/** * This will strip the html from the form data according to the * filter settings applied from article manager->parameters * see here - http://forum.joomla.org/index.php/topic,259690.msg1182219.html#msg1182219 * * @return array form data */ public function &setFormData() { if (isset($this->formData)) { return $this->formData; } list($this->dofilter, $this->filter) = FabrikWorker::getContentFilter(); $this->ajaxPost = $this->app->input->getBool('fabrik_ajax'); // Set up post data, and copy values to raw (for failed form submissions) $data = $_POST; $this->copyToRaw($data); /** * $$$ hugh - quite a few places in code that runs after this want __pk_val, * so if it doesn't exist, grab it from the PK element. */ if (!array_key_exists('__pk_val', $data)) { /** * $$$ hugh - There HAS to be an easier way of getting the PK element name, that doesn't involve calling getPrimaryKeyAndExtra(), * which is a horribly expensive operation. */ $primaryKey = $this->getListModel()->getPrimaryKey(true); $data['__pk_val'] = FArrayHelper::getValue($data, $primaryKey . '_raw', FArrayHelper::getValue($data, $primaryKey, '')); } // Apply querystring values if not already in post (so qs values doesn't overwrite the submitted values for dbjoin elements) $data = array_merge($data, $_REQUEST); array_walk_recursive($data, array($this, '_clean')); // Set here so element can call formModel::updateFormData() $this->formData = $data; $this->fullFormData = $this->formData; $this->session->set('com_' . $this->package . '.form.data', $this->formData); return $this->formData; }
function &setFormData() { if (isset($this->_formData)) { return $this->_formData; } list($dofilter, $filter) = FabrikWorker::getContentFilter(); $ajaxPost = JRequest::getBool('fabrik_ajax'); // $$$ hugh - @TODO extract the actual decoding into a private method, so we don't repeat essentially // the same code a bazillion times! foreach ($_REQUEST as $key => $val) { // handle join data separately if ($key === 'join') { continue; } $val = JRequest::getVar($key, '', 'request', 'string', JREQUEST_ALLOWRAW); // JREQUEST_ALLOWHTML doesnt work! $aData[$key] = $val; if (!is_array($aData[$key])) { if ($dofilter) { $aData[$key] = $filter->clean($aData[$key]); } if ($ajaxPost) { $aData[$key] = rawurldecode($aData[$key]); } //$aData[$key] = html_entity_decode((string) $filter->_remove($filter->_decode((string) $aData[$key]))); //_decode doesnt deal with uppercase letter in the encoded string generated by javascripts encodeURIComponent function $aData[$key] = preg_replace('/%([0-9A-F]{2})/mei', "chr(hexdec('\\1'))", $aData[$key]); } else { foreach ($aData[$key] as $k2 => $val2) { // filter element for XSS and other 'bad' code etc. if (is_string($val2)) { if ($dofilter) { //$aData[$key][$k2] = html_entity_decode($filter->_remove( $filter->_decode($val2))); $aData[$key][$k2] = $filter->clean($val2); //_decode doesnt deal with uppercase letter in the encoded string generated by javascripts encodeURIComponent function $aData[$key][$k2] = preg_replace('/%([0-9A-F]{2})/mei', "chr(hexdec('\\1'))", $aData[$key][$k2]); } else { $aData[$key][$k2] = $val2; } if ($ajaxPost) { $aData[$key][$k2] = rawurldecode($aData[$key][$k2]); } } } } } if (array_key_exists('join', $_REQUEST)) { $groups = $this->getGroups(); $listModel = $this->getListModel(); $joins = $listModel->getJoins(); foreach ($joins as $oJoin) { $join_id = $oJoin->id; if (array_key_exists($join_id, $_REQUEST['join'])) { $can_repeat = false; if (empty($oJoin->group_id)) { // it's a repeat element $can_repeat = true; } else { $groupModel = $groups[$oJoin->group_id]; $can_repeat = $groupModel->canRepeat(); } if ($can_repeat) { foreach ($_REQUEST['join'][$join_id] as $element_key => $repeats) { foreach ($repeats as $key => $val) { if (!is_array($val)) { if ($dofilter) { $val = $filter->clean($val); } if ($ajaxPost) { $val = rawurldecode($val); } //$aData[$key] = html_entity_decode((string) $filter->_remove($filter->_decode((string) $aData[$key]))); //_decode doesnt deal with uppercase letter in the encoded string generated by javascripts encodeURIComponent function $val = preg_replace('/%([0-9A-F]{2})/mei', "chr(hexdec('\\1'))", $val); $aData['join'][$join_id][$element_key][$key] = $val; } else { foreach ($val as $key2 => $val2) { if (is_string($val2)) { if ($dofilter) { $val2 = $filter->clean($val2); } if ($ajaxPost) { $val2 = rawurldecode($val2); } //$aData[$key] = html_entity_decode((string) $filter->_remove($filter->_decode((string) $aData[$key]))); //_decode doesnt deal with uppercase letter in the encoded string generated by javascripts encodeURIComponent function $val2 = preg_replace('/%([0-9A-F]{2})/mei', "chr(hexdec('\\1'))", $val2); $aData['join'][$join_id][$element_key][$key][$key2] = $val2; } } } } } } else { foreach ($_REQUEST['join'][$join_id] as $key => $val) { if (!is_array($val)) { if ($dofilter) { $val = $filter->clean($val); } if ($ajaxPost) { $val = rawurldecode($val); } //$aData[$key] = html_entity_decode((string) $filter->_remove($filter->_decode((string) $aData[$key]))); //_decode doesnt deal with uppercase letter in the encoded string generated by javascripts encodeURIComponent function $val = preg_replace('/%([0-9A-F]{2})/mei', "chr(hexdec('\\1'))", $val); $aData['join'][$join_id][$key] = $val; } else { foreach ($val as $key2 => $val2) { if (is_string($val2)) { if ($dofilter) { $val2 = $filter->clean($val2); } if ($ajaxPost) { $val2 = rawurldecode($val2); } //$aData[$key] = html_entity_decode((string) $filter->_remove($filter->_decode((string) $aData[$key]))); //_decode doesnt deal with uppercase letter in the encoded string generated by javascripts encodeURIComponent function $val2 = preg_replace('/%([0-9A-F]{2})/mei', "chr(hexdec('\\1'))", $val2); $aData['join'][$join_id][$key][$key2] = $val2; } } } } } } } } //set here so element can call formModel::updateFormData() $this->_formData = $aData; $this->_fullFormData = $this->_formData; $session = JFactory::getSession(); $session->set('com_fabrik.form.data', $this->_formData); return $this->_formData; }
/** * Save a visualization */ function save() { // Check for request forgeries JRequest::checkToken() or die('Invalid Token'); $task = JRequest::getCmd('task'); $pluginManager =& JModel::getInstance('Pluginmanager', 'FabrikModel'); $className = JRequest::getVar('plugin', 'calendar', 'post'); $pluginModel =& $pluginManager->getPlugIn($className, 'visualization'); $id = JRequest::getInt('id', 0, 'post'); $pluginModel->setId($id); $row =& JTable::getInstance('visualization', 'Table'); $post = JRequest::get('post'); if (!$row->bind($post)) { return JError::raiseWarning(500, $row->getError()); } //$filter = new JFilterInput(null, null, 1, 1); list($dofilter, $filter) = FabrikWorker::getContentFilter(); $intro_text = JRequest::getVar('intro_text', '', 'post', 'string', JREQUEST_ALLOWRAW); $row->intro_text = $dofilter ? $filter->clean($intro_text) : $intro_text; $details = JRequest::getVar('details', array(), 'post', 'array'); $row->bind($details); // save params $pluginModel->attribs =& $row->attribs; $params = $pluginModel->getParams(); $row->attribs = $params->updateAttribsFromParams(JRequest::getVar('params', array(), 'post', 'array')); FabrikHelper::prepareSaveDate($row->publish_down); FabrikHelper::prepareSaveDate($row->created); FabrikHelper::prepareSaveDate($row->publish_up); $user =& JFactory::getUser(); if ($row->id != 0) { $datenow =& JFactory::getDate(); $row->modified = $datenow->toMySQL(); $row->modified_by = $user->get('id'); } if (!$row->store()) { return JError::raiseWarning(500, $row->getError()); } $row->checkin(); switch ($task) { case 'apply': $link = 'index.php?option=com_fabrik&c=visualization&task=edit&cid[]=' . $row->id; $msg = JText::_('VISUALIZATION SAVED'); break; case 'save': default: $link = 'index.php?option=com_fabrik&c=visualization'; $msg = JText::_('VISUALIZATION SAVED'); break; } $this->setRedirect($link, $msg); }
function &setFormData() { if (isset($this->_formData)) { return $this->_formData; } list($dofilter, $filter) = FabrikWorker::getContentFilter(); $ajaxPost = JRequest::getBool('fabrik_ajax'); foreach ($_REQUEST as $key => $val) { $val = JRequest::getVar($key, '', 'request', 'string', JREQUEST_ALLOWRAW); // JREQUEST_ALLOWHTML doesnt work! $aData[$key] = $val; if (!is_array($aData[$key])) { if ($dofilter) { $aData[$key] = $filter->clean($aData[$key]); } if ($ajaxPost) { $aData[$key] = rawurldecode($aData[$key]); } //$aData[$key] = html_entity_decode((string) $filter->_remove($filter->_decode((string) $aData[$key]))); //_decode doesnt deal with uppercase letter in the encoded string generated by javascripts encodeURIComponent function $aData[$key] = preg_replace('/%([0-9A-F]{2})/mei', "chr(hexdec('\\1'))", $aData[$key]); } else { foreach ($aData[$key] as $k2 => $val2) { // filter element for XSS and other 'bad' code etc. if (is_string($val2)) { if ($dofilter) { //$aData[$key][$k2] = html_entity_decode($filter->_remove( $filter->_decode($val2))); $aData[$key][$k2] = $filter->clean($val2); //_decode doesnt deal with uppercase letter in the encoded string generated by javascripts encodeURIComponent function $aData[$key][$k2] = preg_replace('/%([0-9A-F]{2})/mei', "chr(hexdec('\\1'))", $aData[$key][$k2]); } else { $aData[$key][$k2] = $val2; } if ($ajaxPost) { $aData[$key][$k2] = rawurldecode($aData[$key][$k2]); } } } } } //set here so element can call formModel::updateFormData() $this->_formData = $aData; $this->_fullFormData = $this->_formData; $session = JFactory::getSession(); $session->set('com_fabrik.form.data', $this->_formData); return $this->_formData; }
/** * This will strip the html from the form data according to the * filter settings applied from article manager->parameters * see here - http://forum.joomla.org/index.php/topic,259690.msg1182219.html#msg1182219 * * @return array form data */ public function &setFormData() { if (isset($this->_formData)) { return $this->_formData; } list($this->dofilter, $this->filter) = FabrikWorker::getContentFilter(); $this->ajaxPost = JRequest::getBool('fabrik_ajax'); $aData = JRequest::get('post', JREQUEST_ALLOWRAW); array_walk_recursive($aData, array($this, '_clean')); // Set here so element can call formModel::updateFormData() $this->_formData = $aData; $this->_fullFormData = $this->_formData; $session = JFactory::getSession(); $session->set('com_fabrik.form.data', $this->_formData); return $this->_formData; }
/** * Save a connection */ function save() { // Check for request forgeries JRequest::checkToken() or die('Invalid Token'); // clear form from session $session =& JFactory::getSession(); $session->clear('com_fabrik.admin.form.edit.model'); jimport('joomla.utilities.date'); $db =& JFactory::getDBO(); $user =& JFactory::getUser(); $formModel =& JModel::getInstance('Form', 'FabrikModel'); $formModel->setId(JRequest::getInt('id')); $formModel->getForm(); $row =& JTable::getInstance('form', 'Table'); $post = JRequest::get('post'); if (!$row->bind($post)) { return JError::raiseWarning(500, $row->getError()); } list($dofilter, $filter) = FabrikWorker::getContentFilter(); //$filter = new JFilterInput(null, null, 1, 1); $intro = JRequest::getVar('intro', '', 'post', 'string', JREQUEST_ALLOWRAW); $row->intro = $dofilter ? $filter->clean($intro) : $intro; $details = JRequest::getVar('details', array(), 'post', 'array'); $row->bind($details); FabrikHelper::prepareSaveDate($row->publish_down); FabrikHelper::prepareSaveDate($row->created); FabrikHelper::prepareSaveDate($row->publish_up); // save params $params = new fabrikParams($row->attribs, JPATH_COMPONENT . DS . 'model' . DS . 'form.xml'); $row->attribs = $params->updateAttribsFromParams(JRequest::getVar('params', array(), 'post', 'array')); if ($row->id != 0) { $datenow =& JFactory::getDate(); $row->modified = $datenow->toMySQL(); $row->modified_by = $user->get('id'); } if (!$row->store()) { return JError::raiseWarning(500, $row->getError()); } $row->checkin(); $formModel->_id = $row->id; $formModel->_form =& $row; $formModel->saveFormGroups(); $task = JRequest::getCmd('task'); switch ($task) { case 'apply': $link = 'index.php?option=com_fabrik&c=form&task=edit&cid[]=' . $row->id; break; case 'save': default: $link = 'index.php?option=com_fabrik&c=form'; break; } $cache =& JFactory::getCache('com_fabrik'); $cache->clean(); $this->setRedirect($link, JText::_('FORM SAVED')); //for prefab return $formModel; }
/** * save the table from admin * * @return Jerror if not saved true if saved ok */ function save() { $session =& JFactory::getSession(); $app =& JFactory::getApplication(); $db =& JFactory::getDBO(); $user =& JFactory::getUser(); $config =& JFactory::getConfig(); $id = JRequest::getInt('id', 0, 'post'); $this->setId($id); $row =& $this->getTable(false, false); $formModel =& JModel::getInstance('Form', 'FabrikModel'); $post = JRequest::get('post'); if (!$row->bind($post)) { return JError::raiseWarning(500, $row->getError()); } list($dofilter, $filter) = FabrikWorker::getContentFilter(); $introduction = JRequest::getVar('introduction', '', 'post', 'string', JREQUEST_ALLOWRAW); $row->introduction = $dofilter ? $filter->clean($introduction) : $introduction; $details = JRequest::getVar('details', array(), 'post', 'array'); $row->bind($details); $aOrderBy = JRequest::getVar('order_by', array(), 'post', 'array'); $row->order_by = implode(GROUPSPLITTER2, $aOrderBy); $aOrderDir = JRequest::getVar('order_dir', array(), 'post', 'array'); $row->order_dir = implode(GROUPSPLITTER2, $aOrderDir); if (!$row->check()) { $app->setError($row->getError()); return JError::raiseWarning(500, $row->getError()); } if ($id == 0) { $newtable = trim(JRequest::getVar('_database_name', '', 'post')); // $$$ hugh - added some more sanity checking on table name, get rid of non-alphanumeric and _ // @TODO - should prolly use a helper for this, like FabrikString::clean() // but need to think about case issues first $newtable = preg_replace('#[^0-9a-zA-Z_]#', '_', $newtable); //check the entered database table doesnt already exist if ($newtable != '' && $this->databaseTableExists($newtable)) { return JError::raiseWarning(500, JText::_('DATABASE TABLE ALREADY EXISTS')); } if (!$this->canCreateDbTable()) { return JError::raiseWarning(500, Jtext::_('YOUR_DB_USER_HAS_INSUFFICIENT_RIGHTS_TO_CREATE_TABLE')); } //create fabrik form $formModel =& $this->_createLinkedForm(); //create fabrik group $groupData = array("name" => $row->label, "label" => $row->label); JRequest::setVar('_createGroup', 1, 'post'); if ($newtable != '') { $groupId = $this->_createLinkedGroup($groupData, false); $row->db_table_name = $newtable; $row->db_primary_key = "`" . $newtable . '`.`id`'; $row->auto_inc = 1; $res = $this->createDBTable($formModel, $newtable); } else { // 2.0.5 balsamiq to fabrik tmpl generator sets up group properties in session, if we find those lets make // n groups each with their own groupid $groupDatas = array($groupData); if ($session->has('com_fabrik.list.create.groupmap')) { $groupDatas =& $session->get('com_fabrik.list.create.groupmap'); } $groupMap = array(); foreach ($groupDatas as $x => $groupData) { $groupId = $this->_createLinkedGroup($groupData, false); $groupMap[$x] = $groupId; } //set element group ids if ($session->has('com_fabrik.list.create.elementmap')) { $map = (array) $session->get('com_fabrik.list.create.elementmap'); foreach ($map as &$m) { $groupMapId = array_key_exists('groupid', $m) ? $m['groupid'] : 0; $m['groupid'] = $groupMap[$groupMapId]; } $session->set('com_fabrik.list.create.elementmap', $map); } // save elements in group foreach ($groupMap as $groupId) { $this->_createLinkedElements($groupId, $post); } } // set the tables form id $this->_updateFormId($formModel->_form->id); } // save params - this file no longer exists? do we use models/table.xml instead?? $params = new fabrikParams($row->attribs, JPATH_COMPONENT . DS . 'xml' . DS . 'table.xml'); $row->attribs = $params->updateAttribsFromParams(JRequest::getVar('params', array(), 'post', 'array')); $row->rows_per_page = JRequest::getInt('rows_per_page', 10, 'post'); if ($row->id != 0) { $datenow =& JFactory::getDate(); $row->modified = $datenow->toMySQL(); $row->modified_by = $user->get('id'); } FabrikHelper::prepareSaveDate($row->publish_down); FabrikHelper::prepareSaveDate($row->created); FabrikHelper::prepareSaveDate($row->publish_up); $pk = JRequest::getVar('db_primary_key'); if ($pk == '') { $aKey = $this->getPrimaryKeyAndExtra(); $aKey = $aKey[0]; $row->db_primary_key = "`" . $row->db_table_name . "`.`" . $aKey['colname'] . "`"; $row->auto_inc = stristr($aKey['extra'], 'auto_increment') ? true : false; } if (!$row->store()) { return JError::raiseWarning(500, $row->getError()); } // load in all the tables data - even if it wasnt in the post data $table =& $this->getTable(); //needed if saving a table for first time (otherwise id = 0) $this->setId($table->id); $this->updateJoins(); if (!$this->isView()) { // this was only run on a new table - but I've put it here so that if you upload a new table you can ensure that its columns are fixed $this->makeSafeTableColumns(); $this->updatePrimaryKey($row->db_primary_key, $row->auto_inc); } $row->checkin(); //make an array of elments and a presumed index size //map is then used in creating indexes $map = array(); $groups =& $this->getForm()->getGroupsHiarachy(); foreach ($groups as $groupModel) { $elementModels =& $groupModel->getMyElements(); foreach ($elementModels as $element) { //int elements cant have a index size attrib // $$$ hugh neither can DATETIME $coltype = $element->getFieldDescription(); if (JString::stristr($coltype, 'int')) { $size = ''; } else { if (JString::stristr($coltype, 'datetime')) { $size = ''; } else { $size = 10; // $$$ hugh - adding index will barf if key size > varchar size. $matches = array(); if (preg_match('/varchar\\((\\d+)\\)/i', $coltype, $matches)) { $varchar_size = (int) $matches[1]; if ($varchar_size < 10) { $size = $varchar_size; } } } } $map[$element->getFullName(false, false, false)] = $size; $map[$element->getElement()->id] = $size; } } //update indexes (added array_key_exists check as these may be during after CSV import) if (!empty($aOrderBy) && array_key_exists($row->order_by, $map)) { foreach ($aOrderBy as $orderBy) { if (array_key_exists($orderBy, $map)) { $this->addIndex($orderBy, 'tableorder', 'INDEX', $map[$orderBy]); } } } if ($row->group_by !== '' && array_key_exists($row->group_by, $map)) { $this->addIndex($row->group_by, 'groupby', 'INDEX', $map["{$row->group_by}"]); } if ($params->get('group_by_order') !== '') { $this->addIndex($params->get('group_by_order'), 'groupbyorder', 'INDEX', $map[$params->get('group_by_order')]); } $afilterFields = $params->get('filter-fields', '', '_default', 'array'); foreach ($afilterFields as $field) { $field = str_replace('`', '', $field); $this->addIndex($field, 'prefilter', 'INDEX', $map[$field]); } if (JFolder::exists(JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_joomfish' . DS . 'contentelements')) { if ($params->get('allow-data-translation')) { if (!$this->makeJoomfishXML()) { JError::raiseNotice('E_ERROR', JTEXT::_("Unable to make Joomfish XML file")); } } else { $this->removeJoomfishXML(); } } return true; }