function saveNew() { // Check for request forgeries JRequest::checkToken() or die('Invalid Token'); // Make sure we have a user $user =& JFactory::getUser(); if ($user->get('username') == '') { $errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT'); JError::raiseError(500, $errmsg); } // Make sure we have a valid article ID require_once JPATH_BASE . DS . '..' . DS . 'components' . DS . 'com_attachments' . DS . 'helper.php'; $article_id = AttachmentsHelper::valid_article_id($_POST['article_id']); if ($article_id == -1) { // Save the warning message for the pop-up window // ??? // echo "<script>SqueezeBox.fromElement('<a href=\"index.php\"></a>')</script>"; // echo "<script>document.getElementById('sbox-window').open()</script>"; // require_once(JPATH_BASE.DS.'..'.DS.'components'.DS.'com_attachments'.DS.'helper.php'); // $msg = JText::_('ERROR MUST SELECT ARTICLE'); // AttachmentsHelper::save_warning_message($msg); // $button->set('options', "{handler: 'iframe', size: {x: 400, y: 300}}"); // $link = "index.php?option=com_attachments&task=warning&tmpl=component"; $errmsg = JText::_('ERROR MUST SELECT ARTICLE'); echo "<script> alert('{$errmsg}'); window.history.go(-1); </script>\n"; // exit(); } // Make sure this user has permission to upload (should never fail with admin?) require_once JPATH_COMPONENT_SITE . DS . 'permissions.php'; if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) { $errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD'); JError::raiseError(500, $errmsg); exit; } // Set up the new record $row =& JTable::getInstance('Attachments', 'Table'); if (!$row->bind(JRequest::get('post'))) { JError::raiseError(500, $row->getError()); } $row->uploader_id = $user->get('id'); $row->article_id = $article_id; // Handle 'from' clause $from = JRequest::getVar('from', ' (no from)'); $msg = AttachmentsHelper::upload_file($row, $article_id); // See where to go to next global $option; switch ($this->_task) { case 'applyNew': $link = 'index.php?option=' . $option . '&task=edit&cid[]=' . $row->id; break; case 'saveNew': default: $link = 'index.php?option=' . $option; break; } // If called from the editor, go back to it if ($from == 'editor') { $link = 'index.php?option=com_content&task=edit&cid[]=' . $article_id; } // If we are supposed to close this iframe, do it now. if ($from == 'closeme') { echo "<script language=\"javascript\" type=\"text/javascript\">window.parent.document.getElementById('sbox-window').close()</script>"; exit; } $this->setRedirect($link, $msg); }
function addAttachments(&$row, &$params, $page = 0) { // Only display attachments for content (articles) global $option; if ($option != 'com_content') { return; } // Apparently this is called before articles are displayed (ignore those calls) if (!isset($row->id)) { return; } // Get the component parameters jimport('joomla.application.component.helper'); $attachParams = JComponentHelper::getParams('com_attachments'); // Get some of the options $user =& JFactory::getUser(); $logged_in = $user->get('username') != ''; $user_type = $user->get('usertype', false); // Load the language files from the backend $lang =& JFactory::getLanguage(); $lang->load('plg_frontend_attachments', JPATH_ADMINISTRATOR); // See whether we can display the links to add attachments require_once JPATH_SITE . DS . 'components' . DS . 'com_attachments' . DS . 'permissions.php'; if (AttachmentsPermissions::attachments_hidden_for_article($row->id, $attachParams)) { return; } $user_can_add = AttachmentsPermissions::user_may_add_attachment($user, $row->id); // Determine where we are global $option; $from = JRequest::getVar('view', false); $Itemid = JRequest::getVar('Itemid', false); if (is_numeric($Itemid)) { $Itemid = intval($Itemid); } else { $Itemid = 1; } // Show the attachment list (if appropriate) $who_can_see = $attachParams->get('who_can_see', 'logged_in'); if ($who_can_see == 'anyone' || $who_can_see == 'logged_in' && $logged_in) { $row->text .= attachments_attachmentListHtml($row->id, $user_can_add, $Itemid, $from); } if ($user_can_add) { $row->text .= attachments_attachmentButtonsHTML($row->id, $Itemid, $from); } }
function save() { // Check for request forgeries JRequest::checkToken() or die('Invalid Token'); // Make sure that the caller is logged in $user =& JFactory::getUser(); if ($user->get('username') == '') { $errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT'); JError::raiseError(500, $errmsg); } // Make sure we have a valid article ID $article_id = AttachmentsHelper::valid_article_id(JRequest::getVar('article_id', null, 'POST')); // Verify that this user may add attachments to this article require_once JPATH_COMPONENT . DS . 'permissions.php'; if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) { $errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD'); JError::raiseError(500, $errmsg); } // Get the Itemid $Itemid = JRequest::getVar('Itemid', null, 'POST'); if ($Itemid && is_numeric($Itemid)) { $Itemid = intval($Itemid); } else { $Itemid = 1; } // How to redirect? $from = JRequest::getVar('from', false, 'POST'); if ($from) { if ($from == 'frontpage') { $redirect_to = JURI::base(); } elseif ($from == 'article') { $redirect_to = JRoute::_("index.php?option=com_content&view=article&id={$article_id}", False); } else { $redirect_to = JURI::base(); } } else { $redirect_to = JURI::base(); } // See if we should cancel if ($_POST['submit'] == JText::_('CANCEL')) { $msg = JText::_('UPLOAD CANCELED'); $this->setRedirect($redirect_to, $msg); return; } // If this is an update, get the attachment id $update = JRequest::getVar('update', false, 'POST'); $attachment_id = false; if ($update) { $attachment_id = JRequest::getVar('id', false, 'POST'); } // Bind the info from the form $row =& JTable::getInstance('Attachments', 'Table'); if ($attachment_id && !$row->load($attachment_id)) { $errmsg = JText::_('ERROR CANNOT UPDATE ATTACHMENT INVALID ID') . " ({$id})"; JError::raiseError(500, $errmsg); exit; } if (!$row->bind(JRequest::get('post'))) { JError::raiseError(500, $row->getError()); } if (!$update) { $row->uploader_id = $user->get('id'); $row->article_id = $article_id; } // Upload the file $tmp_name = $_FILES['upload']['tmp_name']; if ($update) { $update_file = JRequest::getVar('update_file', false, 'POST'); if ($update_file) { $msg = AttachmentsHelper::upload_file($row, $article_id, $update, $attachment_id); // NOTE: store() is not needed if upload_file() is called since it does it } else { // Save the updated attachment if (!$row->store()) { JError::raiseError(500, $row->getError()); } $msg = "Attachment updated!"; } } else { $msg = AttachmentsHelper::upload_file($row, $article_id, $update); } // If we are supposed to close this iframe, do it now. if ($from == 'closeme') { // Queue the message AttachmentsHelper::enqueueSystemMessage($msg); // Now do the Javascript to close this pop-up window and reload the parent echo "<script language=\"javascript\" type=\"text/javascript\">\r\n window.parent.document.getElementById('sbox-window').close();\r\n window.parent.location.reload();\r\n </script>"; exit; } $this->setRedirect($redirect_to, $msg); }