function userUsernameToLdapNameTransform($drupal_username, &$watchdog_tokens)
{
if ($this->ldapToDrupalUserPhp && module_exists('php')) {
global $name;
$old_name_value = $name;
$name = $drupal_username;
$code = "<?php global \$name; \n" . $this->ldapToDrupalUserPhp . "; \n ?>";
$watchdog_tokens['%code'] = $this->ldapToDrupalUserPhp;
$code_result = php_eval($code);
$watchdog_tokens['%code_result'] = $code_result;
$ldap_username = $code_result;
$watchdog_tokens['%ldap_username'] = $ldap_username;
$name = $old_name_value;
// important because of global scope of $name
if ($this->detailedWatchdogLog) {
watchdog('ldap_server', '%drupal_user_name tansformed to %ldap_username by applying code <code>%code</code>', $watchdog_tokens, WATCHDOG_DEBUG);
}
} else {
$ldap_username = $drupal_username;
}
return $ldap_username;
}
/**
* decide if a username is excluded or not
*
* @param string $name as proposed drupal username
* @param array $ldap_user where top level keys are 'dn','attr','mail'
* @return boolean FALSE means NOT allow; TRUE means allow
*
* @todo. this function should simply invoke hook_ldap_authentication_allowuser_results_alter
* and most of this function should go in ldap_authentication_allowuser_results_alter
*/
public function allowUser($name, $ldap_user)
{
/**
* do one of the exclude attribute pairs match
*/
$ldap_user_conf = ldap_user_conf();
// if user does not already exists and deferring to user settings AND user settings only allow
$user_register = variable_get('user_register', USER_REGISTER_VISITORS_ADMINISTRATIVE_APPROVAL);
foreach ($this->excludeIfTextInDn as $test) {
if (stripos($ldap_user['dn'], $test) !== FALSE) {
return FALSE;
// if a match, return FALSE;
}
}
/**
* evaluate php if it exists
*/
if ($this->allowTestPhp) {
if (module_exists('php')) {
global $_name, $_ldap_user_entry;
$_name = $name;
$_ldap_user_entry = $ldap_user;
$code = '<?php ' . "global \$_name; \n global \$_ldap_user_entry; \n" . $this->allowTestPhp . ' ?>';
$code_result = php_eval($code);
$_name = NULL;
$_ldap_user_entry = NULL;
if ((bool) $code_result == FALSE) {
return FALSE;
}
} else {
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
$tokens = array('!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication'));
watchdog('ldap_authentication', 'LDAP Authentication is configured to deny users based on php execution with php_eval function, but php module is not enabled. Please enable php module or remove php code at !ldap_authentication_config .', $tokens);
return FALSE;
}
}
/**
* do one of the allow attribute pairs match
*/
if (count($this->allowOnlyIfTextInDn)) {
$fail = TRUE;
foreach ($this->allowOnlyIfTextInDn as $test) {
if (stripos($ldap_user['dn'], $test) !== FALSE) {
$fail = FALSE;
}
}
if ($fail) {
return FALSE;
}
}
/**
* is excludeIfNoAuthorizations option enabled and user not granted any groups
*/
if ($this->excludeIfNoAuthorizations) {
if (!module_exists('ldap_authorization')) {
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
$tokens = array('!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication'));
watchdog('ldap_authentication', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but LDAP Authorization module is not enabled. Please enable and configure LDAP Authorization or disable this option at !ldap_authentication_config .', $tokens);
return FALSE;
}
$user = new stdClass();
$user->name = $name;
$user->ldap_authenticated = TRUE;
// fake user property added for query
$consumers = ldap_authorization_get_consumers();
$has_enabled_consumers = FALSE;
$has_ldap_authorizations = FALSE;
foreach ($consumers as $consumer_type => $consumer_config) {
$consumer_obj = ldap_authorization_get_consumer_object($consumer_type);
if ($consumer_obj->consumerConf->status) {
$has_enabled_consumers = TRUE;
list($authorizations, $notifications) = ldap_authorizations_user_authorizations($user, 'query', $consumer_type, 'test_if_authorizations_granted');
if (isset($authorizations[$consumer_type]) && count($authorizations[$consumer_type]) > 0) {
$has_ldap_authorizations = TRUE;
}
}
}
if (!$has_enabled_consumers) {
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
$tokens = array('!ldap_consumer_config' => l(t('LDAP Authorization Configuration'), 'admin/config/people/ldap/authorization'));
watchdog('ldap_authentication', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but 0 LDAP Authorization consumers are configured: !ldap_consumer_config .', $tokens);
return FALSE;
} elseif (!$has_ldap_authorizations) {
return FALSE;
}
}
// allow other modules to hook in and refuse if they like
$hook_result = TRUE;
drupal_alter('ldap_authentication_allowuser_results', $ldap_user, $name, $hook_result);
if ($hook_result === FALSE) {
watchdog('ldap_authentication', "Authentication Allow User Result=refused for %name", array('%name' => $name), WATCHDOG_NOTICE);
return FALSE;
}
/**
* default to allowed
*/
return TRUE;
}
protected function renderRow($x, $y, $row, $options, &$view = NULL, $key = NULL, $printLabels = TRUE)
{
$pageDim = $this->getPageDimensions();
// Render the content if it is not already:
if (is_object($view) && $key != NULL && isset($view->field[$key]) && is_object($view->field[$key]) && !is_string($row)) {
$content = $view->field[$key]->theme($row);
} elseif (is_string($row)) {
$content = $row;
} else {
// We got bad data. So return.
return;
}
if (empty($key) || !empty($view->field[$key]->options['exclude']) || empty($content) && $view->field[$key]->options['hide_empty']) {
return '';
}
// Apply the hyphenation patterns to the content:
if (!isset($options['text']['hyphenate']) && is_object($view) && is_object($view->display_handler)) {
$options['text']['hyphenate'] = $view->display_handler->get_option('default_text_hyphenate');
}
if (isset($options['text']['hyphenate']) && $options['text']['hyphenate'] != 'none') {
$patternFile = $options['text']['hyphenate'];
if ($options['text']['hyphenate'] == 'auto' && is_object($row)) {
// Workaround:
// Since "$nodeLanguage = $row->node_language;" does not work anymore,
// we using this:
if (isset($row->_field_data['nid']['entity']->language)) {
$nodeLanguage = $row->_field_data['nid']['entity']->language;
foreach (self::getAvailableHyphenatePatterns() as $file => $pattern) {
if (stristr($pattern, $nodeLanguage) !== FALSE) {
$patternFile = $file;
break;
}
}
}
}
$patternFile = views_pdf_get_library('tcpdf') . '/hyphenate_patterns/' . $patternFile;
if (file_exists($patternFile)) {
if (method_exists('TCPDF_STATIC', 'getHyphenPatternsFromTEX')) {
$hyphen_patterns = TCPDF_STATIC::getHyphenPatternsFromTEX($patternFile);
} else {
$hyphen_patterns = $this->getHyphenPatternsFromTEX($patternFile);
}
// Bugfix if you like to print some html code to the PDF, we
// need to prevent the replacement of this tags.
$content = str_replace('>', '&gt;', $content);
$content = str_replace('<', '&lt;', $content);
$content = $this->hyphenateText($content, $hyphen_patterns);
}
}
// Set css variable
if (is_object($view) && is_object($view->display_handler)) {
$css_file = $view->display_handler->get_option('css_file');
}
// Render Labels
$prefix = '';
if ($printLabels && !empty($view->field[$key]->options['label'])) {
$prefix = $view->field[$key]->options['label'];
if ($view->field[$key]->options['element_label_colon']) {
$prefix .= ':';
}
$prefix .= ' ';
}
$font_size = empty($options['text']['font_size']) ? $this->defaultFontSize : $options['text']['font_size'];
$font_family = $options['text']['font_family'] == 'default' || empty($options['text']['font_family']) ? $this->defaultFontFamily : $options['text']['font_family'];
$font_style = is_array($options['text']['font_style']) ? $options['text']['font_style'] : $this->defaultFontStyle;
$textColor = !empty($options['text']['color']) ? $this->parseColor($options['text']['color']) : $this->parseColor($this->defaultFontColor);
$w = $options['position']['width'];
$h = $options['position']['height'];
$border = 0;
$align = isset($options['text']['align']) ? $options['text']['align'] : $this->defaultTextAlign;
$fill = 0;
$ln = 1;
$reseth = TRUE;
$stretch = 0;
$ishtml = isset($options['render']['is_html']) ? $options['render']['is_html'] : 1;
$stripHTML = !$ishtml;
$autopadding = TRUE;
$maxh = 0;
$valign = 'T';
$fitcell = FALSE;
// Run eval before.
if (!empty($options['render']['bypass_eval_before']) && !empty($options['render']['eval_before'])) {
eval($options['render']['eval_before']);
} elseif (!empty($options['render']['eval_before'])) {
$content = php_eval($options['render']['eval_before']);
}
// Add css if there is a css file set and stripHTML is not active.
if (!empty($css_file) && is_string($css_file) && !$stripHTML && $ishtml && !empty($content)) {
$content = '<link type="text/css" rel="stylesheet" media="all" href="' . $css_file . '" />' . PHP_EOL . $content;
}
// Set Text Color.
$this->SetTextColorArray($textColor);
// Set font.
$this->SetFont($font_family, implode('', $font_style), $font_size);
// Save the last page before starting writing, this
// is needed to dected if we write over a page. Then we need
// to reset the y coordinate for the 'last_writing' position option.
$this->lastWritingPage = $this->getPage();
if ($stripHTML) {
$content = strip_tags($content);
}
// Write the content of a field to the pdf file:
if (!empty($content)) {
$this->MultiCell($w, $h, $prefix . $content, $border, $align, $fill, $ln, $x, $y, $reseth, $stretch, $ishtml, $autopadding, $maxh, $valign, $fitcell);
} else {
$this->MultiCell($w, $h, $prefix, $border, $align, $fill, $ln, $x, $y, $reseth, $stretch, $ishtml, $autopadding, $maxh, $valign, $fitcell);
}
// Reset font to default.
$this->SetFont($this->defaultFontFamily, implode('', $this->defaultFontStyle), $this->defaultFontSize);
// Run eval after.
if (!empty($options['render']['bypass_eval_after']) && !empty($options['render']['eval_after'])) {
eval($options['render']['eval_after']);
} elseif (!empty($options['render']['eval_after'])) {
$content = php_eval($options['render']['eval_after']);
}
// Write Coordinates of element.
$this->elements[$key] = array('x' => $x, 'y' => $y, 'width' => empty($w) ? $pageDim['wk'] - $this->rMargin - $x : $w, 'height' => $this->y - $y, 'page' => $this->lastWritingPage);
$this->lastWritingElement = $key;
}
/**
* decide if a username is excluded or not
*
* return boolean
*/
public function allowUser($name, $ldap_user_entry)
{
/**
* do one of the exclude attribute pairs match
*/
$exclude = FALSE;
foreach ($this->excludeIfTextInDn as $test) {
if (strpos(drupal_strtolower($ldap_user_entry['dn']), drupal_strtolower($test)) !== FALSE) {
return FALSE;
// if a match, return FALSE;
}
}
/**
* evaluate php if it exists
*/
if ($this->allowTestPhp) {
if (module_exists('php')) {
global $_name, $_ldap_user_entry;
$_name = $name;
$_ldap_user_entry = $ldap_user_entry;
$code = '<?php ' . "global \$_name; \n global \$_ldap_user_entry; \n" . $this->allowTestPhp . ' ?>';
$code_result = php_eval($code);
$_name = NULL;
$_ldap_user_entry = NULL;
if ((bool) $code_result == FALSE) {
return FALSE;
}
} else {
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
$tokens = array('!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication'));
watchdog('warning', 'LDAP Authentication is configured to deny users based on php execution with php_eval function, but php module is not enabled. Please enable php module or remove php code at !ldap_authentication_config .', $tokens);
return FALSE;
}
}
/**
* do one of the allow attribute pairs match
*/
if (count($this->allowOnlyIfTextInDn)) {
$fail = TRUE;
foreach ($this->allowOnlyIfTextInDn as $test) {
if (strpos(drupal_strtolower($ldap_user_entry['dn']), drupal_strtolower($test)) !== FALSE) {
$fail = FALSE;
}
}
if ($fail) {
return FALSE;
}
}
/**
* is excludeIfNoAuthorizations option enabled and user not granted any groups
*/
if ($this->excludeIfNoAuthorizations) {
if (!module_exists('ldap_authorization')) {
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
$tokens = array('!ldap_authentication_config' => l(t('LDAP Authentication Configuration'), 'admin/config/people/ldap/authentication'));
watchdog('warning', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but LDAP Authorization module is not enabled. Please enable and configure LDAP Authorization or disable this option at !ldap_authentication_config .', $tokens);
return FALSE;
}
$user = new stdClass();
$user->name = $name;
$user->ldap_authenticated = TRUE;
// fake user property added for query
$consumers = ldap_authorization_get_consumers();
$has_enabled_consumers = FALSE;
foreach ($consumers as $consumer_type => $consumer_config) {
$consumer_obj = ldap_authorization_get_consumer_object($consumer_type);
if ($consumer_obj->consumerConf->status) {
$has_enabled_consumers = TRUE;
list($authorizations, $notifications) = ldap_authorizations_user_authorizations($user, 'query', $consumer_type, 'test_if_authorizations_granted');
if (count(array_filter(array_values($authorizations))) > 0) {
return TRUE;
}
}
}
if (!$has_enabled_consumers) {
drupal_set_message(t(LDAP_AUTHENTICATION_DISABLED_FOR_BAD_CONF_MSG), 'warning');
$tokens = array('!ldap_consumer_config' => l(t('LDAP Authorization Configuration'), 'admin/config/people/ldap/authorization'));
watchdog('warning', 'LDAP Authentication is configured to deny users without LDAP Authorization mappings, but 0 LDAP Authorization consumers are configured: !ldap_consumer_config .', $tokens);
return FALSE;
}
return FALSE;
}
/**
* default to allowed
*/
return TRUE;
}
/**
* Checks if the given menu link should be marked as active.
*
* If `$item->activation` is a callable function it will be used to determinate
* if the link should be active or not, returning true from callable indicates
* link should be active, false indicates it should not be marked as active.
* Callable receives current request object as first argument and $item as second.
*
* `$item->url` property MUST exists if "activation" is not a callable, and can
* be either:
*
* - A string representing an external or internal URL (all internal links must
* starts with "/"). e.g. `/user/login`
*
* - An array compatible with \Cake\Routing\Router::url(). e.g. `['controller'
* => 'users', 'action' => 'login']`
*
* Both examples are equivalent.
*
* @param \Cake\Datasource\EntityInterface $item A menu's item
* @return bool
*/
public function isActive(EntityInterface $item)
{
if ($item->has('activation') && is_callable($item->get('activation'))) {
$callable = $item->get('activation');
return $callable($this->_View->request, $item);
}
$itemUrl = $this->sanitize($item->get('url'));
if (!str_starts_with($itemUrl, '/')) {
return false;
}
switch ($item->get('activation')) {
case 'any':
return $this->_requestMatches($item->get('active'));
case 'none':
return !$this->_requestMatches($item->get('active'));
case 'php':
return php_eval($item->get('active'), ['view', &$this->_View, 'item', &$item]) === true;
case 'auto':
default:
static $requestUri = null;
static $requestUrl = null;
if ($requestUri === null) {
$requestUri = urldecode(env('REQUEST_URI'));
$requestUrl = str_replace('//', '/', '/' . urldecode($this->_View->request->url) . '/');
}
$isInternal = $itemUrl !== '/' && str_ends_with($itemUrl, str_replace_once($this->baseUrl(), '', $requestUri));
$isIndex = $itemUrl === '/' && $this->_View->request->isHome();
$isExact = str_replace('//', '/', "{$itemUrl}/") === $requestUrl || $itemUrl == $requestUri;
if ($this->config('breadcrumbGuessing')) {
return $isInternal || $isIndex || $isExact || in_array($itemUrl, $this->_crumbs());
}
return $isInternal || $isIndex || $isExact;
}
}
/**
* Checks if the given block can be rendered.
*
* @param \Block\Model\Entity\Block $block Block entity
* @return bool True if can be rendered
*/
protected function _filterBlock(Block $block)
{
$cacheKey = "allowed_{$block->id}";
$cache = static::cache($cacheKey);
if ($cache !== null) {
return $cache;
}
if (!empty($block->locale) && !in_array(I18n::locale(), (array) $block->locale)) {
return static::cache($cacheKey, false);
}
if (!$block->isAccessible()) {
return static::cache($cacheKey, false);
}
$allowed = false;
switch ($block->visibility) {
case 'except':
// Show on all pages except listed pages
$allowed = !$this->_urlMatch($block->pages);
break;
case 'only':
// Show only on listed pages
$allowed = $this->_urlMatch($block->pages);
break;
case 'php':
// Use custom PHP code to determine visibility
$allowed = php_eval($block->pages, ['view' => &$this->_View, 'block' => &$block]) === true;
break;
}
if (!$allowed) {
return static::cache($cacheKey, false);
}
return static::cache($cacheKey, true);
}
