/** * Process the authors step * * @return void */ public function step_authors_process() { // Incoming $id = Request::getInt('id', 0); // Ensure we have an ID to work with if (!$id) { return; } // Load the resource $row = new Resource($this->database); $row->load($id); // Set the group and access level $row->group_owner = Request::getVar('group_owner', ''); $row->access = Request::getInt('access', 0); if ($row->access > 2 && !$row->group_owner) { $this->setError(Lang::txt('Please select a group to restrict access to.')); $this->step--; $this->view->step = $this->step; $this->view->setLayout('authors'); $this->step_authors(); return; } // Check content if (!$row->check()) { $this->setError($row->getError()); $this->step--; $this->view->step = $this->step; $this->view->setLayout('authors'); $this->step_authors(); return; } // Store new content if (!$row->store()) { $this->setError(Lang::txt('Error: Failed to store changes.')); $this->step--; $this->view->step = $this->step; $this->view->setLayout('authors'); $this->step_authors(); return; } }
/** * Sets the access level of a resource * Redirects to main listing * * @return void */ public function accessTask() { // Check for request forgeries Request::checkToken(['get', 'post']); // Incoming $id = Request::getInt('id', 0); $pid = Request::getInt('pid', 0); // Ensure we have an ID to work with if (!$id) { $this->setMessage(Lang::txt('COM_RESOURCES_ERROR_MISSING_ID')); return $this->cancelTask(); } // Choose access level switch ($this->_task) { case 'accesspublic': $access = 0; break; case 'accessregistered': $access = 1; break; case 'accessspecial': $access = 2; break; case 'accessprotected': $access = 3; break; case 'accessprivate': $access = 4; break; default: $access = 0; break; } // Load resource info $row = new Resource($this->database); $row->load($id); $row->access = $access; // Check and store changes if (!$row->check()) { $this->setMessage($row->getError()); return $this->cancelTask(); } if (!$row->store()) { $this->setMessage($row->getError()); return $this->cancelTask(); } // Redirect App::redirect($this->buildRedirectURL($pid)); }
/** * Save an attachment * * @return void */ public function saveTask() { if (Request::getVar('no_html', 0)) { return $this->ajaxUploadTask(); } // Incoming $pid = Request::getInt('pid', 0); if (!$pid) { $this->setError(Lang::txt('CONTRIBUTE_NO_ID')); $this->displayTask($pid); return; } // Incoming file $file = Request::getVar('upload', '', 'files', 'array'); if (!$file['name']) { $this->setError(Lang::txt('CONTRIBUTE_NO_FILE')); $this->displayTask($pid); return; } // Make the filename safe $file['name'] = \Filesystem::clean($file['name']); // Ensure file names fit. $ext = \Filesystem::extension($file['name']); $file['name'] = str_replace(' ', '_', $file['name']); if (strlen($file['name']) > 230) { $file['name'] = substr($file['name'], 0, 230); $file['name'] .= '.' . $ext; } // Instantiate a new resource object $row = new Resource($this->database); if (!$row->bind($_POST)) { $this->setError($row->getError()); $this->displayTask($pid); return; } $row->title = $row->title ? $row->title : $file['name']; $row->introtext = $row->title; $row->created = Date::toSql(); $row->created_by = User::get('id'); $row->published = 1; $row->publish_up = Date::toSql(); $row->publish_down = '0000-00-00 00:00:00'; $row->standalone = 0; $row->path = ''; // make sure no path is specified just yet // Check content if (!$row->check()) { $this->setError($row->getError()); $this->displayTask($pid); return; } // File already exists if ($row->loadByFile($file['name'], $pid)) { $this->setError(Lang::txt('A file with this name and type appears to already exist.')); $this->displayTask($pid); return; } // Store new content if (!$row->store()) { $this->setError($row->getError()); $this->displayTask($pid); return; } if (!$row->id) { $row->id = $row->insertid(); } // Build the path $listdir = $this->_buildPathFromDate($row->created, $row->id, ''); $path = $this->_buildUploadPath($listdir, ''); // Make sure the upload path exist if (!is_dir($path)) { if (!\Filesystem::makeDirectory($path)) { $this->setError(Lang::txt('COM_CONTRIBUTE_UNABLE_TO_CREATE_UPLOAD_PATH')); $this->displayTask($pid); return; } } // Perform the upload if (!\Filesystem::upload($file['tmp_name'], $path . DS . $file['name'])) { $this->setError(Lang::txt('COM_CONTRIBUTE_ERROR_UPLOADING')); } else { // File was uploaded // Check the file type $row->type = $this->_getChildType($file['name']); // If it's a package (ZIP, etc) ... /* Breeze presentations haven't been used for some time. Completely unnecessary code? if ($row->type == 38) { require_once(PATH_CORE . DS . 'includes' . DS . 'pcl' . DS . 'pclzip.lib.php'); if (!extension_loaded('zlib')) { $this->setError(Lang::txt('COM_CONTRIBUTE_ZLIB_PACKAGE_REQUIRED')); } else { // Check the table of contents and look for a Breeze viewer.swf file $isbreeze = 0; $zip = new PclZip($path . DS . $file['name']); $file_to_unzip = preg_replace('/(.+)\..*$/', '$1', $path . DS . $file['name']); if (($list = $zip->listContent()) == 0) { die('Error: '.$zip->errorInfo(true)); } for ($i=0; $i<sizeof($list); $i++) { if (substr($list[$i]['filename'], strlen($list[$i]['filename']) - 10, strlen($list[$i]['filename'])) == 'viewer.swf') { $isbreeze = $list[$i]['filename']; break; } //$this->setError(substr($list[$i]['filename'], strlen($list[$i]['filename']), -4).' '.substr($file['name'], strlen($file['name']), -4)); } if (!$isbreeze) { for ($i=0; $i<sizeof($list); $i++) { if (strtolower(substr($list[$i]['filename'], -3)) == 'swf' && substr($list[$i]['filename'], strlen($list[$i]['filename']), -4) == substr($file['name'], strlen($file['name']), -4)) { $isbreeze = $list[$i]['filename']; break; } //$this->setError(substr($list[$i]['filename'], strlen($list[$i]['filename']), -4).' '.substr($file['name'], strlen($file['name']), -4)); } } // It IS a breeze presentation if ($isbreeze) { // unzip the file $do = $zip->extract($path); if (!$do) { $this->setError(Lang::txt('COM_CONTRIBUTE_UNABLE_TO_EXTRACT_PACKAGE')); } else { $row->path = $listdir . DS . $isbreeze; @unlink($path . DS . $file['name']); } $row->type = $this->_getChildType($row->path); $row->title = $isbreeze; } } }*/ } // Scan for viruses $fpath = $path . DS . $file['name']; if (!\Filesystem::isSafe($fpath)) { if (\Filesystem::delete($fpath)) { // Delete associations to the resource $row->deleteExistence(); // Delete resource $row->delete(); } $this->setError(Lang::txt('File rejected because the anti-virus scan failed.')); $this->displayTask($pid); return; } if (!$row->path) { $row->path = $listdir . DS . $file['name']; } $row->path = ltrim($row->path, DS); // Store new content if (!$row->store()) { $this->setError($row->getError()); $this->displayTask($pid); return; } // Instantiate a Resources Assoc object $assoc = new Assoc($this->database); // Get the last child in the ordering $assoc->ordering = $assoc->getLastOrder($pid); $assoc->ordering = $assoc->ordering ? $assoc->ordering : 0; // Increase the ordering - new items are always last $assoc->ordering++; // Create new parent/child association $assoc->parent_id = $pid; $assoc->child_id = $row->id; $assoc->grouping = 0; if (!$assoc->check()) { $this->setError($assoc->getError()); } if (!$assoc->store(true)) { $this->setError($assoc->getError()); } else { if (is_readable($path . DS . $file['name'])) { $hash = @sha1_file($path . DS . $file['name']); if (!empty($hash)) { $this->database->setQuery('SELECT id FROM `#__document_text_data` WHERE hash = \'' . $hash . '\''); if (!($doc_id = $this->database->loadResult())) { $this->database->execute('INSERT INTO `#__document_text_data` (hash) VALUES (\'' . $hash . '\')'); $doc_id = $this->database->insertId(); } $this->database->execute('INSERT IGNORE INTO `#__document_resource_rel` (document_id, resource_id) VALUES (' . (int) $doc_id . ', ' . (int) $row->id . ')'); system('/usr/bin/textifier ' . escapeshellarg($path . DS . $file['name']) . ' >/dev/null'); } } } // Push through to the attachments view $this->displayTask($pid); }