/** * Encrypt view only elements * * @param array &$aHiddenFields Hidden fields * * @return void */ protected function _cryptViewOnlyElements(&$aHiddenFields) { /** @var FabrikFEModelForm $model */ $model = $this->getModel(); $crypt = FabrikWorker::getCrypt(); $fields = array(); $ro = $model->getReadOnlyVals(); foreach ($ro as $key => $pair) { $repeatGroup = $pair['repeatgroup']; $isJoin = $pair['join']; $input = $pair['data']; // $$$ rob not sure this is correct now as I modified the readOnlyVals structure to contain info about if its in a group // and it now contains the repeated group data $input = is_array($input) && array_key_exists('value', $input) ? $input['value'] : $input; if ($repeatGroup) { $ar = array(); $input = (array) $input; foreach ($input as $i) { if (is_array($i)) { // Elements with sub options in repeat group $i = json_encode($i); } $ar[] = $i; } $input = $isJoin ? $ar : json_encode($ar); } else { if (is_array($input)) { // Elements with sub options not in repeat group $input = json_encode($input); } } if (is_array($input)) { for ($x = 0; $x < count($input); $x++) { if (trim($input[$x]) !== '') { $input[$x] = $crypt->encrypt($input[$x]); } } } else { if (trim($input) !== '') { $input = $crypt->encrypt($input); } } $safeKey = FabrikString::rtrimword($key, '[]'); // $$$ rob - no don't do below as it will strip out join names join[x][fullname] => join // $key = preg_replace("/\[(.*)\]/", '', $key); if (!array_key_exists($safeKey, $fields)) { $fields[$safeKey] = $input; } else { $fields[$safeKey] = (array) $fields[$safeKey]; $fields[$safeKey][] = $input; } } foreach ($fields as $key => $input) { if (is_array($input)) { for ($c = 0; $c < count($input); $c++) { $i = $input[$c]; $fields[] = '<input type="hidden" name="fabrik_vars[querystring][' . $key . '][' . $c . ']" value="' . $i . '" />'; } unset($fields[$key]); } else { $fields[$key] = '<input type="hidden" name="fabrik_vars[querystring][' . $key . ']" value="' . $input . '" />'; } } $aHiddenFields = array_merge($aHiddenFields, array_values($fields)); }
/** * If an element is set to readonly, and has a default value selected then insert this * data into the array that is to be bound to the table record * * @param array &$data List data * @param object &$oRecord To bind to table row * @param int $isJoin Is record join record * @param int $rowId Row id * @param JTable $joinGroupTable Join group table * * @since 1.0.6 * * @deprecated since 3.0.7 - we should be using formmodel addEncrytedVarsToArray() only * * @return void */ protected function addDefaultDataFromRO(&$data, &$oRecord, $isJoin, $rowId, $joinGroupTable) { // $$$ rob since 1.0.6 : 10 June 08 // Get the current record - not that which was posted $formModel = $this->getFormModel(); $input = $this->app->input; if (is_null($this->origData)) { /* $$$ hugh FIXME - doesn't work for rowid=-1 / usekey submissions, * ends up querying "WHERE foo.userid = '<rowid>'" instead of <userid> * OK for now, as we should catch RO data from the encrypted vars check * later in this method. */ if (empty($rowId)) { $this->origData = $origData = array(); } else { $sql = $formModel->buildQuery(); $db = $this->getDb(); $db->setQuery($sql); $origData = $db->loadObject(); $origData = ArrayHelper::fromObject($origData); $origData = is_array($origData) ? $origData : array(); $this->origData = $origData; } } else { $origData = $this->origData; } $groups = $formModel->getGroupsHiarachy(); /* $$$ hugh - seems like there's no point in doing this chunk if there is no $origData to work with? Not sure if there's ever a valid reason for doing so, but it certainly breaks things like onCopyRow(), where (for instance) user elements will get reset to 0 by this code. */ $repeatGroupCounts = $input->get('fabrik_repeat_group', array(), 'array'); if (!empty($origData)) { $gCounter = 0; foreach ($groups as $groupModel) { if ($isJoin && $groupModel->isJoin() || !$isJoin && !$groupModel->isJoin()) { $elementModels = $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { // $$$ rob 25/02/2011 unviewable elements are now also being encrypted // if (!$elementModel->canUse() && $elementModel->canView()) { if (!$elementModel->canUse()) { $element = $elementModel->getElement(); $fullkey = $elementModel->getFullName(true, false); // $$$ rob 24/01/2012 if a previous joined data set had a ro element then if we werent checkign that group is the // same as the join group then the insert failed as data from other joins added into the current join if ($isJoin && $groupModel->getId() != $joinGroupTable->id) { continue; } $key = $element->name; // $$$ hugh - allow submission plugins to override RO data // TODO - test this for joined data if ($formModel->updatedByPlugin($fullkey)) { continue; } // Force a reload of the default value with $origData unset($elementModel->defaults); $default = array(); $repeatGroupCount = FArrayHelper::getValue($repeatGroupCounts, $groupModel->getGroup()->id); for ($repeatCount = 0; $repeatCount < $repeatGroupCount; $repeatCount++) { $def = $elementModel->getValue($origData, $repeatCount); if (is_array($def)) { // Radio buttons getValue() returns an array already so don't array the array. $default = $def; } else { $default[] = $def; } } $default = count($default) == 1 ? $default[0] : json_encode($default); $data[$key] = $default; $oRecord->{$key} = $default; } } } $gCounter++; } } $copy = $input->getBool('Copy'); // Check crypted querystring vars (encrypted in form/view.html.php ) _cryptQueryString if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) { $crypt = FabrikWorker::getCrypt(); foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) { // $$$ hugh - allow submission plugins to override RO data // TODO - test this for joined data if ($formModel->updatedByPlugin($key)) { continue; } $key = FabrikString::shortColName($key); /* $$$ hugh - trying to fix issue where encrypted elements from a main group end up being added to * a joined group's field list for the update/insert on the joined row(s). */ /* * $$$ rob - commenting it out as this was stopping data that was not viewable or editable from being included * in $data. New test added inside foreach loop below **/ /* if (!array_key_exists($key, $data)) { continue; } */ foreach ($groups as $groupModel) { // New test to replace if (!array_key_exists($key, $data)) // $$$ hugh - this stops elements from joined groups being added to main row, but see 'else' if ($isJoin) { if ($groupModel->getGroup()->id != $joinGroupTable->id) { continue; } } else { // $$$ hugh - need test here if not $isJoin, to stop keys from joined groups being added to main row! if ($groupModel->isJoin()) { continue; } } $elementModels = $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { $element = $elementModel->getElement(); /* * $$$ hugh - I have a feeling this test is a Bad Thing <tm> as it is using short keys, * so if two joined groups share the same element name(s) ... */ if ($element->name == $key) { // Don't overwrite if something has been entered // $$$ rob 25/02/2011 unviewable elements are now also being encrypted // if (!$elementModel->canUse() && $elementModel->canView()) { if (!$elementModel->canUse()) { // Repeat groups $default = array(); $repeatGroupCount = FArrayHelper::getValue($repeatGroupCounts, $groupModel->getGroup()->id); for ($repeatCount = 0; $repeatCount < $repeatGroupCount; $repeatCount++) { $enc = FArrayHelper::getValue($encrypted, $repeatCount); if (is_array($enc)) { $v = array(); foreach ($enc as $e) { $e = urldecode($e); $v[] = empty($e) ? '' : $crypt->decrypt($e); } $v = json_encode($v); } else { $enc = urldecode($enc); $v = !empty($enc) ? $crypt->decrypt($enc) : ''; } } /* $$$ hugh - also gets called in storeRow(), not sure if we really need to * call it here? And if we do, then we should probably be calling onStoreRow * as well, if $data['fabrik_copy_from_table'] is set? Can't remember why, * but we differentiate between the two, with onCopyRow being when a row is copied * using the list plugin, and onSaveAsCopy when the form plugin is used. */ if ($copy) { $v = $elementModel->onSaveAsCopy($v); } $data[$key] = $v; $oRecord->{$key} = $v; } break 2; } } } } } }
/** * Add in any encrypted stuff, in case we fail validation ... * otherwise it won't be in $data when we rebuild the page. * Need to do it here, so _raw fields get added in the next chunk 'o' code. * * @param array &$post posted form data passed by reference * * @return null */ public function addEncrytedVarsToArray(&$post) { if (array_key_exists('fabrik_vars', $_REQUEST) && array_key_exists('querystring', $_REQUEST['fabrik_vars'])) { $groups = $this->getGroupsHiarachy(); $crypt = FabrikWorker::getCrypt(); $w = new FabrikWorker(); foreach ($groups as $g => $groupModel) { $elementModels = $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { $elementModel->getElement(); foreach ($_REQUEST['fabrik_vars']['querystring'] as $key => $encrypted) { if ($elementModel->getFullName(true, false) == $key) { /* $$$ rob - don't test for !canUse() as confirmation plugin dynamically sets this * if ($elementModel->canView()) * $$$ hugh - testing adding non-viewable, non-editable elements to encrypted vars */ if (is_array($encrypted)) { // Repeat groups $v = array(); foreach ($encrypted as $e) { // $$$ rob urldecode when posting from ajax form $e = urldecode($e); $e = empty($e) ? '' : $crypt->decrypt($e); $e = FabrikWorker::JSONtoData($e); $v[] = $w->parseMessageForPlaceHolder($e, $post); } } else { // $$$ rob urldecode when posting from ajax form $encrypted = urldecode($encrypted); $v = empty($encrypted) ? '' : $crypt->decrypt($encrypted); /* * $$$ hugh - things like element list elements (radios, etc) seem to use * their JSON data for encrypted read only values, need to decode. */ if (is_subclass_of($elementModel, 'PlgFabrik_ElementList')) { $v = FabrikWorker::JSONtoData($v, true); } $v = $w->parseMessageForPlaceHolder($v, $post); } $elementModel->setGroupModel($groupModel); $elementModel->setValuesFromEncryt($post, $key, $v); /* $$ rob set both normal and rawvalues to encrypted - otherwise validate method doesn't * pick up decrypted value */ $elementModel->setValuesFromEncryt($post, $key . '_raw', $v); } } } } } }
/** * Save the connection- test first if its valid * if it is remove the session instance of the connection then call parent save * * @param array $data connection data * * @return boolean True on success, False on error. */ public function save($data) { $model = JModelLegacy::getInstance('Connection', 'FabrikFEModel'); $model->setId($data['id']); $crypt = FabrikWorker::getCrypt(); $params = new stdClass(); $params->encryptedPw = true; $data['params'] = json_encode($params); $data['password'] = $crypt->encrypt($data['password']); // $$$ hugh TESTING REMOVE!!!! // $$$ Felikat - Not sure what you were testing but it broke stuff! // unset($data['password']); $options = $model->getConnectionOptions(JArrayHelper::toObject($data)); $db = $model->getDriverInstance($options); $key = 'fabrik.connection.' . $data['id']; /** * erm yeah will remove the session connection for the admin user, but not any other user whose already using the site * would need to clear out the session table i think - but that would then log out all users. */ $this->session->clear($key); return parent::save($data); }
/** * Decrypt once a connection password - if its params->encryptedPw option is true * * @param JTable &$cnn Connection * * @since 3.1rc1 * * @return void */ protected function decryptPw(&$cnn) { if (isset($cnn->decrypted) && $cnn->decrypted) { return; } $crypt = FabrikWorker::getCrypt(); $params = json_decode($cnn->params); if (is_object($params) && $params->encryptedPw == true) { $cnn->password = $crypt->decrypt($cnn->password); $cnn->decrypted = true; } }