/** * Removes an item */ function delete() { // Check for request forgeries Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $ids = Request::getVar('cid', array(), '', 'array'); // Access checks. foreach ($ids as $i => $id) { if (!User::authorise('core.delete', 'com_content.article.' . (int) $id)) { // Prune items that you can't delete. unset($ids[$i]); Notify::warning(Lang::txt('JERROR_CORE_DELETE_NOT_PERMITTED')); } } if (empty($ids)) { Notify::error(Lang::txt('JERROR_NO_ITEMS_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Remove the items. if (!$model->featured($ids, 0)) { throw new Exception($model->getError(), 500); } } $this->setRedirect('index.php?option=com_content&view=featured'); }
/** * Method to delete rows. * * @param array An array of item ids. * * @return boolean Returns true on success, false on failure. */ public function delete(&$pks) { // Initialise variables. $pks = (array) $pks; $table = $this->getTable(); // Iterate the items to delete each one. foreach ($pks as $i => $pk) { if ($table->load($pk)) { // Access checks. if (!User::authorise('core.delete', 'com_templates')) { throw new Exception(Lang::txt('JERROR_CORE_DELETE_NOT_PERMITTED')); } // You should not delete a default style if ($table->home != '0') { Notify::warning(Lang::txt('COM_TEMPLATES_STYLE_CANNOT_DELETE_DEFAULT_STYLE')); return false; } if (!$table->delete($pk)) { $this->setError($table->getError()); return false; } } else { $this->setError($table->getError()); return false; } } // Clean cache $this->cleanCache(); return true; }
/** * Method to toggle the featured setting of a list of articles. * * @return void * @since 1.6 */ function featured() { // Check for request forgeries Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $ids = Request::getVar('cid', array(), '', 'array'); $values = array('featured' => 1, 'unfeatured' => 0); $task = $this->getTask(); $value = \Hubzero\Utility\Arr::getValue($values, $task, 0, 'int'); // Access checks. foreach ($ids as $i => $id) { if (!$user->authorise('core.edit.state', 'com_content.article.' . (int) $id)) { // Prune items that you can't change. unset($ids[$i]); Notify::warning(Lang::txt('JLIB_APPLICATION_ERROR_EDITSTATE_NOT_PERMITTED')); } } if (empty($ids)) { Notify::error(Lang::txt('JERROR_NO_ITEMS_SELECTED')); } else { // Get the model. $model = $this->getModel(); // Publish the items. if (!$model->featured($ids, $value)) { throw new Exception($model->getError(), 500); } } $this->setRedirect('index.php?option=com_content&view=articles'); }
/** * Don't allow categories to be deleted if they contain items or subcategories with items * * @param string $context The context for the content passed to the plugin. * @param object $data The data relating to the content that was deleted. * @return boolean */ public function onContentBeforeDelete($context, $data) { // Skip plugin if we are deleting something other than categories if ($context != 'com_categories.category') { return true; } // Check if this function is enabled. if (!$this->params->def('check_categories', 1)) { return true; } $extension = Request::getString('extension'); // Default to true if not a core extension $result = true; $tableInfo = array('com_content' => array('table_name' => '#__content'), 'com_newsfeeds' => array('table_name' => '#__newsfeeds')); // Now check to see if this is a known core extension if (isset($tableInfo[$extension])) { // Get table name for known core extensions $table = $tableInfo[$extension]['table_name']; // See if this category has any content items $count = $this->_countItemsInCategory($table, $data->get('id')); // Return false if db error if ($count === false) { $result = false; } else { // Show error if items are found in the category if ($count > 0) { $msg = Lang::txt('COM_CATEGORIES_DELETE_NOT_ALLOWED', $data->get('title')) . Lang::txts('COM_CATEGORIES_N_ITEMS_ASSIGNED', $count); Notify::warning(403, $msg); $result = false; } // Check for items in any child categories (if it is a leaf, there are no child categories) if (!$data->isLeaf()) { $count = $this->_countItemsInChildren($table, $data->get('id'), $data); if ($count === false) { $result = false; } elseif ($count > 0) { $msg = Lang::txt('COM_CATEGORIES_DELETE_NOT_ALLOWED', $data->get('title')) . Lang::txts('COM_CATEGORIES_HAS_SUBCATEGORY_ITEMS', $count); Notify::warning(403, $msg); $result = false; } } } return $result; } }
/** * Display the view */ public function display($tpl = null) { $this->items = $this->get('Items'); $this->pagination = $this->get('Pagination'); $this->state = $this->get('State'); $this->preview = Component::params('com_templates')->get('template_positions_display'); // Check for errors. if (count($errors = $this->get('Errors'))) { App::abort(500, implode("\n", $errors)); return false; } // Check if there are no matching items if (!count($this->items)) { Notify::warning(Lang::txt('COM_TEMPLATES_MSG_MANAGE_NO_STYLES')); } $this->addToolbar(); parent::display($tpl); }
/** * Display the view */ public function display($tpl = null) { $this->items = $this->get('Items'); $this->pagination = $this->get('Pagination'); $this->state = $this->get('State'); // Check for errors. if (count($errors = $this->get('Errors'))) { throw new Exception(implode("\n", $errors), 500, E_ERROR); return false; } // Check if there are no matching items if (!count($this->items)) { Notify::warning(Lang::txt('COM_MODULES_MSG_MANAGE_NO_MODULES')); } $this->addToolbar(); // Include the component HTML helpers. Html::addIncludePath(JPATH_COMPONENT . '/helpers/html'); parent::display($tpl); }
/** * Method to get the record form. * * @param array $data Data for the form. * @param boolean $loadData True if the form is to load its own data (default case), false if not. * @return JForm A JForm object on success, false on failure * @since 1.6 */ public function getForm($data = array(), $loadData = true) { // Codemirror or Editor None should be enabled $db = App::get('db'); $query = $db->getQuery(true); $query->select('COUNT(*)'); $query->from('#__extensions as a'); $query->where('(a.name =' . $db->quote('plg_editors_codemirror') . ' AND a.enabled = 1) OR (a.name =' . $db->quote('plg_editors_none') . ' AND a.enabled = 1)'); $db->setQuery($query); $state = $db->loadResult(); if ((int) $state < 1) { Notify::warning(Lang::txt('COM_TEMPLATES_ERROR_EDITOR_DISABLED')); } // Get the form. $form = $this->loadForm('com_templates.source', 'source', array('control' => 'jform', 'load_data' => $loadData)); if (empty($form)) { return false; } return $form; }
/** * Method to save a user's profile data. * * @return void * @since 1.6 */ public function save() { // Check for request forgeries. Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); // Initialise variables. $app = JFactory::getApplication(); $model = $this->getModel('Profile', 'UsersModel'); $user = User::getRoot(); $userId = (int) $user->get('id'); // Get the user data. $data = Request::getVar('jform', array(), 'post', 'array'); // Force the ID to this user. $data['id'] = $userId; // Validate the posted data. $form = $model->getForm(); if (!$form) { App::abort(500, $model->getError()); return false; } // Validate the posted data. $data = $model->validate($form, $data); // Check for errors. if ($data === false) { // Get the validation messages. $errors = $model->getErrors(); // Push up to three validation messages out to the user. for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { if ($errors[$i] instanceof Exception) { Notify::warning($errors[$i]->getMessage()); } else { Notify::warning($errors[$i]); } } // Save the data in the session. $app->setUserState('com_users.edit.profile.data', $data); // Redirect back to the edit screen. $userId = (int) User::setState('com_users.edit.profile.id'); $this->setRedirect(Route::url('index.php?option=com_users&view=profile&layout=edit&user_id=' . $userId, false)); return false; } // Attempt to save the data. $return = $model->save($data); // Check for errors. if ($return === false) { // Save the data in the session. User::setState('com_users.edit.profile.data', $data); // Redirect back to the edit screen. $userId = (int) User::getState('com_users.edit.profile.id'); $this->setMessage(Lang::txt('COM_USERS_PROFILE_SAVE_FAILED', $model->getError()), 'warning'); $this->setRedirect(Route::url('index.php?option=com_users&view=profile&layout=edit&user_id=' . $userId, false)); return false; } // Redirect the user and adjust session state based on the chosen task. switch ($this->getTask()) { case 'apply': // Check out the profile. User::setState('com_users.edit.profile.id', $return); $model->checkout($return); // Redirect back to the edit screen. $this->setMessage(Lang::txt('COM_USERS_PROFILE_SAVE_SUCCESS')); $this->setRedirect(Route::url(($redirect = User::getState('com_users.edit.profile.redirect')) ? $redirect : 'index.php?option=com_users&view=profile&layout=edit&hidemainmenu=1', false)); break; default: // Check in the profile. $userId = (int) User::getState('com_users.edit.profile.id'); if ($userId) { $model->checkin($userId); } // Clear the profile id from the session. User::setState('com_users.edit.profile.id', null); // Redirect to the list screen. $this->setMessage(Lang::txt('COM_USERS_PROFILE_SAVE_SUCCESS')); $this->setRedirect(Route::url(($redirect = User::getState('com_users.edit.profile.redirect')) ? $redirect : 'index.php?option=com_users&view=profile&user_id=' . $return, false)); break; } // Flush the data from the session. User::setState('com_users.edit.profile.data', null); }
function do_comment_construct() { $config = Config::get(); $speak = Config::speak(); if ($config->page_type === 'article') { $comment_id = 'comment-%d'; // Your comment ID $comment_form_id = 'comment-form'; // Your comment form ID $article = isset($config->article->path) ? $config->article : false; $G = array('data' => array('article' => Mecha::A($article), 'comment_id' => $comment_id, 'comment_form_id' => $comment_form_id)); if ($article !== false && ($request = Request::post())) { if ($task = File::exist(SHIELD . DS . $config->shield . DS . 'workers' . DS . 'task.comment.php')) { require $task; // Custom comment constructor } else { // Check token Guardian::checkToken($request['token'], $article->url . '#' . $comment_form_id); $extension = $config->comments->moderation && !Guardian::happy() ? '.hold' : '.txt'; // Check name if (trim($request['name']) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->name)); } // Check email if (trim($request['email']) !== "") { if (!Guardian::check($request['email'], '->email')) { Notify::error($speak->notify_invalid_email); } else { // Disallow passenger(s) from entering your email address in the comment email field if (!Guardian::happy() && $request['email'] === $config->author->email) { Notify::warning(Config::speak('notify_warning_forbidden_input', array('<em>' . $request['email'] . '</em>', strtolower($speak->email)))); } } } else { Notify::error(Config::speak('notify_error_empty_field', $speak->email)); } // Check URL if (trim($request['url']) !== "" && !Guardian::check($request['url'], '->url')) { Notify::error($speak->notify_invalid_url); } // Check message if (trim($request['message']) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->message)); } // Check challenge if (!Guardian::checkMath($request['math'])) { Notify::error($speak->notify_invalid_math_answer); } // Check name length if (Guardian::check($request['name'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->name)); } // Check email length if (Guardian::check($request['email'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->email)); } // Check URL length if (Guardian::check($request['url'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->url)); } // Check message length if (Guardian::check($request['message'], '->too_long', 1700)) { Notify::error(Config::speak('notify_error_too_long', $speak->message)); } // Check for spam keyword(s) in comment $fucking_words = explode(',', $config->keywords_spam); foreach ($fucking_words as $spam) { if ($f**k = trim($spam)) { if ($request['email'] === $f**k || strpos(strtolower($request['message']), strtolower($f**k)) !== false) { Notify::warning($speak->notify_warning_intruder_detected . ' <strong class="text-error pull-right">' . $f**k . '</strong>'); break; } } } if (!Notify::errors()) { $post = Date::slug($article->time); $id = (int) time(); $parent = Request::post('parent'); $P = array('data' => $request); $P['data']['id'] = $id; $name = strip_tags($request['name']); $email = Text::parse($request['email'], '->broken_entity'); $url = isset($request['url']) && trim($request['url']) !== "" ? $request['url'] : false; $parser = strip_tags(Request::post('content_type', $config->html_parser->active)); $message = Text::parse($request['message'], '->text', WISE_CELL . '<img>', false); $field = Request::post('fields', array()); include File::D(__DIR__, 2) . DS . 'task.fields.php'; // Temporarily disallow image(s) in comment to prevent XSS $message = preg_replace('#<img(\\s[^<>]*?)>#i', '<img$1>', $message); Page::header(array('Name' => $name, 'Email' => $email, 'URL' => $url, 'Status' => Guardian::happy() ? 1 : 2, 'Content Type' => $parser, 'Fields' => !empty($field) ? Text::parse($field, '->encoded_json') : false))->content($message)->saveTo(COMMENT . DS . $post . '_' . Date::slug($id) . '_' . ($parent ? Date::slug($parent) : '0000-00-00-00-00-00') . $extension); Notify::success(Config::speak('notify_success_submitted', $speak->comment)); if ($extension === '.hold') { Notify::info($speak->notify_info_comment_moderation); } Weapon::fire(array('on_comment_update', 'on_comment_construct'), array($G, $P)); Guardian::kick($config->url_current . $config->ur_query . (!Guardian::happy() && $config->comments->moderation ? '#' . $comment_form_id : '#' . sprintf($comment_id, Date::format($id, 'U')))); } else { Guardian::kick($config->url_current . $config->url_query . '#' . $comment_form_id); } } } } }
/** * Process import selections * * @return void */ private function processAction() { // Check if they're logged in if (User::isGuest()) { return $this->loginAction(); } if (!$this->params->get('access-manage')) { throw new Exception(Lang::txt('PLG_MEMBERS_CITATIONS_NOT_AUTHORIZED'), 403); } Request::checkToken(); $cites_require_attention = $this->importer->readRequiresAttention(); $cites_require_no_attention = $this->importer->readRequiresNoAttention(); // action for citations needing attention $citations_action_attention = Request::getVar('citation_action_attention', array()); // action for citations needing no attention $citations_action_no_attention = Request::getVar('citation_action_no_attention', array()); // check to make sure we have citations if (!$cites_require_attention && !$cites_require_no_attention) { App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=import'), Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_MISSING_FILE_CONTINUE'), 'error'); return; } // vars $allow_tags = "yes"; $allow_badges = "yes"; $this->importer->set('user', User::get('id')); $this->importer->setTags($allow_tags == 'yes'); $this->importer->setBadges($allow_badges == 'yes'); $this->importer->set('scope_id', $this->member->get('uidNumber')); $this->importer->set('scope', 'member'); // Process $results = $this->importer->process($citations_action_attention, $citations_action_no_attention); // success message a redirect Notify::success(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVED', count($results['saved'])), 'plg_citations'); // if we have citations not getting saved if (count($results['not_saved']) > 0) { Notify::warning(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_NOT_SAVED', count($results['not_saved'])), 'plg_citations'); } if (count($results['error']) > 0) { Notify::error(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVE_ERROR', count($results['error'])), 'plg_citations'); } //get the session object $session = App::get('session'); //ids of sessions saved and not saved $session->set('citations_saved', $results['saved']); $session->set('citations_not_saved', $results['not_saved']); $session->set('citations_error', $results['error']); //delete the temp files that hold citation data $this->importer->cleanup(true); //redirect App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=saved')); }
/** * Method to approve user records. * * @param array &$pks The ids of the items to approve. * * @return boolean True on success. */ function approve(&$pks) { // Check if I am a Super Admin $iAmSuperAdmin = User::authorise('core.admin'); $table = $this->getTable(); $pks = (array) $pks; // Access checks. foreach ($pks as $i => $pk) { if ($table->load($pk)) { $old = $table->getProperties(); $allow = User::authorise('core.edit.state', 'com_users'); // Don't allow non-super-admin to delete a super admin $allow = !$iAmSuperAdmin && JAccess::check($pk, 'core.admin') ? false : $allow; if ($allow) { $table->approved = 1; // Allow an exception to be thrown. try { if (!$table->check()) { $this->setError($table->getError()); return false; } // Trigger the onUserBeforeSave event. $result = Event::trigger('user.onUserBeforeSave', array($old, false, $table->getProperties())); if (in_array(false, $result, true)) { // Plugin will have to raise it's own error or throw an exception. return false; } // Store the table. if (!$table->store()) { $this->setError($table->getError()); return false; } // Fire the onAftereStoreUser event Event::trigger('user.onUserAfterSave', array($table->getProperties(), false, true, null)); } catch (Exception $e) { $this->setError($e->getMessage()); return false; } } else { // Prune items that you can't change. unset($pks[$i]); Notify::warning(Lang::txt('JLIB_APPLICATION_ERROR_EDITSTATE_NOT_PERMITTED')); } } } return true; }
/** * Method to check if new template name already exists * * @return boolean true if name is not used, false otherwise * @since 2.5 */ public function copy() { if ($template = $this->getTemplate()) { $client = JApplicationHelper::getClientInfo($template->client_id); $fromPath = Filesystem::cleanPath($client->path . '/templates/' . $template->element . '/'); // Delete new folder if it exists $toPath = $this->getState('to_path'); if (Filesystem::exists($toPath)) { if (!Filesystem::deleteDirectory($toPath)) { Notify::warning(Lang::txt('COM_TEMPLATES_ERROR_COULD_NOT_WRITE')); return false; } } // Copy all files from $fromName template to $newName folder if (!Filesystem::copyDirectory($fromPath, $toPath) || !$this->fixTemplateName()) { return false; } return true; } else { Notify::warning(Lang::txt('COM_TEMPLATES_ERROR_INVALID_FROM_NAME')); return false; } }
/** * Remove an entry * * @return void */ public function removeTask() { // Incoming $step = Request::getInt('step', 1); $step = !$step ? 1 : $step; // What step are we on? switch ($step) { case 1: Request::setVar('hidemainmenu', 1); // Incoming $id = Request::getVar('id', array(0)); if (!is_array($id) && !empty($id)) { $id = array($id); } $this->view->ogId = $id; // Set any errors if ($this->getError()) { $this->view->setError($this->getError()); } // Output the HTML $this->view->display(); break; case 2: // Check for request forgeries Request::checkToken() or jexit('Invalid Token'); // Incoming $ogIds = Request::getVar('ogId', 0); //print_r($ogIds); die; // Make sure we have ID(s) to work with if (empty($ogIds)) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=dispaly', false), Lang::txt('COM_STOREFRONT_NO_ID'), 'error'); return; } $delete = Request::getVar('delete', 0); $msg = "Delete canceled"; $type = 'error'; if ($delete) { // Do the delete $obj = new Archive(); $warnings = array(); foreach ($ogIds as $ogId) { // Delete option group try { $optionGroup = new OptionGroup($ogId); $optionGroup->delete(); // see if there are any warnings to display if ($optionGroupWarnings = $optionGroup->getMessages()) { foreach ($optionGroupWarnings as $optionGroupWarning) { if (!in_array($optionGroupWarning, $warnings)) { $warnings[] = $optionGroupWarning; } } } } catch (\Exception $e) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=dispaly', false), $e->getMessage(), $type); return; } } $msg = "Option group(s) deleted"; $type = 'message'; } // Set the redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller . '&task=dispaly', false), $msg, $type); if ($warnings) { foreach ($warnings as $warning) { \Notify::warning($warning); } } break; } }
* ----------- */ Route::accept($config->manager->slug . '/menu/kill/key:(:any)', function ($key = false) use($config, $speak) { if (!Guardian::happy(1)) { Shield::abort(); } $menus = Get::state_menu(null, array(), false); if (!isset($menus[$key])) { Shield::abort(); // Menu not found! } Config::set(array('page_title' => $speak->deleting . ': ' . $speak->menu . $config->title_separator . $config->manager->title, 'cargo' => 'kill.menu.php')); $G = array('data' => $menus); $G['data']['key'] = $key; if ($request = Request::post()) { $request = Filter::apply('request:__menu', $request, $key); Guardian::checkToken($request['token']); unset($menus[$key]); // delete ... ksort($menus); $P = array('data' => $menus); $P['data']['key'] = $key; File::serialize($menus)->saveTo(STATE . DS . 'menu.txt', 0600); Notify::success(Config::speak('notify_success_deleted', $speak->menu)); Weapon::fire(array('on_menu_update', 'on_menu_destruct'), array($G, $P)); Guardian::kick($config->manager->slug . '/menu'); } else { Notify::warning(Config::speak('notify_confirm_delete_', '<code>Menu::' . $key . '()</code>')); } Shield::lot(array('segment' => 'menu', 'id' => $key, 'file' => Mecha::O($menus[$key])))->attach('manager'); });
/** * Remove one or more entries * * @return void */ public function removeTask() { // Check for request forgeries Request::checkToken(); $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // Make sure we have an ID if (empty($ids)) { Notify::warning(Lang::txt('COM_GROUPS_ERROR_NO_ITEMS_SELECTED')); return $this->cancelTask(); } $i = 0; foreach ($ids as $id) { // Remove the entry $model = Role::oneOrFail(intval($id)); if (!$model->destroy()) { Notify::error($model->getError()); continue; } $i++; } if ($i) { Notify::success(Lang::txt('COM_GROUPS_ROLE_REMOVED')); } $this->cancelTask(); }
/** * Method to register a user. * * @since 1.6 */ public function register() { Session::checkToken('post'); // Get the form data. $data = Request::getVar('user', array(), 'post', 'array'); // Get the model and validate the data. $model = $this->getModel('Registration', 'UsersModel'); $return = $model->validate($data); // Check for errors. if ($return === false) { // Get the validation messages. $errors = $model->getErrors(); // Push up to three validation messages out to the user. for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { if ($errors[$i] instanceof Exception) { Notify::warning($errors[$i]->getMessage()); } else { Notify::warning($errors[$i]); } } // Save the data in the session. User::setState('users.registration.form.data', $data); // Redirect back to the registration form. $this->setRedirect('index.php?option=com_users&view=registration'); return false; } // Finish the registration. $return = $model->register($data); // Check for errors. if ($return === false) { // Save the data in the session. User::setState('users.registration.form.data', $data); // Redirect back to the registration form. $message = Lang::txt('COM_USERS_REGISTRATION_SAVE_FAILED', $model->getError()); $this->setRedirect('index.php?option=com_users&view=registration', $message, 'error'); return false; } // Flush the data from the session. User::setState('users.registration.form.data', null); exit; }
/** * Save a product * * @param boolean $redirect Redirect the page after saving * @return void */ public function saveTask($redirect = true) { // Check for request forgeries Request::checkToken() or jexit('Invalid Token'); // Incoming $fields = Request::getVar('fields', array(), 'post'); //var_dump((($fields['pAlias']))); die; $obj = new Archive(); // Save product try { $product = new Product($fields['pId']); if (isset($fields['pName'])) { $product->setName($fields['pName']); } if (isset($fields['pAlias']) && $fields['pAlias']) { $product->setAlias($fields['pAlias']); } if (isset($fields['pDescription'])) { $product->setDescription($fields['pDescription']); } if (isset($fields['pFeatures'])) { $product->setFeatures($fields['pFeatures']); } if (isset($fields['pTagline']) && $fields['pTagline']) { $product->setTagline($fields['pTagline']); } if (isset($fields['access'])) { $product->setAccessLevel($fields['access']); } if (isset($fields['state'])) { $product->setActiveStatus($fields['state']); } if (isset($fields['ptId'])) { $product->setType($fields['ptId']); } if (isset($fields['pAllowMultiple'])) { $product->setAllowMultiple($fields['pAllowMultiple']); } if (!isset($fields['collections'])) { $fields['collections'] = array(); } $product->setCollections($fields['collections']); if (!isset($fields['optionGroups'])) { $fields['optionGroups'] = array(); } $product->setOptionGroups($fields['optionGroups']); $product->save(); } catch (\Exception $e) { \Notify::error($e->getMessage()); // Get the product //$product = $obj->product($fields['pId']); $this->editTask($product); return; } $warnings = $product->getMessages(); if ($warnings && !$redirect) { foreach ($warnings as $warning) { \Notify::warning($warning); } } if ($redirect) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller), Lang::txt('COM_STOREFRONT_PRODUCT_SAVED')); if ($warnings) { foreach ($warnings as $warning) { \Notify::warning($warning); } } return; } $this->editTask($product); }
if (!Guardian::happy(1) && Guardian::get('author') !== $post->author) { Shield::abort(); } Config::set(array('page_title' => $speak->deleting . ': ' . $post->title . $config->title_separator . $config->manager->title, 'page' => $post, 'cargo' => 'kill.post.php')); $G = array('data' => Mecha::A($post)); if ($request = Request::post()) { Guardian::checkToken($request['token']); File::open($post->path)->delete(); // Deleting response(s) ... if ($responses = call_user_func('Get::' . $response . 's', 'DESC', 'post:' . $id, 'txt,hold')) { foreach ($responses as $v) { File::open($v)->delete(); } } $P = array('data' => $request); include __DIR__ . DS . 'task.kill.substance.php'; // Deleting custom CSS and JavaScript file of post ... File::open(CUSTOM . DS . Date::slug($id) . '.txt')->delete(); File::open(CUSTOM . DS . Date::slug($id) . '.draft')->delete(); Weapon::fire(array('on_custom_update', 'on_custom_destruct'), array($G, $P)); // Deleting custom PHP file of post ... File::open(File::D($post->path) . DS . $post->slug . '.php')->delete(); Notify::success(Config::speak('notify_success_deleted', $post->title)); Weapon::fire(array('on_' . $segment . '_update', 'on_' . $segment . '_destruct'), array($G, $G)); Guardian::kick($config->manager->slug . '/' . $segment); } else { Notify::warning(Config::speak('notify_confirm_delete_', '<strong>' . $post->title . '</strong>')); Notify::warning(Config::speak('notify_confirm_delete_page', strtolower($speak->{$segment}), strtolower($speak->{$response . 's'}))); } Shield::lot(array('segment' => $segment))->attach('manager'); });
* ---------- */ Route::accept($config->manager->slug . '/tag/kill/id:(:any)', function ($id = false) use($config, $speak, $tags) { if (!Guardian::happy(1)) { Shield::abort(); } if (!isset($tags[$id])) { Shield::abort(); // Tag not found! } $title = $tags[$id]['name']; Config::set(array('page_title' => $speak->deleting . ': ' . $title . $config->title_separator . $config->manager->title, 'cargo' => 'kill.tag.php')); $G = array('data' => $tags); $G['data']['id'] = $id; if ($request = Request::post()) { $request = Filter::apply('request:__tag', $request, $id); Guardian::checkToken($request['token']); unset($tags[$id]); // delete ... ksort($tags); $P = array('data' => $tags); $P['data']['id'] = $id; File::serialize($tags)->saveTo(STATE . DS . 'tag.txt', 0600); Notify::success(Config::speak('notify_success_deleted', $title)); Weapon::fire(array('on_tag_update', 'on_tag_destruct'), array($G, $P)); Guardian::kick($config->manager->slug . '/tag'); } else { Notify::warning(Config::speak('notify_confirm_delete_', '<strong>' . $title . '</strong>')); } Shield::lot(array('segment' => 'tag', 'id' => $id, 'file' => Mecha::O($tags[$id])))->attach('manager'); });
/** * Remove one or more entries * * @return void */ public function removeTask() { // Access check. if (!User::authorise('core.delete', $this->_option)) { Notify::warning(Lang::txt('JLIB_APPLICATION_ERROR_DELETE_NOT_PERMITTED')); return $this->cancelTask(); } // Check for request forgeries Request::checkToken(['get', 'post']); $ids = Request::getVar('id', array(), '', 'array'); if (empty($ids)) { Notify::error(Lang::txt('COM_REDIRECT_NO_ITEM_SELECTED')); } $i = 0; foreach ($ids as $id) { $entry = Link::oneOrFail(intval($id)); if (!$entry->destroy()) { Notify::error($entry->getError()); continue; } $i++; } if ($i) { Notify::success(Lang::txts('COM_REDIRECT_N_ITEMS_DELETED', $i)); } $this->cancelTask(); }
$P = array('data' => array('path' => $_file)); File::open($_file)->delete(); if ($_file !== false) { // Remove empty folder(s) $f = glob(File::D($_file) . DS . '*', GLOB_NOSORT); if (empty($f)) { File::open(File::D($_file))->delete(); } Notify::success(Config::speak('notify_file_deleted', '<code>' . File::B($_file) . '</code>')); } else { Notify::success(Config::speak('notify_success_deleted', $speak->shield)); } Weapon::fire(array('on_shield_update', 'on_shield_destruct'), array($P, $P)); Guardian::kick($config->manager->slug . '/shield' . ($_file !== false ? '/' . $folder : "")); } else { Notify::warning(Config::speak('notify_confirm_delete_', $file !== false ? '<code>' . $path . '</code>' : '<strong>' . $info->title . '</strong>')); } Shield::lot(array('segment' => 'shield', 'folder' => $folder, 'files' => Mecha::O(Get::files(SHIELD . DS . $folder, '*')), 'path' => $path))->attach('manager'); }); /** * Shield Attacher * --------------- */ Route::accept($config->manager->slug . '/shield/(attach|eject)/id:(:any)', function ($path = "", $slug = "") use($config, $speak) { if (!Guardian::happy(1) || !file_exists(SHIELD . DS . $slug)) { Shield::abort(); } $new_config = Get::state_config(); $new_config['shield'] = $path === 'attach' ? $slug : 'normal'; File::serialize($new_config)->saveTo(STATE . DS . 'config.txt', 0600); $G = array('data' => array('id' => $slug, 'action' => $path));
}); /** * Comment Killer * -------------- */ Route::accept($config->manager->slug . '/comment/kill/id:(:num)', function ($id = "") use($config, $speak) { if (Guardian::get('status') !== 'pilot') { Shield::abort(); } if (!($comment = Get::comment($id))) { Shield::abort(); // File not found! } Config::set(array('page_title' => $speak->deleting . ': ' . $speak->comment . $config->title_separator . $config->manager->title, 'response' => $comment, 'cargo' => DECK . DS . 'workers' . DS . 'kill.comment.php')); if ($request = Request::post()) { $P = array('data' => Mecha::A($comment)); Guardian::checkToken($request['token']); File::open($comment->path)->delete(); $task_connect = $comment; include DECK . DS . 'workers' . DS . 'task.field.3.php'; File::write($config->total_comments_backend - 1)->saveTo(SYSTEM . DS . 'log' . DS . 'comments.total.log', 0600); Notify::success(Config::speak('notify_success_deleted', $speak->comment)); Weapon::fire('on_comment_update', array($P, $P)); Weapon::fire('on_comment_destruct', array($P, $P)); Guardian::kick($config->manager->slug . '/comment'); } else { File::write($config->total_comments_backend)->saveTo(SYSTEM . DS . 'log' . DS . 'comments.total.log', 0600); Notify::warning($speak->notify_confirm_delete); } Shield::lot('segment', 'comment')->attach('manager', false); });
/** * This method should handle any login logic and report back to the subject * * @param array $user Holds the user data * @param array $options Array holding options (remember, autoregister, group) * * @return boolean True on success * @since 1.5 */ public function onUserLogin($user, $options = array()) { $instance = $this->_getUser($user, $options); // If _getUser returned an error, then pass it back. if ($instance instanceof Exception) { return false; } // If the user is blocked, redirect with an error if ($instance->get('block') == 1) { Notify::warning(Lang::txt('JERROR_NOLOGIN_BLOCKED')); return false; } // Authorise the user based on the group information if (!isset($options['group'])) { $options['group'] = 'USERS'; } // Chek the user can login. $result = $instance->authorise($options['action']); if (!$result) { Notify::warning(Lang::txt('JERROR_LOGIN_DENIED')); return false; } // Mark the user as logged in $instance->set('guest', 0); // Register the needed session variables $session = App::get('session'); $session->set('user', $instance); // Check to see the the session already exists. $app = JFactory::getApplication(); $app->checkSession(); if (App::get('config')->get('session_handler') == 'database') { // Update the user related fields for the Joomla sessions table. $db = App::get('db'); $db->setQuery('UPDATE ' . $db->quoteName('#__session') . ' SET ' . $db->quoteName('guest') . ' = ' . $db->quote($instance->get('guest')) . ',' . ' ' . $db->quoteName('username') . ' = ' . $db->quote($instance->get('username')) . ',' . ' ' . $db->quoteName('userid') . ' = ' . (int) $instance->get('id') . ' WHERE ' . $db->quoteName('session_id') . ' = ' . $db->quote($session->getId())); $db->query(); } // Hit the user last visit field $instance->setLastVisit(); return true; }
/** * Batch resume download * * @return void */ public function batchTask() { // Login required if (User::isGuest()) { \Notify::warning(Lang::txt('COM_JOBS_PLEASE_LOGIN_ACCESS_EMPLOYER')); $this->login(); return; } // Check authorization if (!$this->_admin && !$this->_emp) { App::redirect(Route::url('index.php?option=com_jobs&task=subscribe')); } // Incoming $pile = Request::getVar('pile', 'all'); // Zip the requested resumes $archive = $this->_archiveResumes($pile); if ($archive) { // Initiate a new content server and serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($archive['path']); $xserver->disposition('attachment'); $xserver->acceptranges(false); $xserver->saveas(Lang::txt('JOBS_RESUME_BATCH=Resume Batch')); $result = $xserver->serve_attachment($archive['path'], $archive['name'], false); // Delete downloaded zip \Filesystem::delete($archive['path']); if (!$result) { throw new Exception(Lang::txt('COM_JOBS_ERROR_ARCHIVE_FAILED'), 500); } else { exit; } } else { App::redirect(Route::url('index.php?option=com_jobs&task=dashboard'), Lang::txt('COM_JOBS_ERROR_ARCHIVE_FAILED'), 'error'); } }
if ($request = Request::post()) { Guardian::checkToken($request['token']); $info_path = array(); $is_folder_or_file = count($deletes) === 1 && is_dir(ASSET . DS . $deletes[0]) ? 'folder' : 'file'; foreach ($deletes as $file_to_delete) { $_path = ASSET . DS . $file_to_delete; $info_path[] = $_path; File::open($_path)->delete(); } $P = array('data' => array('files' => $info_path)); Notify::success(Config::speak('notify_' . $is_folder_or_file . '_deleted', '<code>' . implode('</code>, <code>', $deletes) . '</code>')); Weapon::fire('on_asset_update', array($P, $P)); Weapon::fire('on_asset_destruct', array($P, $P)); Guardian::kick($config->manager->slug . '/asset/1' . $p); } else { Notify::warning(count($deletes) === 1 ? Config::speak('notify_confirm_delete_', '<code>' . File::path($name) . '</code>') : $speak->notify_confirm_delete); } Shield::lot('segment', 'asset')->attach('manager', false); }); /** * Multiple Asset Killer * --------------------- */ Route::accept($config->manager->slug . '/asset/kill', function ($path = "") use($config, $speak) { if ($request = Request::post()) { Guardian::checkToken($request['token']); if (!isset($request['selected'])) { Notify::error($speak->notify_error_no_files_selected); Guardian::kick($config->manager->slug . '/asset/1'); } $files = array();
} // Check URL length if (Guardian::check($request['url'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->comment_url)); } // Check message length if (Guardian::check($request['message'], '->too_long', 1700)) { Notify::error(Config::speak('notify_error_too_long', $speak->comment_message)); } // Check for spam keyword(s) in comment $fucking_words = explode(',', $config->spam_keywords); foreach ($fucking_words as $spam) { $f**k = trim($spam); if ($f**k !== "") { if ($request['email'] === $f**k || $f**k !== 'N/A' && Get::IP() === $f**k || strpos(strtolower($request['message']), strtolower($f**k)) !== false) { Notify::warning($speak->notify_warning_intruder_detected . ' <strong class="text-error pull-right">' . $f**k . '</strong>'); break; } } } if (!Notify::errors()) { $post = Date::format($article->time, 'Y-m-d-H-i-s'); $id = (int) time(); $parent = Request::post('parent'); $P = array('data' => $request); $name = strip_tags($request['name']); $email = Text::parse($request['email'], '->broken_entity'); $url = isset($request['url']) ? $request['url'] : false; $parser = strip_tags(Request::post('content_type', $config->html_parser)); $message = $request['message']; $field = Request::post('fields', array());
} Config::set(array('page_title' => $speak->deleting . ': ' . ($path ? File::B($file) : $info['title']) . $config->title_separator . $config->manager->title, 'files' => Get::files(SHIELD . DS . $folder, '*'), 'cargo' => DECK . DS . 'workers' . DS . 'kill.shield.php')); if ($request = Request::post()) { Guardian::checkToken($request['token']); $P = array('data' => array('path' => $file)); File::open($file)->delete(); if ($path) { Notify::success(Config::speak('notify_file_deleted', '<code>' . File::B($path) . '</code>')); } else { Notify::success(Config::speak('notify_success_deleted', $speak->shield)); } Weapon::fire('on_shield_update', array($P, $P)); Weapon::fire('on_shield_destruct', array($P, $P)); Guardian::kick($config->manager->slug . '/shield' . ($path ? '/' . $folder : "")); } else { Notify::warning(Config::speak('notify_confirm_delete_', $path ? '<code>' . File::path($path) . '</code>' : '<strong>' . $info['title'] . '</strong>')); } Shield::lot(array('segment' => 'shield', 'the_shield' => $folder, 'the_name' => $path, 'the_info' => $info))->attach('manager', false); }); /** * Shield Attacher * --------------- */ Route::accept($config->manager->slug . '/shield/(attach|eject)/id:(:any)', function ($path = "", $slug = "") use($config, $speak) { $new_config = Get::state_config(); $new_config['shield'] = $path === 'attach' ? $slug : 'normal'; File::serialize($new_config)->saveTo(STATE . DS . 'config.txt', 0600); $G = array('data' => array('id' => $slug, 'action' => $path)); $mode = $path === 'eject' ? 'eject' : 'mount'; Notify::success(Config::speak('notify_success_updated', $speak->shield)); Weapon::fire('on_shield_update', array($G, $G));
/** * Send the message and display a notice * * @access public * @since 1.5 */ function send() { // Check for request forgeries Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN')); $timeout = Session::get('com_mailto.formtime', 0); if ($timeout == 0 || time() - $timeout < 20) { throw new Exception(Lang::txt('COM_MAILTO_EMAIL_NOT_SENT'), 500); return $this->mailto(); } $SiteName = Config::get('sitename'); $MailFrom = Config::get('mailfrom'); $FromName = Config::get('fromname'); $link = MailtoHelper::validateHash(Request::getCMD('link', '', 'post')); // Verify that this is a local link if (!$link || !JURI::isInternal($link)) { //Non-local url... throw new Exception(Lang::txt('COM_MAILTO_EMAIL_NOT_SENT'), 500); return $this->mailto(); } // An array of email headers we do not want to allow as input $headers = array('Content-Type:', 'MIME-Version:', 'Content-Transfer-Encoding:', 'bcc:', 'cc:'); // An array of the input fields to scan for injected headers $fields = array('mailto', 'sender', 'from', 'subject'); /* * Here is the meat and potatoes of the header injection test. We * iterate over the array of form input and check for header strings. * If we find one, send an unauthorized header and die. */ foreach ($fields as $field) { foreach ($headers as $header) { if (strpos($_POST[$field], $header) !== false) { App::abort(403, ''); } } } // Free up memory unset($headers, $fields); $email = Request::getString('mailto', '', 'post'); $sender = Request::getString('sender', '', 'post'); $from = Request::getString('from', '', 'post'); $subject_default = Lang::txt('COM_MAILTO_SENT_BY', $sender); $subject = Request::getString('subject', $subject_default, 'post'); // Check for a valid to address $error = false; if (!$email || !JMailHelper::isEmailAddress($email)) { $error = Lang::txt('COM_MAILTO_EMAIL_INVALID', $email); Notify::warning($error); } // Check for a valid from address if (!$from || !JMailHelper::isEmailAddress($from)) { $error = Lang::txt('COM_MAILTO_EMAIL_INVALID', $from); Notify::warning($error); } if ($error) { return $this->mailto(); } // Build the message to send $msg = Lang::txt('COM_MAILTO_EMAIL_MSG'); $body = sprintf($msg, $SiteName, $sender, $from, $link); // Clean the email data $subject = JMailHelper::cleanSubject($subject); $body = JMailHelper::cleanBody($body); $sender = JMailHelper::cleanAddress($sender); // Send the email if (JFactory::getMailer()->sendMail($from, $sender, $email, $subject, $body) !== true) { throw new Exception(Lang::txt('COM_MAILTO_EMAIL_NOT_SENT'), 500); return $this->mailto(); } Request::setVar('view', 'sent'); $this->display(); }
/** * [_handSuperGroupGitlab description] * @param [type] $group [description] * @return [type] [description] */ private function _handSuperGroupGitlab($group) { // get needed config vars $gitlabManagement = $this->config->get('super_gitlab', 0); $gitlabUrl = $this->config->get('super_gitlab_url', ''); $gitlabKey = $this->config->get('super_gitlab_key', ''); // do we have repo management on // dont output message if (!$gitlabManagement) { return; } // make sure we have a url and key if repot management is on if ($gitlabManagement && ($gitlabUrl == '' || $gitlabKey == '')) { Notify::warning(Lang::txt('COM_GROUPS_GITLAB_NOT_SETUP')); return; } // make sure this is production hub $environment = strtolower(Config::get('application_env', 'development')); if ($environment != 'production') { return; } // build group & project names $host = explode('.', $_SERVER['HTTP_HOST']); $groupName = strtolower($host[0]); $projectName = $group->get('cn'); // instantiate new gitlab client $client = new Gitlab($gitlabUrl, $gitlabKey); // get list of groups $groups = $client->groups(); // attempt to get already existing group $gitLabGroup = null; foreach ($groups as $g) { if ($groupName == $g['name']) { $gitLabGroup = $g; break; } } // create group if doesnt exist if ($gitLabGroup == null) { $gitLabGroup = $client->createGroup(array('name' => $groupName, 'path' => strtolower($groupName))); } //get groups projects $projects = $client->projects(); // attempt to get already existing project $gitLabProject = null; foreach ($projects as $p) { if ($projectName == $p['name'] && $p['namespace']['id'] == $gitLabGroup['id']) { $gitLabProject = $p; break; } } // create project if doesnt exist if ($gitLabProject == null) { $gitLabProject = $client->createProject(array('namespace_id' => $gitLabGroup['id'], 'name' => $projectName, 'description' => $group->get('description'), 'issues_enabled' => true, 'merge_requests_enabled' => true, 'wiki_enabled' => true, 'snippets_enabled' => true)); } // path to group folder $uploadPath = PATH_APP . DS . trim($this->config->get('uploadpath', '/site/groups'), DS) . DS . $group->get('gidNumber'); // build author info for making first commit $authorInfo = '"' . Config::get('sitename') . ' Groups <groups@' . $_SERVER['HTTP_HOST'] . '>"'; // check to see if we already have git repo // only run gitlab setup once. if (is_dir($uploadPath . DS . '.git')) { return; } // build command to run via shell // this will init the git repo, make the inital commit and push to the repo management machine $cmd = 'sh ' . dirname(dirname(__DIR__)) . DS . 'assets' . DS . 'scripts' . DS . 'gitlab_setup.sh '; $cmd .= $uploadPath . ' ' . $authorInfo . ' ' . $gitLabProject['ssh_url_to_repo'] . ' 2>&1'; // execute command $output = shell_exec($cmd); // make sure everything went well if (preg_match("/Host key verification failed/uis", $output)) { Notify::warning(Lang::txt('COM_GROUPS_GITLAB_NOT_SETUP_SSH')); return; } // protect master branch // allows only admins to accept Merge Requests $protected = $client->protectBranch(array('id' => $gitLabProject['id'], 'branch' => 'master')); }
/** * Display search form and results (if any) * * @return void */ public function displayTask($response = NULL) { $config = Component::params('com_search'); $query = new \Hubzero\Search\Query($config); $terms = Request::getVar('terms', ''); $limit = Request::getInt('limit', 10); $start = Request::getInt('start', 0); $sortBy = Request::getVar('sortBy', ''); $sortDir = Request::getVar('sortDir', ''); $type = Request::getVar('type', ''); $section = Request::getVar('section', 'content'); // Map coordinates if ($section == 'map') { $minLon = Request::getVar('minlon', false); $maxLon = Request::getVar('maxlon', false); $minLat = Request::getVar('minlat', false); $maxLat = Request::getVar('maxlat', false); if ($minLon && $maxLon && $minLat && $maxLat) { $locationFilter = 'coverage:"INTERSECTS(ENVELOPE(' . $minLon . ',' . $maxLon . ',' . $maxLat . ',' . $minLat . '))"'; } } $filters = Request::getVar('filters', array()); // To pass to the view $urlQuery = '?terms=' . $terms; // Apply the sorting if ($sortBy != '' && $sortDir != '') { $query = $query->sortBy($sortBy, $sortDir); } if ($type != '') { $query->addFilter('Type', array('hubtype', '=', $type)); // Add a type $urlQuery .= '&type=' . $type; } // Administrators can see all records $isAdmin = User::authorise('core.admin', 'com_users'); if ($isAdmin) { $query = $query->query($terms)->limit($limit)->start($start); } else { $query = $query->query($terms)->limit($limit)->start($start)->restrictAccess(); } if (isset($locationFilter)) { $query->addFilter('BoundingBox', $locationFilter); } // Build the reset of the query string $urlQuery .= '&limit=' . $limit; $urlQuery .= '&start=' . $start; // Perform the query try { $query = $query->run(); } catch (\Solarium\Exception\HttpException $e) { //@TODO: 'Did you mean' functionality. $query->query('')->limit($limit)->start($start)->run(); \Notify::warning(Lang::txt('COM_SEARCH_MALFORMED_QUERY')); } $results = $query->getResults(); $numFound = $query->getNumFound(); // Format the results (highlighting, snippet, etc) $results = $this->formatResults($results, $terms); $this->view->pagination = new \Hubzero\Pagination\Paginator($numFound, $start, $limit); $this->view->pagination->setAdditionalUrlParam('terms', $terms); if (isset($results) && count($results) > 0) { $this->view->query = $terms; $this->view->results = $results; $categories = $this->getCategories($type, $terms, $limit, $start); $this->view->categories = $categories['facets']; $this->view->catTotal = $categories['total']; } else { $this->view->queryString = ''; $this->view->results = null; } $this->view->terms = $terms; $this->view->total = $numFound; $this->view->type = $type; $this->view->section = $section; $this->view->setLayout('display'); $this->view->urlQuery = $urlQuery; $this->view->display(); }