public function render($cache = false, $params = array())
{
// If no error object is set return null
if (!isset($this->_error)) {
return;
}
// Set the status header
MResponse::setHeader('status', $this->_error->getCode() . ' ' . str_replace("\n", ' ', $this->_error->getMessage()));
$file = 'error.php';
// Check template
$directory = isset($params['directory']) ? $params['directory'] : 'templates';
$template = isset($params['template']) ? MFilterInput::getInstance()->clean($params['template'], 'cmd') : 'system';
if (!file_exists($directory . '/' . $template . '/' . $file)) {
$template = 'system';
}
// Set variables
$this->baseurl = MURI::base(true);
$this->template = $template;
$this->debug = isset($params['debug']) ? $params['debug'] : false;
$this->error = $this->_error;
// Load
$data = $this->_loadTemplate($directory . '/' . $template, $file);
parent::render();
return $data;
}
public static function cleanUrl($url)
{
$url = self::cleanText($url);
$bad_chars = array('#', '>', '<', '\\', '="', 'px;', 'onmouseover=');
$url = trim(str_replace($bad_chars, '', $url));
mimport('framework.filter.input');
MFilterInput::getInstance(array('br', 'i', 'em', 'b', 'strong'), array(), 0, 0, 1)->clean($url);
return $url;
}
public static function getInstance($prefix, $config = array())
{
if (is_object(self::$instance)) {
return self::$instance;
}
// Get the environment configuration.
$basePath = array_key_exists('base_path', $config) ? $config['base_path'] : MPATH_COMPONENT;
$format = MRequest::getWord('format');
$command = MRequest::getVar('task', 'display');
// Check for array format.
$filter = MFilterInput::getInstance();
if (is_array($command)) {
$command = $filter->clean(array_pop(array_keys($command)), 'cmd');
} else {
$command = $filter->clean($command, 'cmd');
}
// Check for a controller.task command.
if (strpos($command, '.') !== false) {
// Explode the controller.task command.
list($type, $task) = explode('.', $command);
// Define the controller filename and path.
$file = self::createFileName('controller', array('name' => $type, 'format' => $format));
$path = $basePath . '/controllers/' . $file;
// Reset the task without the controller context.
MRequest::setVar('task', $task);
} else {
// Base controller.
$type = null;
$task = $command;
// Define the controller filename and path.
$file = self::createFileName('controller', array('name' => 'controller', 'format' => $format));
$path = $basePath . '/' . $file;
$backupfile = self::createFileName('controller', array('name' => 'controller'));
$backuppath = $basePath . '/' . $backupfile;
}
// Get the controller class name.
$class = ucfirst($prefix) . 'Controller' . ucfirst($type);
// Include the class if not present.
if (!class_exists($class)) {
// If the controller file path exists, include it.
if (file_exists($path)) {
require_once $path;
} elseif (isset($backuppath) && file_exists($backuppath)) {
require_once $backuppath;
} else {
throw new InvalidArgumentException(MText::sprintf('MLIB_APPLICATION_ERROR_INVALID_CONTROLLER', $type, $format));
}
}
// Instantiate the class.
if (class_exists($class)) {
self::$instance = new $class($config);
} else {
throw new InvalidArgumentException(MText::sprintf('MLIB_APPLICATION_ERROR_INVALID_CONTROLLER_CLASS', $class));
}
return self::$instance;
}
protected function filterField($element, $value)
{
// Make sure there is a valid SimpleXMLElement.
if (!$element instanceof SimpleXMLElement) {
return false;
}
// Get the field filter type.
$filter = (string) $element['filter'];
// Process the input value based on the filter.
$return = null;
switch (strtoupper($filter)) {
// Access Control Rules.
case 'RULES':
$return = array();
foreach ((array) $value as $action => $ids) {
// Build the rules array.
$return[$action] = array();
foreach ($ids as $id => $p) {
if ($p !== '') {
$return[$action][$id] = $p == '1' || $p == 'true' ? true : false;
}
}
}
break;
// Do nothing, thus leaving the return value as null.
// Do nothing, thus leaving the return value as null.
case 'UNSET':
break;
// No Filter.
// No Filter.
case 'RAW':
$return = $value;
break;
// Filter the input as an array of integers.
// Filter the input as an array of integers.
case 'INT_ARRAY':
// Make sure the input is an array.
if (is_object($value)) {
$value = get_object_vars($value);
}
$value = is_array($value) ? $value : array($value);
MArrayHelper::toInteger($value);
$return = $value;
break;
// Filter safe HTML.
// Filter safe HTML.
case 'SAFEHTML':
$return = MFilterInput::getInstance(null, null, 1, 1)->clean($value, 'string');
break;
// Convert a date to UTC based on the server timezone offset.
// Convert a date to UTC based on the server timezone offset.
case 'SERVER_UTC':
if (intval($value) > 0) {
// Get the server timezone setting.
$offset = MFactory::getConfig()->get('offset');
// Return an SQL formatted datetime string in UTC.
$return = MFactory::getDate($value, $offset)->toSql();
} else {
$return = '';
}
break;
// Convert a date to UTC based on the user timezone offset.
// Convert a date to UTC based on the user timezone offset.
case 'USER_UTC':
if (intval($value) > 0) {
// Get the user timezone setting defaulting to the server timezone setting.
$offset = MFactory::getUser()->getParam('timezone', MFactory::getConfig()->get('offset'));
// Return a MySQL formatted datetime string in UTC.
$return = MFactory::getDate($value, $offset)->toSql();
} else {
$return = '';
}
break;
// Ensures a protocol is present in the saved field. Only use when
// the only permitted protocols requre '://'. See MFormRuleUrl for list of these.
// Ensures a protocol is present in the saved field. Only use when
// the only permitted protocols requre '://'. See MFormRuleUrl for list of these.
case 'URL':
if (empty($value)) {
return false;
}
$value = MFilterInput::getInstance()->clean($value, 'html');
$value = trim($value);
// <>" are never valid in a uri see http://www.ietf.org/rfc/rfc1738.txt.
$value = str_replace(array('<', '>', '"'), '', $value);
// Check for a protocol
$protocol = parse_url($value, PHP_URL_SCHEME);
// If there is no protocol and the relative option is not specified,
// we assume that it is an external URL and prepend http://.
if ($element['type'] == 'url' && !$protocol && !$element['relative'] || !$element['type'] == 'url' && !$protocol) {
$protocol = 'http';
// If it looks like an internal link, then add the root.
if (substr($value, 0) == 'index.php') {
$value = MURI::root() . $value;
}
// Otherwise we treat it is an external link.
// Put the url back together.
$value = $protocol . '://' . $value;
} elseif (!$protocol && $element['relative']) {
$host = MURI::getInstance('SERVER')->gethost();
// If it starts with the host string, just prepend the protocol.
if (substr($value, 0) == $host) {
$value = 'http://' . $value;
} else {
$value = MURI::root() . $value;
}
}
$return = $value;
break;
case 'TEL':
$value = trim($value);
// Does it match the NANP pattern?
if (preg_match('/^(?:\\+?1[-. ]?)?\\(?([2-9][0-8][0-9])\\)?[-. ]?([2-9][0-9]{2})[-. ]?([0-9]{4})$/', $value) == 1) {
$number = (string) preg_replace('/[^\\d]/', '', $value);
if (substr($number, 0, 1) == 1) {
$number = substr($number, 1);
}
if (substr($number, 0, 2) == '+1') {
$number = substr($number, 2);
}
$result = '1.' . $number;
} elseif (preg_match('/^\\+(?:[0-9] ?){6,14}[0-9]$/', $value) == 1) {
$countrycode = substr($value, 0, strpos($value, ' '));
$countrycode = (string) preg_replace('/[^\\d]/', '', $countrycode);
$number = strstr($value, ' ');
$number = (string) preg_replace('/[^\\d]/', '', $number);
$result = $countrycode . '.' . $number;
} elseif (preg_match('/^\\+[0-9]{1,3}\\.[0-9]{4,14}(?:x.+)?$/', $value) == 1) {
if (strstr($value, 'x')) {
$xpos = strpos($value, 'x');
$value = substr($value, 0, $xpos);
}
$result = str_replace('+', '', $value);
} elseif (preg_match('/[0-9]{1,3}\\.[0-9]{4,14}$/', $value) == 1) {
$result = $value;
} else {
$value = (string) preg_replace('/[^\\d]/', '', $value);
if ($value != null && strlen($value) <= 15) {
$length = strlen($value);
// if it is fewer than 13 digits assume it is a local number
if ($length <= 12) {
$result = '.' . $value;
} else {
// If it has 13 or more digits let's make a country code.
$cclen = $length - 12;
$result = substr($value, 0, $cclen) . '.' . substr($value, $cclen);
}
} else {
$result = '';
}
}
$return = $result;
break;
default:
// Check for a callback filter.
if (strpos($filter, '::') !== false && is_callable(explode('::', $filter))) {
$return = call_user_func(explode('::', $filter), $value);
} elseif (function_exists($filter)) {
$return = call_user_func($filter, $value);
} else {
$return = MFilterInput::getInstance()->clean($value, $filter);
}
break;
}
return $return;
}
static function _cleanVar($var, $mask = 0, $type = null)
{
// If the no trim flag is not set, trim the variable
if (!($mask & 1) && is_string($var)) {
$var = trim($var);
}
// Now we handle input filtering
if ($mask & 2) {
// If the allow raw flag is set, do not modify the variable
$var = $var;
} elseif ($mask & 4) {
// If the allow HTML flag is set, apply a safe HTML filter to the variable
$safeHtmlFilter = MFilterInput::getInstance(null, null, 1, 1);
$var = $safeHtmlFilter->clean($var, $type);
} else {
// Since no allow flags were set, we will apply the most strict filter to the variable
// $tags, $attr, $tag_method, $attr_method, $xss_auto use defaults.
$noHtmlFilter = MFilterInput::getInstance();
$var = $noHtmlFilter->clean($var, $type);
}
return $var;
}
protected function _fetchTemplate($params = array())
{
// Check
$directory = isset($params['directory']) ? $params['directory'] : 'templates';
$filter = MFilterInput::getInstance();
$template = $filter->clean($params['template'], 'cmd');
$file = $filter->clean($params['file'], 'cmd');
if (!file_exists($directory . '/' . $template . '/' . $file)) {
$template = 'system';
}
// Load the language file for the template
$lang = MFactory::getLanguage();
// 1.5 or core then 1.6
$lang->load('tpl_' . $template, MPATH_BASE, null, false, false) || $lang->load('tpl_' . $template, $directory . '/' . $template, null, false, false) || $lang->load('tpl_' . $template, MPATH_BASE, $lang->getDefault(), false, false) || $lang->load('tpl_' . $template, $directory . '/' . $template, $lang->getDefault(), false, false);
// Assign the variables
$this->template = $template;
$this->baseurl = MUri::base(true);
$this->params = isset($params['params']) ? $params['params'] : new MRegistry();
// Load
$this->_template = $this->_loadTemplate($directory . '/' . $template, $file);
return $this;
}
public function loadButtonType($type, $new = false)
{
$signature = md5($type);
if (isset($this->_buttons[$signature]) && $new === false) {
return $this->_buttons[$signature];
}
if (!class_exists('MButton')) {
MError::raiseWarning('SOME_ERROR_CODE', MText::_('MLIB_HTML_BUTTON_BASE_CLASS'));
return false;
}
$buttonClass = 'MButton' . $type;
if (!class_exists($buttonClass)) {
if (isset($this->_buttonPath)) {
$dirs = $this->_buttonPath;
} else {
$dirs = array();
}
$file = MFilterInput::getInstance()->clean(str_replace('_', DIRECTORY_SEPARATOR, strtolower($type)) . '.php', 'path');
mimport('framework.filesystem.path');
if ($buttonFile = MPath::find($dirs, $file)) {
include_once $buttonFile;
} else {
MError::raiseWarning('SOME_ERROR_CODE', MText::sprintf('MLIB_HTML_BUTTON_NO_LOAD', $buttonClass, $buttonFile));
return false;
}
}
if (!class_exists($buttonClass)) {
//return MError::raiseError('SOME_ERROR_CODE', "Module file $buttonFile does not contain class $buttonClass.");
return false;
}
$this->_buttons[$signature] = new $buttonClass($this);
return $this->_buttons[$signature];
}
public static function getPath($varname, $user_option = null)
{
// Check needed for handling of custom/new module XML file loading
$check = $varname == 'mod0_xml' || $varname == 'mod1_xml';
if (!$user_option && !$check) {
$user_option = MRequest::getCmd('option');
} else {
$user_option = MFilterInput::getInstance()->clean($user_option, 'path');
}
$result = null;
$name = substr($user_option, 4);
switch ($varname) {
case 'front':
$result = self::_checkPath('/components/' . $user_option . '/' . $name . '.php', 0);
break;
case 'html':
case 'front_html':
if (!($result = self::_checkPath('/templates/' . MApplication::getTemplate() . '/components/' . $name . '.html.php', 0))) {
$result = self::_checkPath('/components/' . $user_option . '/' . $name . '.html.php', 0);
}
break;
case 'toolbar':
$result = self::_checkPath('/components/' . $user_option . '/toolbar.' . $name . '.php', -1);
break;
case 'toolbar_html':
$result = self::_checkPath('/components/' . $user_option . '/toolbar.' . $name . '.html.php', -1);
break;
case 'toolbar_default':
case 'toolbar_front':
$result = self::_checkPath('/includes/HTML_toolbar.php', 0);
break;
case 'admin':
$path = '/components/' . $user_option . '/admin.' . $name . '.php';
$result = self::_checkPath($path, -1);
if ($result == null) {
$path = '/components/' . $user_option . '/' . $name . '.php';
$result = self::_checkPath($path, -1);
}
break;
case 'admin_html':
$path = '/components/' . $user_option . '/admin.' . $name . '.html.php';
$result = self::_checkPath($path, -1);
break;
case 'admin_functions':
$path = '/components/' . $user_option . '/' . $name . '.functions.php';
$result = self::_checkPath($path, -1);
break;
case 'class':
if (!($result = self::_checkPath('/components/' . $user_option . '/' . $name . '.class.php'))) {
$result = self::_checkPath('/includes/' . $name . '.php');
}
break;
case 'helper':
$path = '/components/' . $user_option . '/' . $name . '.helper.php';
$result = self::_checkPath($path);
break;
case 'com_xml':
$path = '/components/' . $user_option . '/' . $name . '.xml';
$result = self::_checkPath($path, 1);
break;
case 'mod0_xml':
$path = '/modules/' . $user_option . '/' . $user_option . '.xml';
$result = self::_checkPath($path);
break;
case 'mod1_xml':
// Admin modules
$path = '/modules/' . $user_option . '/' . $user_option . '.xml';
$result = self::_checkPath($path, -1);
break;
case 'plg_xml':
// Site plugins
$j15path = '/plugins/' . $user_option . '.xml';
$parts = explode(DIRECTORY_SEPARATOR, $user_option);
$j16path = '/plugins/' . $user_option . '/' . $parts[1] . '.xml';
$j15 = self::_checkPath($j15path, 0);
$j16 = self::_checkPath($j16path, 0);
// Return 1.6 if working otherwise default to whatever 1.5 gives us
$result = $j16 ? $j16 : $j15;
break;
case 'menu_xml':
$path = '/components/com_menus/' . $user_option . '/' . $user_option . '.xml';
$result = self::_checkPath($path, -1);
break;
}
return $result;
}