/** * Generates an opening HTML form tag. * * @param string form action attribute * @param array extra attributes * @param array hidden fields to be created immediately after the form tag * @return string */ public static function open($action = NULL, $attr = array(), $hidden = NULL) { // Make sure that the method is always set empty($attr['method']) and $attr['method'] = 'post'; if ($attr['method'] !== 'post' and $attr['method'] !== 'get') { // If the method is invalid, use post $attr['method'] = 'post'; } if ($action === NULL) { // Use the current URL as the default action $action = url::site(Router::$complete_uri); } elseif (strpos($action, '://') === FALSE) { // Make the action URI into a URL $action = url::site($action); } // Set action $attr['action'] = $action; // Only show the CSRF field when form method is POST $hidden_field = $attr['method'] === 'post' ? form::hidden('form_auth_token', csrf::token()) . "\n" : ''; // Form opening tag $form = '<form' . form::attributes($attr) . '>' . "\n" . $hidden_field; // Add hidden fields immediate after opening tag empty($hidden) or $form .= form::hidden($hidden); return $form; }
/** * Creates a csrf token form input. * * @access public * @return string */ public static function token() { return Form::input('token', csrf::token(), array('type' => 'hidden')); }
/** * Edit topic * * @param mixed $topic_id * @param mixed $area_id */ public function _topic_edit($topic_id, $area_id = false) { $this->history = false; $errors = array(); $forum_topic = new Forum_Topic_Model((int) $topic_id); $forum_area = $forum_topic->loaded() ? $forum_topic->forum_area : new Forum_Area_Model((int) $area_id); if ($forum_topic->loaded()) { // Editing topic $editing = true; if (!$forum_topic->has_access(Forum_Topic_Model::ACCESS_EDIT)) { url::back('forum'); } } else { if ($forum_area->loaded()) { // New topic $editing = false; if (!$forum_area->has_access(Forum_Area_Model::ACCESS_WRITE)) { url::back('forum'); } } else { // New topic in unknown area $errors[] = __('Area :area or topic :topic not found', array(':area' => (int) $area_id, ':topic' => (int) $topic_id)); } } if (empty($errors)) { $forum_post = new Forum_Post_Model((int) $forum_topic->first_post_id); $form_errors = array(); $form_values_topic = $forum_topic->as_array(); $form_values_post = $forum_post->as_array(); $form_topics = false; // Bound area? if ($forum_area->is_type(Forum_Area_Model::TYPE_BIND)) { // Get bind config and load topics $bind = Forum_Area_Model::binds($forum_area->bind); if ($editing) { // Can't edit bound topic $form_topics = array($forum_topic->bind_id => $forum_topic->name); } else { // Try to load options from configured model try { $bind_topics = ORM::factory($bind['model'])->find_bind_topics($forum_area->bind); $form_topics = array(0 => __('Choose..')) + $bind_topics; } catch (Kohana_Exception $e) { $form_topics = array(); } } } // Admin actions if ($editing && $forum_topic->has_access(Forum_Topic_Model::ACCESS_DELETE)) { $this->page_actions[] = array('link' => url::model($forum_topic) . '/delete/?token=' . csrf::token(), 'text' => __('Delete topic'), 'class' => 'topic-delete'); } // Check post if ($post = $this->input->post()) { $post['forum_area_id'] = $forum_area->id; $topic = $post; if (isset($bind_topics)) { $topic['name'] = arr::get($bind_topics, (int) $topic['bind_id'], ''); } $post_extra = $topic_extra = array('author_id' => $this->user->id, 'author_name' => $this->user->username); if ($editing) { $post_extra['modifies'] = (int) $forum_post->modifies + 1; $post_extra['modified'] = date::unix2sql(time()); } $post_extra['author_ip'] = $this->input->ip_address(); $post_extra['author_host'] = $this->input->host_name(); // validate post first and save topic if ok if (csrf::valid() && $forum_post->validate($post, false, $post_extra) && $forum_topic->validate($topic, true, $topic_extra)) { // post $forum_post->forum_topic_id = $forum_topic->id; $forum_post->save(); if (!$editing) { // topic $forum_topic->first_post_id = $forum_post->id; $forum_topic->last_post_id = $forum_post->id; $forum_topic->last_poster = $this->user->username; $forum_topic->last_posted = date::unix2sql(time()); $forum_topic->posts = 1; $forum_topic->save(); // area $forum_area->last_topic_id = $forum_topic->id; $forum_area->posts += 1; $forum_area->topics += 1; $forum_area->save(); // user $this->user->posts += 1; $this->user->save(); // News feed newsfeeditem_forum::topic($this->user, $forum_topic); } // redirect back to topic URL::redirect(url::model($forum_topic)); } else { $form_errors = array_merge($post->errors(), is_object($topic) ? $topic->errors() : array()); } $form_values_topic = arr::overwrite($form_values_topic, is_object($topic) ? $topic->as_array() : $topic); $form_values_post = arr::overwrite($form_values_post, $post->as_array()); } } // Show form if (empty($errors)) { $this->breadcrumb[] = html::anchor(url::model($forum_area), text::title($forum_area->name)); $this->page_title = $editing ? text::title($forum_topic->name) : __('New topic'); $this->page_subtitle = __('Area :area', array(':area' => html::anchor(url::model($forum_area), text::title($forum_area->name), array('title' => strip_tags($forum_area->description))))); widget::add('head', html::script(array('js/jquery.markitup.pack', 'js/markitup.bbcode'))); widget::add('main', View_Mod::factory('forum/topic_edit', array('topic' => $form_values_topic, 'topics' => $form_topics, 'post' => $form_values_post, 'errors' => $form_errors))); } else { $this->_error(__('Error'), $errors); } $this->_side_views(); }
/** * User profile */ public function _view() { $this->tab_id = 'profile'; $owner = $this->user && $this->member->id == $this->user->id; if ($owner && $this->user->newcomments) { $this->user->newcomments = 0; $this->user->save(); } // Actions if ($this->member->has_access(User_Model::ACCESS_EDIT)) { $this->page_actions[] = array('link' => url::user($this->member) . '/edit', 'text' => __('Settings'), 'class' => 'settings'); } // Picture widget::add('side', View_Mod::factory('member/member', array('mod_class' => 'member member-' . $this->member->id, 'user' => $this->member))); // Comments if ($this->member->has_access(User_Model::ACCESS_COMMENT)) { $comment = new User_Comment_Model(); $form_values = $comment->as_array(); $form_errors = array(); // check post if (csrf::valid() && ($post = $this->input->post())) { $comment->user_id = $this->member->id; $comment->author_id = $this->user->id; $comment->comment = $post['comment']; if (isset($post['private'])) { $comment->private = 1; } try { $comment->save(); if (!$owner) { $this->member->newcomments += 1; $this->member->save(); } $this->user->commentsleft += 1; $this->user->save(); if (!request::is_ajax()) { url::redirect(url::current()); } } catch (ORM_Validation_Exception $e) { $form_errors = $e->validation->errors(); $form_values = arr::overwrite($form_values, $post); } } // Handle pagination $per_page = 25; $page_num = $this->uri->segment('page') ? $this->uri->segment('page') : 1; $page_offset = ($page_num - 1) * $per_page; $total_comments = $this->member->get_comment_count(); $comments = $this->member->find_comments($page_num, $per_page, $this->user); $pagination = new Pagination(array('items_per_page' => $per_page, 'total_items' => $total_comments)); $view = View::factory('generic/comments', array('delete' => '/member/comment/%d/delete/?token=' . csrf::token(), 'private' => '/member/comment/%d/private/?token=' . csrf::token(), 'comments' => $comments, 'errors' => $form_errors, 'values' => $form_values, 'pagination' => $pagination, 'user' => $this->user)); if (request::is_ajax()) { echo $view; return; } widget::add('main', $view); } // Basic info $basic_info = array(); if (!empty($this->member->name)) { $basic_info[__('Name')] = html::specialchars($this->member->name); } if (!empty($this->member->city_name)) { $basic_info[__('City')] = html::specialchars($this->member->city_name); } if (!empty($this->member->dob) && $this->member->dob != '0000-00-00') { $basic_info[__('Date of Birth')] = __(':dob (:years years)', array(':dob' => date::format('DMYYYY', $this->member->dob), ':years' => date::timespan(strtotime($this->member->dob), null, 'years'))); } if (!empty($this->member->gender)) { $basic_info[__('Gender')] = $this->member->gender == 'm' ? __('Male') : __('Female'); } if (!empty($this->member->latitude) && !empty($this->member->longitude)) { $basic_info[__('Location')] = $this->member->latitude . ', ' . $this->member->longitude; $basic_info[__('Location')] = html::anchor('#map', __('Toggle map'), array('class' => 'expander', 'title' => __('Show/hide'))) . '<div id="map" style="display: none">' . __('Map loading') . '</div>'; $map = new Gmap('map', array('ScrollWheelZoom' => true)); $map->center($this->member->latitude, $this->member->longitude, 15)->controls('small')->types(); $map->add_marker($this->member->latitude, $this->member->longitude, html::avatar($this->member->avatar, $this->member->username) . html::user($this->member)); widget::add('foot', html::script_source($map->render('gmaps/jquery_event'))); widget::add('foot', html::script_source("\$('a[href*=\"#map\"]:first').click(function() { \$('#map').toggle('normal', gmap_open); return false; });")); } // Site info $site_info = array(__('Registered') => date::format('DMYYYY_HM', $this->member->created) . ' [#' . $this->member->id . ']', __('Logins') => __(':logins (:ago ago)', array(':logins' => number_format($this->member->logins, 0), ':ago' => '<abbr title="' . date::format('DMYYYY_HM', $this->member->last_login) . '">' . date::timespan_short($this->member->last_login) . '</abbr>')), __('Posts') => number_format($this->member->posts, 0), __('Comments') => number_format($this->member->commentsleft, 0)); // Initialize tabs $tabs = array('basic-info' => array('href' => '#basic-info', 'title' => __('Basic info'), 'tab' => new View('generic/list_info', array('id' => 'basic-info', 'title' => __('Basic info'), 'list' => $basic_info))), 'site-info' => array('href' => '#site-info', 'title' => __('Site info'), 'tab' => new View('generic/list_info', array('id' => 'site-info', 'title' => __('Site info'), 'list' => $site_info)))); widget::add('side', View::factory('generic/tabs', array('id' => 'info-tab', 'tabs' => $tabs))); $this->_side_views(); }
> <?php echo html::avatar($post->author->avatar, $post->author->username); ?> <span class="actions"> <?php if ($my) { ?> <?php echo html::anchor('forum/post/' . $post->id . '/edit', __('Edit'), array('class' => 'action post-edit')); ?> <?php echo html::anchor('forum/post/' . $post->id . '/delete/?token=' . csrf::token(), __('Delete'), array('class' => 'action post-delete')); ?> <?php } ?> <?php if ($topic->has_access(Forum_Topic_Model::ACCESS_WRITE)) { ?> <?php echo html::anchor('forum/post/' . $post->id . '/quote', __('Quote'), array('class' => 'action post-quote')); ?> <?php }
/** * Edit entry * * @param integer|string $entry_id */ public function _entry_edit($entry_id = false) { $this->history = false; $entry = new Blog_Entry_Model((int) $entry_id); // For authenticated users only if (!$this->user || !$entry->is_author() && !$this->visitor->logged_in('admin')) { url::redirect(empty($_SESSION['history']) ? '/blogs' : $_SESSION['history']); } $errors = $form_errors = array(); $form_messages = ''; $form_values = $entry->as_array(); /***** CHECK POST *****/ if (request::method() == 'post') { $post = $this->input->post(); // update $editing = (bool) $entry->id; if ($editing) { $extra['modified'] = date::unix2sql(time()); $extra['modifies'] = (int) $entry->modifies + 1; } else { $extra['author_id'] = $this->user->id; } if ($entry->validate($post, true, $extra)) { // News feed event if (!$editing) { newsfeeditem_blog::entry($this->user, $entry); } url::redirect(url::model($entry)); } else { $form_errors = $post->errors(); $form_messages = $post->message(); } $form_values = arr::overwrite($form_values, $post->as_array()); } /***** /CHECK POST *****/ /***** SHOW FORM *****/ if ($entry->id) { $this->page_actions[] = array('link' => url::model($entry) . '/delete?token=' . csrf::token($this->user->id), 'text' => __('Delete entry'), 'class' => 'entry-delete'); $this->page_title = text::title($entry->name); $this->page_subtitle = __('Edit entry'); } else { $this->page_title = __('New entry'); } $form = $entry->get_form(); if (empty($errors)) { widget::add('head', html::script(array('js/jquery.markitup.pack.js', 'js/markitup.bbcode.js'))); widget::add('main', View::factory('blog/entry_edit', array('form' => $form, 'values' => $form_values, 'errors' => $form_errors, 'messages' => $form_messages))); } else { $this->_error(Kohana::lang('generic.error'), $errors); } /***** /SHOW FORM *****/ }
/** * Creates CSRF token input * * @param mixed $id e.g. uid * @param string $action optional action */ public static function csrf($id = '', $action = '') { return form::hidden('token', csrf::token($id, $action)); }
/** * Validate by processing pre-filters, rules, callbacks, and post-filters. * All fields that have filters, rules, or callbacks will be initialized if * they are undefined. Validation will only be run if there is data already * in the array. * * @param bool $validate_csrf When TRUE, performs CSRF token validation * @return bool */ public function validate($validate_csrf = TRUE) { // CSRF token field $csrf_token_key = 'form_auth_token'; if (array_key_exists($csrf_token_key, $this)) { unset($this[$csrf_token_key]); } // Delete the CSRF token field if it's in the validation // rules if (array_key_exists($csrf_token_key, $this->callbacks)) { unset($this->callbacks[$csrf_token_key]); } elseif (array_key_exists($csrf_token_key, $this->rules)) { unset($this->rules[$csrf_token_key]); } // Disable CSRF for XHR // Same method as django CSRF protection: // http://michael-coates.blogspot.co.nz/2010/12/djangos-built-in-csrf-defense-for-ajax.html if (request::is_ajax()) { $validate_csrf = FALSE; } // Perform CSRF validation for all HTTP POST requests // where CSRF validation is enabled and the request // was not submitted via the API if ($_POST and $validate_csrf and !Validation::$is_api_request) { // Check if CSRF module is loaded if (in_array(MODPATH . 'csrf', Kohana::config('config.modules'))) { // Check for presence of CSRF token in HTTP POST payload $form_auth_token = isset($_POST[$csrf_token_key]) ? $_POST[$csrf_token_key] : text::random('alnum', 10); // Validate the token if (!csrf::valid($form_auth_token)) { Kohana::log('debug', 'Invalid CSRF token: ' . $form_auth_token); Kohana::log('debug', 'Actual CSRF token: ' . csrf::token()); // Flag CSRF validation as having failed $this->csrf_validation_failed = TRUE; // Set the error message $this->errors[$csrf_token_key] = Kohana::lang('csrf.form_auth_token.error'); return FALSE; } } } // All the fields that are being validated $all_fields = array_unique(array_merge(array_keys($this->pre_filters), array_keys($this->rules), array_keys($this->callbacks), array_keys($this->post_filters))); // Copy the array from the object, to optimize multiple sets $object_array = $this->getArrayCopy(); foreach ($all_fields as $i => $field) { if ($field === $this->any_field) { // Remove "any field" from the list of fields unset($all_fields[$i]); continue; } if (substr($field, -2) === '.*') { // Set the key to be an array Kohana::key_string_set($object_array, substr($field, 0, -2), array()); } else { // Set the key to be NULL Kohana::key_string_set($object_array, $field, NULL); } } // Swap the array back into the object $this->exchangeArray($object_array); // Reset all fields to ALL defined fields $all_fields = array_keys($this->getArrayCopy()); foreach ($this->pre_filters as $field => $calls) { foreach ($calls as $func) { if ($field === $this->any_field) { foreach ($all_fields as $f) { // Process each filter $this[$f] = is_array($this[$f]) ? arr::map_recursive($func, $this[$f]) : call_user_func($func, $this[$f]); } } else { // Process each filter $this[$field] = is_array($this[$field]) ? arr::map_recursive($func, $this[$field]) : call_user_func($func, $this[$field]); } } } if ($this->submitted === FALSE) { return FALSE; } foreach ($this->rules as $field => $calls) { foreach ($calls as $call) { // Split the rule into function and args list($func, $args) = $call; if ($field === $this->any_field) { foreach ($all_fields as $f) { if (isset($this->array_fields[$f])) { // Use the field key $f_key = $this->array_fields[$f]; // Prevent other rules from running when this field already has errors if (!empty($this->errors[$f_key])) { break; } // Don't process rules on empty fields if (!in_array($func[1], $this->empty_rules, TRUE) and $this[$f_key] == NULL) { continue; } foreach ($this[$f_key] as $k => $v) { if (!call_user_func($func, $this[$f_key][$k], $args)) { // Run each rule $this->errors[$f_key] = is_array($func) ? $func[1] : $func; } } } else { // Prevent other rules from running when this field already has errors if (!empty($this->errors[$f])) { break; } // Don't process rules on empty fields if (!in_array($func[1], $this->empty_rules, TRUE) and $this[$f] == NULL) { continue; } if (!call_user_func($func, $this[$f], $args)) { // Run each rule $this->errors[$f] = is_array($func) ? $func[1] : $func; } } } } else { if (isset($this->array_fields[$field])) { // Use the field key $field_key = $this->array_fields[$field]; // Prevent other rules from running when this field already has errors if (!empty($this->errors[$field_key])) { break; } // Don't process rules on empty fields if (!in_array($func[1], $this->empty_rules, TRUE) and $this[$field_key] == NULL) { continue; } foreach ($this[$field_key] as $k => $val) { if (!call_user_func($func, $this[$field_key][$k], $args)) { // Run each rule $this->errors[$field_key] = is_array($func) ? $func[1] : $func; // Stop after an error is found break 2; } } } else { // Prevent other rules from running when this field already has errors if (!empty($this->errors[$field])) { break; } // Don't process rules on empty fields if (!in_array($func[1], $this->empty_rules, TRUE) and $this[$field] == NULL) { continue; } if (!call_user_func($func, $this[$field], $args)) { // Run each rule $this->errors[$field] = is_array($func) ? $func[1] : $func; // Stop after an error is found break; } } } } } foreach ($this->callbacks as $field => $calls) { foreach ($calls as $func) { if ($field === $this->any_field) { foreach ($all_fields as $f) { // Execute the callback call_user_func($func, $this, $f); // Stop after an error is found if (!empty($errors[$f])) { break 2; } } } else { // Execute the callback call_user_func($func, $this, $field); // Stop after an error is found if (!empty($errors[$field])) { break; } } } } foreach ($this->post_filters as $field => $calls) { foreach ($calls as $func) { if ($field === $this->any_field) { foreach ($all_fields as $f) { if (isset($this->array_fields[$f])) { // Use the field key $f = $this->array_fields[$f]; } // Process each filter $this[$f] = is_array($this[$f]) ? array_map($func, $this[$f]) : call_user_func($func, $this[$f]); } } else { if (isset($this->array_fields[$field])) { // Use the field key $field = $this->array_fields[$field]; } // Process each filter $this[$field] = is_array($this[$field]) ? array_map($func, $this[$field]) : call_user_func($func, $this[$field]); } } } // Return TRUE if there are no errors return count($this->errors) === 0; }
/** * Edit event * * @param int|string $event_id */ public function _event_edit($event_id = false) { $this->history = false; $event = new Event_Model((int) $event_id); // For authenticated users only if (!$this->user || !$event->is_author() && !$this->visitor->logged_in(array('admin', 'event moderator'))) { url::back('/events'); } $errors = $form_errors = array(); $form_values = $event->as_array(); $form_values['start_date'] = ''; $form_values['start_hour'] = ''; $form_values['end_hour'] = ''; /***** CHECK POST *****/ if (request::method() == 'post') { $post = array_merge($this->input->post(), $_FILES); $extra = array('start_time' => date::unix2sql(strtotime($post['start_date'] . ' ' . date::time_24h($post['start_hour'])))); if (!empty($post['end_hour'])) { $end_time = strtotime($post['start_date']); // end hour is earlier than start hour = event ends the next day if ($post['end_hour'] < $post['start_hour']) { $end_time = strtotime('+1 day', $end_time); } $extra['end_time'] = date('Y-m-d', $end_time) . ' ' . date::time_24h($post['end_hour']) . ':00'; } // update $editing = (bool) $event->id; if ($editing) { $extra['modified'] = date::unix2sql(time()); $extra['modifies'] = (int) $event->modifies + 1; } else { $extra['author_id'] = $this->user->id; } $city = ORM::factory('city', $post['city_id']); if ($city) { $extra['country_id'] = $city->country_id; } if (csrf::valid() && $event->validate($post, true, $extra)) { // Update tags $event->remove(ORM::factory('tag')); if (!empty($post['tags'])) { foreach ($post['tags'] as $tag_id => $tag) { $event->add(ORM::factory('tag', $tag_id)); } $event->save(); } // Handle flyer uploads foreach (array('flyer_front_image_id' => $post->flyer_front, 'flyer_back_image_id' => $post->flyer_back) as $image_id => $flyer) { if (isset($flyer) && empty($flyer['error'])) { $image = Image_Model::factory('events.flyer', $flyer, $this->user->id); if ($image->id) { $event->add($image); $event->{$image_id} = $image->id; $event->save(); } } } if (!$editing) { newsfeeditem_events::event($this->user, $event); } url::redirect(url::model($event)); } else { $form_errors = $post->errors(); } $form_values = arr::overwrite($form_values, $post->as_array()); } /***** /CHECK POST *****/ /***** SHOW FORM *****/ if ($event->id) { $this->page_actions[] = array('link' => url::model($event) . '/delete/?token=' . csrf::token(), 'text' => __('Delete event'), 'class' => 'event-delete'); $this->page_title = text::title($event->name); $this->page_subtitle = __('Edit event'); list($form_values['start_date'], $form_values['start_hour']) = explode(' ', date('Y-m-d H', strtotime($event->start_time))); if (!empty($event->end_time)) { list($temp, $form_values['end_hour']) = explode(' ', date('Y-m-d H', strtotime($event->end_time))); } } else { $this->page_title = __('New event'); } $form = $event->get_form(); // Tags if ($tag_group = Kohana::config('events.tag_group')) { $form['tags'] = $form_values['tags'] = array(); $tags = ORM::factory('tag_group', $tag_group); foreach ($tags->tags as $tag) { $form['tags'][$tag->id] = $tag->name; if ($event->has($tag)) { $form_values['tags'][$tag->id] = $tag->name; } } } // City autocomplete $this->_autocomplete_city('city_name'); // Venue autocomplete $venues = ORM::factory('venue')->where('event_host', '=', 1)->find_all(); $hosts = array(); foreach ($venues as $venue) { $hosts[] = "{ id: '" . $venue->id . "', text: '" . html::chars($venue->name) . "' }"; } widget::add('foot', html::script_source('var venues = [' . implode(', ', $hosts) . "];\n\$('input[name=venue_name]').autocomplete(venues, {\n\tformatItem: function(item) {\n\t\treturn item.text;\n\t}\n}).result(function(event, item) {\n\t\$('input[name=venue_id]').val(item.id);\n});")); // Date pickers widget::add('foot', html::script_source("\$('input#start_date').datepicker({ dateFormat: 'd.m.yy', firstDay: 1, changeFirstDay: false, showOtherMonths: true, showWeeks: true, showStatus: true, showOn: 'both' });")); if (empty($errors)) { widget::add('main', View::factory('events/event_edit', array('form' => $form, 'values' => $form_values, 'errors' => $form_errors))); } else { // $this->_error(Kohana::lang('generic.error'), $errors); } /***** /SHOW FORM *****/ $this->_side_views(); }
/** * Edit venue * * @param integer|string $venue_id * @param integer|string $category_id */ public function _venue_edit($venue_id = false, $category_id = false) { $this->history = false; $venue = new Venue_Model((int) $venue_id); // Check access if (!($venue->loaded() && $venue->has_access(Venue_Model::ACCESS_EDIT)) && !(!$venue->loaded() && $this->visitor->logged_in(array('admin', 'venue moderator', 'venue')))) { url::back('venues'); } $errors = $form_errors = array(); $form_values = $venue->as_array(); // check post if (request::method() == 'post') { $post = array_merge($this->input->post(), $_FILES); $extra = array('author_id' => $this->user->id); // got address, get geocode if (!empty($post['address']) && !empty($post['city_name'])) { list($extra['latitude'], $extra['longitude']) = Gmap::address_to_ll(implode(', ', array($post['address'], $post['zip'], $post['city_name']))); } if (csrf::valid() && $venue->validate($post, true, $extra)) { // handle logo upload if (isset($post->logo) && empty($post->logo['error'])) { $logo = Image_Model::factory('venues.logo', $post->logo, $this->user->id); if ($logo->id) { $venue->add($logo); $venue->default_image_id = $logo->id; $venue->save(); } } // handle picture uploads foreach (array($post->picture1, $post->picture2) as $picture) { if (isset($picture) && empty($picture['error'])) { $image = Image_Model::factory('venues.image', $picture, $this->user->id); if ($image->id) { $venue->add($image); $venue->save(); } } } // update tags $venue->remove(ORM::factory('tag')); if (!empty($post->tags)) { foreach ($post->tags as $tag_id => $tag) { $venue->add(ORM::factory('tag', $tag_id)); } } url::redirect(url::model($venue)); } else { $form_errors = $post->errors(); } $form_values = arr::overwrite($form_values, $post->as_array()); } // editing old? if ($venue_id) { if ($venue->has_access(Venue_Model::ACCESS_DELETE)) { $this->page_actions[] = array('link' => 'venue/' . url::title($venue->id, $venue->name) . '/delete/?token=' . csrf::token(), 'text' => __('Delete venue'), 'class' => 'venue-delete'); } $this->page_subtitle = __('Edit venue'); if (!$venue->id) { $errors = array('venues.error_venue_not_found'); } else { $venue_category = $venue->venue_category; } } else { $this->page_subtitle = __('Add venue'); if ($category_id) { $venue_category = new Venue_Category_Model((int) $category_id); if ($venue_category->id) { $form_values['venue_category_id'] = $venue_category->id; } else { $errors = array('venues.error_venue_category_not_found'); } } } $this->page_actions[] = array('link' => 'venue/' . url::title($venue->id, $venue->name), 'text' => __('Cancel'), 'class' => 'cancel'); $this->breadcrumb[] = html::anchor('/venues/' . url::title($venue_category->id, $venue_category->name), $venue_category->name); if ($venue->id) { $this->breadcrumb[] = html::anchor('/venue/' . url::title($venue->id, $venue->name), $venue->name); } // show form if (empty($errors)) { $form = array(); // tags if ($venue_category->tag_group_id) { $form['tags'] = $form_values['tags'] = array(); foreach ($venue_category->tag_group->tags as $tag) { $form['tags'][$tag->id] = $tag->name; if ($venue->has($tag)) { $form_values['tags'][$tag->id] = $tag->name; } } } $venue_categories = ORM::factory('venue_category')->find_all()->select_list('id', 'name'); $form['venue_category_id'] = $venue_categories; widget::add('main', View_Mod::factory('venues/venue_edit', array('form' => $form, 'values' => $form_values, 'errors' => $form_errors))); // city autocomplete $this->_autocomplete_city(); } else { $this->_error(Kohana::lang('generic.error'), $errors); } $this->_side_views(); }
/** * Test report deletion. * @test * @depends editReport */ public function deleteReport($report_id) { $_POST = array('form_auth_token' => csrf::token(), 'action' => 'delete', 'incident_id' => $report_id, 'task' => 'reports'); ob_start(); $this->api_controller->index(); $contents = json_decode(ob_get_clean()); $this->assertEquals(0, $contents->error->code, $contents->error->message); }