$formok = false; } if ($paramType == 'limit' && $value['search'][$searchName][$paramType] && !sensitiveIO::IspositiveInteger($value['search'][$searchName][$paramType])) { $cms_message .= $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage(MESSAGE_PAGE_FIELD_LIMIT, false, MOD_POLYMOD_CODENAME))) . "\n"; } break; case 'publication date after': case 'publication date before': if ($paramValue && !$value['search'][$searchName][$paramType]) { //mandatory ? $formok = false; } elseif ($value['search'][$searchName][$paramType]) { //replace localised date value by db format corresponding value $date = new CMS_date(); $date->setFormat($cms_language->getDateFormat()); if ($date->setLocalizedDate($value['search'][$searchName][$paramType])) { $value['search'][$searchName][$paramType] = $date->getDBValue(); } else { $label = $paramType == 'publication date after' ? MESSAGE_PAGE_FIELD_PUBLISHED_FROM : MESSAGE_PAGE_FIELD_PUBLISHED_TO; $cms_message .= $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_FIELD, array($cms_language->getMessage($label, false, MOD_POLYMOD_CODENAME))) . "\n"; } } break; case 'order': if (sizeof($paramValue)) { foreach ($paramValue as $orderName => $orderValue) { // Order direction $orderName = trim($orderName, '()'); if ($paramValue && !$value['search'][$searchName][$paramType][$orderName]) { //mandatory ? $formok = false;
/** * add a search condition to a given CMS_object_search object * * @param CMS_object_search $search : the reference search object which need the condition * @param array &tagAttributes : represent atm-search-param attributes * @return boolean true on success, false on failure * @access private * @static */ static function addSearchCondition(&$search, $tagAttributes) { global $cms_language; if (!isset($tagAttributes['type'])) { CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'type' attribute"); return false; } if (!isset($tagAttributes['value'])) { CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'value' attribute"); return false; } if (!isset($tagAttributes['mandatory'])) { CMS_grandFather::raiseError("Malformed atm-search-param tag : missing 'mandatory' attribute"); return false; } if (isset($tagAttributes['value'])) { $searchConditionValue = $tagAttributes['value']; } else { CMS_grandFather::raiseError("Unknown value type : " . $tagAttributes['value']); return false; } //if no value for condition and condition is mandatory : return false if (!$searchConditionValue && (!isset($tagAttributes['operator']) || !$tagAttributes['operator'])) { return $tagAttributes['mandatory'] == 'true' ? false : true; } if (is_scalar($tagAttributes['type']) && in_array($tagAttributes['type'], CMS_object_search::getStaticSearchConditionTypes()) || $tagAttributes['type'] == 'category') { if ($tagAttributes['type'] == 'publication date after' || $tagAttributes['type'] == 'publication date before') { //replace search condition value by corresponding cms_date object $date = new CMS_date(); $date->setFormat($cms_language->getDateFormat()); $date->setLocalizedDate($searchConditionValue); $searchConditionValue = $date; } $search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false); } else { if (!sensitiveIO::isPositiveInteger($tagAttributes['type'])) { CMS_grandFather::raiseError("Malformed atm-search-param tag : attribute 'type' does not represent a valid object " . $tagAttributes['type']); return false; } else { $search->addWhereCondition($tagAttributes['type'], $searchConditionValue, isset($tagAttributes['operator']) ? $tagAttributes['operator'] : false); } } return true; }
$search->setAttribute('orderBy', 'publicationDateStart_rs desc,publicationDateEnd_rs desc, id_moo desc'); // Param : Around publication date $dt_today = new CMS_date(); $dt_today->setDebug(false); $dt_today->setNow(); $dt_today->setFormat($dateFormat); $dt_from = new CMS_date(); $dt_from->setDebug(false); $dt_from->setFormat($dateFormat); if ($dt_from->setLocalizedDate(CMS_session::getSessionVar("items_dtfrm"), true)) { $search->addWhereCondition("publication date after", $dt_from); } $dt_end = new CMS_date(); $dt_end->setDebug(false); $dt_end->setFormat($dateFormat); if ($dt_end->setLocalizedDate(CMS_session::getSessionVar("items_dtnd"), true)) { // Check this date isn't greater than start date given if (!CMS_date::compare($dt_from, $dt_end, ">=")) { $search->addWhereCondition("publication date before", $dt_end); } } if ($status) { $search->addWhereCondition("status", $status); } } // Do not apply sessions filters if limitToOrderedItems or limitToItems otherwise it could hide objects that should be displayed if (empty($limitToOrderedItems) && empty($limitToItems)) { //Add all subobjects to search if any foreach ($objectFields as $fieldID => $field) { //if field is a poly object if (CMS_session::getSessionVar('items_' . $object->getID() . '_' . $fieldID) != '') {
define('MESSAGE_PAGE_NO_LOGS', 1608); define("MESSAGE_PAGE_NO_SERVER_RIGHTS", 748); //CHECKS user has admin clearance if (!$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) { CMS_grandFather::raiseError('User has no administration rights'); echo $cms_language->getMessage(MESSAGE_PAGE_NO_SERVER_RIGHTS); exit; } $date = sensitiveIO::request('date'); $errorFile = ''; $gzip = false; $now = new CMS_date(); $now->setNow(true); $requestedDate = new CMS_date(); $requestedDate->setFormat($cms_language->getDateFormat()); $requestedDate->setLocalizedDate($date); if (!$requestedDate->hasError()) { if (CMS_date::compare($requestedDate, $now, '==')) { $errorFile = PATH_MAIN_FS . '/' . CMS_grandFather::ERROR_LOG; } else { $gzip = true; $requestedDate->moveDate('+1 day'); $errorFile = PATH_LOGS_FS . '/' . CMS_grandFather::ERROR_LOG . '-' . $requestedDate->getLocalizedDate('Y-m-d') . '.gz'; } } if ($errorFile && file_exists($errorFile)) { if (connection_status() == 0) { //close session then clean buffer session_write_close(); ob_end_clean(); //to prevent long file from getting cut off from max_execution_time
$edited = RESOURCE_EDITION_BASEDATA; $logAction = CMS_log::LOG_ACTION_RESOURCE_EDIT_BASEDATA; $cms_message = $cms_language->getMessage(MESSAGE_ACTION_OPERATION_DONE); } else { $cms_message = $cms_language->getMessage(MESSAGE_FORM_ERROR_WRITING); $cms_page->raiseError('Error during writing of page ' . $cms_page->getID() . '. Action : update pageMetas'); } $dt_beg = new CMS_date(); $dt_beg->setDebug(false); $dt_beg->setFormat($cms_language->getDateFormat()); $dateStart = $cms_page->getPublicationDateStart(false); $dt_end = new CMS_date(); $dt_end->setDebug(false); $dt_end->setFormat($cms_language->getDateFormat()); $dateEnd = $cms_page->getPublicationDateEnd(false); if ($dt_beg->setLocalizedDate($pubdatestart, false) && $dt_end->setLocalizedDate($pubdateend, true)) { //check if dates has changed if (!CMS_date::compare($dateStart, $dt_beg, '==') || !CMS_date::compare($dateEnd, $dt_end, '==')) { if (!$dt_end->isNull() && CMS_date::compare($dt_beg, $dt_end, '>')) { $cms_message = $cms_language->getMessage(MESSAGE_FORM_ERROR_MALFORMED_DATES); $cms_page->raiseError('Error during set pubdatestart : date start is higher than date end. Values set for date start : ' . $pubdatestart . ', for date end : ' . $pubdateend); } else { $cms_page->setPublicationDates($dt_beg, $dt_end); if ($cms_page->writeToPersistence()) { $edited = RESOURCE_EDITION_BASEDATA; $logAction = CMS_log::LOG_ACTION_RESOURCE_EDIT_BASEDATA; $cms_message = $cms_language->getMessage(MESSAGE_ACTION_OPERATION_DONE); } else { $cms_message = $cms_language->getMessage(MESSAGE_FORM_ERROR_WRITING); $cms_page->raiseError('Error during writing of page ' . $cms_page->getID() . '. Action : update pubdatestart, value : ' . $pubdatestart); }
define("MESSAGE_PAGE_FIELD_ELEMENT", 1579); //get search vars $codename = sensitiveIO::request('module', CMS_modulesCatalog::getAllCodenames()); $pageId = sensitiveIO::request('page', 'sensitiveIO::isPositiveInteger', 0); $type = sensitiveIO::request('type', array('all', 'login', 'resource', 'admin', 'email', 'modules'), 'all'); $datestart = false; if (sensitiveIO::request('datestart')) { $datestart = new CMS_date(); $datestart->setFormat($cms_language->getDateFormat()); $datestart->setLocalizedDate(sensitiveIO::request('datestart'), true); } $dateend = false; if (sensitiveIO::request('dateend')) { $dateend = new CMS_date(); $dateend->setFormat($cms_language->getDateFormat()); $dateend->setLocalizedDate(sensitiveIO::request('dateend'), true); } $sort = sensitiveIO::request('sort', array('datetime', 'user', 'action'), 'datetime'); $dir = sensitiveIO::request('dir', array('ASC', 'DESC'), 'DESC'); $userId = sensitiveIO::request('userId', 'sensitiveIO::isPositiveInteger'); $start = sensitiveIO::request('start', 'sensitiveIO::isPositiveInteger', 0); $limit = sensitiveIO::request('limit', 'sensitiveIO::isPositiveInteger', CMS_session::getRecordsPerPage()); $delete = sensitiveIO::request('del') ? true : false; if ($delete && !$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) { $delete = false; } $logsDatas = array(); $logsDatas['logs'] = array(); if (!$cms_user->hasAdminClearance(CLEARANCE_ADMINISTRATION_VIEWLOG)) { CMS_grandFather::raiseError('User has no logs management rights ...'); $view->show();
/** * This function is called to catch and launch all FE forms actions * * @param array $formIDs : the forms ids to check for actions * @param integer $pageID : the current page id * @param boolean $public : the data status * @param string $languageCode : the language code used * @param reference array $polymodFormsError : the forms error status to return * @param reference array $polymodFormsItem : reference to the forms item * @return boolean : true on success, false on failure * @access public * @static */ static function formActions($formIDs, $pageID, $languageCode, $public, &$polymodFormsError, &$polymodFormsItems) { global $cms_language, $cms_user; if (!is_array($formIDs)) { return false; } foreach ($formIDs as $formID) { if (io::request('formID') && io::request('formID') == $formID) { if (!isset($cms_language) || $cms_language->getCode() != $languageCode) { $cms_language = new CMS_language($languageCode); } //instanciate item $item = ''; if (io::request('object', 'io::isPositiveInteger', '')) { //check user rights on module $module = CMS_poly_object_catalog::getModuleCodenameForObjectType(io::request('object')); //Check user rights //here assume than user should only need the view right on module, because admin right allow Automne administration access if (!is_object($cms_user) || !$cms_user->hasModuleClearance($module, CLEARANCE_MODULE_VIEW)) { CMS_grandFather::raiseError('No user found or user has no administration rights on module ' . $module); return false; } //instanciate object $object = CMS_poly_object_catalog::getObjectDefinition(io::request('object')); if ($object && io::request('item', 'io::isPositiveInteger', '')) { $search = new CMS_object_search($object, false); $search->addWhereCondition('item', io::request('item')); $items = $search->search(); if (isset($items[io::request('item')])) { $item = $items[io::request('item')]; } else { $item = new CMS_poly_object($object->getID()); } } else { $item = new CMS_poly_object($object->getID()); } } if (is_object($item) && !$item->hasError()) { //get item fieldsObjects $fieldsObjects =& $item->getFieldsObjects(); //checks and assignments $item->setDebug(false); //first, check mandatory values foreach ($fieldsObjects as $fieldID => $aFieldObject) { //if field is part of formular if (isset($_REQUEST['polymodFields'][$fieldID])) { if (!$item->checkMandatory($fieldID, $_REQUEST, '')) { $polymodFormsError[$formID]['required'][$fieldID] = $fieldID; } } } //second, set values for all fields foreach ($fieldsObjects as $fieldID => $aFieldObject) { //if field is part of formular if (isset($_REQUEST['polymodFields'][$fieldID])) { //if form use a callback, call it //do not use call_user_function here $funcName = 'form_' . $formID . '_' . $fieldID; if (!$item->setValues($fieldID, $_REQUEST, '')) { $polymodFormsError[$formID]['malformed'][] = $fieldID; } elseif (!isset($polymodFormsError[$formID]['required'][$fieldID]) && function_exists('form_' . $formID . '_' . $fieldID) && !$funcName($formID, $fieldID, $item)) { $polymodFormsError[$formID]['malformed'][] = $fieldID; } } } //set publication dates if needed if (isset($_REQUEST['polymodFields']) && $_REQUEST['polymodFields']) { if ($object->isPrimaryResource()) { // Dates management $dt_beg = new CMS_date(); $dt_beg->setDebug(false); $dt_beg->setFormat($cms_language->getDateFormat()); $dt_end = new CMS_date(); $dt_end->setDebug(false); $dt_end->setFormat($cms_language->getDateFormat()); if (!($dt_set_1 = $dt_beg->setLocalizedDate(@$_REQUEST["pub_start"], true))) { $polymodFormsError[$formID]['malformed'][] = 'pub_start'; } if (!($dt_set_2 = $dt_end->setLocalizedDate(@$_REQUEST["pub_end"], true))) { $polymodFormsError[$formID]['malformed'][] = 'pub_end'; } //if $dt_beg && $dt_end, $dt_beg must be lower than $dt_end if (!$dt_beg->isNull() && !$dt_end->isNull()) { if (CMS_date::compare($dt_beg, $dt_end, '>')) { $polymodFormsError[$formID]['malformed'][] = 'pub_start'; $polymodFormsError[$formID]['malformed'][] = 'pub_end'; $dt_set_1 = $dt_set_2 = false; } } if ($dt_set_1 && $dt_set_2) { $item->setPublicationDates($dt_beg, $dt_end); } } } //Check form token if (!isset($_POST["atm-token"]) || !CMS_session::checkToken(MOD_POLYMOD_CODENAME . '-' . $formID, $_POST["atm-token"])) { $polymodFormsError[$formID]['error'][] = 'form-token'; return false; } else { //Token is used so expire it CMS_session::expireToken(MOD_POLYMOD_CODENAME . '-' . $formID); } if (!$polymodFormsError[$formID]) { //save the data if (!$item->writeToPersistence()) { $polymodFormsError[$formID]['error'][] = 'write'; $polymodFormsError[$formID]['filled'] = 0; } else { $polymodFormsError[$formID]['filled'] = 1; //if form use a callback, call it //do not use call_user_function here $funcName = 'form_' . $formID; if (function_exists('form_' . $formID) && !$funcName($formID, $item)) { $polymodFormsError[$formID]['filled'] = 0; $polymodFormsError[$formID]['error'][] = 'callback'; } } //if item is a primary resource, unlock it if ($object->isPrimaryResource()) { $item->unlock(); } } else { $polymodFormsError[$formID]['filled'] = 0; } //save item for later use $polymodFormsItems[$formID] = $item; } else { $polymodFormsError[$formID]['filled'] = 0; $polymodFormsError[$formID]['error'][] = 'right'; CMS_grandFather::raiseError('No item found or user has no administration rights on item... '); return false; } } } return true; }
/** * Return options tag list (for a select tag) of all float values for this field * * @param array $values : parameters values array(parameterName => parameterValue) in : * selected : the float value which is selected (optional) * @param multidimentionnal array $tags : xml2Array content of atm-function tag (nothing for this one) * @return string : options tag list * @access public */ function selectOptions($values, $tags) { global $cms_language; $return = ""; $fieldID = $this->_field->getID(); $allValues = array(); $status = $this->_public ? 'public' : 'edited'; $supportedOperator = array('>=', '<=', '>', '<', '>= or null', '<= or null', '> or null', '< or null', '>= and not null', '<= and not null', '> and not null', '< and not null'); $sqlOperator = ''; if (isset($values['operator']) && isset($values['boundary']) && $values['operator'] && $values['boundary'] && in_array(htmlspecialchars_decode($values['operator']), $supportedOperator)) { $operator = htmlspecialchars_decode($values['operator']); $boundary = $values['boundary']; // canBeNull $operators = explode('or', $operator); $operator = trim($operators[0]); $canBeNull = isset($operators[1]) ? ' or value is NULL' : ''; // cantBeNull $operators = explode('and', $operator); $operator = trim($operators[0]); $cantBeNull = isset($operators[1]) ? ' and value is not NULL and value != \'0000-00-00\' and value != \'0000-00-00 00:00:00\'' : ''; //boundary $date = new CMS_date(); $date->setFormat($cms_language->getDateFormat()); $date->setLocalizedDate($boundary); $sqlOperator = " and (value " . $operator . " '" . SensitiveIO::sanitizeSQLString($date->getDBValue()) . "'" . $canBeNull . $cantBeNull . ")"; } // Search all values for this field $sql = "select\n distinct value\n from\n mod_subobject_date_" . $status . "\n where\n objectFieldID='" . $fieldID . "'\n " . $sqlOperator . "\n\t\t"; $q = new CMS_query($sql); $date = new CMS_date(); while (($value = $q->getValue('value')) !== false) { if ($value) { $date->setFromDBValue($value); if (isset($values['format']) && $values['format']) { $dateValue = date($values['format'], $date->getTimeStamp()); } else { $dateValue = $date->getLocalizedDate($cms_language->GetDateFormat()); } $allValues[$date->getTimeStamp()] = $dateValue; } } if (is_array($allValues) && $allValues) { ksort($allValues); foreach ($allValues as $id => $label) { $selected = $id == $values['selected'] ? ' selected="selected"' : ''; $return .= '<option title="' . io::htmlspecialchars($label) . '" value="' . $id . '"' . $selected . '>' . $label . '</option>'; } } return $return; }