parameters $parameters = array(); $parameters['itemID'] = $itemID; $parameters['public'] = $public; if ($pluginView) { $parameters['plugin-view'] = true; } //get originaly selected text if (!$plugin->needSelection()) { $parameters['selection'] = ''; } else { $parameters['selection'] = io::decodeEntities($selection); } //this line is used to optimise text fields (see CMS_object_text) which use a lot of plugin codes. //in this case, items are searched before then put in this global var so it is not necessary to do one search for each of them if (isset($GLOBALS['polymod']['preparedItems'][$plugin->getValue('objectID')][$itemID])) { $parameters['item'] = $GLOBALS['polymod']['preparedItems'][$plugin->getValue('objectID')][$itemID]; } //eval item content ob_start(); eval(sensitiveIO::sanitizeExecCommand(sensitiveIO::stripPHPTags($plugin->getValue('compiledDefinition')))); $data = ob_get_contents(); ob_end_clean(); return $data; } }
/** * Return all infos for selected object * * @param string $codename the module codename * @param CMS_language $language : current language * @param string $selectedValue : the current select value of the list * @param integer $objectID : the module object ID to restrict the list (default false : all objects of the module) * @return string : the options tag list * @access public * @static */ function viewObjectRowInfos($codename, &$language, $selectedValue) { $return = '<div class="rowComment">'; //first, need to convert the $selectedValue which is a moduleStructurePath format into a moduleDetailledStructurePath format $convertedSelectedValue = CMS_poly_module_structure::moduleStructure2moduleDetailledStructure($selectedValue); //then get module detailledStructure $objectsDetailledStructure = CMS_poly_module_structure::getModuleDetailledStructure($codename, $language); //get seleted detailledInfos $detailledInfos = @eval(sensitiveIO::sanitizeExecCommand('return $objectsDetailledStructure' . $convertedSelectedValue . ';')); //get object for this detailled structure path $object = CMS_poly_module_structure::getObjectForDetailledStructurePath($convertedSelectedValue); //then create corresponding object Infos if (is_array($detailledInfos) && $detailledInfos) { //pr(get_class($object)); $objectLabels = $object->getLabelsStructure($language, $detailledInfos['translatedpath']); $return .= ' <h2>' . $language->getMessage(self::MESSAGE_PAGE_OBJECT_NAME, false, MOD_POLYMOD_CODENAME) . ' : {' . $detailledInfos['translatedpath'] . '}</h2> <div class="retrait">'; if (isset($objectLabels['structure']) && is_array($objectLabels['structure']) && $objectLabels['structure']) { $return .= '<h3>' . $language->getMessage(self::MESSAGE_PAGE_OBJECT_VARS, false, MOD_POLYMOD_CODENAME) . ' :</h3><ul>'; foreach ($objectLabels['structure'] as $name => $label) { $return .= '<li><span class="vertclair">{' . $detailledInfos['translatedpath'] . ':' . $name . '}</span> : ' . $label . '</li>'; } $return .= '</ul>'; } if (isset($objectLabels['function']) && is_array($objectLabels['function']) && $objectLabels['function']) { $return .= '<h3>' . $language->getMessage(self::MESSAGE_PAGE_OBJECT_FUNCTIONS, false, MOD_POLYMOD_CODENAME) . ' :</h3><ul>'; foreach ($objectLabels['function'] as $name => $label) { $return .= '<li><span class="keyword">' . $name . '</span> : ' . $label . '</li>'; } $return .= '</ul>'; } if (isset($objectLabels['operator']) && is_array($objectLabels['operator']) && $objectLabels['operator']) { $return .= '<h3>' . $language->getMessage(self::MESSAGE_PAGE_OBJECT_OPERATORS, false, MOD_POLYMOD_CODENAME) . ' :</h3>' . $language->getMessage(self::MESSAGE_PAGE_OBJECT_OPERATORS_DESCRIPTION, false, MOD_POLYMOD_CODENAME) . '<ul>'; foreach ($objectLabels['operator'] as $name => $label) { $return .= '<li><span class="keyword">' . $name . '</span> : ' . $label . '</li>'; } $return .= '</ul>'; } if (isset($objectLabels['orderOperator']) && is_array($objectLabels['orderOperator']) && $objectLabels['orderOperator']) { $return .= '<h3>' . $language->getMessage(self::MESSAGE_PAGE_OBJECT_ORDER_OPERATORS, false, MOD_POLYMOD_CODENAME) . ' :</h3>' . $language->getMessage(self::MESSAGE_PAGE_OBJECT_ORDER_OPERATORS_DESCRIPTION, false, MOD_POLYMOD_CODENAME) . '<ul>'; foreach ($objectLabels['orderOperator'] as $name => $label) { $return .= '<li><span class="keyword">' . $name . '</span> : ' . $label . '</li>'; } $return .= '</ul>'; } if (isset($objectLabels['atmInputOperator']) && is_array($objectLabels['atmInputOperator']) && $objectLabels['atmInputOperator']) { $return .= '<h3>' . $language->getMessage(self::MESSAGE_PAGE_OBJECT_ATM_INPUT_OPERATORS, false, MOD_POLYMOD_CODENAME) . ' :</h3>' . $language->getMessage(self::MESSAGE_PAGE_OBJECT_ATM_INPUT_OPERATORS_DESCRIPTION, false, MOD_POLYMOD_CODENAME) . '<ul>'; foreach ($objectLabels['atmInputOperator'] as $name => $label) { $return .= '<li><span class="keyword">' . $name . '</span> : ' . $label . '</li>'; } $return .= '</ul>'; } $return .= '</div></div>'; } return $return; }