/** * get HTML admin subfields parameters (used to enter object search parameters values in admin) * * @return string : the html admin * @access public */ function getHTMLSubFieldsParametersSearch($language, $prefixName) { global $polymodCodename; $input = ''; //get params values $params = $this->getParamsValues(); $values = $params['searchedObjects']; //get object definition $objectDef = $this->getObjectDefinition(); //load object fields $objectFields = CMS_poly_object_catalog::getFieldsDefinition($this->_objectID); //Add all subobjects or special fields (like categories) to search if any foreach ($objectFields as $fieldID => $field) { //check if field is searchable if ($field->getValue('searchable')) { //check if field has a method to provide a list of names $objectType = $field->getTypeObject(); if (method_exists($objectType, 'getListOfNamesForObject')) { $objectsNames = $objectType->getListOfNamesForObject(false, array(), false); if (is_array($objectsNames) && $objectsNames) { $s_object_listbox = CMS_moduleCategories_catalog::getListBox(array('field_name' => $prefixName . 'searchedObjects[' . $fieldID . ']', 'items_possible' => $objectsNames, 'default_value' => $values[$fieldID], 'attributes' => 'class="admin_input_text" style="width:250px;"')); $input .= ' <tr> <td class="admin" align="right">' . $field->getLabel($language) . ' :</td> <td class="admin">' . $s_object_listbox . '</td> </tr>'; } } } } $input = $input ? '<table border="0" cellpadding="3" cellspacing="0" style="border-left:1px solid #4d4d4d;">' . $input . '</table>' : ''; return $input; }
/** * Get all searched objects ids * * @access private * @return array of object ids unsorted */ protected function _getIds() { $IDs = array(); $statusSuffix = $this->_public ? "_public" : "_edited"; //loop on each conditions foreach ($this->_whereConditions as $type => $typeWhereConditions) { foreach ($typeWhereConditions as $whereConditionsValues) { $value = $whereConditionsValues['value']; $operator = $whereConditionsValues['operator']; $sql = ''; switch ($type) { case "object": //add previously found IDs to where clause $where = $IDs ? ' and id_moo in (' . $this->_getSQLTmpList() . ')' : ''; //to remove deleted objects from results $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tid_moo as objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_object_polyobjects\n\t\t\t\t\twhere\n\t\t\t\t\t\tobject_type_id_moo = '" . $this->_object->getID() . "'\n\t\t\t\t\t\tand deleted_moo = '0'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t"; break; case "item": //add previously found IDs to where clause $where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : ''; //check operator $supportedOperator = array('=', '!=', '>=', '>', '<=', '<'); if ($operator && !in_array($operator, $supportedOperator)) { $this->raiseError("Unknown search operator : " . $operator . ", use default search instead"); $operator = false; } if (!$operator) { $operator = '='; } $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_text" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " '" . $value . "'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " '" . $value . "'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_string" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " '" . $value . "'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_date" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " '" . $value . "'\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t"; break; case "items": //add previously found IDs to where clause $where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : ''; //check operator $supportedOperator = array('in', 'not in'); if ($operator && !in_array($operator, $supportedOperator)) { $this->raiseError("Unknown search operator : " . $operator . ", use default search instead"); $operator = false; } if (!$operator) { $operator = 'in'; } //no values to found so break search if ((!is_array($value) || !$value) && $operator == 'in') { $IDs = array(); break; } //no filter to do so break search if ((!is_array($value) || !$value) && $operator == 'not in') { break; } $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_text" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_string" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\tunion distinct\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_date" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectID " . $operator . " (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t"; break; case "profile": //if user has no right on module, he cannot search object on it if (!$value->hasModuleClearance($this->_object->getValue('module'), CLEARANCE_MODULE_VIEW)) { break; } //if object has categories, check rights on it if ($this->_object->hasCategories()) { //get field of categories for searched object type (assume it uses categories) $categoriesFields = CMS_poly_object_catalog::objectHasCategories($this->_object->getId()); //BUG : in websites without APPLICATION_ENFORCES_ACCESS_CONTROL, backend rights on categories are checked on visibility instead of edition if (!$this->_public) { $clearance = CLEARANCE_MODULE_EDIT; $strict = true; } else { $clearance = CLEARANCE_MODULE_VIEW; $strict = false; } //get a list of all viewvable categories for current user $cats = array_keys(CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($value, $this->_object->getValue('module'), true, $clearance, $strict)); foreach ($categoriesFields as $categoriesField) { //load category field if not exists if (!isset($this->_fieldsDefinitions[$categoriesField]) || !is_object($this->_fieldsDefinitions[$categoriesField])) { //get object fields definition $this->_fieldsDefinitions = CMS_poly_object_catalog::getFieldsDefinition($this->_object->getID()); } if (!isset($this->_fieldsDefinitions[$categoriesField])) { break; } //we can see objects without categories only if is not public or field is not required and user has admin right on module if ($this->_public && !$this->_fieldsDefinitions[$categoriesField]->getValue('required') || !$this->_public && $value->hasModuleClearance($this->_object->getValue('module'), CLEARANCE_MODULE_EDIT)) { //add deleted cats to searchs $viewvableCats = array_merge(CMS_moduleCategories_catalog::getDeletedCategories($this->_object->getValue('module')), $cats); //add zero value for objects without categories $viewvableCats[] = 0; } else { $viewvableCats = $cats; //add zero value for objects without categories $viewvableCats[] = 0; } //if no viewvable categories, user has no rights to view anything if (!$viewvableCats) { break; } $removedIDs = array(); //add previously found IDs to where clause $where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : ''; $sqlTmp = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '" . $categoriesField . "'\n\t\t\t\t\t\t\t\t\tand value not in (" . @implode(',', $viewvableCats) . ")\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t"; $qTmp = new CMS_query($sqlTmp); while ($r = $qTmp->getArray()) { if ($r['objectID'] && isset($IDs[$r['objectID']])) { $removedIDs[$r['objectID']] = $r['objectID']; } } //add (again) ids which has a category visible and a category not visible if ($removedIDs) { $sqlTmp = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\tobjectFieldID = '" . $categoriesField . "'\n\t\t\t\t\t\t\t\t\t\tand value in (" . @implode(',', $viewvableCats) . ")\n\t\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t"; $qTmp = new CMS_query($sqlTmp); while ($r = $qTmp->getArray()) { if ($r['objectID'] && isset($removedIDs[$r['objectID']])) { unset($removedIDs[$r['objectID']]); } } //then finally remove ids foreach ($removedIDs as $idToRemove) { unset($IDs[$idToRemove]); } } //if no IDs break if (!$IDs) { break; } //if field is required and if it is a public search, object must have this category in DB if ($this->_fieldsDefinitions[$categoriesField]->getValue('required') && $this->_public) { //update tmp table with found ids $this->_updateTmpList($IDs); $sqlTmp = "\n\t\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t\tobjectFieldID = '" . $categoriesField . "'\n\t\t\t\t\t\t\t\t\t\tand objectID in (" . $this->_getSQLTmpList() . ")\n\t\t\t\t\t\t\t\t"; $qTmp = new CMS_query($sqlTmp); $IDs = array(); while ($r = $qTmp->getArray()) { $IDs[$r['objectID']] = $r['objectID']; } } //if no IDs break if (!$IDs) { break; } } //if no IDs break if (!$IDs) { break; } } elseif (!$this->_public && !$value->hasModuleClearance($this->_object->getValue('module'), CLEARANCE_MODULE_EDIT)) { break; } elseif ($this->_public && !$value->hasModuleClearance($this->_object->getValue('module'), CLEARANCE_MODULE_VIEW)) { break; } //update tmp table with found ids $this->_updateTmpList($IDs); //add previously found IDs to where clause $where = $IDs ? ' id_moo in (' . $this->_getSQLTmpList() . ')' : ''; $sql = "\n\t\t\t\t\t\tselect\n\t\t\t\t\t\t\tdistinct id_moo as objectID\n\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\tmod_object_polyobjects\n\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t"; break; case "keywords": if ($value) { //check operators $supportedOperator = array('any', 'all', 'phrase', 'beginswith'); if ($operator && !in_array($operator, $supportedOperator)) { $this->raiseError("Unkown search operator : " . $operator . ", use default search instead"); $operator = 'any'; } elseif (!$operator) { $operator = 'any'; } //if ASE module exists (and is active) and object is indexed, and search is public, use it to do this search if ($operator == 'any' && class_exists('CMS_module_ase') && CMS_module_ase::isActive() && $this->_object->getValue('indexable') && $this->_public) { //get language code for stemming $languageCode = ''; if ($languageFieldIDs = CMS_poly_object_catalog::objectHasLanguageField($this->_object->getID())) { $languageFieldID = array_shift($languageFieldIDs); //if any query use this field, use the queried value for stemming strategy if (isset($this->_whereConditions[$languageFieldID]) && $this->_whereConditions[$languageFieldID]) { $languageCode = $this->_whereConditions[$languageFieldID][0]['value']; } } //otherwise, we use current language if (!$languageCode) { global $cms_language; $languageCode = $cms_language->getCode(); } if (!$languageCode) { $languageCode = io::strtolower(APPLICATION_DEFAULT_LANGUAGE); } $module = $this->_object->getValue('module'); //create Xapian search object $search = new CMS_XapianQuery(trim($value), array($module), $languageCode, true); //load module interface if (!($moduleInterface = CMS_ase_interface_catalog::getModuleInterface($module))) { $this->raiseError('No active Xapian interface for module : ' . $module); return false; } //add previously found IDs to search filters $moduleInterface->addFilter('items', $IDs); //set module interface to search engine $search->setModuleInterface($module, $moduleInterface); //set page number and max results for xapian query //we must do a complete search all the time so we start from page 0 $page = 0; //we limit to a maximum of 1000 results $maxResults = 1000; //then search if (!$search->query($page, $maxResults)) { $this->raiseError('Error in Xapian query for search : ' . io::htmlspecialchars($value)); return false; } //pr($search->getQueryDesc(true)); //if no results : break if (!$search->getMatchesNumbers()) { break; } $xapianResults = $search->getMatches(); } else { //get fields if (!isset($this->_fieldsDefinitions[$type]) || !is_object($this->_fieldsDefinitions[$type])) { //get object fields definition $this->_fieldsDefinitions = CMS_poly_object_catalog::getFieldsDefinition($this->_object->getID()); } //search only in "searchable" fields $fields = array(); $aseExists = class_exists('CMS_module_ase') && CMS_module_ase::isActive() && $this->_object->getValue('indexable') ? true : false; foreach ($this->_fieldsDefinitions as $fieldDefinition) { if ($fieldDefinition->getValue($aseExists ? 'indexable' : 'searchable')) { $fields[] = $fieldDefinition->getID(); } } if (!$fields) { //if no fields after cleaning, return break; } //add previously found IDs to where clause $where = $IDs ? ' objectID in (' . $this->_getSQLTmpList() . ') and ' : ''; //filter on specified fields $where .= $fields ? ' objectFieldID in (' . implode(',', $fields) . ') and ' : ''; //clean user keywords (never trust user input, user is evil) $value = strtr($value, ",;", " "); $words = array(); $words = array_map("trim", array_unique(explode(" ", $value))); $cleanedWords = array(); foreach ($words as $aWord) { if ($aWord && $aWord != '' && io::strlen($aWord) >= 3) { $aWord = str_replace(array('%', '_'), array('\\%', '\\_'), $aWord); $cleanedWords[] = $aWord; } } if (!$cleanedWords) { //if no words after cleaning, return break; } switch ($operator) { case 'any': $where .= '('; //then add keywords $count = '0'; foreach ($cleanedWords as $aWord) { $where .= $count ? ' or ' : ''; $count++; $where .= "value like '%" . $aWord . "%'"; if (htmlentities($aWord) != $aWord) { $where .= " or value like '%" . htmlentities($aWord) . "%'"; } } $where .= ')'; break; case 'all': $where .= '('; //then add keywords $count = '0'; foreach ($cleanedWords as $aWord) { $where .= $count ? ' and ' : ''; $count++; if (htmlentities($aWord) != $aWord) { $where .= "(value like '%" . $aWord . "%' or value like '%" . htmlentities($aWord) . "%')"; } else { $where .= "value like '%" . $aWord . "%'"; } } $where .= ')'; break; case 'phrase': $value = str_replace(array('%', '_'), array('\\%', '\\_'), trim($value)); if (htmlentities($value) != $value) { $where .= "(value like '%" . $value . "%' or value like '%" . htmlentities($value) . "%')"; } else { $where .= "value like '%" . $value . "%'"; } break; case 'beginswith': $value = str_replace(array('%', '_'), array('\\%', '\\_'), trim($value)); if (htmlentities($value) != $value) { $where .= "(value like '" . $value . "%' or value like '" . htmlentities($value) . "%')"; } else { $where .= "value like '" . $value . "%'"; } break; } $sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_text" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\tunion distinct\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\tunion distinct\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_string" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\tunion distinct\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_date" . $statusSuffix . "\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t"; } } break; case "publication date after": // Date start //add previously found IDs to where clause $where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : ''; $sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\tand publicationDateStart_rs >= '" . $value->getDBValue(true) . "'\n\t\t\t\t\t\t\t\tand publicationDateStart_rs != '0000-00-00'\n\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t"; break; case "publication date before": // Date End //add previously found IDs to where clause $where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : ''; $sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\tand publicationDateStart_rs <= '" . $value->getDBValue(true) . "'\n\t\t\t\t\t\t\t\tand publicationDateStart_rs != '0000-00-00'\n\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t"; break; case "publication date end": // End Date of publication //add previously found IDs to where clause $where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : ''; $sql = "\n\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\tand (publicationDateEnd_rs >= '" . $value->getDBValue(true) . "'\n\t\t\t\t\t\t\t\tor publicationDateEnd_rs = '0000-00-00')\n\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t"; break; case "status": // Publication status //add previously found IDs to where clause $where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : ''; switch ($value) { case 'online': $sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\t\tand location_rs='" . RESOURCE_LOCATION_USERSPACE . "'\n\t\t\t\t\t\t\t\t\tand publication_rs='" . RESOURCE_PUBLICATION_PUBLIC . "'\n\t\t\t\t\t\t\t\t\tand publicationDateStart_rs <= '" . date('Y-m-d') . "'\n\t\t\t\t\t\t\t\t\tand publicationDateStart_rs != '0000-00-00'\n\t\t\t\t\t\t\t\t\tand (publicationDateEnd_rs >= '" . date('Y-m-d') . "'\n\t\t\t\t\t\t\t\t\tor publicationDateEnd_rs = '0000-00-00')\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t"; break; case 'offline': $sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\t\tand (publication_rs='" . RESOURCE_PUBLICATION_NEVERVALIDATED . "' or publication_rs='" . RESOURCE_PUBLICATION_VALIDATED . "')\n\t\t\t\t\t\t\t\t\tand (publicationDateStart_rs > '" . date('Y-m-d') . "' or publicationDateEnd_rs < '" . date('Y-m-d') . "')\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t"; break; case 'validated': $sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\t\tand editions_rs=0\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t"; break; case 'awaiting': $sql = "\n\t\t\t\t\t\t\t\tselect\n\t\t\t\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\t\t\t\tfrom\n\t\t\t\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\t\t\t\tresources,\n\t\t\t\t\t\t\t\t\tresourceStatuses\n\t\t\t\t\t\t\t\twhere\n\t\t\t\t\t\t\t\t\tobjectFieldID = '0'\n\t\t\t\t\t\t\t\t\tand value = id_res\n\t\t\t\t\t\t\t\t\tand status_res=id_rs\n\t\t\t\t\t\t\t\t\tand editions_rs!=0\n\t\t\t\t\t\t\t\t\t{$where}\n\t\t\t\t\t\t\t\t"; break; } break; default: //add previously found IDs to where clause $where = $IDs ? ' and objectID in (' . $this->_getSQLTmpList() . ')' : ''; if (!isset($this->_fieldsDefinitions[$type]) || !is_object($this->_fieldsDefinitions[$type])) { //get object fields definition $this->_fieldsDefinitions = CMS_poly_object_catalog::getFieldsDefinition($this->_object->getID()); } //get type object for field if (isset($this->_fieldsDefinitions[$type])) { $objectField = $this->_fieldsDefinitions[$type]->getTypeObject(); $sql = $objectField->getFieldSearchSQL($type, $value, $operator, $where, $this->_public); } else { $this->raiseError('Unknown field ' . $type . ' to filter with value ' . print_r($value, true)); } break; } if ($sql || isset($xapianResults) || isset($fullTextResults)) { if ($sql) { //pr($sql); //$this->raiseError($sql); $q = new CMS_query($sql); $IDs = array(); if (!$q->hasError()) { while ($id = $q->getValue('objectID')) { $IDs[$id] = $id; } } } elseif (isset($xapianResults)) { $IDs = array(); foreach ($xapianResults as $id) { $IDs[$id] = $id; } //if we only have objectID as orderCondition or if order by relevance is queried, use order provided by Xapian if (isset($this->_orderConditions['objectID']) && $this->_orderConditions['objectID'] && sizeof($this->_orderConditions) <= 1 || isset($this->_orderConditions['relevance']) && $this->_orderConditions['relevance']) { if ($this->_orderConditions['relevance'] == 'desc') { $this->_orderConditions = array('itemsOrdered' => array('order' => array_reverse($IDs, true))); } else { $this->_orderConditions = array('itemsOrdered' => array('order' => $IDs)); } if (isset($this->_orderConditions['relevance']) && $this->_orderConditions['relevance']) { unset($this->_orderConditions['relevance']); } } } else { //if we only have objectID as orderCondition or if order by relevance is queried, use order provided by MySQL Fulltext if (isset($this->_orderConditions['relevance']) && $this->_orderConditions['relevance']) { if ($this->_orderConditions['relevance'] == 'desc') { $this->_orderConditions = array('itemsOrdered' => array('order' => array_reverse($fullTextResults, true))); } else { $this->_orderConditions = array('itemsOrdered' => array('order' => $fullTextResults)); } unset($this->_orderConditions['relevance']); } } //if no results, no need to continue if (!$IDs) { $IDs = array(); $this->_numRows = 0; return $IDs; } //update tmp table with found ids $this->_updateTmpList($IDs); } else { //if no sql request, then no results (can be used by 'profile'), no need to continue $IDs = array(); $this->_numRows = sizeof($IDs); return $IDs; } } } $this->_numRows = sizeof($IDs); return $IDs; }
<tr> <td width="150" class="admin"> ' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_LANGUAGE) . ' :</td> <td width="350" class="admin">'; $all_languages = CMS_languagesCatalog::getAllLanguages(MOD_CMS_FORMS_CODENAME); foreach ($all_languages as $aLanguage) { $checked = $aLanguage->getCode() == $items_language->getCode() ? ' checked="checked"' : ''; $content .= ' <label><input name="items_language" type="radio" value="' . $aLanguage->getCode() . '"' . $checked . ' onclick="submit();" /> ' . $aLanguage->getLabel() . '</label>'; } $content .= '</td> </tr>'; // Categories $a_all_categories = CMS_forms_formularCategories::getAllCategoriesAsArray($cms_language, true); if (sizeof($a_all_categories)) { $s_categories_listbox = CMS_moduleCategories_catalog::getListBox(array('field_name' => 'items_ctg', 'items_possible' => $a_all_categories, 'default_value' => CMS_session::getSessionVar("items_ctg"), 'attributes' => 'class="admin_input_text" style="width:250px;"')); $content .= ' <tr> <td class="admin">' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_CATEGORY, false, MOD_CMS_FORMS_CODENAME) . ' :</td> <td class="admin">' . $s_categories_listbox . '</td> </tr>'; } $content .= ' <tr> <td class="admin" colspan="2"> <input type="submit" class="admin_input_submit" value="' . $cms_language->getMessage(MESSAGE_PAGE_ACTION_SHOW) . '" /></td> </tr> </form> </table></fieldset><br />'; $content .= $cms_language->getMessage(MESSAGE_PAGE_HEADING1, false, MOD_CMS_FORMS_CODENAME) . '<br /><br />'; $items = $search->search();
/** * Import module from given array datas * * @param array $data The module datas to import * @param array $params The import parameters. * array( * create => false|true : create missing objects (default : true) * update => false|true : update existing objects (default : true) * files => false|true : use files from PATH_TMP_FS (default : true) * ) * @param CMS_language $cms_language The CMS_langage to use * @param array $idsRelation : Reference : The relations between import datas ids and real imported ids * @param string $infos : Reference : The import infos returned * @return boolean : true on success, false on failure * @access public */ function fromArray($data, $params, $cms_language, &$idsRelation, &$infos) { if (!$this->getID()) { if (!isset($params['create']) || $params['create'] == true) { //if module does not exists yet, add codename and default admin frontend $this->setCodename($data['codename']); $this->setAdminFrontend('index.php'); } else { $infos .= 'Module does not exists and parameter does not allow to create it ...' . "\n"; return false; } } if (!$this->getID() && (!isset($params['create']) || $params['create'] == true) || $this->getID() && (!isset($params['update']) || $params['update'] == true)) { if (isset($data['labels'])) { //create labels $this->setLabel($cms_language->createMessage($this->_codename, $data['labels'])); } if (!$this->writeToPersistence()) { $infos .= 'Error writing module ...' . "\n"; return false; } elseif (isset($data['parameters']) && is_array($data['parameters']) && $data['parameters']) { //write module parameters $this->_hasParameters = 1; $filename = PATH_MODULES_FS . "/" . $this->_codename . "_rc.xml"; if (!file_exists($filename)) { $file = new CMS_file($filename); $file->writeToPersistence(true); } $this->setAndWriteParameters($data['parameters']); $this->writeToPersistence(); } } //append codename to parameters $params['module'] = $this->_codename; //add categories if (isset($data['categories']) && $data['categories']) { if (!CMS_moduleCategories_catalog::fromArray($data['categories'], $params, $cms_language, $idsRelation, $infos)) { $infos .= 'Error during categories import ...' . "\n"; return false; } } if (!isset($params['files']) || $params['files'] == true) { //add JS if (isset($data['js']) && $data['js']) { foreach ($data['js'] as $jsFile) { if ($jsFile && file_exists(PATH_TMP_FS . $jsFile)) { if (file_exists(PATH_REALROOT_FS . $jsFile) && (!isset($params['updateJs']) || $params['updateJs'] == true) || (!isset($params['create']) || $params['create'] == true)) { if (CMS_file::moveTo(PATH_TMP_FS . $jsFile, PATH_REALROOT_FS . $jsFile)) { CMS_file::chmodFile(FILES_CHMOD, PATH_REALROOT_FS . $jsFile); } else { $infos .= 'Error during copy of file ' . $jsFile . ' ...' . "\n"; } } } } } } if (!isset($params['files']) || $params['files'] == true) { //add CSS if (isset($data['css']) && $data['css']) { foreach ($data['css'] as $cssFile) { if ($cssFile && file_exists(PATH_TMP_FS . $cssFile)) { if (file_exists(PATH_REALROOT_FS . $cssFile) && (!isset($params['updateCss']) || $params['updateCss'] == true) || (!isset($params['create']) || $params['create'] == true)) { if (CMS_file::moveTo(PATH_TMP_FS . $cssFile, PATH_REALROOT_FS . $cssFile)) { CMS_file::chmodFile(FILES_CHMOD, PATH_REALROOT_FS . $cssFile); } else { $infos .= 'Error during copy of file ' . $cssFile . ' ...' . "\n"; } } } } } } if (!isset($params['files']) || $params['files'] == true) { //add IMG if (isset($data['img']) && $data['img']) { foreach ($data['img'] as $imgFile) { if ($imgFile && file_exists(PATH_TMP_FS . $imgFile)) { if (file_exists(PATH_REALROOT_FS . $imgFile) && (!isset($params['updateImg']) || $params['updateImg'] == true) || (!isset($params['create']) || $params['create'] == true)) { if (CMS_file::moveTo(PATH_TMP_FS . $imgFile, PATH_REALROOT_FS . $imgFile)) { CMS_file::chmodFile(FILES_CHMOD, PATH_REALROOT_FS . $imgFile); } else { $infos .= 'Error during copy of file ' . $imgFile . ' ...' . "\n"; } } } } } } if (!isset($params['files']) || $params['files'] == true) { //add rows if (isset($data['rows']) && $data['rows']) { if (!CMS_rowsCatalog::fromArray($data['rows'], $params, $cms_language, $idsRelation, $infos)) { $infos .= 'Error during rows import ...' . "\n"; return false; } } } return true; }
/** * filter array of categories ID with user clearance * * @param array $categories, IDs of categories to filter * @param integer $clearance, default is CLEARANCE_MODULE_VIEW * @param string $module : the module codename * @param boolean $strict : strict filtering of categories : do not allow parent categories of lower levels * @return array * @access public */ function filterModuleCategoriesClearance($categories, $clearance = CLEARANCE_MODULE_VIEW, $module = false, $strict = false) { if (!is_array($categories)) { return array(); } $filteredCategories = array(); //get denied cats (including deleted cats) $deniedCats = $this->getRootModuleCategoriesDenied($module); if (!is_array($deniedCats)) { $deniedCats = array(); } if (!$strict) { switch ($clearance) { case CLEARANCE_MODULE_VIEW: $matchingCats = $this->getRootModuleCategoriesReadable($module); break; case CLEARANCE_MODULE_EDIT: $matchingCats = $this->getRootModuleCategoriesWritable($module); break; case CLEARANCE_MODULE_MANAGE: $matchingCats = $this->getRootModuleCategoriesManagable($module); break; } if (!is_array($matchingCats)) { $matchingCats = array(); } if ($this->hasAdminClearance(CLEARANCE_ADMINISTRATION_EDITVALIDATEALL)) { //only remove catsDenied foreach ($deniedCats as $deniedCatID) { unset($categories[$deniedCatID]); } return $categories; } //construct n level tree with all of these categories and array of lineages $nLevelArray = array(); foreach ($categories as $catID) { //get category lineage $lineage = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($catID); if ($lineage) { $lineageArray[$catID] = $lineage; //then create n level table $ln = sensitiveIO::sanitizeExecCommand('if (!isset($nLevelArray[' . str_replace(';', '][', $lineage) . '])) $nLevelArray[' . str_replace(';', '][', $lineage) . '] = array();'); eval($ln); } } $filteredCategories = $this->_filterModuleCategoriesClearanceRecursion($nLevelArray, $matchingCats, $deniedCats, false); $returnedFilteredCategories = array(); foreach ($filteredCategories as $catID) { $returnedFilteredCategories[$catID] = $catID; } } else { $returnedFilteredCategories = array(); foreach ($categories as $catID) { if (!in_array($catID, $deniedCats) && $this->hasModuleCategoryClearance($catID, $clearance, $module)) { $returnedFilteredCategories[$catID] = $catID; } } } return $returnedFilteredCategories; }
/** * Builds where statement with a key and its value * The key can be known, this class will create statements in consequence * or not known so key is understood as a field name and this * method will append a statement such $key='$value' * * @access public * @param string $key name of statement to set * @param string $value , the value to give */ function addWhereCondition($type, $value) { switch ($type) { case "language": array_push($this->_where, "language_frm='" . SensitiveIO::sanitizeSQLString($value->getCode()) . "'"); break; case "profile": if (APPLICATION_ENFORCES_ACCESS_CONTROL != false) { $a_where = CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($value, MOD_CMS_FORMS_CODENAME, true); array_push($this->_tables, "modulesCategories"); array_push($this->_where, "id_mca=category_fca"); array_push($this->_tables, "mod_cms_forms_categories"); array_push($this->_where, "id_frm=form_fca"); if (sizeof($a_where)) { $a_where = array_keys($a_where); array_push($this->_where, 'category_fca in (' . @implode(',', $a_where) . ')'); } else { $a_where = array_keys($a_where); array_push($this->_where, 'category_fca = NULL'); } } break; case "category": $value = $this->_sanitizeSQLString($value); if (SensitiveIO::isPositiveInteger($value) && ($s_lineage = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($value))) { array_push($this->_tables, "modulesCategories"); array_push($this->_tables, "mod_cms_forms_categories"); array_push($this->_where, "id_mca=category_fca"); array_push($this->_where, "id_frm=form_fca"); array_push($this->_where, "(lineage_mca = '" . SensitiveIO::sanitizeSQLString($s_lineage) . "' or lineage_mca like '" . SensitiveIO::sanitizeSQLString($s_lineage) . ";%')"); } break; case "keywords": $value = $this->_sanitizeSQLString($value); $kwrds = @explode(" ", $value); $kwrds = SensitiveIO::sanitizeSQLString(@implode("%", $kwrds)); if (trim($kwrds) != '%') { array_push($this->_where, "name_frm like '%" . $kwrds . "%'"); } break; default: $value = $this->_sanitizeSQLString($value); array_push($this->_where, $type . "='" . SensitiveIO::sanitizeSQLString($value) . "'"); break; } $this->_tables = @array_unique($this->_tables); $this->_where = @array_unique($this->_where); }
if ($cms_message) { $dialog->setActionMessage($cms_message); } // Insert prefered text editor for textarea field $toolbarset = !$cms_module->getParameters("editor_toolbar") ? 'Basic' : $cms_module->getParameters("editor_toolbar"); $attrs = array('form' => 'frmitem', 'field' => 'source_' . $item->getID(), 'value' => $item->getAttribute('source'), 'language' => $cms_language, 'width' => 600, 'height' => 600, 'rows' => 8, 'toolbarset' => $toolbarset); $text_editor = CMS_textEditor::getEditorFromParams($attrs); $dialog->setJavascript($text_editor->getJavascript()); // Get listboxes for categories $a_all_categories = CMS_moduleCategories_catalog::getAllCategoriesAsArray($cms_user, $cms_module->getCodename(), $cms_language); if (!sizeof($a_all_categories)) { //user has no right on categories so he can't edit/create items header("Location: " . $cms_module->getAdminFrontendPath(PATH_RELATIVETO_WEBROOT) . "?cms_message_id=65&" . session_name() . "=" . session_id()); exit; } $s_categories_listboxes = CMS_moduleCategories_catalog::getListBoxes(array('field_name' => 'ids', 'items_possible' => $a_all_categories, 'items_selected' => $item_relations->getCategoriesIds(), 'select_width' => '250px', 'select_height' => '120px', 'form_name' => 'frmitem')); // Default check statuses for radios $public = array(); $public[1] = $item->getAttribute('public') === true ? ' checked="checked"' : ''; $public[0] = $item->getAttribute('public') === false ? ' checked="checked"' : ''; $content = ' <table border="0" cellpadding="3" cellspacing="2"> <form name="frmitem" action="' . $_SERVER["SCRIPT_NAME"] . '" method="post" enctype="multipart/form-data" onSubmit="getSelectedOptionsInField_ids();"> <input type="hidden" name="cms_action" value="validate" /> <input type="hidden" name="language" value="' . CMS_session::getSessionVar("items_language") . '" /> <input id="itemId" type="hidden" name="item" value="' . $item->getID() . '" /> <tr> <td class="admin" align="right"> <span class="admin_text_alert">*</span> ' . $cms_language->getMessage(MESSAGE_PAGE_FIELD_LABEL, false, MOD_CMS_FORMS_CODENAME) . ' :</td> <td class="admin"> <input type="text" size="30" class="admin_input_text" name="name" value="' . io::htmlspecialchars($item->getAttribute('name')) . '" /></td>
/** * Get field search SQL request (used by class CMS_object_search) * * @param integer $fieldID : this field id in object (aka $this->_field->getID()) * @param integer $value : the category value to search * @param string $operator : additionnal search operator * @param string $where : where clauses to add to SQL * @param boolean $public : values are public or edited ? (default is edited) * @return string : the SQL request * @access public */ function getFieldSearchSQL($fieldID, $value, $operator, $where, $public = false) { $statusSuffix = $public ? "_public" : "_edited"; $supportedOperator = array('editableOnly', 'strict', 'not in', 'not in strict'); if ($operator && !in_array($operator, $supportedOperator)) { $this->raiseError("Unkown search operator : " . $operator . ", use default search instead"); $operator = false; } if ($operator == 'editableOnly') { global $cms_user; //get module codename $moduleCodename = CMS_poly_object_catalog::getModuleCodenameForField($this->_field->getID()); //get a list of all viewvable categories for current user $editableCats = array_keys(CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($cms_user, $moduleCodename, true, true)); //if no viewvable categories, user has no rights to view anything if (!$editableCats) { return false; } //add previously found IDs to where clause $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand value in (" . @implode(',', $editableCats) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t"; $q = new CMS_query($sql); $IDs = array(); if (!$q->hasError()) { while ($id = $q->getValue('objectID')) { $IDs[$id] = $id; } } //if no results, no need to continue if (!$IDs) { return false; } $where = $IDs ? ' and objectID in (' . implode(',', $IDs) . ')' : ''; } if ($value == CMS_moduleCategory::LINEAGE_PARK_POSITION) { //if it is a public search, and field is mandatory, no objects should be returned if ($this->_field->getValue('required') && $public) { return false; } $module = CMS_poly_object_catalog::getModuleCodenameForField($fieldID); //add deleted cats to searchs $viewvableCats = CMS_moduleCategories_catalog::getDeletedCategories($module); //add zero value for objects without categories $viewvableCats[] = 0; //get object type id $objectID = CMS_poly_object_catalog::getObjectIDForField($fieldID); //first we get objects with deleted or no categories (value 0) $sqlTmp = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct objectID\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\tand value in (" . implode(',', $viewvableCats) . ")\n\t\t\t\t\t{$where}\n\t\t\t\t"; $qTmp = new CMS_query($sqlTmp); $deletedIDs = array(); while ($r = $qTmp->getArray()) { if ($r['objectID']) { $deletedIDs[$r['objectID']] = $r['objectID']; } } //then if we get objects with no categories at all (not referenced in mod_subobject_integer table) $sqlTmp = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct objectID\n\t\t\t\tfrom\n\t\t\t\t\tmod_subobject_integer" . $statusSuffix . "\n\t\t\t\twhere\n\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t{$where}\n\t\t\t\t"; $qTmp = new CMS_query($sqlTmp); $noCatsIDs = $catsIDs = array(); while ($r = $qTmp->getArray()) { if ($r['objectID']) { $catsIDs[$r['objectID']] = $r['objectID']; } } $IDs = array(); if (preg_match_all('#\\d+#', $where, $IDs)) { $IDs = array_shift($IDs); } $noCatsIDs = array_diff($IDs, $catsIDs); $IDs = array_merge($deletedIDs, $noCatsIDs); //if no results, no need to continue if (!$IDs) { return false; } //then we mix the too results and we return it as a fake SQL request to keep system compatibility $sql = "\n\t\t\t\tselect\n\t\t\t\t\tdistinct id_moo as objectID\n\t\t\t\tfrom\n\t\t\t\t\tmod_object_polyobjects\n\t\t\t\twhere \n\t\t\t\t\tid_moo in (" . implode(',', $IDs) . ")\n\t\t\t\t"; } else { if ($operator == 'strict') { if (!is_array($value)) { $value = array($value); } //get categories searched $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand id_mca = value\n\t\t\t\t\t\tand value in (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t"; } elseif ($operator == 'not in strict') { if (!is_array($value)) { $value = array($value); } //get categories searched $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand id_mca = value\n\t\t\t\t\t\tand value not in (" . implode(',', $value) . ")\n\t\t\t\t\t\t{$where}\n\t\t\t\t\t"; } else { if (!is_array($value)) { $value = array($value); } $lineages = array(); foreach ($value as $catID) { if ($catID) { //get lineage of category searched $lineages[] = CMS_moduleCategories_catalog::getLineageOfCategoryAsString($catID); } } $sql = ''; if ($operator == 'not in') { foreach ($lineages as $lineage) { $sql .= $sql ? ' and ' : ''; $sql .= "\n\t\t\t\t\t\tlineage_mca != '" . SensitiveIO::sanitizeSQLString($lineage) . "'\n\t\t\t\t\t\tand lineage_mca not like '" . SensitiveIO::sanitizeSQLString($lineage) . ";%' "; } } else { foreach ($lineages as $lineage) { $sql .= $sql ? ' or ' : ''; $sql .= "\n\t\t\t\t\t\tlineage_mca = '" . SensitiveIO::sanitizeSQLString($lineage) . "'\n\t\t\t\t\t\tor lineage_mca like '" . SensitiveIO::sanitizeSQLString($lineage) . ";%' "; } } $sql = "\n\t\t\t\t\tselect\n\t\t\t\t\t\tdistinct objectID\n\t\t\t\t\tfrom\n\t\t\t\t\t\tmod_subobject_integer" . $statusSuffix . ",\n\t\t\t\t\t\tmodulesCategories\n\t\t\t\t\twhere\n\t\t\t\t\t\tobjectFieldID = '" . $fieldID . "'\n\t\t\t\t\t\tand id_mca=value\n\t\t\t\t\t\t" . ($sql ? " and (" . $sql . ") " : '') . "\n\t\t\t\t\t\t{$where}"; } } return $sql; }
/** * Destroy the module * * @return void * @access public */ function destroy() { global $cms_user; // Check module exists and is polymod if (!$this->isDestroyable()) { return false; } // CHECK USED ROWS $rowsIds = CMS_rowsCatalog::getByModules(array($this->_codename), false, false); //delete all module rows foreach ($rowsIds as $rowId) { $row = CMS_rowsCatalog::getByID($rowId); if (is_object($row)) { $row->destroy(); } } // TREAT CATEGORIES $attrs = array("module" => $this->_codename, "language" => CMS_languagesCatalog::getDefaultLanguage(), "level" => -1, "root" => -1, "cms_user" => $cms_user, "clearanceLevel" => CLEARANCE_MODULE_EDIT, "strict" => false); $cats = CMS_moduleCategories_catalog::getAll($attrs); if ($cats) { foreach ($cats as $cat) { // Destroy category $cat->destroy(); } } // TREAT MODULE & VALIDATIONS RIGHTS $sql = "\n\t\t\tselect \n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tprofiles\n\t\t\twhere\n\t\t\t\tmoduleClearancesStack_pr like '" . io::sanitizeSQLString($this->_codename) . ",%'\n\t\t\t\t or moduleClearancesStack_pr like '%;" . io::sanitizeSQLString($this->_codename) . ",%'\n\t\t "; $q = new CMS_query($sql); if ($q->getNumRows()) { while ($r = $q->getArray()) { $stack = new CMS_stack(); $stack->setTextDefinition($r['moduleClearancesStack_pr']); $stack->delAllWithOneKey($this->_codename); $qInsert = new CMS_query("update profiles set moduleClearancesStack_pr='" . io::sanitizeSQLString($stack->getTextDefinition()) . "' where id_pr='" . $r['id_pr'] . "'"); } } $sql = "\n\t\t\tselect \n\t\t\t\t*\n\t\t\tfrom\n\t\t\t\tprofiles\n\t\t\twhere\n\t\t\t\tvalidationClearancesStack_pr like '" . io::sanitizeSQLString($this->_codename) . ";%'\n\t\t\t\t or validationClearancesStack_pr like '%;" . io::sanitizeSQLString($this->_codename) . ";%'\n\t\t\t\t or validationClearancesStack_pr = '" . io::sanitizeSQLString($this->_codename) . "'\n\t\t\t"; $q = new CMS_query($sql); if ($q->getNumRows()) { while ($r = $q->getArray()) { $stack = new CMS_stack(); $stack->setTextDefinition($r['validationClearancesStack_pr']); $stack->delAllWithOneKey($this->_codename); $qInsert = new CMS_query("update profiles set validationClearancesStack_pr='" . io::sanitizeSQLString($stack->getTextDefinition()) . "' where id_pr='" . $r['id_pr'] . "'"); } } //remove module files if (CMS_file::deltreeSimulation(PATH_MODULES_FILES_FS . '/' . $this->_codename, true)) { CMS_file::deltree(PATH_MODULES_FILES_FS . '/' . $this->_codename, true); } //remove JS and CSS if (is_dir(PATH_JS_FS . '/modules/' . $this->_codename) && CMS_file::deltreeSimulation(PATH_JS_FS . '/modules/' . $this->_codename, true)) { CMS_file::deltree(PATH_JS_FS . '/modules/' . $this->_codename, true); } if (is_dir(PATH_CSS_FS . '/modules/' . $this->_codename) && CMS_file::deltreeSimulation(PATH_CSS_FS . '/modules/' . $this->_codename, true)) { CMS_file::deltree(PATH_CSS_FS . '/modules/' . $this->_codename, true); } $cssFiles = $this->getCSSFiles('', true); foreach ($cssFiles as $mediaCssFiles) { foreach ($mediaCssFiles as $cssFile) { CMS_file::deleteFile(PATH_REALROOT_FS . '/' . $cssFile); } } //Clear polymod cache //CMS_cache::clearTypeCacheByMetas('polymod', array('module' => $this->_codename)); CMS_cache::clearTypeCache('polymod'); // Destroy module return parent::destroy(); }
/** * Import module from given array datas * * @param array $data The module datas to import * @param array $params The import parameters. * array( * module => false|true : the module to create categories (required) * create => false|true : create missing objects (default : true) * update => false|true : update existing objects (default : true) * files => false|true : use files from PATH_TMP_FS (default : true) * ) * @param CMS_language $cms_language The CMS_langage to use * @param array $idsRelation : Reference : The relations between import datas ids and real imported ids * @param string $infos : Reference : The import infos returned * @return boolean : true on success, false on failure * @access public */ static function fromArray($data, $params, $cms_language, &$idsRelation, &$infos) { if (!isset($params['module'])) { $infos .= 'Error : missing module codename for categories importation ...' . "\n"; return false; } $module = CMS_modulesCatalog::getByCodename($params['module']); if ($module->hasError()) { $infos .= 'Error : invalid module for categories importation : ' . $params['module'] . "\n"; return false; } $return = true; foreach ($data as $categoryDatas) { $importType = ''; if (isset($categoryDatas['uuid']) && ($id = CMS_moduleCategories_catalog::categoryExists($params['module'], $categoryDatas['uuid']))) { //category already exist : load it if we can update it if (!isset($params['update']) || $params['update'] == true) { $category = CMS_moduleCategories_catalog::getByID($id); $importType = ' (Update)'; } } else { //create new category if we can if (!isset($params['create']) || $params['create'] == true) { //if category to create has parent, try to get it if (isset($categoryDatas['parent']) && $categoryDatas['parent']) { //check for uuid translation if (isset($idsRelation['categories-uuid'][$categoryDatas['parent']])) { $categoryDatas['parent'] = $idsRelation['categories-uuid'][$categoryDatas['parent']]; } //parent already exist : load it $parentId = CMS_moduleCategories_catalog::categoryExists($params['module'], $categoryDatas['parent']); } if (isset($categoryDatas['root']) && $categoryDatas['root']) { //check for uuid translation if (isset($idsRelation['categories-uuid'][$categoryDatas['root']])) { $categoryDatas['root'] = $idsRelation['categories-uuid'][$categoryDatas['root']]; } //root already exist : load it $rootId = CMS_moduleCategories_catalog::categoryExists($params['module'], $categoryDatas['root']); } //create category $category = new CMS_moduleCategory(0, $cms_language); $importType = ' (Creation)'; //set module $category->setAttribute('moduleCodename', $params['module']); if (isset($rootId)) { $category->setAttribute('rootID', $rootId); } if (isset($parentId)) { $category->setAttribute('parentID', $parentId); } } } if (isset($category)) { if ($category->fromArray($categoryDatas, $params, $cms_language, $idsRelation, $infos)) { $return &= true; $infos .= 'Category "' . $category->getLabel($cms_language) . '" successfully imported' . $importType . "\n"; } else { $return = false; $infos .= 'Error during import of category ' . $categoryDatas['id'] . $importType . "\n"; } } } return $return; }
/** * Import row from given array datas * * @param array $data The module datas to import * @param array $params The import parameters. * array( * module => false|true : the module to create categories (required) * create => false|true : create missing objects (default : true) * update => false|true : update existing objects (default : true) * files => false|true : use files from PATH_TMP_FS (default : true) * ) * @param CMS_language $cms_language The CMS_langage to use * @param array $idsRelation : Reference : The relations between import datas ids and real imported ids * @param string $infos : Reference : The import infos returned * @return boolean : true on success, false on failure * @access public */ function fromArray($data, $params, $cms_language, &$idsRelation, &$infos) { if (!isset($params['module'])) { $infos .= 'Error : missing module codename for categories importation ...' . "\n"; return false; } $module = CMS_modulesCatalog::getByCodename($params['module']); if ($module->hasError()) { $infos .= 'Error : invalid module for categories importation : ' . $params['module'] . "\n"; return false; } if (!$this->getID() && CMS_moduleCategories_catalog::uuidExists($data['uuid'])) { //check imported uuid. If categories does not have an Id, the uuid must be unique or must be regenerated $uuid = io::uuid(); //store old uuid relation $idsRelation['categories-uuid'][$data['uuid']] = $uuid; $data['uuid'] = $uuid; } //set category uuid if not exists if (!$this->_uuid) { $this->_uuid = $data['uuid']; } if (!isset($params['files']) || $params['files'] == true) { if (isset($data['icon'])) { $icon = $data['icon']; if ($icon && file_exists(PATH_TMP_FS . $icon)) { //destroy old file if any if ($this->getIconPath(false, PATH_RELATIVETO_WEBROOT, true)) { @unlink($this->getIconPath(true, PATH_RELATIVETO_FILESYSTEM, true)); $this->setAttribute('icon', ''); } //move and rename uploaded file $filename = PATH_TMP_FS . $icon; $basename = pathinfo($filename, PATHINFO_BASENAME); if (!$this->getID()) { //need item ID $this->writeToPersistence(); } //create file path $path = $this->getIconPath(true, PATH_RELATIVETO_FILESYSTEM, false) . '/'; $extension = pathinfo($icon, PATHINFO_EXTENSION); $newBasename = "cat-" . $this->getID() . "-icon." . $extension; $newFilename = $path . '/' . $newBasename; if (CMS_file::moveTo($filename, $newFilename)) { CMS_file::chmodFile(FILES_CHMOD, $newFilename); //set it $this->setAttribute('icon', $newBasename); } } elseif (!$icon) { //destroy old file if any if ($this->getIconPath(false, PATH_RELATIVETO_WEBROOT, true)) { @unlink($this->getIconPath(true, PATH_RELATIVETO_FILESYSTEM, true)); $this->setAttribute('icon', ''); } } } } if (isset($data['labels'])) { foreach ($data['labels'] as $language => $label) { $this->setLabel($label, $language); } } if (isset($data['descriptions'])) { foreach ($data['descriptions'] as $language => $desc) { $this->setDescription($desc, $language); } } if (!isset($params['files']) || $params['files'] == true) { if (isset($data['files']) && is_array($data['files'])) { foreach ($data['files'] as $language => $file) { if ($file && file_exists(PATH_TMP_FS . $file)) { //destroy old file if any if ($this->getFilePath($language, false, PATH_RELATIVETO_WEBROOT, true)) { @unlink($this->getFilePath($language, true, PATH_RELATIVETO_FILESYSTEM, true)); $this->setFile('', $language); } //move and rename uploaded file $filename = PATH_TMP_FS . $file; $basename = pathinfo($filename, PATHINFO_BASENAME); if (!$this->getID()) { //need item ID $this->writeToPersistence(); } //create file path $path = $this->getFilePath($language, true, PATH_RELATIVETO_FILESYSTEM, false) . '/'; $extension = pathinfo($file, PATHINFO_EXTENSION); $newBasename = "cat-" . $this->getID() . "-file-" . $language . "." . $extension; $newFilename = $path . '/' . $newBasename; if (CMS_file::moveTo($filename, $newFilename)) { CMS_file::chmodFile(FILES_CHMOD, $newFilename); //set it $this->setFile($newBasename, $language); } } elseif (!$file) { //destroy old file if any if ($this->getFilePath($language, false, PATH_RELATIVETO_WEBROOT, true)) { @unlink($this->getFilePath($language, true, PATH_RELATIVETO_FILESYSTEM, true)); $this->setFile('', $language); } } } } } //write object if (!$this->writeToPersistence()) { $infos .= 'Error : can not write category ...' . "\n"; return false; } //if current category id has changed from imported id, set relation if (isset($data['id']) && $data['id'] && $this->getID() != $data['id']) { $idsRelation['categories'][$data['id']] = $this->getID(); if (isset($data['uuid']) && $data['uuid']) { $idsRelation['categories'][$data['uuid']] = $this->getID(); } } //set category order if (isset($data['order']) && $data['order']) { CMS_moduleCategories_catalog::moveCategoryIndex($this, $data['order']); } //set categories childs if (isset($data['childs']) && $data['childs']) { return CMS_moduleCategories_catalog::fromArray($data['childs'], $params, $cms_language, $idsRelation, $infos); } return true; }
} } else { $cms_message = $cms_language->getMessage(MESSAGE_PAGE_ACTION_ERROR_PROTECTED); $category->raiseError('Error during modification of category ' . $category->getID() . '. Category is protected.'); } break; case 'move': $category = new CMS_moduleCategory($categoryId); if (!$category->isProtected()) { $newParent = new CMS_moduleCategory($newParentId); if (!$newParentId) { $newParent->setAttribute('moduleCodename', $codename); } $index++; //+1 because interface start index to 0 and system start it to 1 if (CMS_moduleCategories_catalog::moveCategory($category, $newParent, $index)) { $content = array('success' => true); } else { $cms_message = $cms_language->getMessage(MESSAGE_ERROR_CATEGORY_MOVE); } } else { $cms_message = $cms_language->getMessage(MESSAGE_PAGE_ACTION_ERROR_PROTECTED); $category->raiseError('Error during modification of category ' . $category->getID() . '. Category is protected.'); } break; default: CMS_grandFather::raiseError('Unknown action to do ...'); $view->show(); break; } //set user message if any
/** * Returns each category ID and label in a module given user can see * * @access public * @param CMS_language $cms_language, the language of the labels * @param boolean $restrictToUsedCat, restrict returned categories to used ones only (default false) * @return array(string) the statements or false if profile hasn't any access to any categories */ function getAllCategoriesAsArray($language = false, $restrictToUsedCat = false) { global $cms_user; $categories = CMS_moduleCategories_catalog::getAllCategoriesAsArray($cms_user, MOD_CMS_FORMS_CODENAME, $language); //pr($categories); if (!$restrictToUsedCat) { return $categories; } else { //Get all used categories IDS for this object field $usedCategories = CMS_forms_formularCategories::getAllUsedCategoriesForField($language); if (sizeof($usedCategories)) { //get all categories lineage $catArbo = CMS_moduleCategories_catalog::getViewvableCategoriesForProfile($cms_user, MOD_CMS_FORMS_CODENAME, true); //pr($catArbo); //need to remove all unused categories from list $categoriesToKeep = array(); foreach ($usedCategories as $catID) { $cats = explode(';', $catArbo[$catID]); foreach ($cats as $aCat) { $categoriesToKeep[$aCat] = $aCat; } } //pr($categoriesToKeep); //then remove unused categories from initial list foreach ($categories as $catID => $catLabel) { if (!isset($categoriesToKeep[$catID])) { unset($categories[$catID]); } } //pr($categories); return $categories; } else { //no categories used return array(); } } }
unset($all_languages[$cms_language->getCode()]); array_unshift($all_languages, $userlanguage); } // Current category object to manipulate if ($catId) { $item = new CMS_moduleCategory($catId); $item->setAttribute('language', $cms_language); $item->setAttribute('moduleCodename', $codename); $parentCategory = $item->getParent(); } else { // Parent category $item = new CMS_moduleCategory(); $item->setAttribute('language', $cms_language); $item->setAttribute('moduleCodename', $codename); if ($fatherId) { $parentCategory = CMS_moduleCategories_catalog::getById($fatherId); $parentCategory->setAttribute('language', $cms_language); } } if (!function_exists("build_category_tree_options")) { /** * Recursive function to build the categories tree. * * @param CMS_moduleCategory $category * @param integer $count, to determine category in-tree depth * @return string HTML formated */ function build_category_tree_options($category, $count) { global $codename, $cms_language, $parentCategory, $cms_module, $cms_user, $catId; //if category is not itself (to avoid infinite loop in lineage)
$i_current_clearance = (int) $stack_clearances->getElementValueFromKey($aRoot->getID()); // Show all sub categories $content .= build_items_tree($aRoot, 0, $i_current_clearance); } $content .= ' </ul> <input type="hidden" id="type-' . $hash . '" value="' . ($isUser ? 'user' : 'group') . '" /> <input type="hidden" id="catIds-' . $hash . '" value="' . implode(',', $items_ids) . '" /> <input type="hidden" id="profile-' . $hash . '" value="' . ($isUser ? $userId : $groupId) . '" /> <input type="hidden" id="module-' . $hash . '" value="' . $moduleCodename . '" /> </div>'; } } else { //get siblings if ($moduleCodename != MOD_STANDARD_CODENAME) { $item = CMS_moduleCategories_catalog::getByID($item); $attrs = array("module" => $moduleCodename, "language" => $cms_language, "level" => $item->getID(), "root" => false, "attrs" => false, "cms_user" => &$cms_user); $siblings = CMS_module::getModuleCategories($attrs); } else { $item = CMS_tree::getPageByID($item); $siblings = CMS_tree::getSiblings($item); } $clearances = array_reverse($modules_clearances, true); // Current item clearance $i_current_clearance = false; foreach ($clearances as $clearance) { if ($i_current_clearance === false) { if ($moduleCodename != MOD_STANDARD_CODENAME) { if ($profile->hasModuleCategoryClearance($item->getID(), $clearance, $moduleCodename)) { $i_current_clearance = $clearance; }