Removal of alpahnumeric characters, SQL-safe slash-added strings, HTML-friendly strings,
and all of the above on arrays.
function purchase_product()
{
// Clean up the post
uses('sanitize');
$clean = new Sanitize();
$clean->paranoid($_POST);
// Check if we have an active cart, if there is no order_id set, then lets create one.
if (!isset($_SESSION['Customer']['order_id'])) {
$new_order = array();
$new_order['Order']['order_status_id'] = 0;
// Get default shipping & payment methods and assign them to the order
$default_payment = $this->Order->PaymentMethod->find(array('default' => '1'));
$new_order['Order']['payment_method_id'] = $default_payment['PaymentMethod']['id'];
$default_shipping = $this->Order->ShippingMethod->find(array('default' => '1'));
$new_order['Order']['shipping_method_id'] = $default_shipping['ShippingMethod']['id'];
// Save the order
$this->Order->save($new_order);
$order_id = $this->Order->getLastInsertId();
$_SESSION['Customer']['order_id'] = $order_id;
global $order;
$order = $new_order;
}
// Add the product to the order from the component
$this->OrderBase->add_product($_POST['product_id'], $_POST['product_quantity']);
global $config;
$content = $this->Content->read(null, $_POST['product_id']);
$this->redirect('/product/' . $content['Content']['alias'] . $config['URL_EXTENSION']);
}
function getrss()
{
uses('Sanitize');
Configure::write('debug', '0');
//turn debugging off; debugging breaks ajax
$this->layout = 'ajax';
$mrClean = new Sanitize();
$limit = 5;
$start = 0;
if (empty($this->params['form']['url'])) {
die('Incorrect use');
}
$url = $this->params['form']['url'];
if (!empty($this->params['form']['limit'])) {
$limit = $mrClean->paranoid($this->params['form']['limit']);
}
if (!empty($this->params['form']['start'])) {
$start = $mrClean->paranoid($this->params['form']['start']);
}
$feed = $this->Simplepie->feed_paginate($url, (int) $start, (int) $limit);
$out['totalCount'] = $feed['quantity'];
$out['title'] = $feed['title'];
$out['image_url'] = $feed['image_url'];
$out['image_width'] = $feed['image_width'];
$out['image_height'] = $feed['image_height'];
foreach ($feed['items'] as $item) {
$tmp['title'] = strip_tags($item->get_title());
$tmp['url'] = strip_tags($item->get_permalink());
$tmp['description'] = strip_tags($item->get_description(), '<p><br><img><a><b>');
$tmp['date'] = strip_tags($item->get_date('d/m/Y'));
$out['items'][] = $tmp;
}
$this->set('json', $out);
}
/**
* clean keywords string
*/
private function _cleanKeywords($data)
{
$keywords = $data['keywords'];
if (!empty($keywords)) {
$san = new Sanitize();
$keywords = $san->html($keywords);
} else {
$keywords = '';
}
return $keywords;
}
public function detalleIndex_get()
{
$sanador = new Sanitize();
$user = $sanador->clean_string($this->get('usuario'));
$validacion = $this->validaUsuario($user);
if ($validacion) {
$respuesta = $this->llenaIndex($user);
} else {
$respuesta = new Response(400, "withOutUser");
}
$this->response($respuesta);
}
public function logueo_get()
{
$sanador = new Sanitize();
$user = $sanador->clean_string($this->get('usuario'));
$pass = $sanador->clean_string($this->get('pass'));
$response = $this->m_consultas->login($user, $pass);
if ($response == FALSE) {
$respuesta = new Response(400, "userPassFail");
$this->response($respuesta);
}
$respuesta = new Response(200, $response);
$this->response($respuesta);
}
function addComment(&$Model, $params, $user_id, $tpl_params = array(), $comment_type_name = null, $model_alias = null)
{
$mrClean = new Sanitize();
$notification_data = a();
$foreign_id = $params['form']['foreign_id'];
$text = $mrClean->html($params['form']['comment']);
$comment = array('Comment' => array('body' => $text, 'name' => $user_id, 'email' => '*****@*****.**'));
$out = $Model->createComment($foreign_id, $comment);
$comment_id = $Model->Comment->id;
if (!$model_alias) {
$model_alias = $Model->alias;
}
// Retrieve ids belonging to users that have be notified (eg each users that commented this object before)
$comments = Set::extract($this->getComments($Model, $foreign_id, TRUE), '{n}.Comment.name');
// Remove duplicated values
$tbn = array_unique($comments);
// Retrieve owner of the commented object
$owner = $Model->read('user_id', $foreign_id);
$owner_id = $owner[$model_alias]['user_id'];
// owner should be notified as well
if (!in_array($owner_id, $tbn)) {
array_push($tbn, $owner_id);
}
$users = array_diff($tbn, array($user_id));
if (!empty($users)) {
$this->setupUserModel();
$commenter = $this->user->read(array('name', 'surname'), $user_id);
$owner = $this->user->read(array('name', 'surname'), $owner_id);
$subject = $this->Conf->get('Site.name') . " comment notification";
$domain = $this->Conf->get('Organization.domain');
foreach ($users as $c_id) {
// check whether the user is can be notified or not
$active = $this->Acl->check(array('model' => 'User', 'foreign_key' => $c_id), 'site');
$nfb = $this->user->read('notification', $c_id);
if ($active && $nfb['User']['notification']) {
if ($c_id == $owner_id) {
$is_owner = true;
} else {
$is_owner = false;
}
array_push($notification_data, array('from' => 'noreply@' . $domain, 'to' => $this->user->getemail($c_id, $this->Conf->get('Organization.domain')), 'subject' => $subject, 'own' => $is_owner, 'owner' => $owner['User'], 'commenter' => $commenter['User']));
}
}
}
$Model->addtotimeline($tpl_params, null, 'comment', $user_id, $model_alias, $foreign_id, $comment_id, $comment_type_name);
# clear cache
clearCache($this->cacheName, '', '');
return $notification_data;
}
function createComment(&$model, $id, $data = array())
{
if (!empty($data[$this->__settings[$model->alias]['class']])) {
unset($data[$model->alias]);
$model->Comment->validate = array($this->__settings[$model->alias]['column_author'] => array('notempty' => array('rule' => array('notempty'))), $this->__settings[$model->alias]['column_content'] => array('notempty' => array('rule' => array('notempty'))), $this->__settings[$model->alias]['column_email'] => array('notempty' => array('rule' => array('notempty')), 'email' => array('rule' => array('email'), 'message' => 'Please enter a valid email address')), $this->__settings[$model->alias]['column_class'] => array('notempty' => array('rule' => array('notempty'))), $this->__settings[$model->alias]['column_foreign_id'] => array('notempty' => array('rule' => array('notempty'))), $this->__settings[$model->alias]['column_status'] => array('notempty' => array('rule' => array('notempty'))), $this->__settings[$model->alias]['column_points'] => array('notempty' => array('rule' => array('notempty')), 'numeric' => array('rule' => array('numeric'))));
$data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_class']] = $model->alias;
$data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_foreign_id']] = $id;
$data[$this->__settings[$model->alias]['class']] = $this->_rateComment($model, $data['Comment']);
if ($data[$this->__settings[$model->alias]['class']]['status'] == 'spam') {
$data[$this->__settings[$model->alias]['class']]['active'] == 0;
} else {
if (Configure::read('Comments.auto_moderate') === true && $data[$this->__settings[$model->alias]['class']]['status'] != 'spam') {
$data[$this->__settings[$model->alias]['class']]['active'] == 1;
}
}
if ($this->__settings[$model->alias]['sanitize']) {
App::import('Sanitize');
$data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_author']] = Sanitize::clean($data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_author']]);
$data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_email']] = Sanitize::clean($data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_email']]);
$data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_content']] = Sanitize::clean($data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_content']]);
} else {
$data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_author']] = $data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_author']];
$data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_email']] = $data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_email']];
$data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_content']] = $data[$this->__settings[$model->alias]['class']][$this->__settings[$model->alias]['column_content']];
}
if ($this->_checkForEmptyVal($data[$this->__settings[$model->alias]['class']]) == false) {
$model->Comment->create();
if ($model->Comment->save($data)) {
return true;
}
}
}
return false;
}
function getListingFavorites($listing_id, $user_id, $passedArgs)
{
$conditions = array();
$avatar = Sanitize::getInt($passedArgs['module'], 'avatar', 1);
// Only show users with avatars
$count = Sanitize::getInt($passedArgs['module'], 'module_limit', 5);
$module_id = Sanitize::getInt($passedArgs, 'module_id');
$rand = Sanitize::getFloat($passedArgs, 'rand');
$fields = array('Community.' . $this->realKey . ' AS `User.user_id`', 'User.name AS `User.name`', 'User.username AS `User.username`');
if ($avatar) {
$conditions[] = 'Community.thumb <> "components/com_community/assets/default_thumb.jpg"';
}
if ($listing_id) {
$conditions[] = 'Community.' . $this->realKey . ' in (SELECT user_id FROM #__jreviews_favorites WHERE content_id = ' . $listing_id . ')';
}
$order = array('RAND(' . $rand . ')');
$joins = array('LEFT JOIN #__users AS User ON Community.' . $this->realKey . ' = User.id');
$profiles = $this->findAll(array('fields' => $fields, 'conditions' => $conditions, 'order' => $order, 'joins' => $joins));
if (Sanitize::getInt($passedArgs['module'], 'ajax_nav', 1)) {
$fields = array('count(Community.' . $this->realKey . ')');
$group = array('Community.' . $this->realKey);
$this->count = $this->findCount(array('fields' => $fields, 'conditions' => $conditions, 'group' => $group, 'joins' => $joins));
} else {
$this->count = Sanitize::getInt($passedArgs['module'], 'module_limit', 5);
}
return $this->addProfileInfo($profiles, 'User', 'user_id');
}
public function verifyUserByToken($username, $token)
{
$username = Sanitize::html($username);
$token = Sanitize::html($token);
$username = trim($username);
$token = trim($token);
if (empty($username) || empty($token)) {
Log::set(__METHOD__ . LOG_SEP . 'Username or Token-email empty. Username: '******' - Token-email: ' . $token);
return false;
}
$user = $this->dbUsers->getDb($username);
if ($user == false) {
Log::set(__METHOD__ . LOG_SEP . 'Username does not exist: ' . $username);
return false;
}
$currentTime = Date::current(DB_DATE_FORMAT);
if ($user['tokenEmailTTL'] < $currentTime) {
Log::set(__METHOD__ . LOG_SEP . 'Token-email expired: ' . $username);
return false;
}
if ($token === $user['tokenEmail']) {
// Set the user loggued.
$this->setLogin($username, $user['role']);
// Invalidate the current token.
$this->dbUsers->generateTokenEmail($username);
Log::set(__METHOD__ . LOG_SEP . 'User logged succeeded by Token-email - Username: '******'Token-email incorrect.');
}
return false;
}
public function adminBodyEnd()
{
global $layout;
$html = '';
// Load CSS and JS only on Controllers in array.
if (in_array($layout['controller'], $this->loadWhenController)) {
$pluginPath = $this->htmlPath();
$html = '<script>' . PHP_EOL;
$html .= '$(document).ready(function() { ' . PHP_EOL;
$html .= 'var simplemde = new SimpleMDE({
element: document.getElementById("jscontent"),
status: false,
toolbarTips: true,
toolbarGuideIcon: true,
autofocus: false,
lineWrapping: true,
autoDownloadFontAwesome: false,
indentWithTabs: true,
tabSize: ' . $this->getDbField('tabSize') . ',
spellChecker: false,
toolbar: [' . Sanitize::htmlDecode($this->getDbField('toolbar')) . ']
});';
$html .= '$("#jsaddImage").on("click", function() {
var filename = $("#jsimageList option:selected" ).text();
if(!filename.trim()) {
return false;
}
var text = simplemde.value();
simplemde.value(text + "![alt text]("+filename+")" + "\\n");
});';
$html .= '}); </script>';
}
return $html;
}
public function s()
{
$result = array();
if (isset($this->request->query['term'])) {
$keyword = Sanitize::clean($this->request->query['term']);
}
if (!empty($keyword)) {
$cacheKey = "ElectionsS{$keyword}";
$result = Cache::read($cacheKey, 'long');
if (!$result) {
$keywords = explode(' ', $keyword);
$countKeywords = 0;
$conditions = array('Election.parent_id IS NOT NULL');
foreach ($keywords as $k => $keyword) {
$keyword = trim($keyword);
if (!empty($keyword) && ++$countKeywords < 4) {
$conditions[] = "Election.keywords LIKE '%{$keyword}%'";
}
}
$result = $this->Election->find('all', array('fields' => array('Election.id', 'Election.name', 'Election.lft', 'Election.rght'), 'conditions' => $conditions, 'limit' => 50));
foreach ($result as $k => $v) {
$parents = $this->Election->getPath($v['Election']['id'], array('name'));
$result[$k]['Election']['name'] = implode(' > ', Set::extract($parents, '{n}.Election.name'));
}
Cache::write($cacheKey, $result, 'long');
}
}
$this->set('result', $result);
}
function index($params)
{
$this->action = 'directory';
// Set view file
# Read module params
$dir_id = cleanIntegerCommaList(Sanitize::getString($this->params['module'], 'dir_ids'));
$conditions = array();
$order = array();
$cat_id = '';
$section_id = '';
$directories = $this->Directory->getTree($dir_id, true);
if ($menu_id = Sanitize::getInt($this->params, 'Itemid')) {
$menuParams = $this->Menu->getMenuParams($menu_id);
}
# Category auto detect
$ids = CommonController::_discoverIDs($this);
extract($ids);
if ($cat_id != '' && $section_id == '') {
$cat_id = cleanIntegerCommaList($cat_id);
$sql = "SELECT section FROM #__categories WHERE id IN (" . $cat_id . ")";
$this->_db->setQuery($sql);
$section_id = $this->_db->loadResult();
}
$this->set(array('directories' => $directories, 'cat_id' => is_numeric($cat_id) && $cat_id > 0 ? $cat_id : false, 'section_id' => $section_id));
return $this->render('modules', 'directories');
}
function index($params)
{
$this->action = 'directory';
// Trigger assets helper method
if ($this->_user->id === 0) {
$this->cacheAction = Configure::read('Cache.expires');
}
$page = array('title' => '', 'show_title' => 0);
$conditions = array();
$order = array();
if ($menu_id = Sanitize::getInt($this->params, 'Itemid')) {
$menuParams = $this->Menu->getMenuParams($menu_id);
$page['title'] = Sanitize::getString($menuParams, 'title');
$page['show_title'] = Sanitize::getString($menuParams, 'dirtitle', 0);
}
$override_keys = array('dir_show_alphaindex', 'dir_cat_images', 'dir_columns', 'dir_cat_num_entries', 'dir_category_hide_empty', 'dir_category_levels', 'dir_cat_format');
if (Sanitize::getBool($menuParams, 'dir_overrides')) {
$overrides = array_intersect_key($menuParams, array_flip($override_keys));
$this->Config->override($overrides);
}
if ($this->cmsVersion == CMS_JOOMLA15) {
$directories = $this->Directory->getTree(Sanitize::getString($this->params, 'dir'));
} else {
$directories = $this->Category->findTree(array('level' => $this->Config->dir_cat_format === 0 ? 2 : $this->Config->dir_category_levels, 'menu_id' => true, 'dir_id' => Sanitize::getString($this->params, 'dir'), 'pad_char' => ''));
}
$this->set(array('page' => $page, 'directories' => $directories));
return $this->render('directories', 'directory');
}
function index()
{
$this->layout = '';
$login = true;
// Verifica se há dados em POST
if ($this->data) {
// Disponibiliza os dados postados para a model
$this->Funcionario->set($this->data);
// Verifica as regras de validação
//if($this->Funcionario->validates()){
// Consulta a função criada na model para validar o login, o método Sanitize::clean torna a string livre de sql hacks
$result = $this->Funcionario->checkUsuario(Sanitize::clean($this->data));
if ($result) {
$this->Session->start();
$_SESSION['funcionario'] = array('id' => $result['Funcionario']['id'], 'data' => date('d-m-Y'), 'hora' => date('h:m:i'), 'perfil_id' => $result['Funcionario']['perfil_id']);
if ($result['Funcionario']['perfil_id'] == 1) {
$this->redirect('/dashboard');
} else {
// $this->redirect('/dashboard/index') ;
}
} else {
$this->set('error', true);
}
//}
}
}
/**
* Build new instance
* @param type $config
* @return
*/
public static function setInstance($config = null)
{
if (is_null($config)) {
$config = HTMLPurifier_Config::createDefault();
}
self::$_instance = new HTMLPurifier($config);
}
function paranoid($vars)
{
foreach ($vars as &$var) {
$var = Sanitize::paranoid($var, array('.', '-', '='));
}
return $vars;
}
/**
* This callback method extract exif data from image and sets fields as customized in settings.
*
* @param Model $model Object of model
*
* @return boolean Return method's status
*/
function beforeValidate(&$model)
{
// If photo is uploaded
if (isset($model->data[$model->name][$this->settings[$model->name]['filename']]) && 0 == $model->data[$model->name][$this->settings[$model->name]['filename']]['error']) {
// Name of image file
//$filename = $model->data[$model->name][$this->settings[$model->name]['filename']]['tmp_name'];
$filename = WWW_ROOT . 'files' . DS . 'pictures' . DS . $model->data[$model->name][$this->settings[$model->name]['filename']];
// Read exif data from file
$exif = read_exif_data_raw($filename, 0);
// If exif data contains maker note then set it empty
if (isset($exif['SubIFD']['MakerNote'])) {
$exif['SubIFD']['MakerNote'] = '';
}
// Create new sanitize object and clean exif data
Sanitize::clean($exif);
if (isset($exif['SubIFD']['DateTimeOriginal']) && isset($this->settings[$model->name]['exifDateField'])) {
$model->data[$model->name][$this->settings[$model->name]['exifDateField']] = date($this->settings[$model->name]['exifDateFormat'], strtotime($exif['SubIFD']['DateTimeOriginal']));
}
// If the GPS Latitude and Longitude is set then add to proper fields
if (isset($exif['GPS'])) {
if (isset($this->settings[$model->name]['gpsLattitudeField'])) {
$model->data[$model->name][$this->settings[$model->name]['gpsLattitudeField']] = $exif['GPS']['Latitude'];
}
if (isset($this->settings[$model->name]['gpsLattitudeField'])) {
$model->data[$model->name][$this->settings[$model->name]['gpsLongitudeField']] = $exif['GPS']['Longitude'];
}
}
// Store serialized exif data in model's data
if (isset($this->settings[$model->name]['exifField'])) {
$model->data[$model->name][$this->settings[$model->name]['exifField']] = serialize($exif);
}
}
return true;
}
/**
* get_slides
*
*/
public function get_slides()
{
$this->Prg->commonProcess();
$add_query = array('Slide.convert_status = ' . SUCCESS_CONVERT_COMPLETED);
$val = isset($this->passedArgs['created_f']) ? $this->passedArgs['created_f'] : null;
if (!empty($val)) {
$add_query[] = "Slide.created >= '" . Sanitize::clean($val) . "'";
}
$val = isset($this->passedArgs['created_t']) ? $this->passedArgs['created_t'] : null;
if (!empty($val)) {
$add_query[] = "Slide.created <= '" . Sanitize::clean($val) . "'";
}
$this->Paginator->settings = array('conditions' => array($this->Slide->parseCriteria($this->passedArgs), $add_query), 'limit' => 200, 'recursive' => 1, 'order' => array('created' => 'desc'));
try {
$records = $this->Paginator->paginate('Slide');
} catch (Exception $e) {
$this->response->statusCode(400);
$result['error']['message'] = __('Failed to retrieve results');
$this->set('error', $result['error']);
return $this->render('slides');
}
$this->response->statusCode(200);
$this->set('slides', $records);
return $this->render('slides');
}
function google($address)
{
$this->_API['google'] = str_replace('{google_url}', Sanitize::getString($this->Config, 'geomaps.google_url', 'http://maps.google.com'), $this->_API['google']);
$geoData = false;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, sprintf($this->_API['google'], urlencode($address)));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$response = trim(curl_exec($curl));
// Process JSON
if (!empty($response)) {
$data = json_decode($response);
if ($data->status == "OK" && is_array($data->results) && ($result = $data->results[0])) {
$status = 200;
$elev = 0;
$lat = $result->geometry->location->lat;
$lon = $result->geometry->location->lng;
if (!is_numeric($lat) || !is_numeric($lon)) {
$status = 'error';
}
$geoData = array('status' => $status, 'lon' => $lon, 'lat' => $lat, 'elev' => $elev);
}
}
curl_close($curl);
return $geoData;
}
function google($address)
{
$this->_API['google'] = str_replace('{google_url}', Sanitize::getString($this->Config, 'geomaps.google_url', 'http://maps.google.com'), $this->_API['google']);
$geoData = false;
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, sprintf($this->_API['google'], urlencode($address)));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$response = trim(curl_exec($curl));
// Process CSV
if ($response != '' && $response != 620 && count(explode(',', $response)) > 3) {
// Split pieces of data by the comma that separates them
list($status, $elev, $lat, $lon) = explode(",", $response);
if (!is_numeric($lat) || !is_numeric($lon)) {
$status = 'error';
}
$geoData = array('status' => $status, 'lon' => $lon, 'lat' => $lat, 'elev' => $elev);
// More complete data can be found via XML
// Create SimpleXML object from XML Content
// $xmlObject = simplexml_load_string($xmlContent);
// $localObject = $xmlObject->Response;
// prx($localObject);
}
curl_close($curl);
return $geoData;
}
/**
* Authenticates the identity contained in a request. Will use the `settings.userModel`, and `settings.fields`
* to find POST data that is used to find a matching record in the `settings.userModel`. Will return false if
* there is no post data, either username or password is missing, of if the scope conditions have not been met.
* @author DaiNT
* @date: 2013/05/23
* @param CakeRequest $request The request that contains login information.
* @param CakeResponse $response Unused response object.
* @return mixed. False on login failure. An array of User data on success.
*/
public function authenticate(CakeRequest $request, CakeResponse $response)
{
if (isset($request->data['type'])) {
$type = $request->data['type'];
if (!isset($this->settings['types'][$type])) {
throw new Exception(__('Type %s login not setting', $type));
}
$types = $this->settings['types'];
$this->settings = array_merge(array('types' => $types), $types[$type]);
}
// if not set model in from then reset to request
if (AppUtility::checkIsMobile()) {
$this->settings['fields']['password'] = '******';
}
$fields = $this->settings['fields'];
$model = $this->settings['userModel'];
$userName = Sanitize::paranoid($request->data[$model][$fields['username']]);
$password = Sanitize::paranoid($request->data[$model][$fields['password']]);
if (empty($request->data[$model])) {
$request->data[$model] = array($fields['username'] => isset($userName) ? $userName : null, $fields['password'] => isset($password) ? $password : null);
}
$user = parent::authenticate($request, $response);
if (!empty($user) && is_array($user) && isset($request->data[$model]['system_permission'])) {
$user['system_permission'] = $request->data[$model]['system_permission'];
}
return $user;
}
/**
* Vote
* @author vovich
* @param unknown_type $model
* @param unknown_type $modelId
* @param unknown_type $point
* @return JSON
*/
function voting($model, $modelId, $delta)
{
Configure::write('debug', 0);
$this->layout = false;
$result = array("error" => "", "sum" => 0, "votes_plus" => 0, "votes_minus" => 0);
$userId = $this->Access->getLoggedUserID();
if (!$this->RequestHandler->isAjax()) {
$this->redirect($_SERVER['HTTP_REFERER']);
}
if ($userId == VISITOR_USER || !$userId) {
$result['error'] = "Access error, please login.";
} elseif (!$this->Access->getAccess('Vote_' . $model, 'c')) {
$result['error'] = "You can not vote for this " . $model . "<BR> please logg in ";
} else {
$result['error'] = $this->Vote->canVote($model, $modelId, $userId);
}
$data['model'] = Sanitize::paranoid($model);
$data['model_id'] = Sanitize::paranoid($modelId);
$data['user_id'] = $userId;
$data['delta'] = $delta;
if (Sanitize::paranoid($model) == 'Image') {
Cache::delete('last_images');
} elseif (Sanitize::paranoid($model) == 'Video') {
Cache::delete('last_images');
}
if (empty($result['error'])) {
$points = $this->Vote->add($data);
$result['votes_plus'] = $points['votes_plus'];
$result['votes_minus'] = $points['votes_minus'];
$result['sum'] = $points['votes_plus'] - $points['votes_minus'];
}
exit($this->Json->encode($result));
}
function buildThemes()
{
global $Site;
$themes = array();
$themesPaths = Filesystem::listDirectories(PATH_THEMES);
foreach ($themesPaths as $themePath) {
// Check if the theme is translated.
$languageFilename = $themePath . DS . 'languages' . DS . $Site->locale() . '.json';
if (!Sanitize::pathFile($languageFilename)) {
$languageFilename = $themePath . DS . 'languages' . DS . 'en_US.json';
}
if (Sanitize::pathFile($languageFilename)) {
$database = file_get_contents($languageFilename);
$database = json_decode($database, true);
$database = $database['theme-data'];
$database['dirname'] = basename($themePath);
// --- Metadata ---
$filenameMetadata = $themePath . DS . 'metadata.json';
if (Sanitize::pathFile($filenameMetadata)) {
$metadataString = file_get_contents($filenameMetadata);
$metadata = json_decode($metadataString, true);
$database = $database + $metadata;
// Theme data
array_push($themes, $database);
}
}
}
return $themes;
}
function beforeFilter()
{
parent::beforeFilter();
if (Sanitize::getInt($this->data, 'OwnerReply')) {
$this->review_id = Sanitize::getInt($this->data['OwnerReply'], 'id');
} else {
$this->review_id = Sanitize::getInt($this->params, 'review_id');
}
if (!$this->Config->owner_replies || $this->review_id == 0 || $this->_user->id == 0) {
$this->denyAccess = true;
return;
}
// Get the listing id and extension
$this->_db->setQuery("\n SELECT \n Review.pid AS listing_id, Review.`mode` AS extension\n FROM \n #__jreviews_comments AS Review\n WHERE \n Review.id = " . $this->review_id);
// Get listing owner id and check if it matches the current user
if ($listing = current($this->_db->loadAssocList())) {
// Automagically load and initialize Everywhere Model to check if user is listing owner
App::import('Model', 'everywhere_' . $listing['extension'], 'jreviews');
$class_name = inflector::camelize('everywhere_' . $listing['extension']) . 'Model';
if (class_exists($class_name)) {
$this->Listing = new $class_name();
$owner = $this->Listing->getListingOwner($listing['listing_id']);
if ($this->_user->id != $owner['user_id']) {
$this->denyAccess = true;
return;
}
$this->data['Listing']['created_by'] = $owner['user_id'];
// Used in the Activities component
$this->data['Listing']['listing_id'] = $listing['listing_id'];
// Used in the Activities component
$this->data['Listing']['extension'] = $listing['extension'];
// Used in the Activities component
}
}
}
function saveFeed($filename = "", $view)
{
if (Sanitize::getString($this->params, 'action') != 'xml') {
return false;
}
$type = '.' . Sanitize::getString($this->params, 'type', 'rss2');
$App =& App::getInstance();
if (!isset($App->jreviewsPaths['Theme'][$this->c->viewTheme][$this->layout][$view . $type . '.thtml']) && !isset($App->jreviewsPaths['Theme']['default'][$this->layout][$view . $type . '.thtml'])) {
return false;
}
$this->c->autoLayout = false;
$this->c->autoRender = false;
$rss = array('title' => $this->c->Config->rss_title, 'link' => WWW_ROOT, 'description' => $this->c->Config->rss_description, 'image_url' => WWW_ROOT . "images/stories/" . $this->c->Config->rss_image, 'image_link' => WWW_ROOT);
$this->c->set(array('encoding' => $this->encoding, 'rss' => $rss));
$feedFile = fopen($filename, "w+");
if ($feedFile) {
$feed = $this->c->render($this->layout, $view . $type);
fputs($feedFile, $feed);
fclose($feedFile);
echo $feed;
die;
} else {
echo "<br /><b>Error creating feed file, please check write permissions.</b><br />";
die;
}
}
public function admin_add()
{
$customerdata = $this->User->find("all");
$this->set('customer_data', $customerdata);
//pr($customerdata); exit;
if ($this->request->is('post')) {
//pr($this->request->data['Fcode']);
$unique = time();
$this->request->data['Fcode'] = Sanitize::clean($this->request->data['Fcode'], array("remove_html" => TRUE));
$productIds = $this->request->data['Fcode']['fcode_product'];
$productnames = $this->request->data['Fcode']['fcode_product_names'];
if ($this->Fcode->save($this->request->data['Fcode'])) {
$arr['FcodeProduct']['fcode_id'] = $fcode_id = $this->Fcode->id;
$arr['FcodeProduct']['quantity'] = 1;
for ($i = 0; $i < count($productIds); $i++) {
//$this->Product->id = $productIds[$i];
$product_q = $this->Product->findById($productIds[$i]);
//pr($product_q);exit;
$this->Product->id = $productIds[$i];
$this->Product->saveField('quantity', $product_q['Product']['quantity'] - 1);
$arr['FcodeProduct']['product_id'] = $productIds[$i];
$arr['FcodeProduct']['product_name'] = $productnames[$i];
$this->FcodeProduct->create();
$this->FcodeProduct->save($arr);
}
$this->Session->setFlash('<div class="alert alert-success"><i class="fa fa-check-circle"></i> Fcode Details Added Successfully...<button data-dismiss="alert" class="close" type="button">×</button> </div>');
} else {
$this->Session->setFlash('<div class="alert alert-fail"><i class="fa fa-check-circle"></i> Fcode Details Not Added Successfully...<button data-dismiss="alert" class="close" type="button">×</button> </div>');
}
return $this->redirect(array('action' => 'index'));
}
}
function save(&$data)
{
$isNew = Sanitize::getInt($data['FieldOption'], 'optionid') ? false : true;
$field_id = Sanitize::getInt($data['FieldOption'], 'fieldid');
if ($isNew) {
// Remove non alphanumeric characters from option value
$data['FieldOption']['value'] = Sanitize::translate($data['FieldOption']['value']);
$data['FieldOption']['value'] = str_replace($this->blackList, '', $data['FieldOption']['value']);
$data['FieldOption']['value'] = str_replace($this->dashReplacements, '-', $data['FieldOption']['value']);
$data['FieldOption']['value'] = preg_replace(array('/[-]+/'), array('-'), $data['FieldOption']['value']);
$data['FieldOption']['value'] = mb_strtolower($data['FieldOption']['value'], 'UTF-8');
// If is new checks for duplicate value
$query = "SELECT count(fieldid) FROM #__jreviews_fieldoptions WHERE fieldid = '{$field_id}' AND value = " . $this->_db->Quote($data['FieldOption']['value']);
$this->_db->setQuery($query);
if ($this->_db->loadResult()) {
return 'duplicate';
}
// Find last option
$this->_db->setQuery("select max(ordering) FROM #__jreviews_fieldoptions WHERE fieldid = '" . $field_id . "'");
$max = $this->_db->loadResult();
if ($max > 0) {
$data['FieldOption']['ordering'] = $max + 1;
} else {
$data['FieldOption']['ordering'] = 1;
}
}
# store it in the db
if (!$this->store($data)) {
return 'db_error';
}
return 'success';
}
function index()
{
$module_id = Sanitize::getInt($this->params, 'module_id', Sanitize::getInt($this->data, 'module_id'));
$this->viewSuffix = Sanitize::getString($this->params['module'], 'tmpl_suffix');
$cache_file = 'modules_totals_' . $module_id . '_' . md5(serialize($this->params['module']));
$page = $this->cached($cache_file);
if ($page) {
return $page;
}
// Initialize variables
$extension = Sanitize::getString($this->params['module'], 'extension');
// Automagically load and initialize Everywhere Model
App::import('Model', 'everywhere_' . $extension, 'jreviews');
$class_name = inflector::camelize('everywhere_' . $extension) . 'Model';
$conditions_reviews = array('Review.published = 1');
$extension == 'com_content' and $conditions_listings = array('Listing.state = 1');
$extension != '' and $conditions_reviews[] = "Review.mode = " . $this->quote($extension);
if (class_exists($class_name)) {
$this->Listing = new $class_name();
$this->Listing->_user = $this->_user;
$listings = $this->Listing->findCount(array('conditions' => $conditions_listings), 'DISTINCT Listing.' . $this->Listing->realKey);
$reviews = $this->Review->findCount(array('conditions' => $conditions_reviews), 'DISTINCT Review.id');
}
# Send variables to view template
$this->set(array('listing_count' => isset($listings) ? $listings : 0, 'review_count' => isset($reviews) ? $reviews : 0));
$page = $this->render('modules', 'totals');
# Save cached version
$this->cacheView('modules', 'totals', $cache_file, $page);
return $page;
}
function paginate($term = null, $paginateOptions = array())
{
$this->_controller->paginate = array('SearchIndex' => array_merge_recursive(array('conditions' => array(array('SearchIndex.active' => 1), 'or' => array(array('SearchIndex.published' => null), array('SearchIndex.published <= ' => date('Y-m-d H:i:s'))))), $paginateOptions));
if (isset($this->_controller->request->params['named']['type']) && $this->_controller->request->params['named']['type'] != 'All') {
$this->_controller->request->data['SearchIndex']['type'] = Sanitize::escape($this->_controller->request->params['named']['type']);
$this->_controller->paginate['SearchIndex']['conditions']['model'] = $this->_controller->data['SearchIndex']['type'];
}
// Add term condition, and sorting
if (!$term && isset($this->_controller->request->params['named']['term'])) {
$term = $this->_controller->request->params['named']['term'];
}
if ($term) {
$term = Sanitize::escape($term);
$this->_controller->request->data['SearchIndex']['term'] = $term;
$term = implode(' ', array_map(array($this, 'replace'), preg_split('/[\\s_]/', $term))) . '*';
if ($this->like) {
$this->_controller->paginate['SearchIndex']['conditions'][] = array('or' => array("MATCH(data) AGAINST('{$term}')", 'SearchIndex.data LIKE' => "%{$this->_controller->data['SearchIndex']['term']}%"));
} else {
$this->_controller->paginate['SearchIndex']['conditions'][] = "MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE)";
}
$this->_controller->paginate['SearchIndex']['fields'] = "*, MATCH(data) AGAINST('{$term}' IN BOOLEAN MODE) AS score";
if (empty($this->_controller->paginate['SearchIndex']['order'])) {
$this->_controller->paginate['SearchIndex']['order'] = "score DESC";
}
}
return $this->_controller->paginate('SearchIndex');
}
public static function save($value, $type, $standard = null)
{
$var = $standard;
if ($value !== null) {
if ($type == VAR_DB || $type == VAR_ARR_DB) {
$var = Sanitize::saveDb($value);
} elseif ($type == VAR_HTML || $type == VAR_ARR_HTML) {
$var = Sanitize::saveHTML($value);
} elseif ($type == VAR_INT || $type == VAR_ARR_INT) {
$var = Sanitize::saveInt($value);
} elseif ($type == VAR_ALNUM || $type == VAR_ARR_ALNUM) {
$var = Sanitize::saveAlNum($value, true);
} elseif ($type == VAR_URI || $type == VAR_ARR_URI) {
$var = Sanitize::saveAlNum($value, false);
} else {
$var = Sanitize::removeNullByte($value);
}
} else {
if ($standard === null) {
if ($type == VAR_DB || $type == VAR_ALNUM || $type == VAR_HTML || $type == VAR_URI) {
$var = '';
} elseif ($type == VAR_INT) {
$var = 0;
} elseif ($type == VAR_ARR_INT || $type == VAR_ARR_DB || $type == VAR_ARR_ALNUM || $type == VAR_ARR_NONE || $type == VAR_ARR_HTML || $type == VAR_ARR_URI) {
$var = array();
} else {
$var = null;
}
}
}
return $var;
}
