function smarty_function_ia_hooker($params, &$smarty) { if (!isset($params['name'])) { return; } $name = $params['name']; iaDebug::debug('smarty', $name, 'hooks'); iaSystem::renderTime('smarty', $name); $iaCore = iaCore::instance(); $hooks = $iaCore->getHooks(); if (!array_key_exists($name, $hooks) || empty($hooks[$name])) { return; } foreach ($hooks[$name] as $hook) { $hook['type'] = in_array($hook['type'], array('php', 'html', 'plain', 'smarty')) ? $hook['type'] : 'php'; if (empty($hook['pages']) || in_array($iaCore->iaView->name(), $hook['pages'])) { if ($hook['filename']) { switch ($hook['type']) { case 'php': if (file_exists(IA_HOME . $hook['filename'])) { include IA_HOME . $hook['filename']; } break; case 'smarty': echo $smarty->fetch(IA_HOME . $hook['filename']); } } else { switch ($hook['type']) { case 'php': eval($hook['code']); break; case 'smarty': echo $smarty->fetch('eval:' . $hook['code']); break; case 'html': echo $hook['code']; break; case 'plain': echo iaSanitize::html($hook['code']); } } } } }
private static function _deepSanitizeHtml($value) { if (is_array($value)) { foreach ($value as $k => $v) { $value[$k] = call_user_func(array(__CLASS__, __METHOD__), $v); } return $value; } else { return iaSanitize::html($value); } }
private function _queryPage(&$iaView) { if (isset($_SESSION['queries'])) { $iaView->assign('history', $_SESSION['queries']); } if (isset($_POST['exec_query'])) { iaUtil::loadUTF8Functions('ascii', 'validation', 'bad', 'utf8_to_ascii'); $sql = $_POST['query']; $outerData = ''; utf8_is_valid($sql) || ($sql = utf8_bad_replace($sql)); $queries = false === strpos($sql, ';' . PHP_EOL) ? array($sql) : explode(";\r\n", $sql); foreach ($queries as $key => $sqlQuery) { $sql = trim(str_replace('{prefix}', $this->_iaDb->prefix, $sqlQuery)); $this->_iaCore->startHook('phpAdminBeforeRunSqlQuery', array('query' => $sql)); $result = $this->_iaDb->query($sql); $this->_iaCore->startHook('phpAdminAfterRunSqlQuery'); $numrows = 0; if ($result) { isset($_SESSION['queries']) || ($_SESSION['queries'] = array()); if (!in_array($sqlQuery, $_SESSION['queries'])) { if (count($_SESSION['queries']) >= 5) { array_shift($_SESSION['queries']); } $_SESSION['queries'][] = $sqlQuery; } $numrows = $rows = $this->_iaDb->getNumRows($result); if ($rows) { $rows .= $rows > 1 ? ' rows' : ' row'; $this->addMessage("<b>Query OK:</b> {$rows} selected.", false); } else { $this->addMessage('<b>Query OK:</b> ' . $this->_iaDb->getAffected() . ' rows affected.', false); } } else { $this->_error = true; $this->addMessage('<b>Query Failed:</b><br />' . $this->_iaDb->getError()); } if ($numrows) { // get field names $fieldNames = $this->_iaDb->getFieldNames($result); $outerData .= '<table class="table table-hover table-condensed"><thead><tr>'; $i = 0; foreach ($fieldNames as $field) { $outerData .= '<th ' . (!$i ? 'class="first"' : '') . '>' . $field->name . '</th>'; $i++; } $outerData .= '</tr></thead><tbody>'; $numFields = $this->_iaDb->getNumFields($result); while ($row = $this->_iaDb->fetchRow($result)) { $outerData .= '<tr>'; for ($i = 0; $i < $numFields; $i++) { $outerData .= '<td' . (!$i ? ' class="first"' : '') . '>' . iaSanitize::html($row[$i]) . '</td>'; } $outerData .= '</tr>'; } $outerData .= '</tbody></table>'; } } $iaView->assign('sql', $sql); $iaView->assign('queryOut', $outerData); } $iaView->assign('tables', $this->getHelper()->getTables()); }
public function output() { $outputValues = $this->getValues(); switch ($this->getRequestType()) { case self::REQUEST_JSON: header('Content-Type: application/json'); $iaUtil = $this->iaCore->factory('util'); if (isset($outputValues[self::JSON_MAGIC_KEY]) && 1 == count($outputValues)) { $outputValues = array_values($outputValues[self::JSON_MAGIC_KEY]); } echo $iaUtil->jsonEncode($outputValues); break; case self::REQUEST_HTML: header('Content-Type: text/html'); $iaSmarty =& $this->iaSmarty; foreach ($outputValues as $key => $value) { $iaSmarty->assign($key, $value); } // set page notifications $messages = $this->getMessages(); $notifications = array(); foreach (array(self::ERROR, self::SUCCESS, self::ALERT, self::SYSTEM) as $type) { empty($messages[$type]) || ($notifications[$type] = is_array($messages[$type]) ? $messages[$type] : array($messages[$type])); } $pageName = $this->name(); if (iaCore::ACCESS_ADMIN == $this->iaCore->getAccessType()) { $adminActions = self::PAGE_ERROR == $pageName ? array() : $this->_getAdminToolbarActions(); $this->set('toolbarActions', $adminActions); } $iaSmarty->assign('member', iaUsers::hasIdentity() ? iaUsers::getIdentity(true) : array()); // define smarty super global $core $core = array('actions' => $this->_setActions(), 'config' => $this->iaCore->getConfig(), 'customConfig' => $this->iaCore->getCustomConfig(), 'language' => $this->iaCore->languages[$this->language], 'languages' => $this->iaCore->languages, 'notifications' => $notifications, 'packages' => $this->iaCore->packagesData, 'page' => array('breadcrumb' => iaBreadcrumb::render(), 'info' => $this->getParams(), 'nonProtocolUrl' => $this->assetsUrl, 'name' => $pageName, 'title' => $this->get('caption', $this->get('title', 'Subrion CMS'))), 'providers' => iaUsers::getAuthProviders()); if (iaCore::ACCESS_FRONT == $this->iaCore->getAccessType()) { // get meta-description $value = $this->get('description'); $metaDescription = empty($value) && iaLanguage::exists('page_metadescr_' . $pageName) ? iaLanguage::get('page_metadescr_' . $pageName) : $value; $core['page']['meta-description'] = iaSanitize::html($metaDescription); // get meta-keywords $value = $this->get('keywords'); $metaKeywords = empty($value) && iaLanguage::exists('page_metakeyword_' . $pageName) ? iaLanguage::get('page_metakeyword_' . $pageName) : $value; $core['page']['meta-keywords'] = iaSanitize::html($metaKeywords); $this->_logStatistics(); header('X-Powered-CMS: Subrion CMS'); } $iaSmarty->assignByRef('core', $core); $this->iaCore->startHook('phpCoreDisplayBeforeShowBody'); $content = ''; if ($this->get('body', self::NONE) != self::NONE) { $content = $iaSmarty->fetch($this->_retrieveTemplatePath($this->get('body'))); } if ($this->_layoutEnabled) { $iaSmarty->assign('_content_', $content); $content = $iaSmarty->fetch('layout' . self::TEMPLATE_FILENAME_EXT); } echo $content; break; case self::REQUEST_XML: header('Content-Type: text/xml'); function htmldecode($text) { $text = html_entity_decode($text); $text = htmlspecialchars($text); return $text; } function xmlEncode(array $array, &$parentObject) { static $section; foreach ($array as $key => $value) { switch (true) { case is_array($array[key($array)]): if (!is_numeric($key)) { $node = $parentObject->addChild($key); xmlEncode($value, $node); } else { $node = $parentObject->addChild($section); foreach ($value as $k => $v) { $node->addChild($k, htmldecode($v)); } } break; case is_array($value): $section = $key; xmlEncode($value, $parentObject); break; default: $parentObject->addChild($key, htmldecode($value)); } } } $xmlObject = new SimpleXMLElement('<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/"></rss>'); xmlEncode($outputValues, $xmlObject); echo $xmlObject->asXML(); break; default: header('HTTP/1.1 501'); exit; } }
/** * Prints picture in the box uses for display listing thumbnails, listing full picture, member avatar * * @param array $params image params * * @return string */ public static function printImage($params) { $thumbUrl = iaCore::instance()->iaView->assetsUrl; // temporary solution // TODO: remove if ('a:' == substr($params['imgfile'], 0, 2)) { $array = unserialize($params['imgfile']); $params['imgfile'] = $array['path']; $params['title'] = $array['title']; } // if (!empty($params['imgfile'])) { $thumbUrl .= 'uploads/'; if (isset($params['fullimage']) && $params['fullimage']) { $imgfile = explode('/', $params['imgfile']); $imgfile[count($imgfile) - 1] = str_replace('.', '~.', $imgfile[count($imgfile) - 1]); $thumbUrl .= implode('/', $imgfile); } else { $thumbUrl .= $params['imgfile']; } } else { $thumbUrl .= 'templates/' . iaCore::instance()->iaView->theme . '/img/no-preview.png'; } if (!empty($params['url'])) { return $thumbUrl; } $width = isset($params['width']) ? ' width="' . $params['width'] . '"' : ''; $height = isset($params['height']) ? ' height="' . $params['height'] . '"' : ''; $title = isset($params['title']) ? iaSanitize::html($params['title']) : ''; $class = isset($params['class']) ? ' class="' . $params['class'] . '"' : ''; return sprintf('<img src="%s" alt="%s" title="%s"%s>', $thumbUrl, $title, $title, $width . $height . $class); }
protected function _assignValues(&$iaView, array &$entryData) { $pageGroups = array(); $visibleOn = array(); // get groups $groups = $this->_iaDb->onefield('`group`', '1 GROUP BY `group`', null, null, 'pages'); $rows = $this->_iaDb->all(array('id', 'name', 'title'), null, null, null, 'admin_pages_groups'); foreach ($rows as $row) { if (in_array($row['id'], $groups)) { $pageGroups[$row['id']] = $row; } } if (iaCore::ACTION_EDIT == $iaView->get('action')) { if ($array = $this->_iaDb->onefield('page_name', "`object_type` = 'blocks' && " . iaDb::convertIds($this->getEntryId(), 'object'), null, null, 'objects_pages')) { $visibleOn = $array; } } elseif (!empty($_POST['pages'])) { $visibleOn = $_POST['pages']; } if (!empty($_POST['menus'])) { $iaView->assign('treeData', iaSanitize::html(iaUtil::jsonEncode($_POST['menus']))); } $iaView->assign('visibleOn', $visibleOn); $iaView->assign('pages', $this->_getPages()); $iaView->assign('pagesGroup', $pageGroups); $iaView->assign('positions', $this->getHelper()->getPositions()); }
/** * Sets elements of array according to provided fields structure * * @param array $itemData resulting array * @param array $fields standard fields structure returned by methods of this class * @param array $extraValues values that will be merged to $itemData * @param array $data source data (POST values are used if nothing specified) * * @return void */ public static function keepValues(array &$itemData, array $fields, array $extraValues = array(), $data = null) { if (is_null($data)) { $data = $_POST; } if (empty($data)) { return; } foreach ($fields as $field) { if ($field['type'] != self::PICTURES && $field['type'] != self::IMAGE) { $fieldName = $field['name']; if (isset($data[$fieldName]) && $data[$fieldName]) { $itemData[$fieldName] = in_array($field['type'], array(self::CHECKBOX)) ? implode(',', $data[$fieldName]) : $data[$fieldName]; } } } if (iaCore::ACCESS_ADMIN == iaCore::instance()->getAccessType()) { if (isset($data['featured'])) { $itemData['featured'] = $data['featured']; $itemData['featured_end'] = date(iaDb::DATETIME_SHORT_FORMAT, strtotime($data['featured_end'])); } if (isset($data['sponsored'])) { $itemData['sponsored'] = $data['sponsored']; if (isset($data['sponsored_end'])) { $itemData['sponsored_end'] = date(iaDb::DATETIME_SHORT_FORMAT, strtotime($data['sponsored_end'])); } } empty($data['date_added']) || ($itemData['date_added'] = iaSanitize::html($data['date_added'])); empty($data['status']) || ($itemData['status'] = iaSanitize::html($data['status'])); empty($data['owner']) || ($itemData['owner'] = iaSanitize::html($data['owner'])); } if ($extraValues) { $itemData = array_merge($itemData, $extraValues); } }
private function _humanize(array $logEntry) { $params = unserialize($logEntry['params']); if (isset($params['user'])) { $params['user'] = sprintf('<a href="%s" target="_blank">%s</a>', IA_ADMIN_URL . 'members/edit/' . $logEntry['user_id'] . '/', $params['user']); } if (isset($params['name'])) { $params['name'] = iaSanitize::html($params['name']); } $style = 'added'; switch ($logEntry['action']) { case self::ACTION_CREATE: case self::ACTION_UPDATE: case self::ACTION_DELETE: $actionsMap = array(self::ACTION_CREATE => 'create', self::ACTION_UPDATE => 'update', self::ACTION_DELETE => 'remove'); $iconsMap = array('block' => 'grid', 'page' => 'copy', 'member' => 'members', 'blog' => 'quill', 'listing' => 'link', 'menu' => 'menu'); if (isset($params['item']) && isset($params['id']) && isset($params['name']) && self::ACTION_DELETE != $logEntry['action']) { $urlPart = isset($params['path']) ? $params['path'] : $params['item'] . 's'; $params['name'] = sprintf(self::LINK_PATTERN, IA_ADMIN_URL . $urlPart . '/edit/' . $params['id'] . '/', $params['name']); } if (self::ACTION_DELETE == $logEntry['action']) { $params['name'] = '"' . $params['name'] . '"'; $style = 'removed'; } // special case if ('member' == $params['item']) { switch (true) { case self::ACTION_CREATE == $logEntry['action'] && isset($params['type']) && iaCore::FRONT == $params['type']: return array('New member signed up: ' . sprintf(self::LINK_PATTERN, IA_ADMIN_URL . 'members/edit/' . $params['id'] . '/', $params['name']) . '.', $iconsMap[$params['item']], 'default'); case self::ACTION_UPDATE == $logEntry['action'] && iaUsers::getIdentity()->id == $params['id']: return array(sprintf('You updated ' . self::LINK_PATTERN . '.', IA_ADMIN_URL . 'members/edit/' . iaUsers::getIdentity()->id . '/', 'profile of yourself'), $iconsMap[$params['item']], $style); } } return array(iaDb::printf(':item :name :actiond by :user.', array_merge($params, array('action' => $actionsMap[$logEntry['action']], 'item' => ucfirst(iaLanguage::get($params['item'], $params['item']))))), isset($iconsMap[$params['item']]) ? $iconsMap[$params['item']] : 'copy', $style); case self::ACTION_LOGIN: $text = ':user logged in <small class="text-muted"><em>from :ip.</em></small>'; $text .= $logEntry['user_id'] == iaUsers::getIdentity()->id ? ' — you' : ''; $text .= '.'; return array(iaDb::printf($text, $params), 'user', $style); case self::ACTION_INSTALL: switch ($params['type']) { case 'app': return array('Subrion version ' . IA_VERSION . ' installed. Cheers!', 'subrion', 'default'); case 'template': $text = iaDb::printf(':user activated the ":name" template.', $params); return array($text, 'eye', 'default'); } $params['name'] = ucfirst($params['name']); return array(iaDb::printf(':user installed ":name" :type.', $params), 'extensions', $style); case self::ACTION_UNINSTALL: $params['name'] = ucfirst($params['name']); return array(iaDb::printf(':user uninstalled ":name" :type.', $params), 'extensions', 'removed'); case self::ACTION_ENABLE: case self::ACTION_DISABLE: $params['name'] = ucfirst($params['name']); if (self::ACTION_DISABLE == $logEntry['action']) { $style = 'removed'; } $actionsMap = array(self::ACTION_ENABLE => 'activated', self::ACTION_DISABLE => 'deactivated'); return array(iaDb::printf('The ":name" :type :action by :user.', array_merge($params, array('action' => $actionsMap[$logEntry['action']]))), 'extensions', $style); case self::ACTION_UPGRADE: $icon = 'extensions'; switch ($params['type']) { case 'package': case 'plugin': $message = '":name" :type upgraded to :to version.'; $params['name'] = ucfirst($params['name']); break; case 'app': case 'app-forced': $icon = 'subrion'; $message = 'app' == $params['type'] ? 'Subrion version upgraded from :from to :to. The :log is available.' : 'Automated Subrion upgrade from :from to :to. View the :log.'; $link = sprintf(self::LINK_PATTERN, IA_CLEAR_URL . 'uploads' . IA_URL_DELIMITER . $params['file'], 'log'); $params['log'] = $link; } $message = iaDb::printf($message, array_merge($params)); return array($message, $icon, 'default'); } }
******************************************************************************/ if (!empty($item) && !empty($listing)) { $disabledItems = array('members'); if (in_array($item, $disabledItems)) { return; } $iaItem = $iaCore->factory('item'); // check for ownership key if (isset($_GET['ownership-key'])) { $iaDb->setTable('claim_pending_email_keys'); $key = $iaDb->row_bind(iaDb::ALL_COLUMNS_SELECTION, '`item` = :item AND `item_id` = :id AND `key` = :key', array('item' => $item, 'id' => $listing, 'key' => $_GET['ownership-key'])); if ($key) { $tableName = $iaItem->getItemTable($item); $iaDb->update(array('member_id' => $key['member_id']), iaDb::convertIds($listing), null, $tableName); $iaDb->delete(iaDb::convertIds($key['key'], 'key')); $iaView->setMessages(iaLanguage::get('ownership_changed'), iaView::SUCCESS); iaUtil::reload(); } $iaDb->resetTable(); } $itemTable = $iaItem->getItemTable($item); $itemData = $iaDb->row(iaDb::ALL_COLUMNS_SELECTION, iaDb::convertIds($listing), $itemTable); // check the current owner of the listing, if possible if (iaUsers::hasIdentity() && isset($itemData['member_id']) && iaUsers::getIdentity()->id == $itemData['member_id']) { return; } $actionsForGuest = array('id' => 'claim-listing', 'title' => iaLanguage::get('claim_listing'), 'attributes' => array('class' => 'btn btn-sm btn-default', 'href' => IA_URL . 'claim/' . $item . '/' . $listing . '.json', 'id' => 'js-cmd-claim', 'data-toggle' => 'modal', 'data-target' => '#js-claim-modal')); $actionsForMember = array('id' => 'claim-listing', 'title' => iaLanguage::get('claim_listing'), 'attributes' => array('class' => 'btn btn-sm btn-default', 'href' => '#', 'onclick' => 'intelli.notifFloatBox({msg:\'' . iaSanitize::html(iaLanguage::get('sign_in_to_use_this_feature')) . '\',autohide:true}); return false;')); $actionClaimListing = iaUsers::hasIdentity() ? $actionsForGuest : $actionsForMember; $iaView->assign('actionClaimListing', $actionClaimListing); }
protected function _preSaveEntry(array &$entry, array $data, $action) { $entry = array('name' => iaSanitize::alias(iaUtil::checkPostParam('name')), 'item' => iaUtil::checkPostParam('item'), 'default' => iaUtil::checkPostParam('default'), 'lang_values' => iaUtil::checkPostParam('lang_values'), 'text_default' => iaSanitize::html(iaUtil::checkPostParam('text_default')), 'type' => iaUtil::checkPostParam('type'), 'annotation' => iaUtil::checkPostParam('annotation'), 'fieldgroup_id' => (int) iaUtil::checkPostParam('fieldgroup_id'), 'text_length' => (int) iaUtil::checkPostParam('text_length', 255), 'length' => iaUtil::checkPostParam('length', false), 'title' => iaUtil::checkPostParam('title'), 'pages' => iaUtil::checkPostParam('pages', array()), 'required' => iaUtil::checkPostParam('required'), 'use_editor' => (int) iaUtil::checkPostParam('use_editor'), 'empty_field' => iaSanitize::html(iaUtil::checkPostParam('empty_field')), 'url_nofollow' => (int) iaUtil::checkPostParam('url_nofollow'), 'groups' => iaUtil::checkPostParam('groups'), 'searchable' => (int) iaUtil::checkPostParam('searchable'), 'adminonly' => (int) iaUtil::checkPostParam('adminonly'), 'for_plan' => (int) iaUtil::checkPostParam('for_plan'), 'required_checks' => iaUtil::checkPostParam('required_checks'), 'extra_actions' => iaUtil::checkPostParam('extra_actions'), 'link_to' => (int) iaUtil::checkPostParam('link_to'), 'values' => '', 'relation' => iaUtil::checkPostParam('relation', iaField::RELATION_REGULAR), 'parents' => isset($data['parents']) && is_array($data['parents']) ? $data['parents'] : array(), 'children' => isset($data['children']) && is_array($data['children']) ? $data['children'] : array(), 'status' => iaUtil::checkPostParam('status', iaCore::STATUS_ACTIVE)); iaUtil::loadUTF8Functions('ascii', 'validation', 'bad'); if (!$this->_iaDb->exists(iaDb::convertIds($entry['fieldgroup_id']), null, iaField::getTableGroups())) { $entry['fieldgroup_id'] = 0; } foreach ($this->_iaCore->languages as $code => $language) { if (!empty($entry['annotation'][$code])) { if (!utf8_is_valid($entry['annotation'][$code])) { $entry['annotation'][$code] = utf8_bad_replace($entry['annotation'][$code]); } } if (!empty($entry['title'][$code])) { if (!utf8_is_valid($entry['title'][$code])) { $entry['title'][$code] = utf8_bad_replace($entry['title'][$code]); } } else { $this->addMessage(iaLanguage::getf('field_is_empty', array('field' => $language['title'] . ' ' . iaLanguage::get('title'))), false); break; } } if (iaCore::ACTION_ADD == $action) { $entry['name'] = trim(strtolower(iaSanitize::paranoid($entry['name']))); if (empty($entry['name'])) { $this->addMessage('field_name_incorrect'); } } else { unset($entry['name']); } $fieldTypes = $this->_iaDb->getEnumValues(iaField::getTable(), 'type'); if ($fieldTypes['values'] && !in_array($entry['type'], $fieldTypes['values'])) { $this->addMessage('field_type_invalid'); } else { if (!$entry['length']) { $entry['length'] = iaField::DEFAULT_LENGTH; } switch ($entry['type']) { case iaField::TEXT: if (empty($entry['text_length'])) { $entry['text_length'] = 255; } $entry['length'] = min(255, max(1, $entry['text_length'])); $entry['default'] = $entry['text_default']; break; case iaField::TEXTAREA: $entry['default'] = ''; break; case iaField::COMBO: case iaField::RADIO: case iaField::CHECKBOX: if (!empty($data['values']) && is_array($data['values'])) { $keys = array(); $lang_values = array(); $multiDefault = explode('|', iaUtil::checkPostParam('multiple_default')); $_keys = iaUtil::checkPostParam('keys'); $_values = iaUtil::checkPostParam('values'); $_langValues = iaUtil::checkPostParam('lang_values'); foreach ($_keys as $index => $key) { if (trim($key) == '') { $key = $index + 1; $_keys[$index] = $key; } if (isset($_values[$index]) && trim($_values[$index]) != '') { $values[$key] = $_values[$index]; $keys[$key] = $key; } else { unset($_keys[$index], $_values[$index]); } if ($_langValues) { foreach ($this->_iaCore->languages as $code => $language) { if ($code != $this->_iaCore->iaView->language) { if (!isset($_values[$index])) { unset($_langValues[$code][$index]); } elseif (!isset($_langValues[$code][$index]) || trim($_langValues[$code][$index]) == '') { $lang_values[$code][$key] = $values[$key]; } else { $lang_values[$code][$key] = $_langValues[$code][$index]; } } } } } // delete default values if not exists in values foreach ($multiDefault as $index => $default) { if (!in_array($default, $values)) { unset($multiDefault[$index]); } else { $k = array_search($default, $values); $multiDefault[$index] = $k; } } $multiDefault = array_values($multiDefault); if (iaField::CHECKBOX == $entry['type']) { $multiDefault = implode(',', $multiDefault); } elseif (isset($multiDefault[0])) { // multiple default is available for checkboxes only $_POST['multiple_default'] = $multiDefault = $multiDefault[0]; } else { $_POST['multiple_default'] = $multiDefault = ''; } $entry['default'] = $multiDefault; $entry['keys'] = $keys; $entry['values'] = $values; $entry['lang_values'] = $lang_values; } else { $this->addMessage('one_value'); } break; case iaField::STORAGE: if (!empty($data['file_types'])) { $entry['file_types'] = str_replace(' ', '', iaUtil::checkPostParam('file_types')); $entry['length'] = (int) iaUtil::checkPostParam('max_files', 5); } else { $this->addMessage('error_file_type'); } break; case iaField::DATE: $entry['timepicker'] = (int) iaUtil::checkPostParam('timepicker'); break; case iaField::URL: $entry['url_nofollow'] = (int) iaUtil::checkPostParam('url_nofollow'); break; case iaField::IMAGE: $entry['length'] = 1; $entry['image_height'] = (int) iaUtil::checkPostParam('image_height'); $entry['image_width'] = (int) iaUtil::checkPostParam('image_width'); $entry['thumb_height'] = (int) iaUtil::checkPostParam('thumb_height'); $entry['thumb_width'] = (int) iaUtil::checkPostParam('thumb_width'); $entry['file_prefix'] = iaUtil::checkPostParam('file_prefix'); $entry['resize_mode'] = iaUtil::checkPostParam('resize_mode'); break; case iaField::NUMBER: $entry['length'] = (int) iaUtil::checkPostParam('number_length', 8); $entry['default'] = iaUtil::checkPostParam('number_default'); break; case iaField::PICTURES: $entry['length'] = (int) iaUtil::checkPostParam('pic_max_images', 5); $entry['file_prefix'] = iaUtil::checkPostParam('pic_file_prefix'); $entry['image_height'] = (int) iaUtil::checkPostParam('pic_image_height'); $entry['image_width'] = (int) iaUtil::checkPostParam('pic_image_width'); $entry['thumb_height'] = (int) iaUtil::checkPostParam('pic_thumb_height'); $entry['thumb_width'] = (int) iaUtil::checkPostParam('pic_thumb_width'); $entry['resize_mode'] = iaUtil::checkPostParam('pic_resize_mode'); break; case iaField::TREE: $parsedTree = $this->_parseTreeNodes(iaUtil::checkPostParam('nodes')); $entry['values'] = $parsedTree[0]; $entry['tree_nodes'] = $parsedTree[1]; $entry['timepicker'] = (int) iaUtil::checkPostParam('multiple'); } unset($entry['text_length'], $entry['text_default'], $entry['nodes'], $entry['multiple']); } if (!$entry['adminonly'] && empty($entry['pages']) && 'transactions' != $entry['item']) { $this->addMessage('mark_at_least_one_page'); } $entry['required'] = (int) iaUtil::checkPostParam('required'); if ($entry['required']) { $entry['required_checks'] = iaUtil::checkPostParam('required_checks'); } $entry['extra_actions'] = iaUtil::checkPostParam('extra_actions'); if ($entry['searchable']) { if (isset($data['show_as']) && $entry['type'] != iaField::NUMBER && in_array($data['show_as'], array(iaField::COMBO, iaField::RADIO, iaField::CHECKBOX))) { $entry['show_as'] = $data['show_as']; } elseif ($entry['type'] == iaField::NUMBER && !empty($data['_values'])) { $entry['sort_order'] = 'asc' == $data['sort_order'] ? $data['sort_order'] : 'desc'; $entry['_numberRangeForSearch'] = $data['_values']; } } $this->_iaCore->startHook('phpAdminFieldsEdit', array('field' => &$entry)); return !$this->getMessages(); }
/** * Prints picture in the box uses for display listing thumbnails, listing full picture, member avatar * * @param array $params image params * * @return string */ public static function printImage($params) { $iaCore = iaCore::instance(); $imageName = isset($params['gravatar']) ? 'no-avatar.png' : 'no-preview.png'; $gravatarUrl = ''; if ($iaCore->get('gravatar_enabled') && isset($params['gravatar']) && isset($params['email'])) { $d = $iaCore->get('gravatar_default_image') ? IA_CLEAR_URL . $iaCore->get('gravatar_default_image') : $iaCore->get('gravatar_type'); $s = isset($params['gravatar_width']) ? (int) $params['gravatar_width'] : $iaCore->get('gravatar_size'); $r = $iaCore->get('gravatar_rating'); $protocol = $iaCore->get('gravatar_secure') ? 'https' : 'http'; $gravatarUrl = $protocol . '://www.gravatar.com/avatar/' . md5(strtolower(trim($params['email']))) . "?s={$s}&d={$d}&r={$r}"; } // temporary solution // TODO: remove if ('a:' == substr($params['imgfile'], 0, 2)) { $array = unserialize($params['imgfile']); $params['imgfile'] = $array['path']; $params['title'] = isset($array['title']) ? $array['title'] : ''; } // if (!empty($params['imgfile'])) { $thumbUrl = $iaCore->iaView->assetsUrl . 'uploads/'; if (isset($params['fullimage']) && $params['fullimage']) { $imgfile = explode('/', $params['imgfile']); $imgfile[count($imgfile) - 1] = str_replace('.', '~.', $imgfile[count($imgfile) - 1]); $thumbUrl .= implode('/', $imgfile); } else { $thumbUrl .= $params['imgfile']; } } else { if ($gravatarUrl) { $thumbUrl = $gravatarUrl; } else { $thumbUrl = IA_TPL_URL . 'img/' . $imageName; } } if (!empty($params['url'])) { return $thumbUrl; } $width = isset($params['width']) ? ' width="' . $params['width'] . '"' : ''; $height = isset($params['height']) ? ' height="' . $params['height'] . '"' : ''; $title = isset($params['title']) ? iaSanitize::html($params['title']) : ''; $class = isset($params['class']) ? ' class="' . $params['class'] . '"' : ''; return sprintf('<img src="%s" alt="%s" title="%s"%s>', $thumbUrl, $title, $title, $width . $height . $class); }
protected function _indexPage(&$iaView) { $type = null; $customEntryId = false; if (isset($_GET['group'])) { $type = 'group'; $customEntryId = (int) $_GET['group']; iaBreadcrumb::preEnd(iaLanguage::get('usergroups'), IA_ADMIN_URL . 'usergroups/'); } elseif (isset($_GET['user'])) { $type = 'user'; $customEntryId = (int) $_GET['user']; iaBreadcrumb::preEnd(iaLanguage::get('members'), IA_ADMIN_URL . 'members/'); } if (isset($_POST['save'])) { $this->_save($iaView, $type, $customEntryId); } $iaItem = $this->_iaCore->factory('item'); $groupName = isset($this->_iaCore->requestPath[0]) ? $this->_iaCore->requestPath[0] : 'general'; $groupData = $this->_iaDb->row_bind(iaDb::ALL_COLUMNS_SELECTION, '`name` = :name', array('name' => $groupName), iaCore::getConfigGroupsTable()); if (empty($groupData)) { return iaView::errorPage(iaView::ERROR_NOT_FOUND); } $this->_setGroup($iaView, $iaItem, $groupData); $where = "`config_group` = '{$groupName}' AND `type` != 'hidden' " . ($type ? 'AND `custom` = 1' : '') . ' ORDER BY `order`'; $params = $this->_iaDb->all(iaDb::ALL_COLUMNS_SELECTION, $where, null, null, iaCore::getConfigTable()); if ($type) { $custom = 'user' == $type ? $this->_iaCore->getCustomConfig($customEntryId) : $this->_iaCore->getCustomConfig(false, $customEntryId); $custom2 = array(); if ('user' == $type) { $custom2 = $this->_iaDb->getKeyValue('SELECT d.`name`, d.`value` ' . "FROM `{$this->_iaCore->iaDb->prefix}config_custom` d, `{$this->_iaCore->iaDb->prefix}members` a " . "WHERE d.`type` = 'group' AND d.`type_id` = a.`usergroup_id` AND a.`id` = '{$customEntryId}'"); } } $itemsList = $iaItem->getItems(); foreach ($params as $index => $item) { $className = 'default'; if ($type) { $className = 'custom'; if (self::TYPE_DIVIDER != $item['type']) { if (isset($custom2[$item['name']])) { $params[$index]['dtype'] = 'usergroup'; $params[$index]['default'] = $custom2[$item['name']]; $params[$index]['value'] = $custom2[$item['name']]; } else { $params[$index]['dtype'] = 'core'; $params[$index]['default'] = $this->_iaCore->get($item['name']); } if (isset($custom[$item['name']])) { $className = 'common'; $params[$index]['value'] = $custom[$item['name']]; } } } if ('itemscheckbox' == $item['type']) { $array = $this->_iaCore->get($item['extras'] . '_items_implemented'); $array = $array ? explode(',', $array) : array(); $array = array_values(array_intersect($array, $itemsList)); if ($array) { $enabledItems = $iaItem->getEnabledItemsForPlugin($item['extras']); for ($i = 0; $i < count($array); $i++) { $array[$i] = trim($array[$i]); $params[$index]['items'][] = array('name' => $array[$i], 'title' => iaLanguage::get($array[$i]), 'checked' => (int) in_array($array[$i], $enabledItems)); } } } if ('select' == $item['type']) { switch ($item['name']) { case 'timezone': $params[$index]['values'] = iaUtil::getFormattedTimezones(); break; case 'lang': $params[$index]['values'] = $this->_iaCore->languages; break; default: $params[$index]['values'] = explode(',', $item['multiple_values']); } } $params[$index]['classname'] = $className; } $customUrl = ''; if ($type) { $customUrl = isset($_GET['user']) ? '?user='******'user'] : '******' . $_GET['group']; $customUrl = iaSanitize::html($customUrl); } $iaView->assign('group', $groupData); $iaView->assign('params', $params); $iaView->assign('tooltips', iaLanguage::getTooltips()); $iaView->assign('url_custom', $customUrl); }
if (iaCore::ACTION_EDIT == $pageAction && isset($iaCore->requestPath[0])) { if (iaCore::ACTION_EDIT == $pageAction && !isset($iaCore->requestPath[0])) { return iaView::errorPage(iaView::ERROR_NOT_FOUND); } iaBreadcrumb::replaceEnd(iaLanguage::get('edit')); $guestbook = array('status' => iaCore::STATUS_ACTIVE); if (iaCore::ACTION_EDIT == $pageAction) { $id = (int) $iaCore->requestPath[0]; $guestbook = $iaDb->row(iaDb::ALL_COLUMNS_SELECTION, iaDb::convertIds($id)); } $guestbook = array('id' => isset($id) ? $id : 0, 'author_name' => iaUtil::checkPostParam('author_name', $guestbook), 'email' => iaUtil::checkPostParam('email', $guestbook), 'member_id' => iaUtil::checkPostParam('member_id', $guestbook), 'author_url' => iaUtil::checkPostParam('author_url', $guestbook), 'body' => iaUtil::checkPostParam('body', $guestbook), 'status' => iaUtil::checkPostParam('status', $guestbook), 'avatar' => iaUtil::checkPostParam('avatar', $guestbook), 'date' => iaUtil::checkPostParam('date', $guestbook)); if (isset($_POST['save'])) { iaUtil::loadUTF8Functions('ascii', 'validation', 'bad'); $error = false; $messages = array(); $guestbook['avatar'] = iaSanitize::html($guestbook['avatar']); if (utf8_is_valid($guestbook['author_name'])) { $guestbook['author_name'] = utf8_bad_replace($guestbook['author_name']); } if (isset($_FILES['image']['tmp_name']) && $_FILES['image']['tmp_name']) { $iaPicture = $iaCore->factory('picture'); $info = array('image_width' => 500, 'image_height' => 500, 'thumb_width' => 150, 'thumb_height' => 150, 'resize_mode' => iaPicture::CROP); if ($image = $iaPicture->processImage($_FILES['image'], '', iaUtil::generateToken(), $info)) { empty($guestbook['avatar']) || $iaPicture->delete($guestbook['avatar']); // already has an assigned image $guestbook['avatar'] = $image; } } if (isset($_POST['status'])) { $guestbook['status'] = isset($_POST['status']) && !empty($_POST['status']) && in_array($_POST['status'], array(iaCore::STATUS_ACTIVE, iaCore::STATUS_INACTIVE)) ? $_POST['status'] : 'inactive'; }
* Subrion is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Subrion. If not, see <http://www.gnu.org/licenses/>. * * * @link http://www.subrion.org/ * ******************************************************************************/ $transaction = $temp_transaction; switch ($action) { case 'completed': if (!empty($_GET['ref']) && !empty($_GET['amt']) && !empty($_GET['s']) && isset($_GET['payer']) && isset($_GET['currency'])) { if ($_GET['s'] == md5(IA_SALT . $transaction['id'])) { $transaction['reference_id'] = $_GET['ref']; $transaction['fullname'] = $_GET['payer']; $transaction['currency'] = $_GET['currency']; $transaction['status'] = iaTransaction::PASSED; $payer = explode(' ', $_GET['payer']); $order = array('payment_gross' => (double) $_GET['amt'], 'mc_currency' => $_GET['currency'], 'payment_date' => date(iaDb::DATETIME_SHORT_FORMAT), 'payment_status' => iaLanguage::get(iaTransaction::PASSED), 'first_name' => iaSanitize::html($payer[0]), 'last_name' => isset($payer[1]) ? iaSanitize::html($payer[1]) : '', 'payer_email' => '', 'txn_id' => iaSanitize::html($transaction['reference_id'])); } } break; case 'canceled': $error = true; $messages[] = iaLanguage::get('oops'); $transaction['status'] = iaTransaction::FAILED; }
private function _savePhrases(array &$data, $name, $item) { $this->_iaDb->setTable(iaLanguage::getTable()); $phraseKeyTitle = 'fieldgroup_' . $name; $phraseKeyDescription = "fieldgroup_description_{$item}_{$name}"; foreach ($this->_iaCore->languages as $code => $language) { $stmt = '`key` = :phrase AND `code` = :language'; $this->_iaDb->bind($stmt, array('phrase' => $phraseKeyTitle, 'language' => $code)); $this->_iaDb->exists($stmt) ? $this->_iaDb->update(array('value' => iaSanitize::html($data['titles'][$code])), $stmt) : iaLanguage::addPhrase($phraseKeyTitle, iaSanitize::html($data['titles'][$code]), $code); $stmt = '`key` = :phrase && `code` = :language'; $this->_iaDb->bind($stmt, array('phrase' => $phraseKeyDescription, 'language' => $code)); $this->_iaDb->exists($stmt) ? $this->_iaDb->update(array('value' => iaSanitize::html($data['description'][$code])), $stmt) : iaLanguage::addPhrase($phraseKeyDescription, iaSanitize::html($data['description'][$code]), $code); } $this->_iaDb->resetTable(); }
} } } if ($results['all']) { if (isset($_POST['q'])) { $search['terms'] = serialize($search['terms']); $searchId = $iaDb->insert($search, array('time' => 'UNIX_TIMESTAMP()')); $url = IA_URL . ($adv ? 'adv' : '') . 'search/?id=' . $searchId; iaUtil::go_to($url); } } // searched terms for additional fields if ($fields && $search['terms']['items']) { foreach ($search['terms']['items'] as $i => $f) { foreach ($f as $fname => $fval) { $fields[$i][$fname]['val'] = iaSanitize::html($fval['val']); $fields[$i][$fname]['cond'] = $fval['cond']; } } } } $iaDb->resetTable(); $iaView->assign('items', $adv ? array_keys($items) : array()); $iaView->assign('adv', $adv); $iaView->assign('fields', $fields); $iaView->assign('results', $results['html']); $iaView->assign('atemplate', $template); $iaView->assign('atotal', $results['all']); $iaView->assign('limit', $limit); $iaView->assign('search', $search); $iaView->assign('conditions', $conditions);