public function close()
{
// Check for token
JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN'));
// User
$user = JFactory::getUser();
if (!$user->authorise('core.edit', 'com_users')) {
K2Response::throwError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'), 403);
}
$this->model->close();
return $this;
}
public function deleteOrphans()
{
// Check for token
JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN'));
// Check permissions
$user = JFactory::getUser();
if (!$user->authorise('k2.tags.manage', 'com_k2')) {
K2Response::throwError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
}
// Get model
$model = K2Model::getInstance('Tags');
$model->deleteOrphans();
$application = JFactory::getApplication();
$application->enqueueMessage(JText::_('K2_DELETE_COMPLETED'));
echo json_encode(K2Response::render());
return $this;
}
/**
* Update function.
* Updates an existing resource.
*
* @return void
*/
protected function update()
{
// Check for token
JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN'));
// Permissions
$user = JFactory::getUser();
if (!$user->authorise('core.admin', 'com_k2')) {
K2Response::throwError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'));
}
// Get extension
$component = JComponentHelper::getComponent('com_k2');
// Prepare data for model
$id = $component->id;
$option = 'com_k2';
$data = $this->input->get('jform', array(), 'array');
// Use Joomla! model for saving settings
require_once JPATH_SITE . '/components/com_config/model/cms.php';
require_once JPATH_SITE . '/components/com_config/model/form.php';
JModelLegacy::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_config/model');
$model = JModelLegacy::getInstance('Component', 'ConfigModel');
// Get form
JForm::addFormPath(JPATH_ADMINISTRATOR . '/components/com_k2');
$form = JForm::getInstance('com_k2.settings', 'config', array('control' => 'jform'), false, '/config');
// Validate the posted data
$return = $model->validate($form, $data);
// Check for validation errors
if ($return === false) {
// Get the validation errors
$errors = $model->getErrors();
$message = $errors[0] instanceof Exception ? $errors[0]->getMessage() : $errors[0];
K2Response::throwError($message);
}
// Attempt to save the configuration.
$data = array('params' => $return, 'id' => $id, 'option' => $option);
$return = $model->save($data);
$options = array('defaultgroup' => '_system', 'cachebase' => JPATH_ADMINISTRATOR . '/cache');
$cache = JCache::getInstance('callback', $options);
$cache->clean();
// Check the return value.
if ($return === false) {
// Save failed, go back to the screen and display a notice.
K2Response::throwError(JText::sprintf('JERROR_SAVE_FAILED', $model->getError()));
}
}
public function upload()
{
// Check for token
JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN'));
// Get user
$user = JFactory::getUser();
// Get input
$type = $this->input->get('type', '', 'cmd');
$itemId = $this->input->get('itemId', 0, 'int');
$replace = $this->input->get('temp', '', 'cmd');
$file = $this->input->files->get('file');
$path = $this->input->get('path', '', 'string');
$path = str_replace(JURI::root(true) . '/', '', $path);
$categoryId = null;
// Permissions check
if ($itemId) {
if ($type == 'item') {
$item = K2Items::getInstance($itemId);
$authorised = $item->canEdit;
$categoryId = $item->catid;
} else {
if ($type == 'category') {
$authorised = K2Categories::getInstance($itemId)->canEdit;
} else {
if ($type == 'user') {
$authorised = $user->authorise('core.edit', 'com_users') || $user->id == $itemId;
}
}
}
} else {
$authorised = $user->authorise('k2.' . $type . '.create', 'com_k2');
}
if (!$authorised) {
K2Response::throwError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'), 403);
}
// Generate image using helper depending on type
$image = K2HelperImages::add($type, $file, $path, $replace, $categoryId);
// Response
echo json_encode($image);
return $this;
}
public function upload()
{
// Check for token
JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN'));
// Get user
$user = JFactory::getUser();
// Permissions check
if (!$user->authorise('k2.item.create', 'com_k2') && !$user->authorise('k2.item.edit', 'com_k2') && !$user->authorise('k2.item.edit.own', 'com_k2')) {
K2Response::throwError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'), 403);
}
// Get input
$input = JFactory::getApplication()->input;
$upload = $input->get('upload', '', 'cmd');
$url = $input->get('url', '', 'string');
$archive = $input->files->get('archive');
// Create the gallery and delete the previous one if it is set
$gallery = K2HelperGalleries::add($archive, $url, $upload);
// Response
echo json_encode($gallery);
// Return
return $this;
}
public function connector()
{
$application = JFactory::getApplication();
$user = JFactory::getUser();
if ($user->guest) {
K2Response::throwError(JText::_('K2_YOU_ARE_NOT_AUTHORIZED_TO_PERFORM_THIS_OPERATION'), 403);
}
$params = JComponentHelper::getParams('com_media');
$root = $params->get('file_path', 'media');
$folder = $this->input->get('folder', $root, 'path');
$type = $this->input->get('type', 'video', 'cmd');
if (JString::trim($folder) == "") {
$folder = $root;
} else {
// Ensure that we are always below the root directory
if (strpos($folder, $root) !== 0) {
$folder = $root;
}
}
// Disable debug
$this->input->set('debug', false);
$url = JURI::root(true) . '/' . $folder;
$path = JPATH_SITE . '/' . JPath::clean($folder);
JPath::check($path);
include_once JPATH_SITE . '/media/k2app/vendor/elfinder/php/elFinderConnector.class.php';
include_once JPATH_SITE . '/media/k2app/vendor/elfinder/php/elFinder.class.php';
include_once JPATH_SITE . '/media/k2app/vendor/elfinder/php/elFinderVolumeDriver.class.php';
include_once JPATH_SITE . '/media/k2app/vendor/elfinder/php/elFinderVolumeLocalFileSystem.class.php';
function access($attr, $path, $data, $volume)
{
$application = JFactory::getApplication();
$ext = strtolower(JFile::getExt(basename($path)));
if ($ext == 'php') {
return true;
}
// Hide files and folders starting with .
if (strpos(basename($path), '.') === 0 && $attr == 'hidden') {
return true;
}
// Read only access for front-end. Full access for administration section.
switch ($attr) {
case 'read':
return true;
break;
case 'write':
return $application->isSite() ? false : true;
break;
case 'locked':
return $application->isSite() ? true : false;
break;
case 'hidden':
return false;
break;
}
}
if ($application->isAdmin()) {
$permissions = array('read' => true, 'write' => true);
} else {
$permissions = array('read' => true, 'write' => false);
}
$options = array('roots' => array(array('driver' => 'LocalFileSystem', 'path' => $path, 'URL' => $url, 'accessControl' => 'access', 'defaults' => $permissions)));
$connector = new elFinderConnector(new elFinder($options));
$connector->run();
return $this;
}
/**
* Default implementation for patch function.
* Patch requests are routed here by the main Sync function.
* These requests are usually coming from lists togglers and state buttons.
* Usually there will be no need to override this function.
*
* @return void
*/
protected function patch()
{
// Check for token
JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN'));
// Batch update
$ids = $this->input->get('id', array(), 'array');
JArrayHelper::toInteger($ids);
$states = $this->input->get('states', array(), 'array');
$mode = $this->input->get('mode', 'apply', 'string');
// Ensure we have ids
$ids = array_filter($ids);
if (!count($ids)) {
K2Response::throwError(JText::_('K2_NO_ROWS_SELECTED'), 401);
}
foreach ($ids as $key => $id) {
$data = array();
$data['id'] = $id;
foreach ($states as $state => $values) {
$value = is_array($values) ? $values[$key] : $values;
if ($value != '') {
$data[$state] = $value;
}
}
if ($mode == 'clone') {
$sourceData = $this->model->getCopyData($id);
$data = array_merge($sourceData, $data);
$data['id'] = null;
$this->model->setState('patch', false);
} else {
$this->model->setState('patch', true);
}
$this->model->setState('data', $data);
$result = $this->model->save();
if (!$result) {
K2Response::throwError($this->model->getError());
}
}
// Trigger change state event for items and categories
if ($mode != 'clone' && isset($states['state']) && in_array($this->resourceType, array('items', 'categories'))) {
// Get dispatcher
$dispatcher = JDispatcher::getInstance();
// Import content plugins
JPluginHelper::importPlugin('content');
if ($this->resourceType == 'items') {
$eventName = 'onContentChangeState';
$context = 'com_k2.' . $this->resourceType;
} else {
if ($this->resourceType == 'categories') {
$eventName = 'onCategoryChangeState';
$context = 'com_k2';
}
}
$dispatcher->trigger($eventName, array($context, $ids, $states['state']));
}
K2Response::setResponse($result);
}
public function onAfterRoute()
{
// Get application
$application = JFactory::getApplication();
// Get user
$user = JFactory::getUser();
// Get params
$params = JComponentHelper::getParams('com_k2');
// Get document
$document = JFactory::getDocument();
// Get input
$option = $application->input->get('option');
$view = $application->input->get('view');
$task = $application->input->get('task');
$format = $application->input->get('format');
// Detect if we are in edit mode
if ($application->isAdmin() && $option == 'com_k2' || $application->isSite() && $option == 'com_k2' && ($view == 'admin' || $view == '')) {
define('K2_EDIT_MODE', true);
} else {
define('K2_EDIT_MODE', false);
}
// Redirect settings editing from com_config to K2
if ($application->isAdmin() && $option == 'com_config' && $view == 'component' && $application->input->get('component') == 'com_k2') {
$application->redirect('index.php?option=com_k2#settings');
}
// Throw an error in JSON format when the session has expired to catch the Joomla! invalid redirect to com_login in JSON format
$isCommentsRequest = $application->isSite() && K2_EDIT_MODE && $task == 'comments.sync';
if ($user->get('guest') && K2_EDIT_MODE && $format == 'json' && !$isCommentsRequest) {
K2Response::throwError(JText::_('K2_SESSION_EXPIRED'), 500);
}
// Front-end only check
if ($application->isSite()) {
// Enforce system template for editing
if (K2_EDIT_MODE) {
$application->setTemplate('system');
}
// Load head data if document type is HTML
if ($document->getType() == 'html') {
// Javascript files
JHtml::_('jquery.framework');
$document->addScript(JURI::root(true) . '/media/k2app/assets/js/k2.js?v3.0.0&sitepath=' . JURI::root(true) . '/');
// CSS files. Check first that K2 CSS is enabled in component settings
if ($params->get('enable_css')) {
// Load k2.css. Check for overrides in template's css directory
if (JFile::exists(JPATH_SITE . '/templates/' . $application->getTemplate() . '/css/k2.css')) {
$document->addStyleSheet(JURI::root(true) . '/templates/' . $application->getTemplate() . '/css/k2.css?v=3.0.0');
} else {
$document->addStyleSheet(JURI::root(true) . '/components/com_k2/css/k2.css?v=3.0.0');
}
// Load k2.print.css if we are in print mode. Check for overrides in template's css directory
if ($application->input->get('print', false, 'bool')) {
if (JFile::exists(JPATH_SITE . '/templates/' . $application->getTemplate() . '/css/k2.print.css')) {
$document->addStyleSheet(JURI::root(true) . '/templates/' . $application->getTemplate() . '/css/k2.print.css?v=3.0.0', 'text/css', 'print');
} else {
$document->addStyleSheet(JURI::root(true) . '/components/com_k2/css/k2.print.css?v=3.0.0', 'text/css', 'print');
}
}
}
}
}
}
private function importCategory($category)
{
$categoryData = array();
$categoryData['id'] = null;
$categoryData['title'] = $category->title;
$categoryData['description'] = $category->description;
if ($category->published < 0) {
$categoryData['state'] = -1;
} else {
if ($category->published > 0) {
$categoryData['state'] = 1;
} else {
$categoryData['state'] = 0;
}
}
$categoryData['parent_id'] = 0;
$categoryData['access'] = $category->access;
$categoryData['language'] = $category->language;
$categoryParams = new JRegistry($category->params);
$categoryImage = $categoryParams->get('image');
if ($categoryImage) {
$image = K2HelperImages::add('category', null, $categoryImage);
$categoryData['image'] = array('id' => '', 'temp' => $image->temp, 'path' => '', 'remove' => 0, 'caption' => '', 'credits' => '');
}
$model = K2Model::getInstance('Categories');
$model->setState('data', $categoryData);
if (!$model->save()) {
K2Response::throwError($model->getError());
}
// Get generated category id
$categoryId = $model->getState('id');
// Import JForm
jimport('joomla.form.form');
// Determine form name and path
$formName = 'K2CategoriesForm';
$formPath = JPATH_ADMINISTRATOR . '/components/com_k2/models/categories.xml';
$form = JForm::getInstance($formName, $formPath);
$params = new JRegistry('');
foreach ($form->getFieldset() as $field) {
$params->def($field->__get('fieldname'), $field->__get('value'));
}
// Update date and author information since the model has auto set this data during save
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->update($db->quoteName('#__k2_categories'));
$query->set($db->quoteName('created') . ' = ' . $db->quote($category->created_time));
$query->set($db->quoteName('modified') . ' = ' . $db->quote($category->modified_time));
$query->set($db->quoteName('created_by') . ' = ' . $db->quote($category->created_user_id));
$query->set($db->quoteName('modified_by') . ' = ' . $db->quote($category->modified_user_id));
$query->set($db->quoteName('params') . ' = ' . $db->quote($params->toString()));
$query->where($db->quoteName('id') . ' = ' . $categoryId);
$db->setQuery($query);
$db->execute();
return $categoryId;
}
public function report()
{
// Check for token
JSession::checkToken() or K2Response::throwError(JText::_('JINVALID_TOKEN'));
// Get application
$application = JFactory::getApplication();
// Get configuration
$configuration = JFactory::getConfig();
// Get input
$id = $application->input->get('id', 0, 'int');
$reportName = $application->input->get('reportName', '', 'string');
$reportReason = $application->input->get('reportReason', '', 'string');
// Get params
$params = JComponentHelper::getParams('com_k2');
// Get user
$user = JFactory::getUser();
// Check if user can report
if (!$params->get('comments') || !$params->get('commentsReporting') || $params->get('commentsReporting') == '2' && $user->guest) {
K2Response::throwError(JText::_('K2_ALERTNOTAUTH'), 403);
}
// Get comment
$comment = K2Comments::getInstance($id);
// Check comment is published
if (!$comment->state) {
K2Response::throwError(JText::_('K2_COMMENT_NOT_FOUND'));
}
// Get item
$item = K2Items::getInstance($comment->itemId);
// Check access to the item
$item->checkSiteAccess();
// Check input
if (trim($reportName) == '') {
K2Response::throwError(JText::_('K2_PLEASE_TYPE_YOUR_NAME'));
}
if (trim($reportReason) == '') {
K2Response::throwError(JText::_('K2_PLEASE_TYPE_THE_REPORT_REASON'));
}
// Check captcha depending on settings
require_once JPATH_SITE . '/components/com_k2/helpers/captcha.php';
$data = $this->getInputData();
if (!($result = K2HelperCaptcha::check($data, $this))) {
K2Response::throwError($this->getError());
}
$mailer = JFactory::getMailer();
$senderEmail = $configuration->get('mailfrom');
$senderName = $configuration->get('fromname');
$mailer->setSender(array($senderEmail, $senderName));
$mailer->setSubject(JText::_('K2_COMMENT_REPORT'));
$mailer->IsHTML(true);
$body = "\n <strong>" . JText::_('K2_NAME') . "</strong>: " . $reportName . " <br/>\n <strong>" . JText::_('K2_REPORT_REASON') . "</strong>: " . $reportReason . " <br/>\n <strong>" . JText::_('K2_COMMENT') . "</strong>: " . nl2br($comment->text) . " <br/>\n ";
$mailer->setBody($body);
$mailer->ClearAddresses();
$mailer->AddAddress($params->get('commentsReportRecipient', $configuration->get('mailfrom')));
$mailer->Send();
$application->enqueueMessage(JText::_('K2_REPORT_SUBMITTED'));
echo json_encode(K2Response::render());
return $this;
}