/** * Show the password form. If the visitor gives the correct password, they * are redirected to the page they came from, if any. * * @return \Twig_Markup */ public function passwordForm() { // Set up the form. $form = $this->app['form.factory']->createBuilder('form'); if ($this->config['password_only'] == false) { $form->add('username', 'text'); } $form->add('password', 'password'); $form = $form->getForm(); if ($this->app['request']->getMethod() == 'POST') { $form->bind($this->app['request']); $data = $form->getData(); if ($form->isValid() && $this->checkLogin($data)) { // Set the session var, so we're authenticated.. $this->app['session']->set('passwordprotect', 1); $this->app['session']->set('passwordprotect_name', $this->checkLogin($data)); // Print a friendly message.. printf("<p class='message-correct'>%s</p>", $this->config['message_correct']); $returnto = $this->app['request']->get('returnto'); // And back we go, to the page we originally came from.. if (!empty($returnto)) { Lib::simpleredirect($returnto); die; } } else { // Remove the session var, so we can test 'logging off'.. $this->app['session']->remove('passwordprotect'); $this->app['session']->remove('passwordprotect_name'); // Print a friendly message.. if (!empty($data['password'])) { printf("<p class='message-wrong'>%s</p>", $this->config['message_wrong']); } } } // Render the form, and show it it the visitor. $this->app['twig.loader.filesystem']->addPath(__DIR__); $html = $this->app['twig']->render('assets/passwordform.twig', array('form' => $form->createView())); return new \Twig_Markup($html, 'UTF-8'); }
/** * @runInSeparateProcess */ public function testSimpleRedirectAbort() { $app = $this->getApp(); $this->setExpectedException('Symfony\\Component\\HttpKernel\\Exception\\HttpException', "Redirecting to '/test2'."); $this->expectOutputString("<p>Redirecting to <a href='/test2'>/test2</a>.</p><script>window.setTimeout(function () { window.location='/test2'; }, 500);</script>"); $redirect = Library::simpleredirect('/test2', true); }
/** * Check if a user is logged in, and has the proper required permission. If * not, we redirect the user to the dashboard. * * @param string $permission * * @return bool True if permission allowed */ public function requireUserPermission($permission = 'dashboard') { if ($this->app['users']->isAllowed($permission)) { return true; } else { Lib::simpleredirect($this->app['config']->get('general/branding/path')); return false; } }
public function slugTreeRecord($slug) { // Add snippets, since this is a Frontend route. $this->app['htmlsnippets'] = true; if (strripos($slug, '/')) { // find the last "/"" in the slug //dump($slug); // dump($this->app['config']); // dump($this->app['config']->get('data/contenttypes')); // dump($this->app['config']->get('general/homepage_template')); // dump(strripos($slug, '/') == strlen($slug)); // dump(strripos($slug, '/')); // dump(strlen($slug)); $slug = rtrim($slug, '/'); if (in_array($slug, array('blogs', 'locations', 'structures', 'pages', 'blogposts', 'jobs', 'events', 'persons', 'network', 'publications', 'pressreleases', 'projects', 'taskforces', 'homepage', 'footers'))) { switch ($slug) { case 'blogs': //dump('redirect blogs'); \Bolt\Library::simpleredirect('/blogposts'); die; break; default: \Bolt\Library::simpleredirect('/' . $slug); die; break; } } } // $slug = \Bolt\Helpers\String::slug($slug, -1); $slug = $this->app['slugify']->slugify($slug); $contenttype = $this->getContenttypeBySlug($slug, true); $frontend = new Bolt\Controllers\Frontend(); return $frontend->record($this->app, $contenttype, $slug); }
/** * Redirect the browser to another page. * * @param boolean $safe * * @return string */ public function redirect($path, $safe) { // Nope! We're not allowing user-supplied content to issue redirects. if ($safe) { return null; } Lib::simpleredirect($path); return ''; }
/** * Create a simple Form. * * @param string $formname * @internal param string $name * @return string */ public function simpleForm($formname = "", $with = array()) { // Make sure that we allow a session cookie for pages with a form. If we don't, the // form's CSRF token will not work correctly. This might be a temporary fix, depending // on how we're going to solve the 'cookies in frontend'-issue. // @see https://github.com/bolt/bolt/issues/3425 $this->app['config']->set('general/cookies_no_frontend', false); $this->app['twig.loader.filesystem']->addPath(__DIR__); // Select which form to use.. if (isset($this->config[$formname])) { $formconfig = $this->config[$formname]; } else { return "Simpleforms notice: No form known by name '{$formname}'."; } // Set the mail configuration for empty fields to the global defaults if they exist foreach ($this->global_fields as $configkey) { if (!array_key_exists($configkey, $formconfig) && !empty($this->config[$configkey])) { $formconfig[$configkey] = $this->config[$configkey]; } elseif (!array_key_exists($configkey, $formconfig) && empty($this->config[$configkey])) { $formconfig[$configkey] = false; } } // translate labels if labels extension exists if ($this->labelsenabled) { $this->labelfields($formconfig); } if ($formconfig['debugmode'] == true) { dump('Building ' . $formname); dump($formconfig); } $message = ""; $error = ""; $sent = false; $form = $this->app['form.factory']->createNamedBuilder($formname, 'form', null, array('csrf_protection' => $this->config['csrf'])); foreach ($formconfig['fields'] as $name => $field) { $options = $this->buildField($name, $field, $with, $formname); // only add known fields with options to the form if ($options) { $form->add($name, $options['attr']['type'], $options); } } $form = $form->getForm(); require_once 'recaptcha-php-1.11/recaptchalib.php'; if ('POST' == $this->app['request']->getMethod()) { if (!$this->app['request']->request->has($formname)) { // we're not submitting this particular form if ($formconfig['debugmode'] == true) { $error .= "we're not submitting this form: " . $formname; } $sent = false; } else { // ok we're really submitting this form $isRecaptchaValid = true; // to prevent ReCaptcha check if not enabled if ($this->config['recaptcha_enabled']) { $isRecaptchaValid = false; // by Default $resp = recaptcha_check_answer($this->config['recaptcha_private_key'], $this->getRemoteAddress(), $_POST["recaptcha_challenge_field"], $_POST["recaptcha_response_field"]); $isRecaptchaValid = $resp->is_valid; } if ($isRecaptchaValid) { $form->bind($this->app['request']); if ($form->isValid()) { $res = $this->processForm($formconfig, $form, $formname); if ($res) { $message = $formconfig['message_ok']; $sent = true; // If redirect_on_ok is set, redirect to that page when succesful. if (!empty($formconfig['redirect_on_ok'])) { $redirectpage = $this->app['storage']->getContent($formconfig['redirect_on_ok']); if ($formconfig['debugmode'] == true) { dump('Redirecting ' . $formconfig['redirect_on_ok']); dump($redirectpage); if ($redirectpage) { dump("Redirect link: " . $redirectpage->link()); } else { dump("redirectpage is missing for " . $formname); } } elseif ($redirectpage) { return Lib::simpleredirect($redirectpage->link()); } else { dump("redirectpage is missing for " . $formname); } } } else { $error = $formconfig['message_technical']; } } else { $error = $formconfig['message_error']; } } else { $error = $this->config['recaptcha_error_message']; } } } $use_ssl = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off'; $formhtml = $this->app['render']->render($formconfig['template'], array("submit" => "Send", "form" => $form->createView(), "message" => $message, "error" => $error, "sent" => $sent, "formname" => $formname, "recaptcha_html" => $this->config['recaptcha_enabled'] ? recaptcha_get_html($this->config['recaptcha_public_key'], null, $use_ssl) : '', "recaptcha_theme" => $this->config['recaptcha_enabled'] ? $this->config['recaptcha_theme'] : '', "button_text" => $formconfig['button_text'], "button_class" => $formconfig['button_class'])); return new \Twig_Markup($formhtml, 'UTF-8'); }
/** * Edit a unit of content, or create a new one. * * @param string $contenttypeslug The content type slug * @param integer $id The content ID * @param Application $app The application/container * @param Request $request The Symfony Request * * @return \Twig_Markup|\Symfony\Component\HttpFoundation\RedirectResponse */ public function editContent($contenttypeslug, $id, Application $app, Request $request) { // Make sure the user is allowed to see this page, based on 'allowed contenttypes' // for Editors. if (empty($id)) { $perm = "contenttype:{$contenttypeslug}:create"; $new = true; } else { $perm = "contenttype:{$contenttypeslug}:edit:{$id}"; $new = false; } if (!$app['users']->isAllowed($perm)) { $app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to edit that record.')); return Lib::redirect('dashboard'); } // set the editreferrer in twig if it was not set yet. $tmp = parse_url($app['request']->server->get('HTTP_REFERER')); $tmpreferrer = $tmp['path']; if (!empty($tmp['query'])) { $tmpreferrer .= '?' . $tmp['query']; } if (strpos($tmpreferrer, '/overview/') !== false || $tmpreferrer == $app['paths']['bolt']) { $app['twig']->addGlobal('editreferrer', $tmpreferrer); } $contenttype = $app['storage']->getContentType($contenttypeslug); if ($request->isMethod('POST')) { if (!$app['users']->checkAntiCSRFToken()) { $app->abort(Response::HTTP_BAD_REQUEST, Trans::__('Something went wrong')); } if (!empty($id)) { // Check if we're allowed to edit this content. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$id}")) { $app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to edit that record.')); return Lib::redirect('dashboard'); } } else { // Check if we're allowed to create content. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) { $app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to create a new record.')); return Lib::redirect('dashboard'); } } // If we have an ID now, this is an existing record if ($id) { $content = $app['storage']->getContent($contenttype['slug'], array('id' => $id, 'status' => '!undefined')); $oldStatus = $content['status']; } else { $content = $app['storage']->getContentObject($contenttypeslug); $oldStatus = ''; } // Add non successfull control values to request values // http://www.w3.org/TR/html401/interact/forms.html#h-17.13.2 // Also do some corrections $requestAll = $request->request->all(); foreach ($contenttype['fields'] as $key => $values) { if (isset($requestAll[$key])) { switch ($values['type']) { case 'float': // We allow ',' and '.' as decimal point and need '.' internally $requestAll[$key] = str_replace(',', '.', $requestAll[$key]); break; } } else { switch ($values['type']) { case 'select': if (isset($values['multiple']) && $values['multiple'] === true) { $requestAll[$key] = array(); } break; case 'checkbox': $requestAll[$key] = 0; break; } } } // To check whether the status is allowed, we act as if a status // *transition* were requested. $content->setFromPost($requestAll, $contenttype); $newStatus = $content['status']; // Don't try to spoof the $id. if (!empty($content['id']) && $id != $content['id']) { $app['session']->getFlashBag()->add('error', "Don't try to spoof the id!"); return Lib::redirect('dashboard'); } // Save the record, and return to the overview screen, or to the record (if we clicked 'save and continue') $statusOK = $app['users']->isContentStatusTransitionAllowed($oldStatus, $newStatus, $contenttype['slug'], $id); if ($statusOK) { // Get the associate record change comment $comment = $request->request->get('changelog-comment'); // Save the record $id = $app['storage']->saveContent($content, $comment); // Log the change if ($new) { $app['session']->getFlashBag()->add('success', Trans::__('contenttypes.generic.saved-new', array('%contenttype%' => $contenttypeslug))); $app['logger.system']->info('Created: ' . $content->getTitle(), array('event' => 'content')); } else { $app['session']->getFlashBag()->add('success', Trans::__('contenttypes.generic.saved-changes', array('%contenttype%' => $contenttype['slug']))); $app['logger.system']->info('Saved: ' . $content->getTitle(), array('event' => 'content')); } /* * We now only get a returnto parameter if we are saving a new * record and staying on the same page, i.e. "Save {contenttype}" */ if ($app['request']->get('returnto')) { $returnto = $app['request']->get('returnto'); if ($returnto === 'new') { return Lib::redirect('editcontent', array('contenttypeslug' => $contenttype['slug'], 'id' => $id), '#' . $app['request']->get('returnto')); } elseif ($returnto == 'saveandnew') { return Lib::redirect('editcontent', array('contenttypeslug' => $contenttype['slug'], 'id' => 0), '#' . $app['request']->get('returnto')); } elseif ($returnto === 'ajax') { /* * Flush any buffers from saveContent() dispatcher hooks * and make sure our JSON output is clean. * * Currently occurs due to a 404 exception being generated * in \Bolt\Storage::saveContent() dispatchers: * $this->app['dispatcher']->dispatch(StorageEvents::PRE_SAVE, $event); * $this->app['dispatcher']->dispatch(StorageEvents::POST_SAVE, $event); */ if (ob_get_length()) { ob_end_clean(); } // Get our record after POST_SAVE hooks are dealt with and return the JSON $content = $app['storage']->getContent($contenttype['slug'], array('id' => $id, 'returnsingle' => true, 'status' => '!undefined')); $val = array(); foreach ($content->values as $key => $value) { // Some values are returned as \Twig_Markup and JSON can't deal with that if (is_array($value)) { foreach ($value as $subkey => $subvalue) { if (gettype($subvalue) == 'object' && get_class($subvalue) == 'Twig_Markup') { $val[$key][$subkey] = $subvalue->__toString(); } } } else { $val[$key] = $value; } } if (isset($val['datechanged'])) { $val['datechanged'] = date_format(new \DateTime($val['datechanged']), 'c'); } $lc = localeconv(); foreach ($contenttype['fields'] as $key => $values) { switch ($values['type']) { case 'float': // Adjust decimal point dependent on locale if ($lc['decimal_point'] === ',') { $val[$key] = str_replace('.', ',', $val[$key]); } break; } } // unset flashbag for ajax $app['session']->getFlashBag()->clear('success'); return new JsonResponse($val); } } // No returnto, so we go back to the 'overview' for this contenttype. // check if a pager was set in the referrer - if yes go back there $editreferrer = $app['request']->get('editreferrer'); if ($editreferrer) { Lib::simpleredirect($editreferrer, true); } else { return Lib::redirect('overview', array('contenttypeslug' => $contenttype['slug'])); } } else { $app['session']->getFlashBag()->add('error', Trans::__('contenttypes.generic.error-saving', array('%contenttype%' => $contenttype['slug']))); $app['logger.system']->error('Save error: ' . $content->getTitle(), array('event' => 'content')); } } // We're doing a GET if (!empty($id)) { $content = $app['storage']->getContent($contenttype['slug'], array('id' => $id)); if (empty($content)) { return $app->abort(Response::HTTP_NOT_FOUND, Trans::__('contenttypes.generic.not-existing', array('%contenttype%' => $contenttype['slug']))); } // Check if we're allowed to edit this content. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:edit:{$content['id']}")) { $app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to edit that record.')); return Lib::redirect('dashboard'); } } else { // Check if we're allowed to create content. if (!$app['users']->isAllowed("contenttype:{$contenttype['slug']}:create")) { $app['session']->getFlashBag()->add('error', Trans::__('You do not have the right privileges to create a new record.')); return Lib::redirect('dashboard'); } $content = $app['storage']->getEmptyContent($contenttype['slug']); } $oldStatus = $content['status']; $allStatuses = array('published', 'held', 'draft', 'timed'); $allowedStatuses = array(); foreach ($allStatuses as $status) { if ($app['users']->isContentStatusTransitionAllowed($oldStatus, $status, $contenttype['slug'], $id)) { $allowedStatuses[] = $status; } } $duplicate = $app['request']->query->get('duplicate'); if (!empty($duplicate)) { $content->setValue('id', ''); $content->setValue('slug', ''); $content->setValue('datecreated', ''); $content->setValue('datepublish', ''); $content->setValue('datedepublish', null); $content->setValue('datechanged', ''); $content->setValue('username', ''); $content->setValue('ownerid', ''); // $content->setValue('templatefields', array()); $app['session']->getFlashBag()->add('info', Trans::__('contenttypes.generic.duplicated-finalize', array('%contenttype%' => $contenttype['slug']))); } // Set the users and the current owner of this content. if (empty($id) || $duplicate) { // For brand-new and duplicated items, the creator becomes the owner. $contentowner = $app['users']->getCurrentUser(); } else { // For existing items, we'll just keep the current owner. $contentowner = $app['users']->getUser($content['ownerid']); } $filesystem = $app['filesystem']->getFilesystem(); // Test write access for uploadable fields foreach ($contenttype['fields'] as $key => &$values) { if (isset($values['upload'])) { $values['canUpload'] = $filesystem->has($values['upload']) && $filesystem->getVisibility($values['upload']); } else { $values['canUpload'] = true; } } if (!empty($content['templatefields']) && !empty($content['templatefields']->contenttype['fields'])) { foreach ($content['templatefields']->contenttype['fields'] as $key => &$values) { if (isset($values['upload'])) { $values['canUpload'] = $filesystem->has($values['upload']) && $filesystem->getVisibility($values['upload']); } else { $values['canUpload'] = true; } } } // Determine which templates will result in templatefields $templateFieldTemplates = array(); if ($templateFieldsConfig = $app['config']->get('theme/templatefields')) { $templateFieldTemplates = array_keys($templateFieldsConfig); // Special case for default template $toRepair = array(); foreach ($contenttype['fields'] as $name => $field) { if ($field['type'] == 'templateselect' && !empty($content->values[$name])) { $toRepair[$name] = $content->values[$name]; $content->setValue($name, ''); } } if ($content->hasTemplateFields()) { $templateFieldTemplates[] = ''; } foreach ($toRepair as $name => $value) { $content->setValue($name, $value); } } // Info $hasIncomingRelations = is_array($content->relation); $hasRelations = isset($contenttype['relations']); $hasTabs = $contenttype['groups'] !== false; $hasTaxonomy = isset($contenttype['taxonomy']); $hasTemplateFields = $content->hasTemplateFields(); // Generate tab groups $groups = array(); $groupIds = array(); $addGroup = function ($group, $label) use(&$groups, &$groupIds) { $nr = count($groups) + 1; $id = rtrim('tab-' . Slugify::create()->slugify($group), '-'); if (isset($groupIds[$id]) || $id == 'tab') { $id .= '-' . $nr; } $groups[$group] = array('label' => $label, 'id' => $id, 'is_active' => $nr === 1); $groupIds[$id] = 1; }; foreach ($contenttype['groups'] ? $contenttype['groups'] : array('ungrouped') as $group) { if ($group === 'ungrouped') { $addGroup($group, Trans::__('contenttypes.generic.group.ungrouped')); } elseif ($group !== 'meta' && $group !== 'relations' && $group !== 'taxonomy') { $default = array('DEFAULT' => ucfirst($group)); $key = array('contenttypes', $contenttype['slug'], 'group', $group); $addGroup($group, Trans::__($key, $default)); } } if ($hasRelations || $hasIncomingRelations) { $addGroup('relations', Trans::__('contenttypes.generic.group.relations')); } if ($hasTaxonomy || is_array($contenttype['groups']) && in_array('taxonomy', $contenttype['groups'])) { $addGroup('taxonomy', Trans::__('contenttypes.generic.group.taxonomy')); } if ($hasTemplateFields || is_array($contenttype['groups']) && in_array('template', $contenttype['groups'])) { $addGroup('template', Trans::__('Template')); } $addGroup('meta', Trans::__('contenttypes.generic.group.meta')); // Render $context = array('contenttype' => $contenttype, 'content' => $content, 'allowed_status' => $allowedStatuses, 'contentowner' => $contentowner, 'fields' => $app['config']->fields->fields(), 'fieldtemplates' => $templateFieldTemplates, 'can_upload' => $app['users']->isAllowed('files:uploads'), 'groups' => $groups, 'has' => array('incoming_relations' => $hasIncomingRelations, 'relations' => $hasRelations, 'tabs' => $hasTabs, 'taxonomy' => $hasTaxonomy, 'templatefields' => $hasTemplateFields)); return $app['render']->render('editcontent/editcontent.twig', array('context' => $context)); }