/** * Can the row be edited * * @param object $params plugin params * @param object $listModel list model * @param object $row current row to test * * @return boolean */ public function onCanEdit($params, $listModel, $row) { // If $row is null, we were called from the table's canEdit() in a per-table rather than per-row context, // and we don't have an opinion on per-table edit permissions, so just return true. if (is_null($row) || is_null($row[0])) { return true; } if (is_array($row[0])) { $data = JArrayHelper::toObject($row[0]); } else { $data = $row[0]; } $field = str_replace('.', '___', $params->get('caneditrow_field')); // If they provided some PHP to eval, we ignore the other settings and just run their code $caneditrow_eval = $params->get('caneditrow_eval', ''); // $$$ rob if no can edit field selected in admin return true if (trim($field) == '' && trim($caneditrow_eval) == '') { return true; } if (!empty($caneditrow_eval)) { $w = new FabrikWorker(); $data = JArrayHelper::fromObject($data); $caneditrow_eval = $w->parseMessageForPlaceHolder($caneditrow_eval, $data); $caneditrow_eval = @eval($caneditrow_eval); FabrikWorker::logEval($caneditrow_eval, 'Caught exception on eval in can edit row : %s'); return $caneditrow_eval; } else { // No PHP given, so just do a simple match on the specified element and value settings. if ($params->get('caneditrow_useraw', '0') == '1') { $field .= '_raw'; } $value = $params->get('caneditrow_value'); return $data->{$field} == $value; } }
/** * looks at the validation condition & evaulates it * if evaulation is true then the validation rule is applied *@return bol apply validation */ function shouldValidate($data, $c) { $params =& $this->getParams(); $post = JRequest::get('post'); $v = $params->get($this->_pluginName . '-validation_condition', '', '_default', 'array', $c); if (!array_key_exists($c, $v)) { return true; } $condition = $v[$c]; if ($condition == '') { return true; } $w = new FabrikWorker(); // $$$ rob merge join data into main array so we can access them in parseMessageForPlaceHolder() $joindata = JArrayHelper::getValue($post, 'join', array()); foreach ($joindata as $joinid => $joind) { foreach ($joind as $k => $v) { if ($k !== 'rowid') { $post[$k] = $v; } } } $condition = trim($w->parseMessageForPlaceHolder($condition, $post)); $res = @eval($condition); FabrikWorker::logEval($res, 'Caught exception on eval in validation::shouldValidate() ' . $this->_pluginName . ': %s'); if (is_null($res)) { return true; } return $res; }
/** * Can the row be edited * * @param object $row Current row to test * * @return boolean */ public function onCanEdit($row) { $params = $this->getParams(); // If $row is null, we were called from the list's canEdit() in a per-table rather than per-row context, // and we don't have an opinion on per-table edit permissions, so just return true. if (is_null($row) || is_null($row[0])) { return true; } if (is_array($row[0])) { $data = ArrayHelper::toObject($row[0]); } else { $data = $row[0]; } /** * If __pk_val is not set or empty, then we've probably been called from somewhere in form processing, * and this is a new row. In which case this plugin cannot offer any opinion! */ if (!isset($data->__pk_val) || empty($data->__pk_val)) { return true; } $field = str_replace('.', '___', $params->get('caneditrow_field')); // If they provided some PHP to eval, we ignore the other settings and just run their code $caneditrow_eval = $params->get('caneditrow_eval', ''); // $$$ rob if no can edit field selected in admin return true if (trim($field) == '' && trim($caneditrow_eval) == '') { $this->acl[$data->__pk_val] = true; return true; } if (!empty($caneditrow_eval)) { $w = new FabrikWorker(); $data = ArrayHelper::fromObject($data); $caneditrow_eval = $w->parseMessageForPlaceHolder($caneditrow_eval, $data); FabrikWorker::clearEval(); $caneditrow_eval = @eval($caneditrow_eval); FabrikWorker::logEval($caneditrow_eval, 'Caught exception on eval in can edit row : %s'); $this->acl[$data['__pk_val']] = $caneditrow_eval; return $caneditrow_eval; } else { // No PHP given, so just do a simple match on the specified element and value settings. if ($params->get('caneditrow_useraw', '0') == '1') { $field .= '_raw'; } $value = $params->get('caneditrow_value'); $operator = $params->get('operator', '='); if (is_object($data->{$field})) { $data->{$field} = ArrayHelper::fromObject($data->{$field}); } switch ($operator) { case '=': default: $return = is_array($data->{$field}) ? in_array($value, $data->{$field}) : $data->{$field} == $value; break; case "!=": $return = is_array($data->{$field}) ? !in_array($value, $data->{$field}) : $data->{$field} != $value; break; } $this->acl[$data->__pk_val] = $return; return $return; } }
/** * shows the data formatted for the table view * @param string data * @param object all the data in the tables current row * @return string formatted value */ function renderTableData($data, $oAllRowsData) { $params =& $this->getParams(); $format = $params->get('text_format_string'); if ($format != '') { $data = @eval(sprintf($format, $data)); FabrikWorker::logEval($data, 'Caught exception on eval in ' . $this->getElement()->name . '::renderTableData() : %s'); } return parent::renderTableData($data, $oAllRowsData); }
public function onImportCSVRow(&$params, &$listModel) { $file = JFilterInput::clean($params->get('listcsv_import_php_file'), 'CMD'); if ($file == -1 || $file == '') { $code = @eval($params->get('listcsv_import_php_code')); FabrikWorker::logEval($code, 'Caught exception on eval in onImportCSVRow : %s'); } else { @(require JPATH_ROOT . '/plugins/fabrik_list/listcsv/scripts/' . $file); } return true; }
public function onImportCSVRow(&$params, &$tableModel) { $file = JFilterInput::clean($params->get('tablecsv_import_php_file'), 'CMD'); if ($file == -1 || $file == '') { $code = @eval($params->get('tablecsv_import_php_code')); FabrikWorker::logEval($code, 'Caught exception on eval in onImportCSVRow : %s'); } else { @(require COM_FABRIK_FRONTEND . DS . 'plugins' . DS . 'table' . DS . 'tablecsv' . DS . 'scripts' . DS . $file); } return true; }
/** * do the plug-in action * @param object parameters * @param object table model * @param array custom options */ function process(&$params, &$model, $opts = array()) { $file = JFilterInput::clean($params->get('table_php_file'), 'CMD'); if ($file == -1 || $file == '') { $code = $params->get('table_php_code'); $code = @eval($code); FabrikWorker::logEval($code, 'Caught exception on eval in tablephp::process() : %s'); } else { require_once COM_FABRIK_FRONTEND . DS . 'plugins' . DS . 'table' . DS . 'tablephp' . DS . 'scripts' . DS . $file; } return true; }
/** * checks if the validation should replace the submitted element data * if so then the replaced data is returned otherwise original data returned * @param string original data * @param model $element * @param int $c validation plugin counter * @param int repeat group count * @return string original or replaced data */ function replace($data, &$element, $c, $repeat_count = 0) { $params =& $this->getParams(); $domatch = $params->get('php-match', '_default', 'array', $c); $domatch = $domatch[$c]; if (!$domatch) { $php_code = $params->get('php-code', '_default', 'array', $c); $php_code = @eval($php_code[$c]); FabrikWorker::logEval($php_code, 'Caught exception on eval in php validation::replace() : %s'); return $php_code; } return $data; }
/** * this really does get just the default value (as defined in the element's settings) * @return unknown_type */ function getDefaultValue($data = array()) { if (!isset($this->_default)) { $w = new FabrikWorker(); $element =& $this->getElement(); if ($element->eval) { //strip html tags $element->label = preg_replace('/<[^>]+>/i', '', $element->label); //change htmlencoded chars back $element->label = htmlspecialchars_decode($element->label); $this->_default = @eval($this->_default); FabrikWorker::logEval($this->_default, 'Caught exception on eval in ' . $element->name . '::getDefaultValue() : %s'); } else { $this->_default = $element->label; } $this->_default = $w->parseMessageForPlaceHolder($this->_default, $data); } return $this->_default; }
/** * this really does get just the default value (as defined in the element's settings) * @return unknown_type */ function getDefaultValue($data = array()) { if (!isset($this->_default)) { $params =& $this->getParams(); $element = $this->getElement(); $w = new FabrikWorker(); $this->_default = $params->get('imagefile'); // $$$ hugh - this gets us the default image, with the root folder prepended. // But ... if the root folder option is set, we need to strip it. $rootFolder = $params->get('selectImage_root_folder', '/'); $rootFolder = ltrim($rootFolder, '/'); $this->_default = preg_replace("#^{$rootFolder}#", '', $this->_default); $this->_default = $w->parseMessageForPlaceHolder($this->_default, $data); if ($element->eval == "1") { $this->_default = @eval(stripslashes($this->_default)); FabrikWorker::logEval($this->_default, 'Caught exception on eval in ' . $element->name . '::getDefaultValue() : %s'); } } return $this->_default; }
/** * Run right at the end of the form processing * form needs to be set to record in database for this to hook to be called * * @throws Exception * * @return bool */ public function onAfterProcess() { $params = $this->getParams(); $api_AUP = JPATH_SITE . '/components/com_alphauserpoints/helper.php'; if (JFile::exists($api_AUP)) { $w = new FabrikWorker(); $this->data = $this->getProcessData(); require_once $api_AUP; $aup = new AlphaUserPointsHelper(); // Define which user will receive the points. $userId = $params->get('user_id', ''); $userId = (int) $w->parseMessageForPlaceholder($userId, $this->data, false); $aupId = $aup->getAnyUserReferreID($userId); // Replace these if you want to show a specific reference for the attributed points - doesn't seem to effect anything $keyReference = ''; // Shown in the user details page - description of what the point is for $dataReference = $params->get('data_reference', ''); $dataReference = $w->parseMessageForPlaceholder($dataReference, $this->data, false); // Override the plugin default points $randomPoints = $params->get('random_points', 0); if ($params->get('random_points_eval', '0') == '1') { if (!empty($randomPoints)) { $randomPoints = $w->parseMessageForPlaceholder($randomPoints, $this->data, false); $randomPoints = @eval($randomPoints); FabrikWorker::logEval($randomPoints, 'Caught exception on eval in aup plugin : %s'); } $randomPoints = (double) $randomPoints; } else { $randomPoints = (double) $w->parseMessageForPlaceholder($randomPoints, $this->data, false); } // If set to be greater than $randompoints then this is the # of points assigned (not sure when this would be used - commenting out for now) $referralUserPoints = 0; $aupPlugin = $params->get('aup_plugin', 'plgaup_fabrik'); $aupPlugin = $w->parseMessageForPlaceholder($aupPlugin, $this->data, false); if (!$aup->checkRuleEnabled($aupPlugin, 0, $aupId)) { throw new Exception('Alpha User Points plugin not published'); } $aup->userpoints($aupPlugin, $aupId, $referralUserPoints, $keyReference, $dataReference, $randomPoints); } }
/** * this really does get just the default value (as defined in the element's settings) * @param array data to use as parsemessage for placeholder * @return unknown}_type */ function getDefaultValue($data = array()) { if (!isset($this->_default)) { $w = new FabrikWorker(); $params =& $this->getParams(); $element =& $this->getElement(); $default = $w->parseMessageForPlaceHolder($element->default, $data); if ($element->eval == "1") { $default = @eval(stripslashes($default)); FabrikWorker::logEval($default, 'Caught exception on eval in ' . $element->name . '::getDefaultValue() : %s'); } $this->_default = $default; } return $this->_default; }
/** * Called before import is started * * @return boolean */ public function onStartImportCSV() { $params = $this->getParams(); $filter = JFilterInput::getInstance(); $file = $params->get('listcsv_import_start_php_file'); $file = $filter->clean($file, 'CMD'); if ($file != -1 && $file != '') { require JPATH_ROOT . '/plugins/fabrik_list/listcsv/scripts/' . $file; } $code = trim($params->get('listcsv_import_start_php_code', '')); if (!empty($code)) { $ret = @eval($code); FabrikWorker::logEval($ret, 'Caught exception on eval in onStartImportCSV : %s'); if ($ret === false) { return false; } } return true; }
/** * creates filter array (return existing if exists) *@return array filters */ function &getFilterArray() { if (isset($this->filters)) { return $this->filters; } $filterModel =& $this->getFilterModel(); $db = FabrikWorker::getDbo(); $this->filters = array(); $user = JFactory::getUser(); $request = $this->getRequestData(); $this->storeRequestData($request); FabrikHelperHTML::debug($request, 'filter:request'); $params =& $this->getParams(); $elements =& $this->getElements('id'); // $$$ rob prefilters loaded before anything to avoid issues where you filter on something and // you have 2 prefilters with joined by an OR - this was incorrectly giving SQL of // WHERE normal filter = x OR ( prefilter1 = y OR prefilter2 = x) // this change changes the SQL to // WHERE ( prefilter1 = y OR prefilter2 = x) AND normal filter = x $this->getPrefilterArray($this->filters); // these are filters created from a search form or normal search $keys = array_keys($request); $indexStep = count(JArrayHelper::getValue($this->filters, 'key', array())); FabrikHelperHTML::debug($keys, 'filter:request keys'); foreach ($keys as $key) { if (is_array($request[$key])) { foreach ($request[$key] as $kk => $v) { if (!array_key_exists($key, $this->filters) || !is_array($this->filters[$key])) { $this->filters[$key] = array(); } $this->filters[$key][$kk + $indexStep] = $v; } } } FabrikHelperHTML::debug($this->filters, 'tablemodel::getFilterArray middle'); $readOnlyValues = array(); $w = new FabrikWorker(); $noFiltersSetup = JArrayHelper::getValue($this->filters, 'no-filter-setup', array()); if (count($this->filters) == 0) { $this->getPluginManager()->runPlugins('onFiltersGot', $this, 'list'); return $this->filters; } //get a list of plugins $pluginKeys = $filterModel->getPluginFilterKeys(); $elementids = JArrayHelper::getValue($this->filters, 'elementid', array()); $sqlCond = JArrayHelper::getValue($this->filters, 'sqlCond', array()); $raws = JArrayHelper::getValue($this->filters, 'raw', array()); //for ($i=0; $i < count($this->filters['key']); $i++) { foreach ($this->filters['key'] as $i => $keyval) { $value = $this->filters['value'][$i]; $condition = strtolower($this->filters['condition'][$i]); $key = $this->filters['key'][$i]; $filterEval = $this->filters['eval'][$i]; $elid = JArrayHelper::getValue($elementids, $i); $key2 = array_key_exists('key2', $this->filters) ? JArrayHelper::getValue($this->filters['key2'], $i, '') : ''; // $$$ rob see if the key is a raw filter // 20/12/2010 - think $key is never with _raw now as it is unset in tablefilter::getQuerystringFilters() although may be set elsewhere // - if it is make a note and remove the _raw from the name $raw = JArrayHelper::getValue($raws, $i, false); if (substr($key, -5, 5) == '_raw`') { $key = substr($key, 0, strlen($key) - 5) . '`'; $raw = true; } if ($elid == -1) { //bool match $this->filters['origvalue'][$i] = $value; $this->filters['sqlCond'][$i] = $key . ' ' . $condition . ' (' . $db->Quote($value) . ' IN BOOLEAN MODE)'; continue; } //table plug-in filter found - it should have set its own sql in onGetPostFilter(); if (in_array($elid, $pluginKeys)) { $this->filters['origvalue'][$i] = $value; $this->filters['sqlCond'][$i] = $this->filters['sqlCond'][$i]; continue; } $elementModel = JArrayHelper::getValue($elements, $elid); // $$$ rob key2 if set is in format `countries_0`.`label` rather than `countries`.`label` // used for search all filter on 2nd db join element pointing to the same table if (strval($key2) !== '') { $key = $key2; } $eval = $this->filters['eval'][$i]; $fullWordsOnly = $this->filters['full_words_only'][$i]; $exactMatch = $this->filters['match'][$i]; if (!is_a($elementModel, 'plgFabrik_Element')) { continue; } $elementModel->_rawFilter = $raw; // $$ hugh - testing allowing {QS} replacements in pre-filter values $w->replaceRequest($value); $value = $this->_prefilterParse($value); $value = $w->parseMessageForPlaceHolder($value); if ($filterEval == '1') { // $$$ rob hehe if you set $i in the eval'd code all sorts of chaos ensues $origi = $i; $value = stripslashes(htmlspecialchars_decode($value, ENT_QUOTES)); $value = @eval($value); FabrikWorker::logEval($value, 'Caught exception on eval of tableModel::getFilterArray() ' . $key . ': %s'); $i = $origi; } if ($condition == 'regexp') { $condition = 'REGEXP'; // $$$ 30/06/2011 rob dont escape the search as it may contain \\\ from preg_escape (e.g. search all on 'c+b) $value = $db->quote($value, false); } else { if ($condition == 'like') { $condition = 'LIKE'; $value = $db->Quote($value); } else { if ($condition == 'laterthisyear' || $condition == 'earlierthisyear') { $value = $db->Quote($value); } } } if ($fullWordsOnly == '1') { $condition = 'REGEXP'; } $originalValue = $this->filters['value'][$i]; list($value, $condition) = $elementModel->getFilterValue($value, $condition, $eval); if ($fullWordsOnly == '1') { if (is_array($value)) { foreach ($value as &$v) { $v = "\"[[:<:]]" . $v . "[[:>:]]\""; } } else { $value = "\"[[:<:]]" . $value . "[[:>:]]\""; } } if (!array_key_exists($i, $sqlCond) || $sqlCond[$i] == '') { $query = $elementModel->getFilterQuery($key, $condition, $value, $originalValue, $this->filters['search_type'][$i]); $this->filters['sqlCond'][$i] = $query; } $this->filters['condition'][$i] = $condition; $this->filters['origvalue'][$i] = $originalValue; //used when getting the selected dropdown filter value $this->filters['value'][$i] = $value; if (!array_key_exists($i, $noFiltersSetup)) { $this->filters['no-filter-setup'][$i] = 0; } if ($this->filters['no-filter-setup'][$i] == 1) { $tmpName = $elementModel->getFullName(false, true, false); $tmpData = array($tmpName => $originalValue, $tmpName . "_raw" => $originalValue); //set defaults to null to ensure we get correct value for 2nd dropdown search value (mutli dropdown from search form) $elementModel->defaults = null; if (array_key_exists($key, $readOnlyValues)) { $readOnlyValues[$key][] = $elementModel->_getROElement($tmpData); } else { $readOnlyValues[$key] = array($elementModel->_getROElement($tmpData)); } //set it back to null again so that in form view we dont return this value. $elementModel->defaults = null; // filter value assinged in readOnlyValues foreach loop towards end of this function $this->filters['filter'][$i] = ''; } else { //$$$rob not sure $value is the right var to put in here - or if its acutally used // but without this line you get warnings about missing variable in the filter array $this->filters['filter'][$i] = $value; } } FabrikHelperHTML::debug($this->filters, 'end filters'); foreach ($readOnlyValues as $key => $val) { foreach ($this->filters['key'] as $i => $fkey) { if ($fkey === $key) { $this->filters['filter'][$i] = implode("<br>", $val); } } } $this->getPluginManager()->runPlugins('onFiltersGot', $this, 'list'); FabrikHelperHTML::debug($this->filters, 'after plugins:onFiltersGot'); return $this->filters; }
/** * process the plugin, called at end of form submission * * @param object $params * @param object form model */ function onAfterProcess(&$params, &$formModel) { $app =& JFactory::getApplication(); $data =& $formModel->_fullFormData; $this->data = $data; if (!$this->shouldProcess('paypal_conditon')) { return true; } $this->formModel = $formModel; $emailData =& $this->getEmailData(); $w = new FabrikWorker(); $user =& JFactory::getUser(); $userid = $user->get('id'); $ipn = $this->getIPNHandler($params); if ($ipn !== false) { if (method_exists($ipn, 'createInvoice')) { $ipn->createInvoice(); } } $paypal_testmode = $params->get('paypal_testmode', false); $url = $paypal_testmode == 1 ? 'https://www.sandbox.paypal.com/us/cgi-bin/webscr?' : 'https://www.paypal.com/cgi-bin/webscr?'; $opts = array(); $opts['cmd'] = $params->get('paypal_cmd', "_xclick"); $opts['business'] = $this->getAccountEmail($params); $amount = $params->get('paypal_cost'); $amount = $w->parseMessageForPlaceHolder($amount, $data); //@TODO Hugh/Rob check $$$tom: Adding eval option on cost field // Useful if you use a cart system which will calculate on total shipping or tax fee and apply it. You can return it in the Cost field. if ($params->get('paypal_cost_eval', 0) == 1) { $amount = @eval($amount); FabrikWorker::logEval($amount, 'Caught exception on eval in paypal cost_eval : %s'); } if (trim($amount) == '') { $amount = JArrayHelper::getValue($emailData, FabrikString::safeColNameToArrayKey($params->get('paypal_cost_element'))); if (is_array($amount)) { $amount = array_shift($amount); } } $opts['amount'] = "{$amount}"; //$$$tom added Shipping Cost params $shipping_amount = $params->get('paypal_shipping_cost'); if ($params->get('paypal_shipping_cost_eval', 0) == 1) { $shipping_amount = @eval($shipping_amount); } if (trim($shipping_amount) == '') { $shipping_amount = JArrayHelper::getValue($emailData, FabrikString::safeColNameToArrayKey($params->get('paypal_shipping_cost_element'))); if (is_array($shipping_amount)) { $shipping_amount = array_shift($shipping_amount); } } $opts['shipping'] = "{$shipping_amount}"; $item = $params->get('paypal_item'); if ($params->get('paypal_item_eval', 0) == 1) { $item = @eval($item); FabrikWorker::logEval($item, 'Caught exception on eval in paypal item_eval : %s'); $item_raw = $item; } if (trim($item) == '') { $item_raw = JArrayHelper::getValue($emailData, FabrikString::safeColNameToArrayKey($params->get('paypal_item_element') . '_raw')); $item = $emailData[FabrikString::safeColNameToArrayKey($params->get('paypal_item_element'))]; if (is_array($item)) { $item = array_shift($item); } } $opts['item_name'] = "{$item}"; //$$$ rob add in subscription variables if ($opts['cmd'] === '_xclick-subscriptions') { $subTable = JModel::getInstance('Table', 'FabrikModel'); $subTable->setId((int) $params->get('paypal_subs_table')); $idEl = FabrikString::safeColName($params->get('paypal_subs_id', '')); $durationEl = FabrikString::safeColName($params->get('paypal_subs_duration', '')); $durationPerEl = FabrikString::safeColName($params->get('paypal_subs_duration_period', '')); $name = $params->get('paypal_subs_name', ''); $subDb =& $subTable->getDb(); $subDb->setQuery("SELECT *, {$durationEl} AS p3, {$durationPerEl} AS t3, " . $subDb->Quote($item_raw) . " AS item_number FROM " . $subTable->getTable()->db_table_name . " WHERE {$idEl} = " . $subDb->Quote($item_raw)); $sub = $subDb->loadObject(); if (is_object($sub)) { $opts['p3'] = $sub->p3; $opts['t3'] = $sub->t3; $opts['a3'] = $amount; //$opts['src'] = 1; $opts['no_note'] = 1; $opts['custom'] = ''; $tmp = array_merge(JRequest::get('data'), JArrayHelper::fromObject($sub)); $opts['item_name'] = $w->parseMessageForPlaceHolder($name, $tmp); //'http://fabrikar.com/ '.$sub->item_name.' - User: subtest26012010 (subtest26012010)'; $opts['invoice'] = $w->parseMessageForPlaceHolder($params->get('paypal_subs_invoice'), $tmp, false); if ($opts['invoice'] == '') { $opts['invoice'] = uniqid('', true); } $opts['src'] = $w->parseMessageForPlaceHolder($params->get('paypal_subs_recurring'), $tmp); $amount = $opts['amount']; unset($opts['amount']); } else { JError::raiseError(500, 'Could not determine subscription period, please check your settings'); } } // $$$ rob 03/02/2011 // check if we have a gateway subscription switch set up. This is for sites where // you can toggle between a subscription or a single payment. E.g. fabrikar com // if 'paypal_subscription_switch' is blank then use the $opts['cmd'] setting // if not empty it should be some eval'd PHP which needs to return true for the payment // to be treated as a subscription // We want to do this so that single payments can make use of Paypals option to pay via credit card // without a paypal account (subscriptions require a Paypal account) // We do this after the subscription code has been run as this code is still needed to look up the correct item_name $subSwitch = $params->get('paypal_subscription_switch'); if (trim($subSwitch) !== '') { $subSwitch = $w->parseMessageForPlaceHolder($subSwitch); $isSub = @eval($subSwitch); FabrikWorker::logEval($isSub, 'Caught exception on eval in paypal subscription_switch : %s'); if (!$isSub) { //reset the amount which was unset during subscription code $opts['amount'] = $amount; $opts['cmd'] = '_xclick'; //unset any subscription options we may have set unset($opts['p3']); unset($opts['t3']); unset($opts['a3']); unset($opts['no_note']); //$opts['src'] = 0; } } //@TODO Hugh/Rob check $$$tom: Adding shipping options // Currently the admin select a user element on the form to compare it to the user id on the custom user table // Should we just make it to get the current user ID and use that? // $shipping_userid = $data[FabrikString::safeColNameToArrayKey($params->get('paypal_shipping_userelement') )]; // if (is_array($shipping_userid)) { // $shipping_userid = array_shift($shipping_userid); //} $shipping_userid = $userid; if ($shipping_userid > 0) { $shipping_select = array(); $db = JFactory::getDBO(); //$$$tom Surely there's a better Fabrik way of getting the table name... $db->setQuery("SELECT db_table_name\n\t\t\t\t\t\t FROM #__fabrik_tables\n\t\t\t\t\t\t WHERE id = " . $params->get('paypal_shippingdata_table') . "\n\t\t\t\t\t\t LIMIT 1"); $shipping_table = $db->loadResult(); if ($params->get('paypal_shippingdata_firstname')) { $shipping_first_name = FabrikString::shortColName($params->get('paypal_shippingdata_firstname')); $shipping_select['first_name'] = $shipping_first_name; } if ($params->get('paypal_shippingdata_lastname')) { $shipping_last_name = FabrikString::shortColName($params->get('paypal_shippingdata_lastname')); $shipping_select['last_name'] = $shipping_last_name; } if ($params->get('paypal_shippingdata_address1')) { $shipping_address1 = FabrikString::shortColName($params->get('paypal_shippingdata_address1')); $shipping_select['address1'] = $shipping_address1; } if ($params->get('paypal_shippingdata_address2')) { $shipping_address2 = FabrikString::shortColName($params->get('paypal_shippingdata_address2')); $shipping_select['address2'] = $shipping_address2; } if ($params->get('paypal_shippingdata_zip')) { $shipping_zip = FabrikString::shortColName($params->get('paypal_shippingdata_zip')); $shipping_select['zip'] = $shipping_zip; } if ($params->get('paypal_shippingdata_state')) { $shipping_state = FabrikString::shortColName($params->get('paypal_shippingdata_state')); $shipping_select['state'] = $shipping_state; } if ($params->get('paypal_shippingdata_city')) { $shipping_city = FabrikString::shortColName($params->get('paypal_shippingdata_city')); $shipping_select['city'] = $shipping_city; } if ($params->get('paypal_shippingdata_country')) { $shipping_country = FabrikString::shortColName($params->get('paypal_shippingdata_country')); $shipping_select['country'] = $shipping_country; } $db->setQuery("SELECT " . implode(',', $shipping_select) . "\n\t\t\t\t\t\t\tFROM {$shipping_table}\n\t\t\t\t\t\t\tWHERE " . FabrikString::shortColName($params->get('paypal_shippingdata_id')) . " = " . $db->Quote($shipping_userid) . "\n\t\t\t\t\t\t\tLIMIT 1"); $user_shippingdata = $db->loadObject(); foreach ($shipping_select as $opt => $val) { //$$$tom Since we test on the current userid, it always adds the &name=&street=.... //even if those vars are empty... if ($val) { $opts[$opt] = $user_shippingdata->{$val}; } } } if ($params->get('paypal_shipping_address_override', 0)) { $opts['address_override'] = 1; } $paypal_currency_code = $params->get('paypal_currencycode', 'USD'); $paypal_currency_code = $w->parseMessageForPlaceHolder($paypal_currency_code, $data); $opts['currency_code'] = $paypal_currency_code; $paypal_test_site = $params->get('paypal_test_site', ''); if ($paypal_testmode == 1 && !empty($paypal_test_site)) { $ppurl = $paypal_test_site . '/index.php?option=com_fabrik&c=plugin&controller=plugin&task=pluginAjax&formid=' . $formModel->_id . '&g=form&plugin=fabrikpaypal&method=ipn'; } else { $ppurl = COM_FABRIK_LIVESITE . 'index.php?option=com_fabrik&c=plugin&controller=plugin&task=pluginAjax&formid=' . $formModel->_id . '&g=form&plugin=fabrikpaypal&method=ipn'; } $paypal_test_site_qs = $params->get('paypal_test_site_qs', ''); if ($paypal_testmode == 1 && !empty($paypal_test_site_qs)) { $ppurl .= $paypal_test_site_qs; } $ppurl .= '&renderOrder=' . $this->renderOrder; $ppurl = urlencode($ppurl); $opts['notify_url'] = "{$ppurl}"; $paypal_return_url = $params->get('paypal_return_url', ''); $paypal_return_url = $w->parseMessageForPlaceHolder($paypal_return_url, $data); if ($paypal_testmode == 1 && !empty($paypal_return_url)) { if (preg_match('#^http:\\/\\/#', $paypal_return_url)) { $opts['return'] = $paypal_return_url; } else { if (!empty($paypal_test_site)) { $opts['return'] = $paypal_test_site . '/' . $paypal_return_url; } else { $opts['return'] = COM_FABRIK_LIVESITE . $paypal_return_url; } } if (!empty($paypal_test_site_qs)) { $opts['return'] .= $paypal_test_site_qs; } } else { if (!empty($paypal_return_url)) { if (preg_match('#^http:\\/\\/#', $paypal_return_url)) { $opts['return'] = $paypal_return_url; } else { $opts['return'] = COM_FABRIK_LIVESITE . $paypal_return_url; } } else { // using default thanks() method so don't forget to add renderOrder if ($paypal_testmode == '1' && !empty($paypal_test_site)) { $opts['return'] = $paypal_test_site . '/index.php?option=com_fabrik&c=plugin&controller=plugin&task=pluginAjax&formid=' . $formModel->_id . '&g=form&plugin=fabrikpaypal&method=thanks&rowid=' . $data['rowid'] . '&renderOrder=' . $this->renderOrder; } else { $opts['return'] = COM_FABRIK_LIVESITE . 'index.php?option=com_fabrik&c=plugin&controller=plugin&task=pluginAjax&formid=' . $formModel->_id . '&g=form&plugin=fabrikpaypal&method=thanks&rowid=' . $data['rowid'] . '&renderOrder=' . $this->renderOrder; } } } $opts['return'] = urlencode($opts['return']); $ipn_value = $params->get('paypal_ipn_value', ''); $ipn_value = $w->parseMessageForPlaceHolder($ipn_value, $data); $ipn_value = str_replace(':', ';', $ipn_value); // extra :'s will break parsing during IPN notify phase // $$$ hugh - thinking about putting in a call to a generic method in custom script // here and passing it a reference to $opts. $opts['custom'] = $data['form_id'] . ':' . $data['rowid'] . ':' . $ipn_value; $opts['cbt'] = urlencode($params->get('paypal_cbt', '')); if ($ipn !== false) { if (method_exists($ipn, 'checkOpts')) { if ($ipn->checkOpts($opts, $formModel) === false) { /// log the info JTable::addIncludePath(JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_fabrik' . DS . 'tables'); $log =& JTable::getInstance('log', 'Table'); $log->message_type = 'fabrik.paypal.onAfterProcess'; $msg = new stdClass(); $msg->opt = $opts; $msg->data = $data; $msg->msg = "Submission cancelled by checkOpts!"; $log->message = json_encode($msg); $log->store(); return true; } } } $qs = array(); foreach ($opts as $k => $v) { $qs[] = "{$k}={$v}"; } $url .= implode('&', $qs); // $$$ rob 04/02/2011 no longer doing redirect from ANY plugin EXCEPT the redirect plugin // - instead a session var is set (com_fabrik.form.X.redirect.url) // as the preferred redirect url $session =& JFactory::getSession(); $context = 'com_fabrik.form.' . $formModel->_id . '.redirect.'; // $$$ hugh - fixing issue with new redirect, which now needs to be an array. // Not sure if we need to preserve existing session data, or just create a new surl array, // to force ONLY recirect to PayPal? $surl = (array) $session->get($context . 'url', array()); $surl[$this->renderOrder] = $url; $session->set($context . 'url', $surl); /// log the info JTable::addIncludePath(JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_fabrik' . DS . 'tables'); $log =& JTable::getInstance('log', 'Table'); $log->message_type = 'fabrik.paypal.onAfterProcess'; $msg = new stdClass(); $msg->opt = $opts; $msg->data = $data; $log->message = json_encode($msg); $log->store(); return true; }
/** * Do the plug-in action * * @param object $params plugin parameters * @param object &$model list model * @param array $opts custom options * * @return bool */ public function process($params, &$model, $opts = array()) { $db = $model->getDb(); $user = JFactory::getUser(); $update = json_decode($params->get('update_col_updates')); if (!$update) { return false; } // $$$ rob moved here from bottom of func see http://fabrikar.com/forums/showthread.php?t=15920&page=7 $dateCol = $params->get('update_date_element'); $userCol = $params->get('update_user_element'); $item = $model->getTable(); // Array_unique for left joined table data $ids = array_unique(JRequest::getVar('ids', array(), 'method', 'array')); JArrayHelper::toInteger($ids); $this->_row_count = count($ids); $ids = implode(',', $ids); $model->reset(); $model->_pluginQueryWhere[] = $item->db_primary_key . ' IN ( ' . $ids . ')'; $data = $model->getData(); // $$$servantek reordered the update process in case the email routine wants to kill the updates $emailColID = $params->get('update_email_element', ''); if (!empty($emailColID)) { $w = new FabrikWorker(); jimport('joomla.mail.helper'); $message = $params->get('update_email_msg'); $subject = $params->get('update_email_subject'); $eval = $params->get('eval', 0); $config = JFactory::getConfig(); $from = $config->getValue('mailfrom'); $fromname = $config->getValue('fromname'); $elementModel = FabrikWorker::getPluginManager()->getElementPlugin($emailColID); $emailElement = $elementModel->getElement(true); $emailField = $elementModel->getFullName(false, true, false); $emailColumn = $elementModel->getFullName(false, false, false); $emailFieldRaw = $emailField . '_raw'; $emailWhich = $emailElement->plugin == 'user' ? 'user' : 'field'; $tbl = array_shift(explode('.', $emailColumn)); $db = JFactory::getDBO(); $aids = explode(',', $ids); // If using a user element, build a lookup list of emails from #__users, // so we're only doing one query to grab all involved emails. if ($emailWhich == 'user') { $userids_emails = array(); $query = $db->getQuery(); $query->select('#__users.id AS id, #__users.email AS email')->from('#__users')->join('LEFT', $tbl . ' ON #__users.id = ' . $emailColumn)->where(_primary_key . ' IN (' . $ids . ')'); $db->setQuery($query); $results = $db->loadObjectList(); foreach ($results as $result) { $userids_emails[(int) $result->id] = $result->email; } } foreach ($aids as $id) { $row = $model->getRow($id); if ($emailWhich == 'user') { $userid = (int) $row->{$emailFieldRaw}; $to = JArrayHelper::getValue($userids_emails, $userid); } else { $to = $row->{$emailField}; } if (JMailHelper::cleanAddress($to) && JMailHelper::isEmailAddress($to)) { // $tofull = '"' . JMailHelper::cleanLine($toname) . '" <' . $to . '>'; // $$$servantek added an eval option and rearranged placeholder call $thissubject = $w->parseMessageForPlaceholder($subject, $row); $thismessage = $w->parseMessageForPlaceholder($message, $row); if ($eval) { $thismessage = @eval($thismessage); FabrikWorker::logEval($thismessage, 'Caught exception on eval in updatecol::process() : %s'); } $res = JUtility::sendMail($from, $fromname, $to, $thissubject, $thismessage, true); if ($res) { $this->_sent++; } else { ${$this}->_notsent++; } } else { $this->_notsent++; } } } // $$$servantek reordered the update process in case the email routine wants to kill the updates if (!empty($dateCol)) { $date = JFactory::getDate(); $this->_process($model, $dateCol, $date->toSql()); } if (!empty($userCol)) { $this->_process($model, $userCol, (int) $user->get('id')); } foreach ($update->coltoupdate as $i => $col) { $this->_process($model, $col, $update->update_value[$i]); } $this->msg = $params->get('update_message', ''); if (empty($this->msg)) { $this->msg = JText::sprintf('PLG_LIST_UPDATE_COL_UPDATE_MESSAGE', $this->_row_count, $this->_sent); } else { $this->msg = JText::sprintf($this->msg, $this->_row_count, $this->_sent); } // Clean the cache. $cache = JFactory::getCache(JRequest::getCmd('option')); $cache->clean(); return true; }
/** * Run eval * * @param string $data Original data * @param int $repeatCounter Repeat group counter * * @return string Evaluated PHP function */ private function _eval($data, $repeatCounter = 0) { $params = $this->getParams(); $elementModel = $this->elementModel; $formModel = $elementModel->getFormModel(); $formData = $formModel->formData; $w = new FabrikWorker(); $phpCode = $params->get('php-code'); $phpCode = $w->parseMessageForPlaceHolder($phpCode, $formData, true, true); /** * $$$ hugh - added trigger_error(""), which will "clear" any existing errors, * otherwise logEval will pick up and report notices and warnings generated * by the rest of our code, which can be VERY confusing. Note that this required a tweak * to logEval, as error_get_last won't be null after doing this, but $error['message'] will * be empty. * $$$ hugh - moved the $trigger_error() into a helper func */ FabrikWorker::clearEval(); $return = @eval($phpCode); FabrikWorker::logEval($return, 'Caught exception on php validation of ' . $elementModel->getFullName(true, false) . ': %s'); return $return; }
/** * @param $key * @param $condition * @param $originalValue * @param $evalFilter * * @return string */ protected function filterQueryMultiValues($key, $condition, $originalValue, $evalFilter) { $str = array(); if ($evalFilter) { $originalValue = stripslashes(htmlspecialchars_decode($originalValue, ENT_QUOTES)); $originalValue = @eval($originalValue); FabrikWorker::logEval($originalValue, 'Caught exception on eval of elementList::filterQueryMultiValues() ' . $key . ': %s'); } if ($condition === 'NOT IN') { $partialComparison = ' NOT LIKE '; $comparison = ' <> '; $glue = ' AND '; } else { $partialComparison = ' LIKE '; $comparison = ' = '; $glue = ' OR '; } switch ($condition) { case 'IN': case 'NOT IN': /** * Split out 1,2,3 into an array to iterate over. * It's a string if pre-filter, array if element filter */ if (!is_array($originalValue)) { $originalValue = explode(',', $originalValue); } foreach ($originalValue as &$v) { $v = trim($v); $v = FabrikString::ltrimword($v, '"'); $v = FabrikString::ltrimword($v, "'"); $v = FabrikString::rtrimword($v, '"'); $v = FabrikString::rtrimword($v, "'"); } break; default: $originalValue = (array) $originalValue; break; } foreach ($originalValue as $v2) { $v2 = str_replace("/", "\\\\/", $v2); $str[] = '(' . $key . $partialComparison . $this->_db->q('%"' . $v2 . '"%') . $glue . $key . $comparison . $this->_db->q($v2) . ') '; } return '(' . implode($glue, $str) . ')'; }
/** * Creates filter array (return existing if exists) * * @return array filters */ public function &getFilterArray() { if (isset($this->filters)) { return $this->filters; } $filterModel = $this->getFilterModel(); $db = FabrikWorker::getDbo(); $this->filters = array(); $request = $this->getRequestData(); $this->storeRequestData($request); FabrikHelperHTML::debug($request, 'filter:request'); $elements = $this->getElements('id'); /* $$$ rob prefilters loaded before anything to avoid issues where you filter on something and * you have 2 prefilters with joined by an OR - this was incorrectly giving SQL of * WHERE normal filter = x OR ( prefilter1 = y OR prefilter2 = x) * this change changes the SQL to * WHERE ( prefilter1 = y OR prefilter2 = x) AND normal filter = x */ $this->getPrefilterArray($this->filters); // These are filters created from a search form or normal search, assign them to the filters array $keys = array_keys($request); $indexStep = count(FArrayHelper::getValue($this->filters, 'key', array())); FabrikHelperHTML::debug($keys, 'filter:request keys'); foreach ($keys as $key) { if (is_array($request[$key])) { foreach ($request[$key] as $kk => $v) { if (!array_key_exists($key, $this->filters) || !is_array($this->filters[$key])) { $this->filters[$key] = array(); } $this->filters[$key][$kk + $indexStep] = $v; } } } FabrikHelperHTML::debug($this->filters, 'listmodel::getFilterArray middle'); $readOnlyValues = array(); $w = new FabrikWorker(); $noFiltersSetup = FArrayHelper::getValue($this->filters, 'no-filter-setup', array()); if (count($this->filters) == 0) { FabrikWorker::getPluginManager()->runPlugins('onFiltersGot', $this, 'list'); return $this->filters; } // Get a list of plugins $pluginKeys = $filterModel->getPluginFilterKeys(); $elementIds = FArrayHelper::getValue($this->filters, 'elementid', array()); $sqlCond = FArrayHelper::getValue($this->filters, 'sqlCond', array()); $raws = FArrayHelper::getValue($this->filters, 'raw', array()); foreach ($this->filters['key'] as $i => $keyval) { $value = $this->filters['value'][$i]; $condition = JString::strtoupper($this->filters['condition'][$i]); $key = $this->filters['key'][$i]; $filterEval = $this->filters['eval'][$i]; $elid = FArrayHelper::getValue($elementIds, $i); $key2 = array_key_exists('key2', $this->filters) ? FArrayHelper::getValue($this->filters['key2'], $i, '') : ''; /* $$$ rob see if the key is a raw filter * 20/12/2010 - think $key is never with _raw now as it is unset in tablefilter::getQuerystringFilters() although may be set elsewhere * - if it is make a note and remove the _raw from the name */ $raw = FArrayHelper::getValue($raws, $i, false); if (JString::substr($key, -5, 5) == '_raw`') { $key = JString::substr($key, 0, JString::strlen($key) - 5) . '`'; $raw = true; } if ($elid == -1) { // Bool match $this->filters['origvalue'][$i] = $value; $this->filters['sqlCond'][$i] = $key . ' ' . $condition . ' (' . $db->q($value) . ' IN BOOLEAN MODE)'; continue; } // List plug-in filter found - it should have set its own sql in onGetPostFilter(); if (!empty($elid) && in_array($elid, $pluginKeys)) { $this->filters['origvalue'][$i] = $value; $this->filters['sqlCond'][$i] = $this->filters['sqlCond'][$i]; continue; } $elementModel = FArrayHelper::getValue($elements, $elid); // $$$ rob key2 if set is in format `countries_0`.`label` rather than `countries`.`label` // used for search all filter on 2nd db join element pointing to the same table if (strval($key2) !== '') { $key = $key2; } $eval = $this->filters['eval'][$i]; $fullWordsOnly = $this->filters['full_words_only'][$i]; // $$ hugh - testing allowing {QS} replacements in pre-filter values $w->replaceRequest($value); $value = $this->prefilterParse($value); $value = $w->parseMessageForPlaceHolder($value); if (!is_a($elementModel, 'PlgFabrik_Element')) { if ($this->filters['condition'][$i] == 'exists') { $this->filters['sqlCond'][$i] = 'EXISTS (' . $value . ')'; } continue; } $elementModel->_rawFilter = $raw; if ($filterEval == '1') { // $$$ rob hehe if you set $i in the eval'd code all sorts of chaos ensues $origi = $i; $value = stripslashes(htmlspecialchars_decode($value, ENT_QUOTES)); $value = @eval($value); FabrikWorker::logEval($value, 'Caught exception on eval of tableModel::getFilterArray() ' . $key . ': %s'); $i = $origi; } if ($condition == 'LATERTHISYEAR' || $condition == 'EARLIERTHISYEAR') { $value = $db->q($value); } if ($fullWordsOnly == '1') { $condition = 'REGEXP'; } $originalValue = $this->filters['value'][$i]; if ($value == '' && $eval == FABRIKFILTER_QUERY) { throw new RuntimeException(FText::_('COM_FABRIK_QUERY_PREFILTER_WITH_NO_VALUE'), 500); } list($value, $condition) = $elementModel->getFilterValue($value, $condition, $eval); /* * $$$ hugh - this chunk got fugly, as we wound up with too many quotes with whole words on * and exact match off, like ... * LOWER('"[[:<:]]Brose[[:>:]]"') * ... so I fixed it the long handed way ... could prolly be done more elegantly, but this should work! */ if ($fullWordsOnly == '1') { if (is_array($value)) { foreach ($value as &$v) { $v = "\"[[:<:]]" . $v . "[[:>:]]\""; } if (strtoupper($condition) === 'REGEXP') { // $$$ 15/11/2012 - moved from before getFilterValue() to after as otherwise date filters in querystrings created wonky query $v = 'LOWER(' . $v . ')'; } } else { $value = "\"[[:<:]]" . $value . "[[:>:]]\""; if (strtoupper($condition) === 'REGEXP') { // $$$ 15/11/2012 - moved from before getFilterValue() to after as otherwise date filters in querystrings created wonky query $value = 'LOWER(' . $value . ')'; } } } else { if (strtoupper($condition) === 'REGEXP') { // $$$ 15/11/2012 - moved from before getFilterValue() to after as otherwise date filters in querystrings created wonky query $value = 'LOWER(' . $db->q($value, false) . ')'; } } if (!array_key_exists($i, $sqlCond) || $sqlCond[$i] == '') { // Will produce an SQL error - but is equivalent to 'show no records' so set to where 3 = -3 if ($condition === 'IN' && $value === '()') { $query = '3 = -3'; } else { $query = $elementModel->getFilterQuery($key, $condition, $value, $originalValue, $this->filters['search_type'][$i], $filterEval); } $this->filters['sqlCond'][$i] = $query; } $this->filters['condition'][$i] = $condition; // Used when getting the selected dropdown filter value $this->filters['origvalue'][$i] = $originalValue; $this->filters['value'][$i] = $value; if (!array_key_exists($i, $noFiltersSetup)) { $this->filters['no-filter-setup'][$i] = 0; } if ($this->filters['no-filter-setup'][$i] == 1) { $tmpName = $elementModel->getFullName(true, false); $tmpData = array($tmpName => $originalValue, $tmpName . '_raw' => $originalValue); // Set defaults to null to ensure we get correct value for 2nd drop-down search value (multi drop-down from search form) $elementModel->defaults = null; if (!array_key_exists($key, $readOnlyValues)) { $readOnlyValues[$key] = array(); } $readOnlyValues[$key][] = $elementModel->getFilterRO($tmpData); // Set it back to null again so that in form view we dont return this value. $elementModel->defaults = null; // Filter value assigned in readOnlyValues foreach loop towards end of this function $this->filters['filter'][$i] = ''; } else { /*$$$rob not sure $value is the right var to put in here - or if its actually used * but without this line you get warnings about missing variable in the filter array */ $this->filters['filter'][$i] = $value; } } FabrikHelperHTML::debug($this->filters, 'end filters'); foreach ($readOnlyValues as $key => $val) { foreach ($this->filters['key'] as $i => $fKey) { if ($fKey === $key) { $this->filters['filter'][$i] = implode("<br>", $val); } } } FabrikWorker::getPluginManager()->runPlugins('onFiltersGot', $this, 'list'); FabrikHelperHTML::debug($this->filters, 'after plugins:onFiltersGot'); return $this->filters; }
/** * @private * run plugins php code/script * @param object $params * @param object $formModel * @return bool false if error running php code */ private function _runPHP(&$params, &$formModel) { /** * if you want to modify the submitted form data * $formModel->updateFormData('tablename___elementname', $newvalue); */ //set so we can use $this->getEmailData() in php code $this->formModel =& $formModel; $emaildata = $this->getEmailData(); // $$$ rob this is poor when submitting the form the data is stored in _formData, when editing its stored in _data - // as this method can run on render or on submit we have to do a little check to see which one we should use. // really we should use the same form property to store the data regardless of form state if (!empty($formModel->_formData)) { $this->_data = $formModel->_formData; } else { $this->_data = $formModel->_data; } if ($params->get('form_php_file') == -1) { $w = new FabrikWorker(); $code = $w->parseMessageForPlaceHolder($params->get('curl_code', ''), $this->_data, true, true); $code = @eval($code); FabrikWorker::logEval($code, 'Caught exception on eval in php::_runPHP() : %s'); return $code; } else { // $$$ hugh - give them some way of getting at form data // (I'm never sure if $_REQUEST is 'safe', i.e. if it has post-validation data) global $fabrikFormData, $fabrikFormDataWithTableName; // for some reason, =& wasn't working?? $fabrikFormData = $this->_data; $this->data =& $this->_data; $fabrikFormDataWithTableName = $formModel->_formDataWithTableName; $php_file = JFilterInput::clean($params->get('form_php_file'), 'CMD'); $php_file = COM_FABRIK_FRONTEND . DS . 'plugins' . DS . 'form' . DS . 'fabrikphp' . DS . 'scripts' . DS . $php_file; if (!JFile::exists($php_file)) { JError::raiseNotice(500, 'Mssing PHP form plugin file'); return; } $method = $params->get('only_process_curl'); if ($method == 'getBottomContent' || $method == 'getTopContent' || $method == 'getEndContent') { //for these types of scripts any out put you want to inject into the form should be echo'd out // @TODO - shouldn't we apply this logic above as well (direct eval)? ob_start(); require $php_file; $output = ob_get_contents(); ob_end_clean(); return $output; } else { $php_result = (require $php_file); } if ($php_result === false) { return false; } } return true; }
/** * Get the allowed dates based on evaluated PHP code * * @return multitype:|array */ protected function getAllowedPHPDates() { $params = $this->getParams(); $data = $this->getFormModel()->data; $php = $params->get('date_allow_php_func', ''); $dates = array(); if ($php === '') { return $dates; } $dates = FabrikHelperHTML::isDebug() ? eval($php) : @eval($php); FabrikWorker::logEval($dates, 'Eval exception : ' . $this->getElement()->name . '::getAllowedPHPDates() : %s'); return (array) $dates; }
/** * this really does get just the default value (as defined in the element's settings) * @param array data to use as parsemessage for placeholder * @return unknown_type */ function getDefaultValue($data = array()) { if (!isset($this->_default)) { $w = new FabrikWorker(); $element = $this->getElement(); $default = $w->parseMessageForPlaceHolder($element->default, $data); if ($element->eval == "1") { FabrikHelperHTML::debug($default, 'element eval default:' . $element->label); $default = @eval(stripslashes($default)); FabrikWorker::logEval($default, 'Caught exception on eval of ' . $element->name . ': %s'); } $this->_default = $default; } return $this->_default; }
/** * Allows the element to pre-process a rows data before and join mergeing of rows * occurs. Used in calc element to do cals on actual row rather than merged row * * @param string $element_data elements data for the current row * @param object $row current row's data * * @since 3.0.5 * * @return string formatted value */ public function preFormatFormJoins($element_data, $row) { $params = $this->getParams(); $format = trim($params->get('calc_format_string')); /** * $$$ hugh - the 'calculated value' bit is for legacy data that was created * before we started storing a value when row is saved */ if ($params->get('calc_on_save_only', 0)) { if ($format != '') { $element_data = sprintf($format, $element_data); } return parent::preFormatFormJoins($element_data, $row); } else { $element = $this->getElement(); $cal = $params->get('calc_calculation', ''); $listModel = $this->getlistModel(); $formModel = $this->getFormModel(); $data = JArrayHelper::fromObject($row); $data['rowid'] = $data['__pk_val']; $data['fabrik'] = $formModel->getId(); /** * $$$ hugh - trying to standardize on $data so scripts know where data is, * need $d here for backward compat */ $d = $data; $res = $listModel->parseMessageForRowHolder($cal, $data, true); $res = @eval($res); FabrikWorker::logEval($res, 'Caught exception on eval in ' . $element->name . '::renderListData() : %s'); if ($format != '') { $res = sprintf($format, $res); } // $$$ hugh - need to set _raw, might be needed if (say) calc is being used as 'use_as_row_class' // See comments in formatData() in table model, we might could move this to a renderRawListData() method. $raw_name = $this->getFullName(false, true, false) . '_raw'; $row->{$raw_name} = str_replace(GROUPSPLITTER, ',', $res); return parent::preFormatFormJoins($res, $row); } }
/** * Process the plugin, called when form is submitted * * @return bool */ public function onAfterProcess() { $params = $this->getParams(); jimport('joomla.mail.helper'); $formModel = $this->getModel(); $input = $this->app->input; $ftpTemplate = JPath::clean(JPATH_SITE . '/plugins/fabrik_form/ftp/tmpl/' . $params->get('ftp_template', '')); $this->data = $this->getProcessData(); if (!$this->shouldProcess('ftp_conditon', null, $params)) { return; } $contentTemplate = $params->get('ftp_template_content'); $content = $contentTemplate != '' ? $this->_getContentTemplate($contentTemplate) : ''; if (JFile::exists($ftpTemplate)) { if (JFile::getExt($ftpTemplate) == 'php') { $message = $this->_getPHPTemplateFtp($ftpTemplate); if ($message === false) { return; } } else { $message = $this->_getTemplateFtp($ftpTemplate); } $message = str_replace('{content}', $content, $message); } else { $message = $contentTemplate != '' ? $content : $this->_getTextFtp(); } $cc = null; $bcc = null; $w = new FabrikWorker(); // $$$ hugh - test stripslashes(), should be safe enough. $message = stripslashes($message); $editURL = COM_FABRIK_LIVESITE . "index.php?option=com_fabrik&view=form&fabrik=" . $formModel->get('id') . "&rowid=" . $input->get('rowid', '', 'string'); $viewURL = COM_FABRIK_LIVESITE . "index.php?option=com_fabrik&view=details&fabrik=" . $formModel->get('id') . "&rowid=" . $input->get('rowid', '', 'string'); $editLink = "<a href=\"{$editURL}\">" . FText::_('EDIT') . "</a>"; $viewLink = "<a href=\"{$viewURL}\">" . FText::_('VIEW') . "</a>"; $message = str_replace('{fabrik_editlink}', $editLink, $message); $message = str_replace('{fabrik_viewlink}', $viewLink, $message); $message = str_replace('{fabrik_editurl}', $editURL, $message); $message = str_replace('{fabrik_viewurl}', $viewURL, $message); $ftpFileName = $params->get('ftp_filename', ''); $ftpFileName = $w->parseMessageForPlaceholder($ftpFileName, $this->data, false); $ftpEvalFileName = (int) $params->get('ftp_eval_filename', '0'); if ($ftpEvalFileName) { $ftpFileName = @eval($ftpFileName); FabrikWorker::logEval($ftpEvalFileName, 'Caught exception on eval in ftp filename eval : %s'); } if (empty($ftpFileName)) { $ftpFileName = 'fabrik_ftp_' . md5(uniqid()) . '.txt'; } $ftpHost = $w->parseMessageForPlaceholder($params->get('ftp_host', ''), $this->data, false); $ftpPort = $w->parseMessageForPlaceholder($params->get('ftp_port', '21'), $this->data, false); $ftpChDir = $w->parseMessageForPlaceholder($params->get('ftp_chdir', ''), $this->data, false); $ftpUser = $w->parseMessageForPlaceholder($params->get('ftp_user', ''), $this->data, false); $ftpPassword = $w->parseMessageForPlaceholder($params->get('ftp_password', ''), $this->data, false); $tmpDir = rtrim($this->config->getValue('config.tmp_path'), '/'); if (empty($tmpDir) || !JFolder::exists($tmpDir)) { throw new RuntimeException('PLG_FORM_FTP_NO_JOOMLA_TEMP_DIR', 500); } $tmpFile = $tmpDir . '/fabrik_ftp_' . md5(uniqid()); $message = $w->parseMessageForPlaceholder($message, $this->data, true, false); if (JFile::write($tmpFile, $message)) { $conn_id = ftp_connect($ftpHost, $ftpPort); if ($conn_id) { if (@ftp_login($conn_id, $ftpUser, $ftpPassword)) { if (!empty($ftpChDir)) { if (!ftp_chdir($conn_id, $ftpChDir)) { $this->app->enqueueMessage(FText::_('PLG_FORM_FTP_COULD_NOT_CHDIR'), 'notice'); JFile::delete($tmpFile); return false; } } if (!ftp_put($conn_id, $ftpFileName, $tmpFile, FTP_ASCII)) { $this->app->enqueueMessage(FText::_('PLG_FORM_FTP_COULD_NOT_SEND_FILE'), 'notice'); JFile::delete($tmpFile); return false; } } else { $this->app->enqueueMessage(FText::_('PLG_FORM_FTP_COULD_NOT_LOGIN'), 'notice'); JFile::delete($tmpFile); return false; } } else { throw new RuntimeException('PLG_FORM_FTP_COULD_NOT_CONNECT', 500); JFile::delete($tmpFile); return false; } } else { throw new RuntimeException('PLG_FORM_FTP_COULD_NOT_WRITE_TEMP_FILE', 500); JFile::delete($tmpFile); return false; } JFile::delete($tmpFile); return true; }
/** * this really does get just the default value (as defined in the element's settings) * @return unknown_type */ function getDefaultValue($data = array()) { if (!isset($this->_default)) { $params =& $this->getParams(); $which_default = $params->get('fb_gm_defaultloc', '1'); if ($which_default == '0') { // $$$ hugh - added parens around lat,long for consistancy! $this->_default = '(' . JRequest::getVar('fb_gm_lat', $params->get('fb_gm_lat')) . ',' . JRequest::getVar('fb_gm_long', $params->get('fb_gm_long')) . ')' . ':' . JRequest::getVar('fb_gm_zoomlevel', $params->get('fb_gm_zoomlevel')); } else { if ($which_default = '2') { $this->_default = $params->get('fb_gm_eval_default'); $w = new FabrikWorker(); $this->_default = $w->parseMessageForPlaceHolder($this->_default, $data, true); $this->_default = @eval(stripslashes($this->_default)); FabrikWorker::logEval($this->_default, 'Caught exception on eval in ' . $this->_element->name . '::getDefaultValue() : %s'); } } } return $this->_default; }
/** * * @param array $results * @param object plugin element that the data is SPLIT on * @param string $type of calculation * @return unknown_type */ protected function formatCalcSplitLabels(&$results2, &$plugin, $type = '') { $results = array(); $tomerge = array(); $name = $plugin->getFullName(false, true, false); // $$$ hugh - avoid PHP warning if $results2 is NULL if (empty($results2)) { return $results; } foreach ($results2 as $key => $val) { if ($plugin->hasSubElements) { $val->label = $type == 'median' ? $plugin->getLabelForValue($val->label) : $plugin->getLabelForValue($key); } else { $d = new stdClass(); $d->{$name} = $val->label; $val->label = $plugin->renderListData($val->label, $d); } if (array_key_exists($val->label, $results)) { // $$$ rob the $result data is keyed on the raw database result - however, we are intrested in // keying on the formatted table result (e.g. allows us to group date entries by year) if ($results[$val->label] !== '') { $tomerge[$val->label][] = $results[$val->label]->value; } //unset($results[$val->label]); $results[$val->label] = ''; $tomerge[$val->label][] = $val->value; } else { $results[$val->label] = $val; } } foreach ($tomerge as $label => $data) { $o = new stdClass(); switch ($type) { case 'avg': $o->value = $this->simpleAvg($data); break; case 'sum': $o->value = $this->simpleSum($data); break; case 'median': $o->value = $this->_median($data); break; case 'count': $o->value = count($data); break; case 'custom_calc': $params = $this->getParams(); $custom_calc_php = $params->get('custom_calc_php', ''); if (!empty($custom_calc_php)) { $o->value = @eval(stripslashes($custom_calc_php)); FabrikWorker::logEval($custom_calc_php, 'Caught exception on eval of ' . $name . ': %s'); } else { $o->value = $data; } break; default: $o->value = $data; break; } $o->label = $label; $results[$label] = $o; } return $results; }
/** * do the plugin action * @param object parameters * @param object table model */ function process(&$params, &$model, $opts = array()) { $db =& $model->getDb(); $user =& JFactory::getUser(); $updateTo = $params->get('update_value'); $updateCol = $params->get('coltoupdate'); $updateTo_2 = $params->get('update_value_2'); $updateCol_2 = $params->get('coltoupdate_2'); // $$$ rob moved here from bottom of func see http://fabrikar.com/forums/showthread.php?t=15920&page=7 $tbl = array_shift(explode('.', $updateCol)); $dateCol = $params->get('update_date_element'); $userCol = $params->get('update_user_element'); $table =& $model->getTable(); // array_unique for left joined table data $ids = array_unique(JRequest::getVar('ids', array(), 'method', 'array')); JArrayHelper::toInteger($ids); $this->_row_count = count($ids); $ids = implode(',', $ids); $model->_pluginQueryWhere[] = $table->db_primary_key . ' IN ( ' . $ids . ')'; $data =& $model->getData(); //$$$servantek reordered the update process in case the email routine wants to kill the updates $emailColID = $params->get('update_email_element', ''); if (!empty($emailColID)) { $w = new FabrikWorker(); jimport('joomla.mail.helper'); $message = $params->get('update_email_msg'); $subject = $params->get('update_email_subject'); $eval = $params->get('eval', 0); $config =& JFactory::getConfig(); $from = $config->getValue('mailfrom'); $fromname = $config->getValue('fromname'); $elementModel =& JModel::getInstance('element', 'FabrikModel'); $elementModel->setId($emailColID); $emailElement =& $elementModel->getElement(true); $emailField = $elementModel->getFullName(false, true, false); $emailColumn = $elementModel->getFullName(false, false, false); $emailFieldRaw = $emailField . '_raw'; $emailWhich = $emailElement->plugin == 'fabrikuser' ? 'user' : 'field'; $db =& JFactory::getDBO(); $aids = explode(',', $ids); // if using a user element, build a lookup list of emails from jos_users, // so we're only doing one query to grab all involved emails. if ($emailWhich == 'user') { $userids_emails = array(); $query = 'SELECT #__users.id AS id, #__users.email AS email FROM #__users LEFT JOIN ' . $tbl . ' ON #__users.id = ' . $emailColumn . ' WHERE ' . $table->db_primary_key . ' IN (' . $ids . ')'; $db->setQuery($query); $results = $db->loadObjectList(); foreach ($results as $result) { $userids_emails[(int) $result->id] = $result->email; } } foreach ($aids as $id) { $row = $model->getRow($id); if ($emailWhich == 'user') { $userid = (int) $row->{$emailFieldRaw}; $to = $userids_emails[$userid]; } else { $to = $row->{$emailField}; } if (JMailHelper::cleanAddress($to) && JMailHelper::isEmailAddress($to)) { //$tofull = '"' . JMailHelper::cleanLine($toname) . '" <' . $to . '>'; //$$$servantek added an eval option and rearranged placeholder call $thissubject = $w->parseMessageForPlaceholder($subject, $row); $thismessage = $w->parseMessageForPlaceholder($message, $row); if ($eval) { $thismessage = @eval($thismessage); FabrikWorker::logEval($thismessage, 'Caught exception on eval in updatecol::process() : %s'); } $res = JUtility::sendMail($from, $fromname, $to, $thissubject, $thismessage, true); if ($res) { $this->_sent++; } else { ${$this}->_notsent++; } } else { $this->_notsent++; } } } //$$$servantek reordered the update process in case the email routine wants to kill the updates if (!empty($dateCol)) { $date =& JFactory::getDate(); $this->_process($model, $dateCol, $date->toMySQL()); } if (!empty($userCol)) { $this->_process($model, $userCol, (int) $user->get('id')); } $this->_process($model, $updateCol, $updateTo); if (!empty($updateCol_2)) { $this->_process($model, $updateCol_2, $updateTo_2); } // $$$ hugh - this stuff has to go in process_result() //$msg = $params->get( 'update_message' ); //return JText::sprintf( $msg, count($ids)); $this->msg = $params->get('update_message', ''); if (empty($this->msg)) { $this->msg = JText::sprintf('%d ROWS UPDATED, %d EMAILS SENT', $this->_row_count, $this->_sent); } else { $this->msg = JText::sprintf($this->msg, $this->_row_count, $this->_sent); } return true; }
/** * This really does get just the default value (as defined in the element's settings) * * @param array $data form data * * @return mixed */ public function getDefaultValue($data = array()) { $params = $this->getParams(); $element = $this->getElement(); if (!isset($this->default)) { if ($element->default != '') { $default = $element->default; /* * Nasty hack to fix #504 (eval'd default value) * where _default not set on first getDefaultValue * and then its called again but the results have already been eval'd once and are hence in an array */ if (is_array($default)) { $v = $default; } else { $w = new FabrikWorker(); $default = $w->parseMessageForPlaceHolder($default, $data); if ($element->eval == "1") { $v = @eval((string) stripslashes($default)); FabrikWorker::logEval($default, 'Caught exception on eval in ' . $element->name . '::getDefaultValue() : %s'); } else { $v = $default; } } if (is_string($v)) { $this->default = explode('|', $v); } else { $this->default = $v; } } else { $this->default = $this->getSubInitialSelection(); } } return $this->default; }
/** * add attachments to the email */ function addAttachments($params) { //get attachments $pluginManager = FabrikWorker::getPluginManager(); $data = $this->getEmailData(); $groups = $this->formModel->getGroupsHiarachy(); foreach ($groups as $groupModel) { $elementModels = $groupModel->getPublishedElements(); foreach ($elementModels as $elementModel) { $elName = $elementModel->getFullName(false, true, false); if (array_key_exists($elName, $this->data)) { if (method_exists($elementModel, 'addEmailAttachement')) { if (array_key_exists($elName . '_raw', $data)) { $val = $data[$elName . '_raw']; } else { $val = $data[$elName]; } if (is_array($val)) { $val = implode(',', $val); } $aVals = FabrikWorker::JSONtoData($val, true); foreach ($aVals as $v) { $file = $elementModel->addEmailAttachement($v); if ($file !== false) { $this->_aAttachments[] = $file; } } } } } } // $$$ hugh - added an optional eval for adding attachments. // Eval'ed code should just return an array of file paths which we merge with $this->_aAttachments[] $w = new FabrikWorker(); $email_attach_eval = $w->parseMessageForPlaceholder($params->get('email_attach_eval', ''), $this->data, false); if (!empty($email_attach_eval)) { $email_attach_array = @eval($email_attach_eval); FabrikWorker::logEval($email_attach_array, 'Caught exception on eval in email email_attach_eval : %s'); if (!empty($email_attach_array)) { $this->_aAttachments = array_merge($this->_aAttachments, $email_attach_array); } } }
/** * this really does get just the default value (as defined in the element's settings) * @return unknown_type */ function getDefaultValue($data = array()) { if (!isset($this->_default)) { $params = $this->getParams(); $element = $this->getElement(); $config = JFactory::getConfig(); $tzoffset = new DateTimeZone($config->get('offset')); $store_as_local = (int) $params->get('date_store_as_local', 0); if ($params->get('date_defaulttotoday', 0)) { if ($store_as_local) { $localDate = date('Y-m-d H:i:s'); $oTmpDate = JFactory::getDate(strtotime($localDate)); } else { $oTmpDate = JFactory::getDate(); } $default = $oTmpDate->toMySQL(); } else { // deafult date should always be entered as gmt date e.g. eval'd default of: $default = $element->default; if ($element->eval == "1") { $default = @eval(stripslashes($default)); FabrikWorker::logEval($default, 'Caught exception on eval in ' . $element->name . '::getDefaultValue() : %s'); } if (trim($default) != '') { $oTmpDate = JFactory::getDate($default); $default = $oTmpDate->toMySQL(); } } $this->_default = $default; } return $this->_default; }