/** * @author Max Milbers * @param */ function check() { if (!empty($this->_slugAutoName)) { $slugAutoName = $this->_slugAutoName; $slugName = $this->_slugName; if (in_array($slugAutoName, $this->_translatableFields)) { $checkTable = $this->_tbl_lang; vmTrace('Language table in normal check?'); } else { $checkTable = $this->_tbl; } if (empty($this->{$slugName})) { // vmdebug('table check use _slugAutoName '.$slugAutoName.' '.$slugName); if (!empty($this->{$slugAutoName})) { $this->{$slugName} = $this->{$slugAutoName}; } else { $pkey = $this->_pkey; vmError('VmTable ' . $checkTable . ' Check not passed. Neither slug nor obligatory value at ' . $slugAutoName . ' for auto slug creation is given ' . $this->{$pkey}); return false; } } //if (JVM_VERSION === 1) $this->$slugName = JFilterOutput::stringURLSafe($this->$slugName); //else $this->$slugName = JApplication::stringURLSafe($this->$slugName); //pro+#'!"§$%&/()=?duct-w-| ||cu|st|omfield-|str<ing> //vmdebug('my slugName '.$slugName,$this->$slugName); $this->{$slugName} = str_replace('-', ' ', $this->{$slugName}); $this->{$slugName} = html_entity_decode($this->{$slugName}, ENT_QUOTES); //$config =& JFactory::getConfig(); //$transliterate = $config->get('unicodeslugs'); $unicodeslugs = tsmConfig::get('transliterateSlugs', false); if ($unicodeslugs) { $lang = JFactory::getLanguage(); $this->{$slugName} = $lang->transliterate($this->{$slugName}); } // Trim white spaces at beginning and end of alias and make lowercase $this->{$slugName} = trim(JString::strtolower($this->{$slugName})); $this->{$slugName} = str_replace(array('`', '´', "'"), '', $this->{$slugName}); $this->{$slugName} = vRequest::filterUword($this->{$slugName}, '-,_,|', '-'); while (strpos($this->{$slugName}, '--')) { $this->{$slugName} = str_replace('--', '-', $this->{$slugName}); } // Trim dashes at beginning and end of alias $this->{$slugName} = trim($this->{$slugName}, '-'); if ($unicodeslugs) { $this->{$slugName} = rawurlencode($this->{$slugName}); } $valid = $this->checkCreateUnique($checkTable, $slugName); //vmdebug('my Final slugName '.$slugName,$this->$slugName); if (!$valid) { return false; } } foreach ($this->_obkeys as $obkeys => $error) { if (empty($this->{$obkeys})) { $error = get_class($this) . ' ' . tsmText::sprintf('com_tsmart_STRING_ERROR_OBLIGATORY_KEY', 'com_tsmart_' . strtoupper($obkeys)); vmError($error); return false; } } if ($this->_unique) { if (empty($this->_db)) { $this->_db = JFactory::getDBO(); } foreach ($this->_unique_name as $obkeys => $error) { if (empty($this->{$obkeys})) { $error = tsmText::sprintf('com_tsmart_STRING_ERROR_NOT_UNIQUE_NAME', 'com_tsmart_' . strtoupper($obkeys)); vmError('Non unique ' . $this->_unique_name . ' ' . $error); return false; } else { $valid = $this->checkCreateUnique($this->_tbl, $obkeys); if (!$valid) { return false; } } } } if (property_exists($this, 'tsmart_vendor_id')) { if (empty($this->tsmart_vendor_id) and $this->_pkey == 'tsmart_vendor_id') { $this->tsmart_vendor_id = $this->_pvalue; } $multix = tsmConfig::get('multix', 'none'); //Lets check if the user is admin or the mainvendor $tsmart_vendor_id = false; //Todo removed Quickn Dirty, use check in derived class if ($multix == 'none' and get_class($this) !== 'TableVmusers') { $this->tsmart_vendor_id = 1; return true; } else { $loggedVendorId = vmAccess::isSuperVendor(); $user = JFactory::getUser(); $tbl_key = $this->_tbl_key; $className = get_class($this); $admin = vmAccess::manager('managevendors'); //Todo removed Quickn Dirty, use check in derived class if (strpos($this->_tbl, 'tsmart_vmusers') === FALSE) { $q = 'SELECT `tsmart_vendor_id` FROM `' . $this->_tbl . '` WHERE `' . $this->_tbl_key . '`="' . $this->{$tbl_key} . '" '; if (!isset(self::$_cache[md5($q)])) { $this->_db->setQuery($q); self::$_cache[md5($q)] = $tsmart_vendor_id = $this->_db->loadResult(); } else { $tsmart_vendor_id = self::$_cache[md5($q)]; } } else { $q = 'SELECT `tsmart_vendor_id`,`user_is_vendor` FROM `' . $this->_tbl . '` WHERE `' . $this->_tbl_key . '`="' . $this->{$tbl_key} . '" '; if (!isset(self::$_cache[md5($q)])) { $this->_db->setQuery($q); $vmuser = $this->_db->loadRow(); self::$_cache[md5($q)] = $vmuser; } else { $vmuser = self::$_cache[md5($q)]; } if ($vmuser and count($vmuser) === 2) { $tsmart_vendor_id = $vmuser[0]; $user_is_vendor = $vmuser[1]; if ($multix == 'none') { if (empty($user_is_vendor)) { $this->tsmart_vendor_id = 0; } else { $this->tsmart_vendor_id = 1; } return true; } else { if (!$admin) { $rVendorId = vmAccess::isSuperVendor($user->id); $this->tsmart_vendor_id = $rVendorId; return true; } } } else { //New User //vmInfo('We run in multivendor mode and you did not set any vendor for '.$className.' and '.$this->_tbl);//, Set to mainvendor '.$this->tsmart_vendor_id } } if (!$admin and !empty($tsmart_vendor_id) and !empty($loggedVendorId) and $loggedVendorId != $tsmart_vendor_id) { //Todo removed Quickn Dirty, use check in derived class //This is the case when a vendor buys products of vendor1 if (strpos($this->_tbl, 'tsmart_order_items') === FALSE and strpos($this->_tbl, 'tsmart_carts') === FALSE) { vmdebug('Blocked storing, logged vendor ' . $loggedVendorId . ' but data belongs to ' . $tsmart_vendor_id, $this->_tbl); return false; } else { $this->tsmart_vendor_id = $tsmart_vendor_id; } } else { if (!$admin) { if ($tsmart_vendor_id) { $this->tsmart_vendor_id = $tsmart_vendor_id; vmdebug('Non admin is storing using loaded vendor_id'); } else { if (empty($this->tsmart_vendor_id)) { $this->tsmart_vendor_id = $loggedVendorId; } //No id is stored, even users are allowed to use for the storage and vendorId, no change } } else { //Admins are allowed to do anything. We just trhow some messages if (!empty($tsmart_vendor_id) and $loggedVendorId != $tsmart_vendor_id) { vmdebug('Admin with vendor id ' . $loggedVendorId . ' is using for storing vendor id ' . $this->tsmart_vendor_id); } else { if (empty($tsmart_vendor_id) and empty($this->tsmart_vendor_id)) { if (strpos($this->_tbl, 'tsmart_vendors') === FALSE and strpos($this->_tbl, 'tsmart_vmusers') === FALSE) { $this->tsmart_vendor_id = $loggedVendorId; vmdebug('Fallback to ' . $this->tsmart_vendor_id . ' for $loggedVendorId ' . $loggedVendorId . ': We run in multivendor mode and you did not set any vendor for ' . $className . ' and ' . $this->_tbl); } } } } } } } return true; }
/** * @author Max Milbers * @param */ function check() { if (!empty($this->_slugAutoName)) { $slugAutoName = $this->_slugAutoName; $slugName = $this->_slugName; if (in_array($slugAutoName, $this->_translatableFields)) { $checkTable = $this->_tbl . '_' . VmConfig::$vmlang; } else { $checkTable = $this->_tbl; } if (empty($this->{$slugName})) { // vmdebug('table check use _slugAutoName '.$slugAutoName.' '.$slugName); if (!empty($this->{$slugAutoName})) { $this->{$slugName} = $this->{$slugAutoName}; } else { vmError('VmTable ' . $checkTable . ' Check not passed. Neither slug nor obligatory value at ' . $slugAutoName . ' for auto slug creation is given'); return false; } } //if (JVM_VERSION === 1) $this->$slugName = JFilterOutput::stringURLSafe($this->$slugName); //else $this->$slugName = JApplication::stringURLSafe($this->$slugName); //pro+#'!"§$%&/()=?duct-w-| ||cu|st|omfield-|str<ing> //vmdebug('my slugName '.$slugName,$this->$slugName); $this->{$slugName} = str_replace('-', ' ', $this->{$slugName}); //$config =& JFactory::getConfig(); //$transliterate = $config->get('unicodeslugs'); $unicodeslugs = VmConfig::get('transliterateSlugs', false); if ($unicodeslugs) { $lang = JFactory::getLanguage(); $this->{$slugName} = $lang->transliterate($this->{$slugName}); } // Trim white spaces at beginning and end of alias and make lowercase $this->{$slugName} = trim(JString::strtolower($this->{$slugName})); $this->{$slugName} = str_replace(array('`', '´', "'"), '', $this->{$slugName}); $this->{$slugName} = vRequest::filterUword($this->{$slugName}, '-,_,|', '-'); while (strpos($this->{$slugName}, '--')) { $this->{$slugName} = str_replace('--', '-', $this->{$slugName}); } // Trim dashes at beginning and end of alias $this->{$slugName} = trim($this->{$slugName}, '-'); if ($unicodeslugs) { $this->{$slugName} = rawurlencode($this->{$slugName}); } $valid = $this->checkCreateUnique($checkTable, $slugName); //vmdebug('my Final slugName '.$slugName,$this->$slugName); if (!$valid) { return false; } } foreach ($this->_obkeys as $obkeys => $error) { if (empty($this->{$obkeys})) { if (empty($error)) { $error = 'Serious error cant save ' . $this->_tbl . ' without ' . $obkeys; } else { // $error = get_class($this).' '.vmText::_($error); $error = get_class($this) . ' ' . $error; } $this->setError($error); vmError($error); return false; } } if ($this->_unique) { if (empty($this->_db)) { $this->_db = JFactory::getDBO(); } foreach ($this->_unique_name as $obkeys => $error) { if (empty($this->{$obkeys})) { // vmError(vmText::sprintf('COM_VIRTUEMART_NON_UNIQUE_KEY',$this->$obkeys)); $this->setError($error); vmError('Non unique ' . $this->_unique_name . ' ' . $error); return false; } else { $valid = $this->checkCreateUnique($this->_tbl, $obkeys); if (!$valid) { return false; } } } } if (isset($this->virtuemart_vendor_id)) { $multix = Vmconfig::get('multix', 'none'); //Lets check if the user is admin or the mainvendor $virtuemart_vendor_id = false; if ($multix == 'none' and get_class($this) !== 'TableVmusers') { $this->virtuemart_vendor_id = 1; return true; } else { $loggedVendorId = Permissions::getInstance()->isSuperVendor(); $user = JFactory::getUser(); $admin = $user->authorise('core.admin', 'com_virtuemart'); $tbl_key = $this->_tbl_key; $className = get_class($this); if (strpos($this->_tbl, 'virtuemart_vmusers') === FALSE) { $q = 'SELECT `virtuemart_vendor_id` FROM `' . $this->_tbl . '` WHERE `' . $this->_tbl_key . '`="' . $this->{$tbl_key} . '" '; if (!isset(self::$_cache[md5($q)])) { $this->_db->setQuery($q); $virtuemart_vendor_id = $this->_db->loadResult(); } else { $virtuemart_vendor_id = self::$_cache[md5($q)]; } } else { $q = 'SELECT `virtuemart_vendor_id`,`user_is_vendor` FROM `' . $this->_tbl . '` WHERE `' . $this->_tbl_key . '`="' . $this->{$tbl_key} . '" '; if (!isset(self::$_cache[md5($q)])) { $this->_db->setQuery($q); $vmuser = $this->_db->loadRow(); } else { $vmuser = self::$_cache[md5($q)]; } if ($vmuser and count($vmuser) === 2) { $virtuemart_vendor_id = $vmuser[0]; $user_is_vendor = $vmuser[1]; if ($multix == 'none') { if (empty($user_is_vendor)) { $this->virtuemart_vendor_id = 0; } else { $this->virtuemart_vendor_id = 1; } return true; } else { if (!$admin) { $this->virtuemart_vendor_id = $loggedVendorId; return true; } } } else { //New User //vmInfo('We run in multivendor mode and you did not set any vendor for '.$className.' and '.$this->_tbl);//, Set to mainvendor '.$this->virtuemart_vendor_id } } if (!$admin and !empty($virtuemart_vendor_id) and !empty($loggedVendorId) and $loggedVendorId != $virtuemart_vendor_id) { //vmWarn('COM_VIRTUEMART_NOT_SAME_VENDOR',$loggedVendorId,$virtuemart_vendor_id //vmWarn('Stop try to hack this store, you got logged'); vmdebug('Hacking attempt stopped, logged vendor ' . $loggedVendorId . ' but data belongs to ' . $virtuemart_vendor_id); return false; } else { if (!$admin) { if ($virtuemart_vendor_id) { $this->virtuemart_vendor_id = $virtuemart_vendor_id; vmdebug('Non admin is storing using loaded vendor_id'); } else { //No id is stored, even users are allowed to use for the storage and vendorId, no change } } else { //Admins are allowed to do anything. We just trhow some messages if (!empty($virtuemart_vendor_id) and $loggedVendorId != $virtuemart_vendor_id) { vmdebug('Admin with vendor id ' . $loggedVendorId . ' is using for storing vendor id ' . $this->virtuemart_vendor_id); } else { if (empty($virtuemart_vendor_id)) { if (empty($this->virtuemart_vendor_id)) { if (strpos($this->_tbl, 'virtuemart_vendors') === FALSE and strpos($this->_tbl, 'virtuemart_vmusers') === FALSE) { vmInfo('We run in multivendor mode and you did not set any vendor for ' . $className . ' and ' . $this->_tbl); //$this->virtuemart_vendor_id = 1; } } } } } } } } return true; }
function sanitize($string) { $string = $this->replaceNonAsciiCharacters($string); $string = vRequest::filterUword($string, ' '); return $string; }