public function moveFiles(\DataContainer $dc) { $arrPost = Request::getPost(); foreach ($arrPost as $key => $value) { $arrData = $GLOBALS['TL_DCA'][$dc->table]['fields'][$key]; if ($arrData['inputType'] != MultiFileUpload::NAME) { continue; } $arrFiles = deserialize($dc->activeRecord->{$key}); $strUploadFolder = Files::getFolderFromDca($arrData['eval']['uploadFolder'], $dc); if ($strUploadFolder === null) { throw new \Exception(sprintf($GLOBALS['TL_LANG']['ERR']['uploadNoUploadFolderDeclared'], $key, MultiFileUpload::UPLOAD_TMP)); } if (!is_array($arrFiles)) { $arrFiles = array($arrFiles); } $objFileModels = FilesModel::findMultipleByUuids($arrFiles); if ($objFileModels === null) { continue; } $arrPaths = $objFileModels->fetchEach('path'); $arrTargets = array(); // do not loop over $objFileModels as $objFile->close() will pull models away foreach ($arrPaths as $strPath) { $objFile = new \File($strPath); $strName = $objFile->name; $strTarget = $strUploadFolder . '/' . $strName; // upload_path_callback if (is_array($arrData['upload_path_callback'])) { foreach ($arrData['upload_path_callback'] as $callback) { $strTarget = \System::importStatic($callback[0])->{$callback[1]}($strTarget, $objFile, $dc) ?: $strTarget; } } if (StringUtil::startsWith($objFile->path, ltrim($strTarget, '/'))) { continue; } if ($objFile->renameTo($strTarget)) { $arrTargets[] = $strTarget; $objFile->close(); continue; } $arrTargets[] = $strPath; } // HOOK: post upload callback if (isset($GLOBALS['TL_HOOKS']['postUpload']) && is_array($GLOBALS['TL_HOOKS']['postUpload'])) { foreach ($GLOBALS['TL_HOOKS']['postUpload'] as $callback) { if (is_array($callback)) { \System::importStatic($callback[0])->{$callback[1]}($arrTargets); } elseif (is_callable($callback)) { $callback($arrTargets); } } } } }
protected function getArguments() { $arrArgumentValues = array(); $arrArguments = $this->arrAttributes['arguments']; $arrOptional = is_array($this->arrAttributes['optional']) ? $this->arrAttributes['optional'] : array(); $strMethod = Request::getInstance()->getMethod(); foreach ($arrArguments as $argument) { if (is_array($argument) || is_bool($argument)) { $arrArgumentValues[] = $argument; continue; } if (!in_array($argument, $arrOptional) && ($strMethod == 'POST' && !isset($_POST[$argument]) || $strMethod == 'GET' && !isset($_GET[$argument]))) { header('HTTP/1.1 400 Bad Request'); die('Bad Request, missing argument ' . $argument); } $varValue = $strMethod == 'POST' ? Request::getPost($argument) : Request::getGet($argument); if ($varValue === 'true' || $varValue === 'false') { $varValue = filter_var($varValue, FILTER_VALIDATE_BOOLEAN); } $arrArgumentValues[] = $varValue; } return $arrArgumentValues; }
/** * Toggle Subpalette * @param $id * @param $strField * @param bool $blnLoad * * @return ResponseError|ResponseSuccess */ function toggleSubpalette($id, $strField, $blnLoad = false) { if (!$this->dc->isSubmitted()) { return; } $varValue = Request::getPost($strField) ?: 0; if (!is_array($this->dca['palettes']['__selector__']) || !in_array($strField, $this->dca['palettes']['__selector__'])) { \Controller::log('Field "' . $strField . '" is not an allowed selector field (possible SQL injection attempt)', __METHOD__, TL_ERROR); return new ResponseError(); } $arrData = $this->dca['fields'][$strField]; if (!Validator::isValidOption($varValue, $arrData, $this->dc)) { \Controller::log('Field "' . $strField . '" value is not an allowed option (possible SQL injection attempt)', __METHOD__, TL_ERROR); return new ResponseError(); } if (empty(FormHelper::getFieldOptions($arrData, $this->dc))) { $varValue = intval($varValue) ? 1 : ''; } $this->dc->setSkipValidation(true); // do not validate fields $this->dc->setDoNotSubmit(true); $this->dc->activeRecord->{$strField} = $varValue; $objResponse = new ResponseSuccess(); if ($blnLoad) { $objResponse->setResult(new ResponseData($this->dc->edit(false, $id))); } return $objResponse; }