function _save($params)
{
$this->action = 'index';
$isNew = Sanitize::getInt($this->data['FieldOption'], 'optionid') ? false : true;
$text = Sanitize::getString($this->data['FieldOption'], 'text');
$value = Sanitize::stripAll($this->data['FieldOption'], 'value');
$field_id = Sanitize::getInt($this->data['FieldOption'], 'fieldid');
$location = Sanitize::getString($this->data, 'location', 'content');
$limit = $this->limit;
$limitstart = $this->offset;
$total = 0;
// Begin validation
$validation_ids = array();
$text == '' and $validation_ids[] = "option_text";
$value == '' and $validation_ids[] = "option_value";
if (!empty($validation_ids)) {
return json_encode(compact('validation_ids'));
}
// Begin save
$result = $this->FieldOption->save($this->data);
if ($result != 'success') {
$msg = "An option with this value already exists for this field.";
return $this->ajaxError($msg);
}
// Begin update display
$option_id = $this->data['FieldOption']['optionid'];
$field_id = $this->data['FieldOption']['fieldid'];
$rows = $this->FieldOption->getList($field_id, $limitstart, $limit, $total);
$this->_db->setQuery("\n SELECT \n fieldid,type,name,title,groupid,location \n FROM \n #__jreviews_fields \n WHERE \n fieldid = " . $field_id);
$field = current($this->_db->loadAssocList());
// Reloads the whole list to display the new/updated record
$page = Sanitize::stripWhitespace($this->listViewTable($rows, $total, $field));
$action = 'success';
return json_encode(compact('action', 'page', 'option_id'));
}
function _addOption()
{
$this->autoRender = false;
$this->autoLayout = false;
$response = array();
$option = $this->data['FieldOption']['text'] = Sanitize::getString($this->data, 'text');
$value = $this->data['FieldOption']['value'] = Sanitize::stripAll($this->data, 'text');
$fieldid = $this->data['FieldOption']['fieldid'] = Sanitize::getInt($this->data, 'field_id');
$fieldName = Sanitize::getString($this->data, 'name');
// Begin validation
if ($value == '') {
$validation = __t("The field is empty.", true);
$response[] = "jQuery('#jr_fieldOption{$fieldid}').siblings('.jr_loadingSmall').after('<span class=\"jr_validation\"> " . $validation . "</span>');";
return $this->ajaxResponse($response);
}
// Save
$result = $this->FieldOption->save($this->data);
switch ($result) {
case 'success':
// Begin update display
$option = $this->data['FieldOption']['text'];
$value = $this->data['FieldOption']['value'];
$response = "\n jQuery('#{$fieldName}').addOption('{$value}','" . addslashes($option) . "');\n jQuery('#jr_fieldOption{$fieldid}').val(''); \n jQuery('#submitButton{$fieldid}').removeAttr('disabled');\n ";
return $this->ajaxResponse($response);
case 'duplicate':
$validation = sprintf(__t("%s already exists", true), $value);
break;
case 'db_error':
$validation = s2Messages::submitErrorGeneric();
break;
}
$response[] = "jQuery('#{$fieldName}').selectOptions('" . addslashes($option) . "');";
$response[] = "jQuery('#jr_fieldOption{$fieldid}').siblings('.jr_loadingSmall').after('<span class=\"jr_validation\"> " . $validation . "</span>');";
return $this->ajaxResponse($response);
}
public function tmp1()
{
$this->modelClass = null;
if ($this->request->data) {
$result = Sanitize::stripAll($this->request->data['text1']);
} else {
$result = "no data.";
}
$this->set("result", $result);
}
public function search()
{
if ($this->request->is('post')) {
$date = Sanitize::stripAll($this->request->data["SanmaData"]['date']);
$company = Sanitize::stripAll($this->request->data['SanmaData']['company']);
$person_c = Sanitize::stripAll($this->request->data['SanmaData']['person_c']);
$contact = Sanitize::stripAll($this->request->data['SanmaData']['contact']);
$person_m = Sanitize::stripAll($this->request->data['SanmaData']['person_m']);
$this->redirect("./table/" . $company . "/" . $person_c . "/" . $contact . "/" . $person_m);
} else {
$result = "no data.";
}
$this->set("result", $result);
}
public function index()
{
$details = false;
$mstr = @$this->request->query['mstr'];
$mid = @$this->request->query['mid'];
$kod = @$this->request->query['kod'];
$this->set('mstr', $mstr);
$this->set('mid', $mid);
$this->set('kod', $kod);
if ($kod) {
$code = $this->Dataobject->find('all', array('conditions' => array('dataset' => 'kody_pocztowe', 'kody_pocztowe.kod' => $kod)));
if ($code && $code[0]) {
return $this->redirect('/dane/kody_pocztowe/' . $code[0]->getId());
} else {
$this->Session->setFlash('Podany kod pocztowy nie zostały odnaleziony');
}
} elseif ($mid) {
$details = true;
$miejscowosc = $this->API->Dane()->getObject('miejscowosci', $mid);
$this->set('miejscowosc', $miejscowosc->getData());
$ustr = @$this->request->query['ustr'];
$this->set('ustr', $ustr);
if ($miejscowosc) {
$this->addStatusbarCrumb(array('text' => $miejscowosc->getData('nazwa')));
$adresy = $this->API->searchAddresses($miejscowosc->getId(), $ustr);
$this->set('adresy', $adresy);
}
} elseif ($mstr) {
$details = true;
$this->paginate = array('conditions' => array('dataset' => 'miejscowosci', 'q' => Sanitize::stripAll($mstr)), 'paramType' => 'querystring');
$miejscowosci = $this->Paginator->paginate('Dataobject');
$pagination = $this->Dataobject->pagination;
$total = $this->Dataobject->total;
if (!$total) {
$this->Session->setFlash('Podana miejscowość nie została odnaleziona');
} elseif ($total === 1 && ($mid = $miejscowosci[0]['Dataobject']->object_id)) {
$this->redirect('/kody_pocztowe?mstr=' . $mstr . '&mid=' . $mid);
} else {
$this->set('miejscowosci', $miejscowosci);
}
$this->set(compact('pagination', 'total'));
}
$this->set('details', $details);
$application = $this->getApplication();
$this->set('title_for_layout', $application['name']);
}
/**
* testStripAll method
*
* @return void
*/
public function testStripAll()
{
$string = '<img """><script>alert("xss")</script>"/>';
$expected = '"/>';
$result = Sanitize::stripAll($string);
$this->assertEquals($expected, $result);
$string = '<IMG SRC=javascript:alert('XSS')>';
$expected = '';
$result = Sanitize::stripAll($string);
$this->assertEquals($expected, $result);
$string = '<<script>alert("XSS");//<</script>';
$expected = '<';
$result = Sanitize::stripAll($string);
$this->assertEquals($expected, $result);
$string = '<img src="http://google.com/images/logo.gif" onload="window.location=\'http://sam.com/\'" />' . "\n" . "<p>This is ok \t\n text</p>\n" . '<link rel="stylesheet" href="/css/master.css" type="text/css" media="screen" title="my sheet" charset="utf-8">' . "\n" . '<script src="xss.js" type="text/javascript" charset="utf-8"></script>';
$expected = '<p>This is ok text</p>';
$result = Sanitize::stripAll($string);
$this->assertEquals($expected, $result);
}
/**
* [ADMIN] 検索インデックス登録
*
* TODO 2013/8/8 ryuring
* この機能は、URLより、baserCMSで管理されたコンテンツのタイトルとコンテンツ本体を取得し、検索インデックスに登録する為の機能だったが、
* CakePHP2より、Viewの扱いが変更となった(ClassRegistryで管理されなくなった)為、requestAction 時のタイトルを取得できなくなった。
* よって機能自体を一旦廃止する事とする。
* 実装の際は、自動取得ではなく、手動で、タイトルとコンテンツ本体等を取得する仕様に変更する。
*
* @return void
* @access public
*/
public function admin_add()
{
$this->pageTitle = '検索インデックス登録';
if ($this->request->data) {
$url = $this->request->data['Content']['url'];
$url = str_replace(FULL_BASE_URL . $this->request->base, '', $url);
if (!$this->Content->find('count', array('conditions' => array('Content.url' => $url)))) {
// ルーティングのデフォルト設定を再読み込み(requestActionでルーティング設定がダブって登録されてしまう為)
Router::reload();
// URLのデータを取得
try {
$content = $this->requestAction($url, array('return' => 1));
} catch (Exception $e) {
$content = $e;
}
Router::reload();
// 元の設定を復元
Router::setRequestInfo($this->request);
if (!is_a($content, 'Exception')) {
$content = preg_replace('/<!-- BaserPageTagBegin -->.*?<!-- BaserPageTagEnd -->/is', '', $content);
} elseif (preg_match('/\\.html/', $url)) {
App::uses('HttpSocket', 'Network/Http');
$socket = new HttpSocket();
// ※ Router::url() では、スマートURLオフの場合、/app/webroot/ 内のURLが正常に取得できない
$HttpSocketResponse = $socket->get(siteUrl() . preg_replace('/^\\//', '', $url));
$code = $HttpSocketResponse->code;
if ($code != 200) {
unset($content);
} else {
if (preg_match('/<body>(.*?)<\\/body>/is', $HttpSocketResponse->body, $matches)) {
$content = $matches[1];
} else {
$content = '';
}
}
} else {
unset($content);
}
if (isset($content)) {
$content = Sanitize::stripAll($content);
$content = strip_tags($content);
$data = array('Content' => array('title' => $this->request->data['Content']['title'], 'detail' => $content, 'url' => $url, 'type' => 'その他', 'status' => true, 'priority' => 0.5));
$this->Content->create($data);
if ($this->Content->save()) {
$this->setMessage('検索インデックスに ' . $url . ' を追加しました。');
$this->redirect(array('action' => 'index'));
} else {
$this->setMessage('保存中にエラーが発生しました。', true);
}
} else {
$this->Content->invalidate('url', '入力したURLは存在しないか、検索インデックスに登録できるURLではありません。');
$this->setMessage('保存中にエラーが発生しました。', true);
}
} else {
$this->Content->invalidate('url', '既に登録済のURLです。');
$this->setMessage('入力エラーです。内容を修正してください。', true);
}
}
$this->help = 'contents_add';
}
function onBeforeDisplayContent(&$article, &$params)
{
if (!class_exists('cmsFramework')) {
return;
}
// Make sure this is a Joomla article page
$option = Sanitize::getString($_REQUEST, 'option', '');
$view = Sanitize::getString($_REQUEST, 'view', '');
$layout = Sanitize::getString($_REQUEST, 'layout', '');
$id = Sanitize::getInt($_REQUEST, 'id');
if (!($option == 'com_content' && $view == 'article' && $id)) {
return;
}
/**
* Retrieve $listing array from memory
*/
$_this =& cmsFramework::getInstance();
$Config = Configure::read('JreviewsSystem.Config');
$title = trim(Sanitize::getString($Config, 'type_metatitle'));
$keywords = trim(Sanitize::getString($Config, 'type_metakey'));
$description = trim(Sanitize::getString($Config, 'type_metadesc'));
$listing =& $_this->listing;
// Has all the data that's also available in the detail.thtml theme file so you can create any sort of conditionals with it
if ($title != '' || $keywords != '' || $description != '') {
if (isset($_this->listing) && is_array($_this->listing)) {
// Instantiate the CustomFields helper class
$CustomFields =& RegisterClass::getInstance('CustomFieldsHelper');
// Get and process all tags
$tags = plgContentJreviews::extractTags($title . $keywords . $description);
$tags_array = array();
foreach ($tags as $tag) {
switch ($tag) {
case 'title':
$tags_array['{title}'] = Sanitize::stripAll($listing['Listing'], 'title');
break;
case 'section':
$tags_array['{section}'] = Sanitize::stripAll($listing['Section'], 'title');
break;
case 'category':
$tags_array['{category}'] = Sanitize::stripAll($listing['Category'], 'title');
break;
case 'metakey':
$tags_array['{metakey}'] = Sanitize::stripAll($listing['Listing'], 'metakey');
break;
case 'metadesc':
$tags_array['{metadesc}'] = Sanitize::stripAll($listing['Listing'], 'metadesc');
break;
default:
if (substr($tag, 0, 3) == 'jr_') {
$field = $CustomFields->fieldText($tag, $listing, false, false, ',');
$tags_array['{' . $tag . '}'] = !empty($field) ? $field : '';
}
break;
}
}
# Process title
$title != '' and $title = str_replace(array_keys($tags_array), $tags_array, $title) and cmsFramework::meta('title', $title);
# Process description
$description != '' and $description = str_replace(array_keys($tags_array), $tags_array, $description) and cmsFramework::meta('description', $description);
# Process keywords
$keywords != '' and $keywords = str_replace(array_keys($tags_array), $tags_array, $keywords) and cmsFramework::meta('keywords', $keywords);
}
} elseif (isset($article->parameters) && $article->parameters->get('show_page_title') && $article->parameters->get('num_leading_articles') == '' && $article->parameters->get('filter_type') == '') {
$title = $article->parameters->get('page_title');
$title != '' and cmsFramework::meta('title', $title);
}
if (isset($_this->crumbs) && !empty($_this->crumbs)) {
cmsFramework::setPathway($_this->crumbs);
}
unset($_this);
}
/**
* [ADMIN] 検索インデックス登録
*
* @return void
* @access public
*/
function admin_add()
{
$this->pageTitle = '検索インデックス コンテンツ登録';
if ($this->data) {
$url = $this->data['Content']['url'];
$url = str_replace(FULL_BASE_URL . $this->base, '', $url);
if (!$this->Content->find('count', array('conditions' => array('Content.url' => $url)))) {
// ルーティングのデフォルト設定を再読み込み(requestActionでルーティング設定がダブって登録されてしまう為)
Router::reload();
// URLのデータを取得
$content = $this->requestAction($url, array('return' => 1));
$View =& ClassRegistry::getObject('View');
// requestActionでインスタンス化されたViewを削除
// (管理システムではなく公開ページのView情報になっている可能性がある為)
ClassRegistry::removeObject('View');
// ルーティングのデフォルト設定を再読み込み(元の設定に復元する為)
Router::reload();
// 元の設定を復元
Router::setRequestInfo(array($this->params, array('base' => $this->base, 'webroot' => $this->webroot)));
$title = '';
if (!is_a($content, 'ErrorHandler')) {
$content = preg_replace('/<!-- BaserPageTagBegin -->.*?<!-- BaserPageTagEnd -->/is', '', $content);
$title = $View->pageTitle;
} elseif (preg_match('/\\.html/', $url)) {
App::import('Core', 'HttpSocket');
$socket = new HttpSocket();
// ※ Router::url() では、スマートURLオフの場合、/app/webroot/ 内のURLが正常に取得できない
$content = $socket->get(siteUrl() . $url);
$code = $socket->response['status']['code'];
if ($code != 200) {
unset($content);
} else {
if (preg_match('/<title>([^<]+)<\\/title>/', $content, $matches)) {
$title = $matches[1];
$content = preg_replace('/<title>[^<]+<\\/title>/', '', $content);
}
}
} else {
unset($content);
}
if (isset($content)) {
$content = Sanitize::stripAll($content);
$content = strip_tags($content);
$data = array('Content' => array('title' => $title, 'detail' => $content, 'url' => $url, 'type' => 'その他', 'status' => true, 'priority' => 0.5));
$this->Content->create($data);
if ($this->Content->save()) {
$this->Session->setFlash('検索インデックスに ' . $url . ' を追加しました。');
$this->redirect('index');
} else {
$this->Session->setFlash('保存中にエラーが発生しました。');
}
} else {
$this->Content->invalidate('url', '入力したURLは存在しないか、検索インデックスに登録できるURLではありません。');
$this->Session->setFlash('保存中にエラーが発生しました。');
}
} else {
$this->Content->invalidate('url', '既に登録済のURLです。');
$this->Session->setFlash('入力エラーです。内容を修正してください。');
}
}
}
function _save()
{
/*******************************************************************
* This method is processed inside an iframe
* To access any of the DOM elements via jQuery it's necessary to prepend
* all jQuery calls with $parentFrame (i.e. $parentFrame.jQuery)
********************************************************************/
$this->autoRender = false;
$this->autoLayout = false;
$response = array();
$parentFrame = 'window.parent';
$validation = '';
$listing_id = Sanitize::getInt($this->data['Listing'], 'id', 0);
$isNew = $this->Listing->isNew = $listing_id == 0 ? true : false;
$this->data['email'] = Sanitize::getString($this->data, 'email');
$this->data['name'] = Sanitize::getString($this->data, 'name');
$this->data['categoryid_hidden'] = Sanitize::getInt($this->data['Listing'], 'categoryid_hidden');
$cat_id = Sanitize::getVar($this->data['Listing'], 'catid');
$this->data['Listing']['catid'] = is_array($cat_id) ? (int) array_pop(array_filter($cat_id)) : (int) $cat_id;
/*J16*/
$this->data['Listing']['title'] = Sanitize::getString($this->data['Listing'], 'title', '');
$this->data['Listing']['created_by_alias'] = Sanitize::getString($this->data, 'name', '');
if ($this->cmsVersion == CMS_JOOMLA15) {
$this->data['sectionid_hidden'] = Sanitize::getInt($this->data['Listing'], 'sectionid_hidden');
$this->data['Listing']['sectionid'] = Sanitize::getInt($this->data['Listing'], 'sectionid');
} else {
$this->data['Listing']['language'] = '*';
$this->data['Listing']['access'] = 1;
}
$category_id = $this->data['Listing']['catid'] ? $this->data['Listing']['catid'] : $this->data['categoryid_hidden'];
# Get criteria info
$criteria = $this->Criteria->findRow(array('conditions' => array('Criteria.id =
(SELECT criteriaid FROM #__jreviews_categories WHERE id = ' . (int) $category_id . ' AND `option` = "com_content")
')));
if (!$criteria) {
$validation = __t("The category selected is invalid.", true, true);
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
$response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
return $this->makeJS($response);
}
$this->data['Criteria']['id'] = $criteria['Criteria']['criteria_id'];
# Override global configuration
isset($criteria['ListingType']) and $this->Config->override($criteria['ListingType']['config']);
# Perform access checks
if ($isNew && !$this->Access->canAddListing()) {
return $this->makeJS("{$parentFrame}.s2Alert('" . __t("You are not allowed to submit listings in this category.", true, true) . "')");
} elseif (!$isNew) {
$query = "SELECT created_by FROM #__content WHERE id = " . $listing_id;
$this->_db->setQuery($query);
$listing_owner = $this->_db->loadResult();
if (!$this->Access->canEditListing($listing_owner)) {
return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::accessDenied() . "')");
}
}
# Load the notifications observer model component and initialize it.
# Done here so it only loads on save and not for all controlller actions.
$this->components = array('security', 'notifications');
$this->__initComponents();
if ($this->invalidToken == true) {
return $this->makeJS("{$parentFrame}.s2Alert('" . s2Messages::invalidToken() . "')");
}
# Override configuration
$category = $this->Category->findRow(array('conditions' => array('Category.id = ' . $this->data['Listing']['catid'])));
$this->Config->override($category['ListingType']['config']);
if ($this->Access->loadWysiwygEditor()) {
$this->data['Listing']['introtext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'introtext')));
$this->data['Listing']['fulltext'] = Sanitize::stripScripts(Sanitize::stripWhitespace(Sanitize::getVar($this->data['__raw']['Listing'], 'fulltext')));
$this->data['Listing']['introtext'] = html_entity_decode($this->data['Listing']['introtext'], ENT_QUOTES, cmsFramework::getCharset());
$this->data['Listing']['fulltext'] = html_entity_decode($this->data['Listing']['fulltext'], ENT_QUOTES, cmsFramework::getCharset());
} else {
$this->data['Listing']['introtext'] = Sanitize::stripAll($this->data['Listing'], 'introtext', '');
if (isset($this->data['Listing']['fulltext'])) {
$this->data['Listing']['fulltext'] = Sanitize::stripAll($this->data['Listing'], 'fulltext', '');
} else {
$this->data['Listing']['fulltext'] = '';
}
}
$this->data['Listing']['introtext'] = str_replace('<br>', '<br />', $this->data['Listing']['introtext']);
$this->data['Listing']['fulltext'] = str_replace('<br>', '<br />', $this->data['Listing']['fulltext']);
if ($this->Access->canAddMeta()) {
$this->data['Listing']['metadesc'] = Sanitize::getString($this->data['Listing'], 'metadesc');
$this->data['Listing']['metakey'] = Sanitize::getString($this->data['Listing'], 'metakey');
}
// Title alias handling
$slug = '';
$alias = Sanitize::getString($this->data['Listing'], 'alias');
if ($isNew && $alias == '') {
$slug = S2Router::sefUrlEncode($this->data['Listing']['title']);
if (trim(str_replace('-', '', $slug)) == '') {
$slug = date("Y-m-d-H-i-s");
}
} elseif ($alias != '') {
// Alias filled in so we convert it to a valid alias
$slug = S2Router::sefUrlEncode($alias);
if (trim(str_replace('-', '', $slug)) == '') {
$slug = date("Y-m-d-H-i-s");
}
}
$slug != '' and $this->data['Listing']['alias'] = $slug;
# Check for duplicates
switch ($this->Config->content_title_duplicates) {
case 'category':
// Checks for duplicates in the same category
$query = "\r\n SELECT \r\n count(*) \r\n FROM \r\n #__content AS Listing WHERE Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n AND Listing.state >= 0 \r\n AND Listing.catid = " . $this->data['Listing']['catid'] . (!$isNew ? " AND Listing.id <> " . $listing_id : '');
$this->_db->setQuery($query);
$titleExists = $this->_db->loadResult();
break;
case 'no':
// Checks for duplicates all over the place
$query = "\r\n SELECT \r\n count(*) \r\n FROM \r\n #__content AS Listing\r\n WHERE \r\n Listing.title = " . $this->_db->Quote($this->data['Listing']['title']) . "\r\n AND Listing.state >= 0\r\n " . (!$isNew ? " AND Listing.id <> " . $listing_id : '');
$this->_db->setQuery($query);
$titleExists = $this->_db->loadResult();
break;
case 'yes':
// Duplicates are allowed, no checking necessary
$titleExists = false;
break;
}
if ($titleExists && $this->data['Listing']['title'] != '') {
// if listing exists
$validation = '<span>' . __t("A listing with that title already exists.", true, true) . "</span>";
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
$response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
return $this->makeJS($response);
}
// Review form display check logic used several times below
$revFormSetting = $this->Config->content_show_reviewform;
if ($revFormSetting == 'noteditors' && !$this->Config->author_review) {
$revFormSetting = 'all';
}
$revFormEnabled = !isset($this->data['review_optional']) && $this->Access->canAddReview() && $isNew && ($revFormSetting == 'all' && ($this->Config->author_review || $this->Config->user_reviews) || $revFormSetting == 'authors' && $this->Access->isJreviewsEditor($this->_user->id) || $revFormSetting == 'noteditors' && !$this->Access->isJreviewsEditor($this->_user->id));
// Validation of content default input fields
if ($this->cmsVersion == CMS_JOOMLA15) {
if (!$this->data['Listing']['catid'] || !$this->data['Listing']['sectionid']) {
$this->Listing->validateSetError("sec_cat", __t("You need to select both a section and a category.", true));
}
} else {
!$this->data['Listing']['catid'] and $this->Listing->validateSetError("sec_cat", __t("You need to select a category.", true));
}
// Validate only if it's a new listing
if ($isNew) {
if (!$this->_user->id) {
$this->Listing->validateInput($this->data['name'], "name", "text", __t("You must fill in your name.", true), $this->Config->content_name == "required" ? 1 : 0);
$this->Listing->validateInput($this->data['email'], "email", "email", __t("You must fill in a valid email address.", true), $this->Config->content_email == "required" ? 1 : 0);
$this->data['name'] = Sanitize::getString($this->data, 'name', '');
$this->data['email'] = Sanitize::getString($this->data, 'email', '');
} else {
$this->data['name'] = $this->_user->name;
$this->data['email'] = $this->_user->email;
}
}
$this->Listing->validateInput($this->data['Listing']['title'], "title", "text", __t("You must fill in a title for the new listing.", true, true), 1);
# Validate listing custom fields
$listing_valid_fields =& $this->Field->validate($this->data, 'listing', $this->Access);
$this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors);
$this->Listing->validateInput($this->data['Listing']['introtext'], "introtext", "text", __t("You must fill in a summary for the new listing.", true, true), $this->Config->content_summary == "required" ? 1 : 0);
$this->Listing->validateInput($this->data['Listing']['fulltext'], "fulltext", "text", __t("You must fill in a description for the new listing.", true, true), $this->Config->content_description == "required" ? 1 : 0);
# Validate review custom fields
if ($revFormEnabled && $criteria['Criteria']['state']) {
// Review inputs
$this->data['Review']['userid'] = $this->_user->id;
$this->data['Review']['email'] = $this->data['email'];
$this->data['Review']['name'] = $this->data['name'];
$this->data['Review']['username'] = Sanitize::getString($this->data, 'name', '');
$this->data['Review']['title'] = Sanitize::getString($this->data['Review'], 'title');
$this->data['Review']['location'] = Sanitize::getString($this->data['Review'], 'location');
// deprecated
$this->data['Review']['comments'] = Sanitize::getString($this->data['Review'], 'comments');
// Review standard fields
$this->Listing->validateInput($this->data['Review']['title'], "rev_title", "text", __t("You must fill in a title for the review.", true, true), $this->Config->reviewform_title == 'required' ? true : false);
if ($criteria['Criteria']['state'] == 1) {
$criteria_qty = $criteria['Criteria']['quantity'];
$ratingErr = 0;
if (!isset($this->data['Rating'])) {
$ratingErr = $criteria_qty;
} else {
for ($i = 0; $i < $criteria_qty; $i++) {
if (!isset($this->data['Rating']['ratings'][$i]) || (empty($this->data['Rating']['ratings'][$i]) || $this->data['Rating']['ratings'][$i] == 'undefined' || (double) $this->data['Rating']['ratings'][$i] > $this->Config->rating_scale)) {
$ratingErr++;
}
}
}
$this->Listing->validateInput('', "rating", "text", sprintf(__t("You are missing a rating in %s criteria.", true, true), $ratingErr), $ratingErr);
}
// Review custom fields
$this->Field->validateErrors = array();
// Clear any previous validation errors
$review_valid_fields = $this->Field->validate($this->data, 'review', $this->Access);
$this->Listing->validateErrors = array_merge($this->Listing->validateErrors, $this->Field->validateErrors);
$this->Listing->validateInput($this->data['Review']['comments'], "comments", "text", __t("You must fill in your comment.", true, true), $this->Config->reviewform_comment == 'required' ? true : false);
}
// if ($revFormEnabled && $criteria['Criteria']['state'])
# Validate image fields
$this->Uploads->validateImages();
# Validate Captcha security code
if ($isNew && $this->Access->showCaptcha()) {
if (!isset($this->data['Captcha']['code'])) {
$this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true));
} elseif ($this->data['Captcha']['code'] == '') {
$this->Listing->validateInput($this->data['Captcha']['code'], "code", "text", __t("You must fill in the security code.", true), 1);
} else {
if (!$this->Captcha->checkCode($this->data['Captcha']['code'], $this->ipaddress)) {
$this->Listing->validateSetError("code", __t("The security code you entered was invalid.", true, true));
}
}
}
# Get all validation messages
$validation = $this->Listing->validateGetError() . $this->Uploads->getMsg();
# Validation failed
if ($validation != '') {
$response[] = "var parentForm = {$parentFrame}.jQuery('#jr_listingForm');";
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "parentForm.find('.button').removeAttr('disabled');";
// Transform textareas into wysiwyg editors
if ($this->Access->loadWysiwygEditor()) {
App::import('Helper', 'Editor', 'jreviews');
$Editor = new EditorHelper();
$response[] = $parentFrame . '.' . $Editor->transform(true);
}
// Replace captcha with new instance
if ($this->Access->in_groups($this->Config->security_image)) {
$captcha = $this->Captcha->displayCode();
$response[] = "{$parentFrame}.jQuery('#captcha').attr('src','{$captcha['src']}');";
$response[] = "{$parentFrame}.jQuery('#jr_captchaCode').val('');";
}
$response[] = "parentForm.find('.jr_loadingSmall').hide();";
return $this->makeJS($response);
// Can't use ajaxResponse b/c we are in an iframe
}
# Validation passed, continue...
if ($isNew) {
$this->data['Listing']['created'] = _CURRENT_SERVER_TIME;
//gmdate('Y-m-d H:i:s');
$this->data['Listing']['publish_up'] = _CURRENT_SERVER_TIME;
//gmdate('Y-m-d H:i:s');
$this->data['Listing']['created_by'] = $this->_user->id;
$this->data['Listing']['publish_down'] = NULL_DATE;
$this->data['Field']['Listing']['email'] = $this->data['email'];
// If visitor, assign name field to content Alias
if (!$this->_user->id) {
$this->data['Listing']['created_by_alias'] = $this->data['name'];
}
// Check moderation settings
$this->data['Listing']['state'] = (int) (!$this->Access->moderateListing());
// If listing moderation is enabled, then the review is also moderated
if (!$this->data['Listing']['state']) {
$this->Config->moderation_reviews = $this->Config->moderation_editor_reviews = $this->Config->moderation_item;
}
} else {
if ($this->Config->moderation_item_edit) {
$this->data['Listing']['state'] = (int) (!$this->Access->moderateListing());
}
$this->data['Listing']['modified'] = _CURRENT_SERVER_TIME;
//gmdate('Y-m-d H:i:s');
$this->data['Listing']['modified_by'] = $this->_user->id;
$query = 'SELECT images FROM #__content WHERE id = ' . $this->data['Listing']['id'];
$this->_db->setQuery($query);
$this->data['Listing']['images'] = $this->_db->loadResult();
// Check total number of images
if (!$this->Uploads->checkImageCount($this->data['Listing']['images'])) {
$validation .= '<span>' . sprintf(__t("The total number of images is limited to %s", true, true), $this->Config->content_images) . '</span><br />';
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
$response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
return $this->makeJS($response);
}
}
// Process images and update data array
if ($this->Uploads->success) {
$imageUploadPath = PATH_ROOT . _JR_PATH_IMAGES . 'jreviews' . DS;
$this->Uploads->uploadImages($this->data['Listing']['id'], $imageUploadPath);
if ($isNew) {
// New item
$currImages = $this->Uploads->images;
} elseif ($this->data['Listing']['images'] != '') {
// Editing and there are existing images
$currImages = array_merge(explode("\n", $this->data['Listing']['images']), $this->Uploads->images);
} else {
// Editing and there are no existing images
$currImages = $this->Uploads->images;
}
$this->data['Listing']['images'] = implode("\n", $currImages);
}
# Save listing
$savedListing = $this->Listing->store($this->data);
$listing_id = $this->data['Listing']['id'];
if (!$savedListing) {
$validation .= __t("The was a problem saving the listing", true, true);
}
// Error on listing save
if ($validation != '') {
$response[] = "{$parentFrame}.jQuery('#jr_listingFormValidation').html('{$validation}');";
$response[] = "{$parentFrame}.jQuery('.button').removeAttr('disabled');";
$response[] = "{$parentFrame}.jQuery('.jr_loadingSmall').hide();";
return $this->makeJS($response);
}
# Save listing custom fields
$this->data['Field']['Listing']['contentid'] = $this->data['Listing']['id'];
$this->Field->save($this->data, 'listing', $isNew, $listing_valid_fields);
# Begin insert review in table
if ($revFormEnabled && $criteria['Criteria']['state']) {
// Get reviewer type, for now editor reviews don't work in Everywhere components
$this->data['Review']['author'] = (int) $this->Access->isJreviewsEditor($this->_user->id);
$this->data['Review']['mode'] = 'com_content';
$this->data['Review']['pid'] = (int) $this->data['Listing']['id'];
// Force plugin loading on Review model
$this->_initPlugins('Review');
$this->Review->isNew = true;
$savedReview = $this->Review->save($this->data, $this->Access, $review_valid_fields);
}
# Before render callback
if ($isNew && isset($this->Listing->plgBeforeRenderListingSaveTrigger)) {
$plgBeforeRenderListingSave = $this->Listing->plgBeforeRenderListingSave();
switch ($plgBeforeRenderListingSave) {
case '0':
$this->data['Listing']['state'] = 1;
break;
case '1':
$this->data['Listing']['state'] = 0;
break;
case '':
break;
default:
return $plgBeforeRenderListingSave;
break;
}
}
# Moderation disabled
if (!isset($this->data['Listing']['state']) || $this->data['Listing']['state']) {
$fields = array('Criteria.criteria AS `Criteria.criteria`', 'Criteria.tooltips AS `Criteria.tooltips`');
$listing = $this->Listing->findRow(array('fields' => $fields, 'conditions' => array('Listing.id = ' . $listing_id)), array('afterFind'));
# Facebook wall integration
$fb_checkbox = Sanitize::getBool($this->data, 'fb_publish');
$facebook_integration = Sanitize::getBool($this->Config, 'facebook_enable') && Sanitize::getBool($this->Config, 'facebook_listings') && $fb_checkbox;
$token = cmsFramework::getCustomToken($listing_id);
$facebook_integration and $response[] = $parentFrame . '.jQuery.get(' . $parentFrame . '.s2AjaxUri+' . $parentFrame . '.jreviews.ajax_params()+\'&url=facebook/_postListing/id:' . $listing_id . '&' . $token . '=1\');
';
$url = cmsFramework::route($listing['Listing']['url']);
$update_text = $isNew ? __t("Thank you for your submission.", true, true) : __t("The listing was successfully saved.", true, true);
//JOEYG CODE
//THE FOLLOWING GETS THE LISTING TYPE FROM THE DB FOR THE NEWLY SAVED LISTING
//IF THE TYPE IS BUSINESS PROFILE OR PROJECT LISTING THEN DISPLAY THE after_submit.thtml file
//ELSE DISPLAY NORMAL MESSAGE
//IF WE ONLY WANT TO ADD THE after_submit.thtml if the listing is new then add
if ($isNew) {
$query = "SELECT `listing_type` FROM `jos_vpbd_content_criteria` WHERE `jos_vpbd_content_criteria`.`listing_id` = " . $this->data['Listing']['id'];
$this->_db->setQuery($query);
$jg_listing_type = $this->_db->loadResult();
if ($jg_listing_type == 2 || $jg_listing_type == 7) {
$update_html = $this->render('listings', 'after_submit');
} else {
$update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>";
}
//ends if/else
} else {
//not new
$update_html = "<a href=\"{$url}\">" . __t("Click here to view your listing", true) . "</a>";
}
//ends if($isNew)
//ENDS JOEYG ALTER CODE
$jsonObject = json_encode(compact('target_id', 'update_text', 'update_html'));
$response[] = '
var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\');
$parentForm.scrollTo({duration:400,offset:-100});
$parentForm.s2ShowUpdate(' . $jsonObject . ');
';
return $this->makeJS($response);
}
# Moderation enabled
$update_text = __t("Thank you for your submission. It will be published once it is verified.", true);
$update_html = '<div id=\\"s2Msgjr_listingForm\\" class=\\"jr_postUpdate\\">' . $update_text . '</div>';
$response[] = '
var $parentForm = ' . $parentFrame . '.jQuery(\'#jr_listingForm\');
$parentForm.scrollTo({duration:400,offset:-100},function(){
$parentForm.fadeOut(250,function(){$parentForm.html("' . $update_html . '").show();});
});
';
return $this->makeJS($response);
}
/**
* Facebook Open Graph implementation
*
* @param mixed $listing
* @param mixed $meta
*/
function facebookOpenGraph(&$listing, $meta)
{
// http://developers.facebook.com/docs/opengraph/
$option = Sanitize::getString($_REQUEST, 'option', '');
$view = Sanitize::getString($_REQUEST, 'view', '');
$id = Sanitize::getInt($_REQUEST, 'id');
// Make sure this is a Joomla article page
if (!($option == 'com_content' && $view == 'article' && $id)) {
return;
}
$Config = Configure::read('JreviewsSystem.Config');
if (empty($Config)) {
$cache_file = 'jreviews_config_' . md5(cmsFramework::getConfig('secret'));
$Config = S2Cache::read($cache_file);
}
$facebook_xfbml = Sanitize::getBool($Config, 'facebook_opengraph') && Sanitize::getBool($Config, 'facebook_appid');
// Make sure FB is enabled and we have an FB App Id
if (!$facebook_xfbml) {
return;
}
extract($meta);
$title == '' and $title = $listing['Listing']['title'];
$description == '' and $description = Sanitize::htmlClean(Sanitize::stripAll($listing['Listing'], 'summary'));
$image = isset($listing['Listing']['images'][0]) ? cmsFramework::makeAbsUrl(_DS . _JR_WWW_IMAGES . $listing['Listing']['images'][0]['path']) : null;
if (!$image) {
$img_src = '/<img[^>]+src[\\s=\'"]+([^"\'>\\s]+(jpg)+)/is';
preg_match($img_src, $listing['Listing']['summary'], $matches);
if (isset($matches[1])) {
$image = $matches[1];
}
}
$url = cmsFramework::makeAbsUrl($listing['Listing']['url'], array('sef' => true, 'ampreplace' => true));
$fields = $listing['Field']['pairs'];
// You can add other Open Graph meta tags by adding the attribute, custom field pair to the array below
$tags = array('title' => $title, 'url' => $url, 'image' => $image, 'site_name' => cmsFramework::getConfig('sitename'), 'description' => $description, 'type' => Sanitize::getString($listing['ListingType']['config'], 'facebook_opengraph_type'), 'latitude' => Sanitize::getString($Config, 'geomaps.latitude'), 'longitude' => Sanitize::getString($Config, 'geomaps.longitude'), 'street-address' => Sanitize::getString($Config, 'geomaps.address1'), 'locality' => Sanitize::getString($Config, 'geomaps.city'), 'region' => Sanitize::getString($Config, 'geomaps.state'), 'postal-code' => Sanitize::getString($Config, 'geomaps.postal_code'), 'country-name' => Sanitize::getString($Config, 'geomaps.country', Sanitize::getString($Config, 'geomaps.default_country')));
cmsFramework::addScript('<meta property="fb:app_id" content="' . Sanitize::getString($Config, 'facebook_appid') . '"/>');
Sanitize::getString($Config, 'facebook_admins') != '' and cmsFramework::addScript('<meta property="fb:admins" content="' . str_replace(' ', '', $Config->facebook_admins) . '"/>');
// cmsFramework::addScript('<meta property="fb:admins" content="YOUR-ADMIN-ID"/>'); // It's app_id or this, not both
# Loop through the tags array to add the additional FB meta tags
foreach ($tags as $attr => $fname) {
$content = '';
if (substr($fname, 0, 3) == 'jr_') {
// It's a custom field
$content = isset($fields[$fname]) ? htmlspecialchars($fields[$fname]['text'][0], ENT_QUOTES, 'utf-8') : '';
} elseif ($fname != '') {
// It's a static text, not a custom field
$content = htmlspecialchars($fname);
}
$content != '' and cmsFramework::addScript('<meta property="og:' . $attr . '" content="' . $content . '"/>');
}
}
function processNewFieldOptions($options, $field)
{
$processedOptions = array();
// Process new field options and modify the $data array
$FieldOption = ClassRegistry::getClass('FieldOptionModel');
$click2add = Sanitize::getBool($field['_params'], 'click2add');
!is_array($options) and $options = array($options);
foreach ($options as $option) {
if ($click2add && strstr($option, '|click2add')) {
$data = array();
$option_parts = explode('|', $option);
// Build array to pass to the FieldOptions model
$data['FieldOption']['fieldid'] = Sanitize::getInt($field, 'fieldid');
$data['FieldOption']['value'] = Sanitize::stripAll($option_parts, 0);
$data['FieldOption']['text'] = trim(Sanitize::getString($option_parts, 0));
// If it's a dependent field add the relevant control field data
if (count($option_parts) == 4) {
$option_parts[3] == 'null' and $option_parts[3] = '';
$controlledBy = $data['FieldOption']['controlledBy'] = array($option_parts[2] => $option_parts[3]);
$control_field = key($controlledBy);
$control_value = is_array(current($controlledBy)) ? array_values(current($controlledBy)) : array(current($controlledBy));
if ($control_field != '' && $control_value != '**') {
$data['FieldOption']['control_field'] = $control_field;
$data['FieldOption']['control_value'] = $control_value;
}
}
if (in_array($FieldOption->save($data), array('success', 'duplicate'))) {
$processedOptions[] = $data['FieldOption']['value'];
}
} else {
$processedOptions[] = $option;
}
}
return $processedOptions;
}
