/** * Manages configuration settings for the Session module * * @return string */ public function indexSection() { if (!$this->_acl->check('session_manage')) { throw new Module_NoPermission(); } $this->setTitle(t('Session configuration')); $this->setOutputType(self::_OT_CONFIG); // Check for input data or display the view file if ($this->_input->has('post', 'session')) { if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); } else { foreach ($this->_input->post('session') as $key => $val) { try { $this->_config_sql->update('session/' . $key, $val); } catch (Config_KeyNoExist $e) { $this->_config_sql->add('session/' . $key, $val); } } $this->_event->success(t('Updated session configuration')); } return zula_redirect($this->_router->makeUrl('session', 'config')); } else { $this->addAsset('js/logindest.js'); $view = $this->loadView('config/config.html'); $view->assign($this->_config->get('session')); $view->assignHtml(array('CSRF' => $this->_input->createToken(true))); return $view->getOutput(); } }
/** * Updates which theme should be used for the different * site types. * * @return string */ public function updateSection() { if (!$this->_acl->check('theme_update')) { throw new Module_NoPermission(); } else { if ($this->_input->checkToken()) { try { $siteType = $this->_input->post('theme_site_type'); if ($this->_router->siteTypeExists($siteType)) { $theme = $this->_input->post('theme'); if (Theme::exists($theme)) { $this->_config_sql->update('theme/' . $siteType . '_default', $theme); $this->_event->success(t('Updated default theme')); } } else { $this->_event->error(t('Selected site type does not exist')); $siteType = null; } } catch (Input_KeyNoExist $e) { $this->_event->error(t('Please select a theme to use as the default')); } } else { $this->_event->error(Input::csrfMsg()); } } $siteType = isset($siteType) ? $siteType : $this->_router->getDefaultSiteType(); return zula_redirect($this->_router->makeUrl('theme')->queryArgs(array('type' => $siteType))); }
/** * Deletes all selected poll options * * @return string */ public function delOptSection() { $this->setOutputType(self::_OT_CONFIG); if (!$this->_acl->check('poll_delete')) { throw new Module_NoPermission(); } else { if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); } else { try { $poll = $this->_model()->getPoll($this->_router->getArgument('id')); // Check user has permission $resource = 'poll-' . $poll['id']; if ($this->_acl->resourceExists($resource) && $this->_acl->check($resource)) { $optionIds = $this->_input->post('option_ids'); foreach ((array) $optionIds as $oid) { try { $this->_model()->deleteOption($oid); } catch (Poll_OptionNoExist $e) { } } $this->_event->success(t('Deleted selected options')); } else { throw new Module_NoPermission(); } } catch (Input_KeyNoExist $e) { $this->_event->error(t('No options selected')); } } } if (isset($poll['id'])) { return zula_redirect($this->_router->makeUrl('poll', 'config', 'edit', null, array('id' => $poll['id']))); } else { return zula_redirect($this->_router->makeUrl('poll', 'config')); } }
/** * Creates a bridge between the Delete Selected and Update Order * functionaility, as there can only be one form with one action * * @return mixed */ public function bridgeSection() { $this->setOutputType(self::_OT_CONFIG); if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); } else { if ($this->_input->has('post', 'menu_delete')) { // Delete all selected menu items if (!$this->_acl->check('menu_delete_item')) { throw new Module_NoPermission(); } try { $delCount = 0; foreach ($this->_input->post('menu_ids') as $item) { try { $resource = 'menu-item-' . $item; if ($this->_acl->resourceExists($resource) && $this->_acl->check($resource)) { $this->_model()->deleteItem($item); ++$delCount; } } catch (Menu_ItemNoExist $e) { } } if ($delCount > 0) { $this->_event->success(t('Deleted menu items')); } } catch (Input_KeyNoExist $e) { $this->_event->error(t('No menu items selected')); } } else { if ($this->_input->has('post', 'menu_updateorder')) { // Update order of all of the menu items if (!$this->_acl->check('menu_edit_item')) { throw new Module_NoPermission(); } $execData = array(); $sqlMiddle = null; foreach ($this->_input->post('menu_order') as $item => $order) { try { $item = $this->_model()->getItem($item); $resource = 'menu-item-' . $item['id']; if ($this->_acl->resourceExists($resource) && $this->_acl->check($resource)) { // Clear cache for this menu item! $this->_cache->delete(array('menu_items_' . $item['cat_id'], 'menu_child_items_' . $item['id'])); $execData[] = $item['id']; $execData[] = abs($order); $sqlMiddle .= 'WHEN id = ? THEN ? '; } } catch (Menu_ItemNoExist $e) { } } if ($sqlMiddle !== null) { $pdoSt = $this->_sql->prepare('UPDATE {PREFIX}mod_menu SET `order` = CASE ' . $sqlMiddle . 'ELSE `order` END'); $pdoSt->execute($execData); } $this->_event->success(t('Menu order updated')); } } } try { $url = $this->_router->makeUrl('menu', 'config', 'editcat', null, array('id' => $this->_input->post('menu/cid'))); } catch (Router_ArgNoExist $e) { $url = $this->_router->makeUrl('menu', 'config'); } return zula_redirect($url); }
/** * Attempts to delete all selected users * * @return string */ public function deleteSection() { $this->setOutputType(self::_OT_CONFIG); if (!$this->_acl->check('users_delete')) { throw new Module_NoPermission(); } else { if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); } else { try { $delCount = 0; foreach ($this->_input->post('user_ids') as $uid) { try { $this->_ugmanager->deleteUser($uid); ++$delCount; } catch (Ugmanager_InvalidUser $e) { $this->_event->error(t('You can not delete the root or guest user')); } catch (Ugmanager_UserNoExist $e) { } } if ($delCount > 0) { $this->_event->success(t('Deleted Selected Users')); } } catch (Input_KeyNoExist $e) { $this->_event->error(t('No users selected')); } } } return zula_redirect($this->_router->makeUrl('users', 'config')); }
/** * Update the settings based on the post-data provided * * @param string $name * @param array $args * @return string */ public function __call($name, $args) { $name = substr($name, 0, -7); if (!$this->_acl->check('settings_update')) { throw new Module_NoPermission(); } else { if (!in_array($name, $this->categories)) { throw new Module_ControllerNoExist(); } else { if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); return zula_redirect($this->_router->makeUrl('settings', $name)); } } } $this->setTitle(t('Update settings')); // Update all of the provided settings, or insert if they don't exist foreach ($this->_input->post('setting') as $key => $val) { if (strpos($key, 'cache') !== 0) { if (substr($key, 8, 9) == 'mail/smtp' && !$this->_acl->check('settings_access_smtp')) { continue; } try { $this->_config_sql->update($key, $val); } catch (Config_KeyNoExist $e) { $this->_sql->insert('config', array('name' => $key, 'value' => $val)); } } } /** * Category specific things to do when updating * the settings or other things (ACL forms etc). */ switch ($name) { case 'general': $this->_cache->delete('view_default_tags'); break; case 'cache': try { $this->_config_ini->update('cache/type', $this->_input->post('setting/cache\\/type')); $this->_config_ini->update('cache/ttl', $this->_input->post('setting/cache\\/ttl')); $this->_config_ini->update('cache/js_aggregate', $this->_input->post('setting/cache\\/js_aggregate')); $this->_config_ini->update('cache/google_cdn', $this->_input->post('setting/cache\\/google_cdn')); $this->_config_ini->writeIni(); // Clear cache if needbe if ($this->_input->post('cache_purge')) { $this->_cache->purge(); } } catch (Exception $e) { $this->_event->error($e->getMessage()); $this->_log->message($e->getMessage(), Log::L_WARNING); } break; case 'locale': try { $this->_config_ini->update('locale/default', $this->_input->post('setting/locale\\/default')); $this->_config_ini->writeIni(); } catch (Exception $e) { $this->_event->error($e->getMessage()); $this->_log->message($e->getMessage(), Log::L_WARNING); } if (($pkg = $this->_input->post('lang_pkg')) !== 'none') { // Download and install a new locale if (!zula_supports('zipExtraction')) { $this->_event->error(t('Cannot install locale, server does not support zip extraction')); } else { if (!preg_match('#^[a-z]{2}_[A-Z]{2}$#', $pkg)) { $this->_event->error(t('Provided locale is invalid, unable to install')); } else { if (!zula_is_writable($this->_zula->getDir('locale'))) { $this->_event->error(t('Locale directory is not writable, unable to install')); } else { $version = str_replace('-', '/', zula_version_map(_PROJECT_VERSION)); $zipDest = $this->_zula->getDir('tmp') . '/i18n-' . $pkg . '.zip'; $copyResult = @copy('http://releases.tangocms.org/' . $version . '/i18n/' . $pkg . '.zip', $zipDest); if ($copyResult) { // Extract the archive to the locale dir $zip = new ZipArchive(); if ($zip->open($zipDest)) { $zip->extractTo($this->_zula->getDir('locale')); $zip->close(); $this->_event->success(t('Locale successfully installed')); } else { $this->_event->error(t('Could not install locale, zip extraction failed')); } unlink($zipDest); } else { $this->_event->error(t('Failed to get remote language archive')); } } } } } break; } $this->_event->success(t('Updated settings')); return zula_redirect($this->_router->makeUrl('settings', $name)); }
/** * Bridges between deleting a page, or update the order. This is only called * when deleting or ordering children, not for deleting single pages. * * @return mixed */ public function bridgeSection() { $this->setOutputType(self::_OT_CONFIG); if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); } else { if ($this->_input->has('post', 'page_delete')) { $this->setTitle(t('Delete Page')); try { foreach ($this->_input->post('page_ids') as $pid) { if ($this->_acl->check('page-manage_' . $pid)) { try { $this->_model()->delete($pid); } catch (Page_NoExist $e) { } } } $this->_event->success(t('Deleted selected pages')); } catch (Input_KeyNoExist $e) { $this->_event->error(t('No pages selected')); } } else { if ($this->_input->has('post', 'page_update_order')) { $this->setTitle(t('Update Page Order')); $execData = array(); $sqlMiddle = null; foreach ($this->_input->post('page_order') as $pid => $order) { $pid = abs($pid); if ($this->_acl->check('page-manage_' . $pid)) { $execData[] = $pid; $execData[] = abs($order); $sqlMiddle .= 'WHEN id = ? THEN ? '; } } if ($sqlMiddle !== null) { $pdoSt = $this->_sql->prepare('UPDATE {PREFIX}mod_page SET `order` = CASE ' . $sqlMiddle . 'ELSE `order` END'); $pdoSt->execute($execData); } $this->_event->success(t('Page order updated')); } } } try { $parent = $this->_input->post('page_parent'); $url = $this->_router->makeUrl('page', 'config', 'edit', null, array('id' => $parent)); } catch (Input_KeyNoExist $e) { $url = $this->_router->makeUrl('page', 'config'); } return zula_redirect($url); }
/** * Creates a bridge between the Detaching Selected and Update Order * functionaility, as there can only be one form with one action * * @return mixed */ public function bridgeSection() { $this->setOutputType(self::_OT_CONFIG); if (!$this->_acl->check('content_layout_config_module')) { throw new Module_NoPermission(); } if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); } else { if ($this->_input->has('post', 'content_layout_detach')) { $this->detachCntrlr(); } else { if ($this->_input->has('post', 'content_layout_order')) { $this->updateOrder(); } } } try { return zula_redirect($this->_router->makeUrl('content_layout', 'manage', $this->_input->post('content_layout_name'))); } catch (Input_KeyNoExist $e) { return zula_redirect($this->_router->makeUrl('content_layout')); } }
/** * Updates the ACL Rules for the provided ACL Resources and Roles * from a specified module * * @return bool */ public function updateSection() { $this->setTitle(t('Update module permissions')); $this->setOutputType(self::_OT_CONFIG); if (!$this->_acl->check('module_manager_edit_permissions')) { throw new Module_NoPermission(); } else { if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); } else { /** * Attempt to get details for the module provided, and then also * check if the user has global permission to the module he/she * is updating permission rules for */ try { $name = $this->_input->post('module'); $module = new Module($name); $moduleDetails = $module->getDetails(); // Check if user has global permission if (!$this->_acl->check($module->name . '_global')) { $this->_event->error(sprintf(t('Sorry, you do not have global permission to module "%1$s"'), $module->name)); return zula_redirect($this->_router->makeUrl('module_manager')); } } catch (Input_KeyNoExist $e) { $this->_event->error(t('No module provided, could not get permissions')); return zula_redirect($this->_router->makeUrl('module_manager')); } catch (Module_NoExist $e) { $this->_event->error(sprintf(t('Module "%1$s" does not exist, could not get details'), $name)); return zula_redirect($this->_router->makeUrl('module_manager')); } // Gather all of the ACL Resources for this module, check we have all from the POST data foreach ($this->_acl->getAllResources($module->name) as $resource) { try { $roles = $this->_input->post('acl_resources/' . $resource['name']); $this->_acl->allowOnly($resource['name'], $roles); } catch (Input_KeyNoExist $e) { $roles = array('group_root' => 1); } catch (Acl_InvalidName $e) { $this->_event->error(sprintf(t('Invalid resource name of "%1$s". Could not update ACL rules'), $resource['name'])); } } $this->_event->success(sprintf(t('Updated permissions for module "%1$s"'), $module->title)); } } return zula_redirect($this->_router->makeUrl('module_manager')); }
/** * Deletes a media item from a category if it exists * * @return string */ public function deleteSection() { $this->setTitle(t('Delete media item')); // Attempt to remove the single media item try { $itemId = $this->_router->getArgument('id'); $item = $this->_model()->getItem($itemId); // Check permission to parent category resource $resource = 'media-cat_moderate_' . $item['cat_id']; if ($this->_acl->resourceExists($resource) && $this->_acl->check($resource)) { if ($this->_input->checkToken('get')) { $this->_model()->deleteItem($item['id']); zula_full_rmdir($item['path_fs'] . '/' . dirname($item['filename'])); $this->_event->success(t('Deleted media item')); // Redirect back to the parent media category try { $category = $this->_model()->getCategory($item['cat_id']); return zula_redirect($this->_router->makeUrl('media', 'cat', $category['identifier'])); } catch (Media_CatNoExist $e) { } } else { $this->_event->error(Input::csrfMsg()); } } else { throw new Module_NoPermission(); } } catch (Router_ArgNoExist $e) { $this->_event->error(t('No media item selected')); } catch (Media_ItemNoExist $e) { $this->_event->error(t('Media item does not exist')); } return zula_redirect($this->_router->makeUrl('media')); }
/** * Deletes multiple content layouts * * @return bool */ public function deleteSection() { $this->setTitle(t('Delete layouts')); $this->setOutputType(self::_OT_CONFIG); if ($this->_input->checkToken()) { try { $delCount = 0; foreach ($this->_input->post('layout_names') as $layoutName) { $layout = new Layout($layoutName); if ($layout->delete()) { $delCount++; } else { $this->_event->error(sprintf(t('Unable to delete layout "%1$s"'), $layoutName)); } } if ($delCount > 0) { $this->_event->success(t('Deleted selected layouts')); } } catch (Input_KeyNoExist $e) { $this->_event->error(t('No layouts selected')); } } else { $this->_event->error(Input::csrfMsg()); } return zula_redirect($this->_router->makeUrl('content_layout')); }
/** * Creates a bridge between the Delete Selected and Update Order * functionaility, as there can only be one form with one action * * @return mixed */ public function bridgeSection() { $this->setOutputType(self::_OT_CONFIG); if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); } else { if ($this->_input->has('post', 'contact_del_selected')) { // Remove all selected form fields if (!$this->_acl->check('contact_delete')) { throw new Module_NoPermission(); } try { $delCount = 0; foreach ($this->_input->post('contact_field_ids') as $fieldId) { try { // Check permission to parent form $field = $this->_model()->getField($fieldId); $resource = 'contact-form-' . $field['form_id']; if ($this->_acl->resourceExists($resource) && $this->_acl->check($resource)) { $this->_model()->deleteField($field['id']); ++$delCount; } } catch (Contact_FieldNoExist $e) { } } if ($delCount) { $this->_event->success(t('Deleted selected form fields')); } } catch (Input_KeyNoExist $e) { $this->_event->error(t('No fields selected')); } } else { if ($this->_input->has('post', 'contact_update_order')) { // Update the order of the contact form fields if (!$this->_acl->check('contact_edit')) { throw new Module_NoPermission(); } $sqlQuery = 'UPDATE {PREFIX}mod_contact_fields SET `order` = CASE'; $sqlMiddle = array(); $params = array(''); # Force key 0 since that wont be used with PDO try { foreach ($this->_input->post('contact_order') as $fieldId => $order) { /** * Check user actually has permission to the contact form * and that the field exists */ try { $field = $this->_model()->getField($fieldId); $resource = 'contact-form-' . $field['form_id']; if ($this->_acl->resourceExists($resource) && $this->_acl->check($resource)) { // Set the paramaters that will be bound to the query $params[] = $field['id']; $params[] = $order; $sqlMiddle[] = ' WHEN id = ? THEN ? '; } } catch (Contact_FieldNoExist $e) { } } if (!empty($sqlMiddle)) { $query = $sqlQuery . implode('', $sqlMiddle) . 'ELSE `order` END'; $pdoSt = $this->_sql->prepare($query); foreach ($params as $ident => $val) { if ($ident !== 0) { $pdoSt->bindValue($ident, (int) $val, PDO::PARAM_INT); } } $pdoSt->execute(); $this->_event->success(t('Updated field orders')); } } catch (Input_KeyNoExist $e) { $this->_event->error(t('No fields to update order for')); } } } } try { $formId = $this->_router->getArgument('fid'); $url = $this->_router->makeUrl('contact', 'config', 'edit', null, array('id' => $formId)); $this->_cache->delete('contact_fields_' . $formId); } catch (Router_ArgNoExist $e) { $url = $this->_router->makeUrl('contact', 'config'); } return zula_redirect($url); }
/** * Deletes an alias by ID if it exists * * @return string */ public function deleteSection() { if (!$this->_acl->check('aliases_delete')) { throw new Module_NoPermission(); } else { if ($this->_input->checkToken()) { $this->setOutputType(self::_OT_CONFIG); try { $aliasId = $this->_input->post('alias_ids'); $this->_model()->delete($aliasId); $this->_event->success(t('Deleted selected aliases')); } catch (Input_KeyNoExist $e) { $this->_event->error(t('No URL aliases selected')); } } else { $this->_event->error(Input::csrfMsg()); } } return zula_redirect($this->_router->makeUrl('aliases')); }
/** * Runs all of the validation checks on the elements using the * validatiors that are stored * * @return bool */ public function isValid() { if ($this->csrfToken === true && !$this->_input->checkToken()) { // CSRF protection failed! if ($this->storeErrors === true) { $this->_event->error(Input::csrfMsg()); } return false; } foreach ($this->elements as $element) { try { $value = $this->_input->get($element['input_name'], $element['source']); } catch (Input_KeyNoExist $e) { if ($element['required'] === true) { throw $e; } else { continue; } } // Store the input names value correclty as a multi-dimensional array $tmpVal = $value; foreach (array_reverse(preg_split('#(?<!\\\\)/#', trim($element['input_name'], '/'))) as $v) { $tmpVal = array($v => $tmpVal); } $this->values = zula_merge_recursive($this->values, $tmpVal); $count = is_array($value) ? count($value) : strlen($value); if ($element['required'] === false && $count == 0) { continue; } // Check if it is valid $validator = new Validator($value, $element['title']); foreach (array_filter($element['validators']) as $tmpValidator) { $validator->add($tmpValidator); } if ($validator->validate() === false) { $this->valid = false; if ($this->storeErrors === true) { // Store all errors (if any) foreach ($validator->getErrors() as $error) { $this->_event->error($error); } } } } // Check if the antispam was successful, if enabled if ($this->valid && $this->antispam === true) { $antispam = new Antispam(); if (!$antispam->check()) { $this->valid = false; if ($this->storeErrors === true) { $this->_event->error(t('Sorry, incorrect answer to the captcha', I18n::_DTD)); } } } return $this->valid; }
/** * Allows the user to change various settings for the article module. * * @return string|bool */ public function settingsSection() { $this->setTitle(t('Article settings')); $this->setOutputType(self::_OT_CONFIG); if (!$this->_acl->check('article_manage_settings')) { throw new Module_NoPermission(); } // Check for needed post data if ($this->_input->has('post', 'article')) { if ($this->_input->checkToken()) { foreach ($this->_input->post('article') as $key => $val) { try { $this->_config_sql->update('article/' . $key, $val); } catch (Config_KeyNoExist $e) { $this->_event->error($e->getMessage()); } } $this->_event->success(t('Updated article settings')); } else { $this->_event->error(Input::csrfMsg()); } return zula_redirect($this->_router->getParsedUrl()); } $view = $this->loadView('config/settings.html'); $view->assign(array('per_page' => $this->_config->get('article/per_page'), 'jump_box_position' => $this->_config->get('article/jump_box_position'), 'show_cat_desc' => $this->_config->get('article/show_cat_desc'), 'meta_format' => $this->_config->get('article/meta_format'), 'max_display_age' => $this->_config->get('article/max_display_age'))); $view->assignHtml(array('csrf' => $this->_input->createToken(true))); return $view->getOutput(); }
/** * Enables or Disables selected modules, cheat way to combine the * two very similar methods, saves code. * * @param string $name * @param array $args * @return mixed */ public function __call($name, $args) { switch (substr($name, 0, -7)) { case 'enmod': $op = 'enable'; break; case 'dismod': $op = 'disable'; break; default: throw new Module_ControllerNoExist(); } $this->setOutputType(self::_OT_CONFIG); if (!$this->_acl->check('module_manager_' . $op . '_modules')) { throw new Module_NoPermission(); } else { if (!$this->_input->checkToken()) { $this->_event->error(Input::csrfMsg()); } else { // Get all modules that need to be enabled/disabled try { $modules = $this->_input->post('modules'); $count = 0; foreach ($modules as $module) { try { $tmpModule = new Module($module); // Check if user has global permission to do so $aclResource = $module . '_global'; if (!$this->_acl->resourceExists($aclResource) || !$this->_acl->check($aclResource)) { throw new Module_NoPermission(); } if ($op == 'enable') { $tmpModule->enable(); ++$count; } else { if (in_array($tmpModule->name, array($this->getDetail('name'), 'session'))) { // User is trying to disabled this module, that can't really happen $this->_event->error(sprintf(t('Sorry, you can not disable the module "%1$s"'), $tmpModule->name)); } else { $tmpModule->disable(); ++$count; } } } catch (Module_NoExist $e) { } } if ($count > 0) { if ($op == 'enable') { $msg = count($modules) > 1 ? t('Enabled selected modules') : sprintf(t('Enabled module "%1$s"'), $tmpModule->name); } else { $msg = count($modules) > 1 ? t('Disabled selected modules') : sprintf(t('Disabled module "%1$s"'), $tmpModule->name); } $this->_event->success($msg); } } catch (Input_KeyNoExist $e) { $this->_event->error(t('No modules selected')); } } } return zula_redirect($this->_router->makeUrl('module_manager', 'config')); }
/** * Bridges between deleting, or purging a category. * * @return bool */ public function bridgeSection() { $type = $this->_input->has('post', 'media_purge') ? 'purge' : 'delete'; if (!$this->_acl->resourceExists('media_' . $type . '_category') || !$this->_acl->check('media_' . $type . '_category')) { throw new Module_NoPermission(); } else { if ($this->_input->checkToken()) { // Attempt to purge or delete try { $delCount = 0; $mediaDir = $this->_zula->getDir('uploads') . '/media'; foreach ($this->_input->post('media_cat_ids') as $cid) { $resource = 'media-cat_moderate_' . $cid; if ($this->_acl->resourceExists($resource) && $this->_acl->check($resource)) { try { $method = $type == 'delete' ? 'deleteCategory' : 'purgeCategory'; $this->_model()->{$method}($cid); // Remove all media items zula_full_rmdir($mediaDir . '/' . $cid); ++$delCount; } catch (Media_CategoryNoExist $e) { } } } $this->_event->success($type == 'delete' ? t('Deleted selected categories') : t('Purged selected categories')); } catch (Input_KeyNoExist $e) { $this->_event->error(t('No media categories selected')); } } else { $this->_event->error(Input::csrfMsg()); } } return zula_redirect($this->_router->makeUrl('media', 'config')); }