/** * Prepare a user field for database update */ public function prepareFieldDataSave($fieldType, $fieldName, $value, &$post, $params) { // $post = JRequest::get('post'); if (!class_exists('vmFilter')) { require JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmfilter.php'; } switch (strtolower($fieldType)) { case 'webaddress': if (isset($post[$fieldName . "Text"]) && $post[$fieldName . "Text"]) { $oValuesArr = array(); $oValuesArr[0] = str_replace(array('mailto:', 'http://', 'https://'), '', $value); $oValuesArr[1] = str_replace(array('mailto:', 'http://', 'https://'), '', $post[$fieldName . "Text"]); $value = implode("|*|", $oValuesArr); } else { if ($value = vmFilter::urlcheck($value)) { $value = str_replace(array('mailto:', 'http://', 'https://'), '', $value); } } break; case 'email': case 'emailaddress': $value = vmFilter::mail($value); $value = str_replace('mailto:', '', $value); $value = str_replace(array('\'', '"', ',', '%', '*', '/', '\\', '?', '^', '`', '{', '}', '|', '~'), array(''), $value); //vmdebug('mail',$value); break; // case 'phone': // $value = vmFilter::phone( $value ); // break; // case 'phone': // $value = vmFilter::phone( $value ); // break; case 'multiselect': case 'multicheckbox': case 'select': if (is_array($value)) { $value = implode("|*|", $value); } break; case 'age_verification': $value = JRequest::getInt('birthday_selector_year') . '-' . JRequest::getInt('birthday_selector_month') . '-' . JRequest::getInt('birthday_selector_day'); break; case 'textarea': $value = JRequest::getVar($fieldName, '', 'post', 'string', JREQUEST_ALLOWRAW); $value = vmFilter::hl($value, 'text'); break; default: case 'editorta': $value = JRequest::getVar($fieldName, '', 'post', 'string', JREQUEST_ALLOWRAW); $value = vmFilter::hl($value, 'no_js_flash'); break; default: // //*** code for htmlpurifier *** // //SEE http://htmlpurifier.org/ // // must only add all htmlpurifier in library/htmlpurifier/ // if (!$this->htmlpurifier) { // require(JPATH_VM_ADMINISTRATOR.DS.'library'.DS.'htmlpurifier'.DS.'HTMLPurifier.auto.php'); // $config = HTMLPurifier_Config::createDefault(); // $this->htmlpurifier = new HTMLPurifier($config); // } // $value = $this->htmlpurifier->purify($value); // vmdebug( "purified filter" , $value); //$config->set('URI.HostBlacklist', array('google.com'));// set eg .add google.com in black list if (strpos($fieldType, 'plugin') !== false) { JPluginHelper::importPlugin('vmuserfield'); $dispatcher = JDispatcher::getInstance(); // vmdebug('params',$params); $dispatcher->trigger('plgVmPrepareUserfieldDataSave', array($fieldType, $fieldName, &$post, &$value, $params)); return $value; } // no HTML TAGS but permit all alphabet $value = vmFilter::hl($value, array('deny_attribute' => '*')); $value = preg_replace('@<[\\/\\!]*?[^<>]*?>@si', '', $value); //remove all html tags $value = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $value); //replace start of script onclick() onload()... $value = trim(str_replace('"', ' ', $value), "'"); $value = (string) preg_replace('#^\'#si', '', $value); //replace ' at start break; } return $value; }
function saveAddressInCart($data, $type, $putIntoSession = true,$prefix='') { // VirtueMartModelUserfields::getUserFields() won't work if(!class_exists('VirtueMartModelUserfields')) require(VMPATH_ADMIN.DS.'models'.DS.'userfields.php' ); $userFieldsModel = VmModel::getModel('userfields'); if ($type == 'STaddress' or $type == 'BTaddress'){ vmTrace('STaddress found, seek and destroy'); } $prepareUserFields = $userFieldsModel->getUserFieldsFor('cart',$type); if(!is_array($data)){ $data = get_object_vars($data); } if ($type =='ST') { $this->STsameAsBT = 0; } else { // BT if(empty($data['email'])){ $jUser = JFactory::getUser(); $address['email'] = $jUser->email; } } $address = array(); if(!class_exists('vmFilter'))require(VMPATH_ADMIN.DS.'helpers'.DS.'vmfilter.php'); foreach ($prepareUserFields as $fld) { if(!empty($fld->name)){ $name = $fld->name; if(!isset($data[$prefix.$name])){ $tmp = vRequest::getString($prefix.$name,false); if($tmp){ $data[$prefix.$name] = $tmp; } else if($fld->required and isset($this->{$type}[$name])){ //Why we have this fallback to the already stored value? $data[$prefix.$name] = $this->{$type}[$name]; } /*if($fld->type=='text'){ } else { vmdebug('my fld ',$fld); }*/ } if(isset($data[$prefix.$name])){ if(!empty($data[$prefix.$name])){ $value = vmFilter::hl( $data[$prefix.$name],array('deny_attribute'=>'*')); //to strong /* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */ //lets use instead $value = JComponentHelper::filterText($value); $value = (string)preg_replace('#on[a-z](.+?)\)#si','',$value);//replace start of script onclick() onload()... $value = trim(str_replace('"', ' ', $value),"'") ; $data[$prefix.$name] = (string)preg_replace('#^\'#si','',$value); } $address[$name] = $data[$prefix.$name]; } else { vmdebug('Data not found for type '.$type.' and name '.$prefix.$name.' '); } } } //dont store passwords in the session unset($address['password']); unset($address['password2']); $this->{$type} = $address; if($putIntoSession){ $this->setCartIntoSession(true); } }
private function filterCartInput($v) { $v = vmFilter::hl($v, array('deny_attribute' => '*')); //to strong /* $value = preg_replace('@<[\/\!]*?[^<>]*?>@si','',$value);//remove all html tags */ //lets use instead $v = JComponentHelper::filterText($v); $v = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $v); //replace start of script onclick() onload()... $v = str_replace(array('"', "\t", "\n", "\r", "", "\v"), ' ', trim($v)); return (string) preg_replace('#^\'#si', '', $v); }
/** * Add a product to the cart * * @author RolandD * @author Max Milbers * @access public */ public function add($virtuemart_product_ids = null, &$errorMsg = '') { $mainframe = JFactory::getApplication(); $success = false; $post = JRequest::get('default'); if (empty($virtuemart_product_ids)) { $virtuemart_product_ids = JRequest::getVar('virtuemart_product_id', array(), 'default', 'array'); //is sanitized then } if (empty($virtuemart_product_ids)) { $mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_CART_ERROR_NO_PRODUCT_IDS', false)); return false; } //Iterate through the prod_id's and perform an add to cart for each one foreach ($virtuemart_product_ids as $p_key => $virtuemart_product_id) { $quantityPost = (int) $post['quantity'][$p_key]; if ($quantityPost === 0) { continue; } $tmpProduct = $this->getProduct((int) $virtuemart_product_id, $quantityPost); // dump($tmpProduct,'my product add to cart before'); // trying to save some space in the session table $product = new stdClass(); $product->virtuemart_manufacturer_id = $tmpProduct->virtuemart_manufacturer_id; // $product -> mf_name = $tmpProduct -> mf_name; $product->slug = $tmpProduct->slug; // $product -> mf_desc = $tmpProduct -> mf_desc; // $product -> mf_url = $tmpProduct -> mf_url; $product->published = $tmpProduct->published; $product->virtuemart_product_price_id = $tmpProduct->virtuemart_product_price_id; $product->virtuemart_product_id = $tmpProduct->virtuemart_product_id; $product->virtuemart_shoppergroup_id = $tmpProduct->virtuemart_shoppergroup_id; $product->product_price = $tmpProduct->product_price; $product->override = $tmpProduct->override; $product->product_override_price = $tmpProduct->product_override_price; $product->product_tax_id = $tmpProduct->product_tax_id; $product->product_discount_id = $tmpProduct->product_discount_id; $product->product_currency = $tmpProduct->product_currency; // $product -> product_price_vdate = $tmpProduct -> product_price_vdate; // $product -> product_price_edate = $tmpProduct -> product_price_edate; $product->virtuemart_vendor_id = $tmpProduct->virtuemart_vendor_id; $product->product_parent_id = $tmpProduct->product_parent_id; $product->product_sku = $tmpProduct->product_sku; $product->product_name = $tmpProduct->product_name; $product->product_s_desc = $tmpProduct->product_s_desc; $product->product_weight = $tmpProduct->product_weight; $product->product_weight_uom = $tmpProduct->product_weight_uom; $product->product_length = $tmpProduct->product_length; $product->product_width = $tmpProduct->product_width; $product->product_height = $tmpProduct->product_height; $product->product_lwh_uom = $tmpProduct->product_lwh_uom; $product->product_in_stock = $tmpProduct->product_in_stock; $product->product_ordered = $tmpProduct->product_ordered; $product->product_sales = $tmpProduct->product_sales; $product->product_unit = $tmpProduct->product_unit; $product->product_packaging = $tmpProduct->product_packaging; $product->min_order_level = $tmpProduct->min_order_level; $product->max_order_level = $tmpProduct->max_order_level; $product->virtuemart_media_id = $tmpProduct->virtuemart_media_id; if (!empty($tmpProduct->images)) { $product->image = $tmpProduct->images[0]; } $product->categories = $tmpProduct->categories; $product->virtuemart_category_id = $tmpProduct->virtuemart_category_id; $product->category_name = $tmpProduct->category_name; $product->link = $tmpProduct->link; $product->packaging = $tmpProduct->packaging; //$product -> customfields = empty($tmpProduct -> customfields)? array():$tmpProduct -> customfields ; //$product -> customfieldsCart = empty($tmpProduct -> customfieldsCart)? array(): $tmpProduct -> customfieldsCart; if (!empty($tmpProduct->customfieldsCart)) { $product->customfieldsCart = true; } //$product -> customsChilds = empty($tmpProduct -> customsChilds)? array(): $tmpProduct -> customsChilds; //Why reloading the product wiht same name $product ? // passed all from $tmpProduct and relaoding it second time ???? // $tmpProduct = $this->getProduct((int) $virtuemart_product_id); seee before !!! // $product = $this->getProduct((int) $virtuemart_product_id); // Who ever noted that, yes that is exactly right that way, before we have a full object, with all functions // of all its parents, we only need the data of the product, so we create a dummy class which contains only the data // This is extremly important for performance reasons, else the sessions becomes too big. // Check if we have a product if ($product) { if (!empty($post['virtuemart_category_id'][$p_key])) { $virtuemart_category_idPost = (int) $post['virtuemart_category_id'][$p_key]; $product->virtuemart_category_id = $virtuemart_category_idPost; } $productKey = $product->virtuemart_product_id; // INDEX NOT FOUND IN JSON HERE // changed name field you know exactly was this is if (isset($post['customPrice'])) { $product->customPrices = $post['customPrice']; if (isset($post['customPlugin'])) { if (!class_exists('vmFilter')) { require JPATH_VM_ADMINISTRATOR . DS . 'helpers' . DS . 'vmfilter.php'; } if (!is_array($post['customPlugin'])) { $customPluginPost = (array) $post['customPlugin']; } else { $customPluginPost = $post['customPlugin']; } VmConfig::$echoDebug = TRUE; foreach ($customPluginPost as &$customPlugin) { if (is_array($customPlugin)) { foreach ($customPlugin as &$customPlug) { if (is_array($customPlug)) { foreach ($customPlug as &$customPl) { $value = vmFilter::hl($customPl, array('deny_attribute' => '*')); $value = preg_replace('@<[\\/\\!]*?[^<>]*?>@si', '', $value); //remove all html tags $value = (string) preg_replace('#on[a-z](.+?)\\)#si', '', $value); //replace start of script onclick() onload()... $value = trim(str_replace('"', ' ', $value), "'"); $customPl = (string) preg_replace('#^\'#si', '', $value); } } } } } $product->customPlugin = json_encode($customPluginPost); } $productKey .= '::'; foreach ($product->customPrices as $customPrice) { foreach ($customPrice as $customId => $custom_fieldId) { //MarkerVarMods if (is_array($custom_fieldId)) { foreach ($custom_fieldId as $userfieldId => $userfield) { //$productKey .= (int)$customId . ':' . (int)$userfieldId . ';'; $productKey .= (int) $custom_fieldId . ':' . (int) $customId . ';'; } } else { //TODO productCartId $productKey .= (int) $custom_fieldId . ':' . (int) $customId . ';'; } } } } // Add in the quantity in case the customfield plugins need it $product->quantity = (int) $quantityPost; if (!class_exists('vmCustomPlugin')) { require JPATH_VM_PLUGINS . DS . 'vmcustomplugin.php'; } JPluginHelper::importPlugin('vmcustom'); $dispatcher = JDispatcher::getInstance(); // on returning false the product have not to be added to cart $addToCartReturnValues = $dispatcher->trigger('plgVmOnAddToCart', array(&$product)); foreach ($addToCartReturnValues as $returnValue) { if ($returnValue === false) { continue 2; } } if (array_key_exists($productKey, $this->products) && empty($product->customPlugin)) { $errorMsg = JText::_('COM_VIRTUEMART_CART_PRODUCT_UPDATED'); $totalQuantity = $this->products[$productKey]->quantity + $quantityPost; if ($this->checkForQuantities($product, $totalQuantity, $errorMsg)) { $this->products[$productKey]->quantity = $totalQuantity; } else { continue; } } else { if (!empty($product->customPlugin)) { $productKey .= count($this->products); } if ($this->checkForQuantities($product, $quantityPost, $errorMsg)) { $this->products[$productKey] = $product; $product->quantity = $quantityPost; //$mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_CART_PRODUCT_ADDED')); } else { // $errorMsg = JText::_('COM_VIRTUEMART_CART_PRODUCT_OUT_OF_STOCK'); continue; } } $success = true; } else { $mainframe->enqueueMessage(JText::_('COM_VIRTUEMART_PRODUCT_NOT_FOUND', false)); return false; } } if ($success == false) { return false; } // End Iteration through Prod id's $this->setCartIntoSession(); return true; }