public function executePostActionsHook($strAction, \DataContainer $dc)
{
if ($strAction !== static::$uploadAction) {
return false;
}
// Check whether the field is allowed for regular users
if (!isset($GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]) || $GLOBALS['TL_DCA'][$dc->table]['fields'][\Input::post('field')]['exclude'] && !\BackendUser::getInstance()->hasAccess($dc->table . '::' . \Input::post('field'), 'alexf')) {
\System::log('Field "' . \Input::post('field') . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR);
$objResponse = new ResponseError();
$objResponse->setMessage('Bad Request');
$objResponse->output();
}
$this->name = \Input::post('field');
$this->id = \Input::post('field');
$this->field = \Input::post('field');
if ($dc->activeRecord === null) {
$dc->activeRecord = General::getModelInstance($dc->table, $dc->id);
}
// add dca attributes
$this->addAttributes(\Widget::getAttributesFromDca($GLOBALS['TL_DCA'][$dc->table]['fields'][$this->name], $this->name));
$objResponse = $this->upload();
/** @var Response */
if ($objResponse instanceof Response) {
$objResponse->output();
}
}
public static function getArchiveParent($intSubmission)
{
if (($objSubmissionArchive = static::getArchive($intSubmission)) !== null && $objSubmissionArchive->parentTable && $objSubmissionArchive->pid) {
if (($objArchiveParent = General::getModelInstance($objSubmissionArchive->parentTable, $objSubmissionArchive->pid)) !== null) {
return $objArchiveParent;
}
}
}
public static function getArchiveName($strTable)
{
$strPTable = $GLOBALS['TL_DCA'][$strTable]['config']['ptable'];
$intPid = \Input::get('id');
if ($strPTable) {
$objInstance = General::getModelInstance($strPTable, $intPid);
return $objInstance->title;
} else {
return $strTable;
}
}
public static function prepareSpecialValueForPrint($varValue, $arrData, $strTable, $objDc, $objItem = null)
{
$varValue = deserialize($varValue);
$arrOpts = $arrData['options'];
$arrReference = $arrData['reference'];
$strRegExp = $arrData['eval']['rgxp'];
// get options
if ((is_array($arrData['options_callback']) || is_callable($arrData['options_callback'])) && !$arrData['reference']) {
if (is_array($arrData['options_callback'])) {
$strClass = $arrData['options_callback'][0];
$strMethod = $arrData['options_callback'][1];
$objInstance = \Controller::importStatic($strClass);
$arrOptionsCallback = @$objInstance->{$strMethod}($objDc);
} elseif (is_callable($arrData['options_callback'])) {
$arrOptionsCallback = @$arrData['options_callback']($objDc);
}
$arrOptions = !is_array($varValue) ? array($varValue) : $varValue;
if ($varValue !== null && is_array($arrOptionsCallback)) {
$varValue = array_intersect_key($arrOptionsCallback, array_flip($arrOptions));
}
}
// foreignKey
if (isset($arrData['foreignKey']) && !is_array($varValue)) {
list($strForeignTable, $strForeignField) = explode('.', $arrData['foreignKey']);
if (($objInstance = General::getModelInstance($strForeignTable, $varValue)) !== null) {
$varValue = $objInstance->{$strForeignField};
}
}
if ($arrData['inputType'] == 'explanation') {
$varValue = $arrData['eval']['text'];
} elseif ($strRegExp == 'date') {
$varValue = \Date::parse(\Config::get('dateFormat'), $varValue);
} elseif ($strRegExp == 'time') {
$varValue = \Date::parse(\Config::get('timeFormat'), $varValue);
} elseif ($strRegExp == 'datim') {
$varValue = \Date::parse(\Config::get('datimFormat'), $varValue);
} elseif ($arrData['inputType'] == 'tag' && in_array('tags_plus', \ModuleLoader::getActive())) {
if (($arrTags = \HeimrichHannot\TagsPlus\TagsPlus::loadTags($strTable, $objItem->id)) !== null) {
$varValue = $arrTags;
}
} elseif (!is_array($varValue) && \Validator::isBinaryUuid($varValue)) {
$strPath = Files::getPathFromUuid($varValue);
$varValue = $strPath ? \Environment::get('url') . '/' . $strPath : \StringUtil::binToUuid($varValue);
} elseif (is_array($varValue)) {
$varValue = Arrays::flattenArray($varValue);
$varValue = array_filter($varValue);
// remove empty elements
// transform binary uuids to paths
$varValue = array_map(function ($varValue) {
if (\Validator::isBinaryUuid($varValue)) {
$strPath = Files::getPathFromUuid($varValue);
if ($strPath) {
return \Environment::get('url') . '/' . $strPath;
}
return \StringUtil::binToUuid($varValue);
}
return $varValue;
}, $varValue);
if (!$arrReference) {
$varValue = array_map(function ($varValue) use($arrOpts) {
return isset($arrOpts[$varValue]) ? $arrOpts[$varValue] : $varValue;
}, $varValue);
}
$varValue = array_map(function ($varValue) use($arrReference) {
if (is_array($arrReference)) {
return isset($arrReference[$varValue]) ? is_array($arrReference[$varValue]) ? $arrReference[$varValue][0] : $arrReference[$varValue] : $varValue;
} else {
return $varValue;
}
}, $varValue);
} else {
if ($arrData['eval']['isBoolean'] || $arrData['inputType'] == 'checkbox' && !$arrData['eval']['multiple']) {
$varValue = $varValue != '' ? $GLOBALS['TL_LANG']['MSC']['yes'] : $GLOBALS['TL_LANG']['MSC']['no'];
} elseif (is_array($arrOpts) && array_is_assoc($arrOpts)) {
$varValue = isset($arrOpts[$varValue]) ? $arrOpts[$varValue] : $varValue;
} elseif (is_array($arrReference)) {
$varValue = isset($arrReference[$varValue]) ? is_array($arrReference[$varValue]) ? $arrReference[$varValue][0] : $arrReference[$varValue] : $varValue;
}
}
if (is_array($varValue)) {
$varValue = implode(', ', $varValue);
}
// Convert special characters (see #1890)
return specialchars($varValue);
}
public function checkDeletePermission($intId)
{
if (!$this->allowDelete) {
return false;
}
if (($objItem = General::getModelInstance($this->formHybridDataContainer, $intId)) === null) {
return false;
}
$arrConditions = array();
// check session if not logged in...
if (!FE_USER_LOGGED_IN) {
if (!$this->disableSessionCheck) {
if (!\Database::getInstance()->fieldExists(General::PROPERTY_SESSION_ID, $this->formHybridDataContainer)) {
throw new \Exception(sprintf('No session field in %s available, either create field %s or set `disableSessionCheck` to true.', $this->formHybridDataContainer, General::PROPERTY_SESSION_ID));
}
$arrConditions[] = array('field' => General::PROPERTY_SESSION_ID, 'value' => session_id());
}
} else {
if (!$this->disableAuthorCheck) {
if (!\Database::getInstance()->fieldExists(General::PROPERTY_AUTHOR_TYPE, $this->formHybridDataContainer)) {
throw new \Exception(sprintf('No session field in %s available, either create field %s or set `disableAuthorCheck` to true.', $this->formHybridDataContainer, General::PROPERTY_AUTHOR_TYPE));
}
$arrConditions[] = array('field' => General::PROPERTY_AUTHOR_TYPE, 'value' => General::AUTHOR_TYPE_MEMBER);
if (!\Database::getInstance()->fieldExists(General::PROPERTY_AUTHOR, $this->formHybridDataContainer)) {
throw new \Exception(sprintf('No session field in %s available, either create field %s or set `disableAuthorCheck` to true.', $this->formHybridDataContainer, General::PROPERTY_AUTHOR));
}
$arrConditions[] = array('field' => General::PROPERTY_AUTHOR, 'value' => \FrontendUser::getInstance()->id);
}
}
if ($this->addDeleteConditions) {
$arrConditions = array_merge(deserialize($this->deleteConditions, true), $arrConditions);
}
if (!empty($arrConditions)) {
foreach ($arrConditions as $arrCondition) {
if ($objItem->{$arrCondition['field']} != $this->replaceInsertTags($arrCondition['value'])) {
return false;
}
}
}
return true;
}
public function generateAjax($strAction, \DataContainer $objDca)
{
// no tagsinput action --> return
if (!$this->isValidAjaxActions($strAction)) {
return;
}
$strField = $objDca->field = \Input::post('name');
\Controller::loadDataContainer($objDca->table);
$objActiveRecord = \HeimrichHannot\Haste\Dca\General::getModelInstance($objDca->table, $objDca->id);
if ($objActiveRecord === null) {
$this->log('No active record for "' . $strField . '" found (possible SQL injection attempt)', __METHOD__, TL_ERROR);
header('HTTP/1.1 400 Bad Request');
die('Bad Request');
}
$strField = \Input::post('name');
$objDca->activeRecord = $objActiveRecord;
$arrData = $GLOBALS['TL_DCA'][$objDca->table]['fields'][$strField];
if (!is_array($arrData)) {
$this->log('No valid field configuration (dca) found for "' . $objDca->table . '.' . $strField . '" (possible SQL injection attempt)', __METHOD__, TL_ERROR);
header('HTTP/1.1 400 Bad Request');
die('Bad Request');
}
$return = '';
switch ($strAction) {
case static::ACTION_FETCH_REMOTE_OPTIONS:
$objWidget = new \TagsInput(\Widget::getAttributesFromDca($arrData, $strField, $objActiveRecord->{$strField}, $strField, $this->strTable, $objDca));
$return = array_values($objWidget->getRemoteOptionsFromQuery(\Input::post('query')));
break;
}
die(json_encode($return));
}
