/**
* @param $strType
* @param null $strForceLanguage
*/
public function __construct($strType, $strForceLanguage = null)
{
if (in_array($strType, $GLOBALS['TL_EMAIL'])) {
$this->strType = $strType;
}
$this->strForceLanguage = $strForceLanguage;
// Set default parameters
$this->addParameter('host', Idna::decode(Environment::get('host')));
$this->addParameter('admin_name', BackendUser::getInstance()->name);
}
/**
* Create a new user and redirect
*
* @param MemberModel $objMember
*/
protected function sendPasswordLink($objMember)
{
$confirmationId = md5(uniqid(mt_rand(), true));
// Store the confirmation ID
$objMember = \MemberModel::findByPk($objMember->id);
$objMember->activation = $confirmationId;
$objMember->save();
// Prepare the simple token data
$arrData = $objMember->row();
$arrData['domain'] = \Idna::decode(\Environment::get('host'));
$arrData['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $confirmationId;
// Send e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['passwordSubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = \StringUtil::parseSimpleTokens($this->reg_password, $arrData);
$objEmail->sendTo($objMember->email);
$this->log('A new password has been requested for user ID ' . $objMember->id . ' (' . \Idna::decodeEmail($objMember->email) . ')', __METHOD__, TL_ACCESS);
// Check whether there is a jumpTo page
if (($objJumpTo = $this->objModel->getRelated('jumpTo')) instanceof PageModel) {
$this->jumpToOrReload($objJumpTo->row());
}
$this->reload();
}
/**
* Format a value
*
* @param string $k
* @param mixed $value
* @param boolean $blnListSingle
*
* @return mixed
*/
protected function formatValue($k, $value, $blnListSingle = false)
{
$value = \StringUtil::deserialize($value);
// Return if empty
if (empty($value)) {
return '';
}
/** @var PageModel $objPage */
global $objPage;
// Array
if (is_array($value)) {
$value = implode(', ', $value);
} elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'date') {
$value = \Date::parse($objPage->dateFormat, $value);
} elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'time') {
$value = \Date::parse($objPage->timeFormat, $value);
} elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'datim') {
$value = \Date::parse($objPage->datimFormat, $value);
} elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'url' && preg_match('@^(https?://|ftp://)@i', $value)) {
$value = \Idna::decode($value);
// see #5946
$value = '<a href="' . $value . '" target="_blank">' . $value . '</a>';
} elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['rgxp'] == 'email') {
$value = \StringUtil::encodeEmail(\Idna::decode($value));
// see #5946
$value = '<a href="mailto:' . $value . '">' . $value . '</a>';
} elseif (is_array($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['reference'])) {
$value = $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['reference'][$value];
} elseif ($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['eval']['isAssociative'] || array_is_assoc($GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['options'])) {
if ($blnListSingle) {
$value = $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['options'][$value];
} else {
$value = '<span class="value">[' . $value . ']</span> ' . $GLOBALS['TL_DCA'][$this->list_table]['fields'][$k]['options'][$value];
}
}
return $value;
}
/**
* Send an admin notification e-mail
*
* @param integer $intId
* @param array $arrData
*/
protected function sendAdminNotification($intId, $arrData)
{
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['adminSubject'], \Idna::decode(\Environment::get('host')));
$strData = "\n\n";
// Add user details
foreach ($arrData as $k => $v) {
if ($k == 'password' || $k == 'tstamp' || $k == 'activation' || $k == 'dateAdded') {
continue;
}
$v = \StringUtil::deserialize($v);
if ($k == 'dateOfBirth' && strlen($v)) {
$v = \Date::parse(\Config::get('dateFormat'), $v);
}
$strData .= $GLOBALS['TL_LANG']['tl_member'][$k][0] . ': ' . (is_array($v) ? implode(', ', $v) : $v) . "\n";
}
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['adminText'], $intId, $strData . "\n") . "\n";
$objEmail->sendTo($GLOBALS['TL_ADMIN_EMAIL']);
$this->log('A new user (ID ' . $intId . ') has registered on the website', __METHOD__, TL_ACCESS);
}
/**
* Notify the subscribers of new comments
*
* @param CommentsModel $objComment
*/
public static function notifyCommentsSubscribers(CommentsModel $objComment)
{
// Notified already
if ($objComment->notified) {
return;
}
$objNotify = \CommentsNotifyModel::findActiveBySourceAndParent($objComment->source, $objComment->parent);
// No subscriptions
if ($objNotify === null) {
return;
}
while ($objNotify->next()) {
// Don't notify the commentor about his own comment
if ($objNotify->email == $objComment->email) {
continue;
}
// Prepare the URL
$strUrl = \Idna::decode(\Environment::get('base')) . $objNotify->url;
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifySubject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['com_notifyMessage'], $objNotify->name, $strUrl, $strUrl . '?token=' . $objNotify->tokenRemove);
$objEmail->sendTo($objNotify->email);
}
$objComment->notified = 1;
$objComment->save();
}
/**
* Decode an internationalized domain name
*
* @param string $strDomain The domain name
*
* @return string The decoded domain name
*
* @deprecated Deprecated since Contao 4.0, to be removed in Contao 5.0.
* Use Idna::decode() instead.
*/
protected function idnaDecode($strDomain)
{
@trigger_error('Using System::idnaDecode() has been deprecated and will no longer work in Contao 5.0. Use Idna::decode() instead.', E_USER_DEPRECATED);
return \Idna::decode($strDomain);
}
/**
* Remove the recipient
*
* @param string $strEmail
* @param array $arrRemove
*/
protected function removeRecipient($strEmail, $arrRemove)
{
// Remove the subscriptions
if (($objRemove = \NewsletterRecipientsModel::findByEmailAndPids($strEmail, $arrRemove)) !== null) {
while ($objRemove->next()) {
$strHash = md5($objRemove->email);
// Add a blacklist entry (see #4999)
if (($objBlacklist = \NewsletterBlacklistModel::findByHashAndPid($strHash, $objRemove->pid)) === null) {
$objBlacklist = new \NewsletterBlacklistModel();
$objBlacklist->pid = $objRemove->pid;
$objBlacklist->hash = $strHash;
$objBlacklist->save();
}
$objRemove->delete();
}
}
// Get the channels
$objChannels = \NewsletterChannelModel::findByIds($arrRemove);
$arrChannels = $objChannels->fetchEach('title');
// HOOK: post unsubscribe callback
if (isset($GLOBALS['TL_HOOKS']['removeRecipient']) && is_array($GLOBALS['TL_HOOKS']['removeRecipient'])) {
foreach ($GLOBALS['TL_HOOKS']['removeRecipient'] as $callback) {
$this->import($callback[0]);
$this->{$callback[0]}->{$callback[1]}($strEmail, $arrRemove);
}
}
// Prepare the simple token data
$arrData = array();
$arrData['domain'] = \Idna::decode(\Environment::get('host'));
$arrData['channel'] = $arrData['channels'] = implode("\n", $arrChannels);
// Confirmation e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = \StringUtil::parseSimpleTokens($this->nl_unsubscribe, $arrData);
$objEmail->sendTo($strEmail);
// Redirect to the jumpTo page
if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null) {
$this->redirect($this->generateFrontendUrl($objTarget->row()));
}
\System::getContainer()->get('session')->getFlashBag()->set('nl_removed', $GLOBALS['TL_LANG']['MSC']['nl_removed']);
$this->reload();
}
/**
* Try to login the current user
*
* @return boolean True if the user could be logged in
*/
public function login()
{
\System::loadLanguageFile('default');
// Do not continue if username or password are missing
if (empty($_POST['username']) || empty($_POST['password'])) {
return false;
}
// Load the user object
if ($this->findBy('username', \Input::post('username', true)) == false) {
$blnLoaded = false;
// HOOK: pass credentials to callback functions
if (isset($GLOBALS['TL_HOOKS']['importUser']) && is_array($GLOBALS['TL_HOOKS']['importUser'])) {
foreach ($GLOBALS['TL_HOOKS']['importUser'] as $callback) {
$this->import($callback[0], 'objImport', true);
$blnLoaded = $this->objImport->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this->strTable);
// Load successfull
if ($blnLoaded === true) {
break;
}
}
}
// Return if the user still cannot be loaded
if (!$blnLoaded || $this->findBy('username', \Input::post('username', true)) == false) {
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Could not find user "' . \Input::post('username', true) . '"', __METHOD__, TL_ACCESS);
return false;
}
}
$time = time();
// Set the user language
if (\Input::post('language')) {
$this->language = \Input::post('language');
}
// Lock the account if there are too many login attempts
if ($this->loginCount < 1) {
$this->locked = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Add a log entry and the error message, because checkAccountStatus() will not be called (see #4444)
$this->log('User "' . $this->username . '" has been locked for ' . ceil(\Config::get('lockPeriod') / 60) . ' minutes', __METHOD__, TL_ACCESS);
\Message::addError(sprintf($GLOBALS['TL_LANG']['ERR']['accountLocked'], ceil(($this->locked + \Config::get('lockPeriod') - $time) / 60)));
// Send admin notification
if (\Config::get('adminEmail') != '') {
$objEmail = new \Email();
$objEmail->subject = $GLOBALS['TL_LANG']['MSC']['lockedAccount'][0];
$objEmail->text = sprintf($GLOBALS['TL_LANG']['MSC']['lockedAccount'][1], $this->username, TL_MODE == 'FE' ? $this->firstname . " " . $this->lastname : $this->name, \Idna::decode(\Environment::get('base')), ceil(\Config::get('lockPeriod') / 60));
$objEmail->sendTo(\Config::get('adminEmail'));
}
return false;
}
// Check the account status
if ($this->checkAccountStatus() == false) {
return false;
}
// The password has been generated with crypt()
if (\Encryption::test($this->password)) {
$blnAuthenticated = \Encryption::verify(\Input::postUnsafeRaw('password'), $this->password);
} else {
list($strPassword, $strSalt) = explode(':', $this->password);
$blnAuthenticated = $strSalt == '' ? $strPassword === sha1(\Input::postUnsafeRaw('password')) : $strPassword === sha1($strSalt . \Input::postUnsafeRaw('password'));
// Store a SHA-512 encrpyted version of the password
if ($blnAuthenticated) {
$this->password = \Encryption::hash(\Input::postUnsafeRaw('password'));
}
}
// HOOK: pass credentials to callback functions
if (!$blnAuthenticated && isset($GLOBALS['TL_HOOKS']['checkCredentials']) && is_array($GLOBALS['TL_HOOKS']['checkCredentials'])) {
foreach ($GLOBALS['TL_HOOKS']['checkCredentials'] as $callback) {
$this->import($callback[0], 'objAuth', true);
$blnAuthenticated = $this->objAuth->{$callback[1]}(\Input::post('username', true), \Input::postUnsafeRaw('password'), $this);
// Authentication successfull
if ($blnAuthenticated === true) {
break;
}
}
}
// Redirect if the user could not be authenticated
if (!$blnAuthenticated) {
--$this->loginCount;
$this->save();
\Message::addError($GLOBALS['TL_LANG']['ERR']['invalidLogin']);
$this->log('Invalid password submitted for username "' . $this->username . '"', __METHOD__, TL_ACCESS);
return false;
}
$this->setUserFromDb();
// Update the record
$this->lastLogin = $this->currentLogin;
$this->currentLogin = $time;
$this->loginCount = \Config::get('loginCount');
$this->save();
// Generate the session
$this->regenerateSessionId();
$this->generateSession();
$this->log('User "' . $this->username . '" has logged in', __METHOD__, TL_ACCESS);
// HOOK: post login callback
if (isset($GLOBALS['TL_HOOKS']['postLogin']) && is_array($GLOBALS['TL_HOOKS']['postLogin'])) {
foreach ($GLOBALS['TL_HOOKS']['postLogin'] as $callback) {
$this->import($callback[0], 'objLogin', true);
$this->objLogin->{$callback[1]}($this);
}
}
return true;
}
/**
* Replace insert tags with their values
*
* @param string $strBuffer The text with the tags to be replaced
* @param boolean $blnCache If false, non-cacheable tags will be replaced
*
* @return string The text with the replaced tags
*/
protected function doReplace($strBuffer, $blnCache)
{
/** @var PageModel $objPage */
global $objPage;
// Preserve insert tags
if (\Config::get('disableInsertTags')) {
return \StringUtil::restoreBasicEntities($strBuffer);
}
$tags = preg_split('/{{([^{}]+)}}/', $strBuffer, -1, PREG_SPLIT_DELIM_CAPTURE);
if (count($tags) < 2) {
return \StringUtil::restoreBasicEntities($strBuffer);
}
$strBuffer = '';
// Create one cache per cache setting (see #7700)
static $arrItCache;
$arrCache =& $arrItCache[$blnCache];
for ($_rit = 0, $_cnt = count($tags); $_rit < $_cnt; $_rit += 2) {
$strBuffer .= $tags[$_rit];
$strTag = $tags[$_rit + 1];
// Skip empty tags
if ($strTag == '') {
continue;
}
$flags = explode('|', $strTag);
$tag = array_shift($flags);
$elements = explode('::', $tag);
// Load the value from cache
if (isset($arrCache[$strTag]) && !in_array('refresh', $flags)) {
$strBuffer .= $arrCache[$strTag];
continue;
}
// Skip certain elements if the output will be cached
if ($blnCache) {
if ($elements[0] == 'date' || $elements[0] == 'ua' || $elements[0] == 'post' || $elements[0] == 'file' && !\Validator::isStringUuid($elements[1]) || $elements[1] == 'back' || $elements[1] == 'referer' || $elements[0] == 'request_token' || $elements[0] == 'toggle_view' || strncmp($elements[0], 'cache_', 6) === 0 || in_array('uncached', $flags)) {
/** @var FragmentHandler $fragmentHandler */
$fragmentHandler = \System::getContainer()->get('fragment.handler');
$strBuffer .= $fragmentHandler->render(new ControllerReference('contao.controller.insert_tags:renderAction', ['insertTag' => '{{' . $strTag . '}}']), 'esi');
continue;
}
}
$arrCache[$strTag] = '';
// Replace the tag
switch (strtolower($elements[0])) {
// Date
case 'date':
$arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('dateFormat'));
break;
// Accessibility tags
// Accessibility tags
case 'lang':
if ($elements[1] == '') {
$arrCache[$strTag] = '</span>';
} else {
$arrCache[$strTag] = $arrCache[$strTag] = '<span lang="' . \StringUtil::specialchars($elements[1]) . '">';
}
break;
// Line break
// Line break
case 'br':
$arrCache[$strTag] = '<br>';
break;
// E-mail addresses
// E-mail addresses
case 'email':
case 'email_open':
case 'email_url':
if ($elements[1] == '') {
$arrCache[$strTag] = '';
break;
}
$strEmail = \StringUtil::encodeEmail($elements[1]);
// Replace the tag
switch (strtolower($elements[0])) {
case 'email':
$arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" class="email">' . preg_replace('/\\?.*$/', '', $strEmail) . '</a>';
break;
case 'email_open':
$arrCache[$strTag] = '<a href="mailto:' . $strEmail . '" title="' . $strEmail . '" class="email">';
break;
case 'email_url':
$arrCache[$strTag] = $strEmail;
break;
}
break;
// Label tags
// Label tags
case 'label':
$keys = explode(':', $elements[1]);
if (count($keys) < 2) {
$arrCache[$strTag] = '';
break;
}
$file = $keys[0];
// Map the key (see #7217)
switch ($file) {
case 'CNT':
$file = 'countries';
break;
case 'LNG':
$file = 'languages';
break;
case 'MOD':
case 'FMD':
$file = 'modules';
break;
case 'FFL':
$file = 'tl_form_field';
break;
case 'CACHE':
$file = 'tl_page';
break;
case 'XPL':
$file = 'explain';
break;
case 'XPT':
$file = 'exception';
break;
case 'MSC':
case 'ERR':
case 'CTE':
case 'PTY':
case 'FOP':
case 'CHMOD':
case 'DAYS':
case 'MONTHS':
case 'UNITS':
case 'CONFIRM':
case 'DP':
case 'COLS':
$file = 'default';
break;
}
\System::loadLanguageFile($file);
if (count($keys) == 2) {
$arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]];
} else {
$arrCache[$strTag] = $GLOBALS['TL_LANG'][$keys[0]][$keys[1]][$keys[2]];
}
break;
// Front end user
// Front end user
case 'user':
if (FE_USER_LOGGED_IN) {
$this->import('FrontendUser', 'User');
$value = $this->User->{$elements[1]};
if ($value == '') {
$arrCache[$strTag] = $value;
break;
}
$this->loadDataContainer('tl_member');
if ($GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['inputType'] == 'password') {
$arrCache[$strTag] = '';
break;
}
$value = \StringUtil::deserialize($value);
// Decrypt the value
if ($GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['eval']['encrypt']) {
$value = \Encryption::decrypt($value);
}
$rgxp = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['eval']['rgxp'];
$opts = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['options'];
$rfrc = $GLOBALS['TL_DCA']['tl_member']['fields'][$elements[1]]['reference'];
if ($rgxp == 'date') {
$arrCache[$strTag] = \Date::parse(\Config::get('dateFormat'), $value);
} elseif ($rgxp == 'time') {
$arrCache[$strTag] = \Date::parse(\Config::get('timeFormat'), $value);
} elseif ($rgxp == 'datim') {
$arrCache[$strTag] = \Date::parse(\Config::get('datimFormat'), $value);
} elseif (is_array($value)) {
$arrCache[$strTag] = implode(', ', $value);
} elseif (is_array($opts) && array_is_assoc($opts)) {
$arrCache[$strTag] = isset($opts[$value]) ? $opts[$value] : $value;
} elseif (is_array($rfrc)) {
$arrCache[$strTag] = isset($rfrc[$value]) ? is_array($rfrc[$value]) ? $rfrc[$value][0] : $rfrc[$value] : $value;
} else {
$arrCache[$strTag] = $value;
}
// Convert special characters (see #1890)
$arrCache[$strTag] = \StringUtil::specialchars($arrCache[$strTag]);
}
break;
// Link
// Link
case 'link':
case 'link_open':
case 'link_url':
case 'link_title':
case 'link_target':
case 'link_name':
$strTarget = null;
// Back link
if ($elements[1] == 'back') {
$strUrl = 'javascript:history.go(-1)';
$strTitle = $GLOBALS['TL_LANG']['MSC']['goBack'];
// No language files if the page is cached
if (!strlen($strTitle)) {
$strTitle = 'Go back';
}
$strName = $strTitle;
} elseif (strncmp($elements[1], 'http://', 7) === 0 || strncmp($elements[1], 'https://', 8) === 0) {
$strUrl = $elements[1];
$strTitle = $elements[1];
$strName = str_replace(array('http://', 'https://'), '', $elements[1]);
} else {
// User login page
if ($elements[1] == 'login') {
if (!FE_USER_LOGGED_IN) {
break;
}
$this->import('FrontendUser', 'User');
$elements[1] = $this->User->loginPage;
}
$objNextPage = \PageModel::findByIdOrAlias($elements[1]);
if ($objNextPage === null) {
break;
}
// Page type specific settings (thanks to Andreas Schempp)
switch ($objNextPage->type) {
case 'redirect':
$strUrl = $objNextPage->url;
if (strncasecmp($strUrl, 'mailto:', 7) === 0) {
$strUrl = \StringUtil::encodeEmail($strUrl);
}
break;
case 'forward':
if ($objNextPage->jumpTo) {
/** @var PageModel $objNext */
$objNext = $objNextPage->getRelated('jumpTo');
} else {
$objNext = \PageModel::findFirstPublishedRegularByPid($objNextPage->id);
}
if ($objNext instanceof PageModel) {
$strUrl = $objNext->getFrontendUrl();
break;
}
// DO NOT ADD A break; STATEMENT
// DO NOT ADD A break; STATEMENT
default:
$strUrl = $objNextPage->getFrontendUrl();
break;
}
$strName = $objNextPage->title;
$strTarget = $objNextPage->target ? ' target="_blank"' : '';
$strTitle = $objNextPage->pageTitle ?: $objNextPage->title;
}
// Replace the tag
switch (strtolower($elements[0])) {
case 'link':
$arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>%s</a>', $strUrl, \StringUtil::specialchars($strTitle), $strTarget, $strName);
break;
case 'link_open':
$arrCache[$strTag] = sprintf('<a href="%s" title="%s"%s>', $strUrl, \StringUtil::specialchars($strTitle), $strTarget);
break;
case 'link_url':
$arrCache[$strTag] = $strUrl;
break;
case 'link_title':
$arrCache[$strTag] = \StringUtil::specialchars($strTitle);
break;
case 'link_target':
$arrCache[$strTag] = $strTarget;
break;
case 'link_name':
$arrCache[$strTag] = $strName;
break;
}
break;
// Closing link tag
// Closing link tag
case 'link_close':
case 'email_close':
$arrCache[$strTag] = '</a>';
break;
// Insert article
// Insert article
case 'insert_article':
if (($strOutput = $this->getArticle($elements[1], false, true)) !== false) {
$arrCache[$strTag] = ltrim($strOutput);
} else {
$arrCache[$strTag] = '<p class="error">' . sprintf($GLOBALS['TL_LANG']['MSC']['invalidPage'], $elements[1]) . '</p>';
}
break;
// Insert content element
// Insert content element
case 'insert_content':
$arrCache[$strTag] = $this->getContentElement($elements[1]);
break;
// Insert module
// Insert module
case 'insert_module':
$arrCache[$strTag] = $this->getFrontendModule($elements[1]);
break;
// Insert form
// Insert form
case 'insert_form':
$arrCache[$strTag] = $this->getForm($elements[1]);
break;
// Article
// Article
case 'article':
case 'article_open':
case 'article_url':
case 'article_title':
if (($objArticle = \ArticleModel::findByIdOrAlias($elements[1])) === null || !($objPid = $objArticle->getRelated('pid')) instanceof PageModel) {
break;
}
/** @var PageModel $objPid */
$strUrl = $objPid->getFrontendUrl('/articles/' . ($objArticle->alias ?: $objArticle->id));
// Replace the tag
switch (strtolower($elements[0])) {
case 'article':
$arrCache[$strTag] = sprintf('<a href="%s" title="%s">%s</a>', $strUrl, \StringUtil::specialchars($objArticle->title), $objArticle->title);
break;
case 'article_open':
$arrCache[$strTag] = sprintf('<a href="%s" title="%s">', $strUrl, \StringUtil::specialchars($objArticle->title));
break;
case 'article_url':
$arrCache[$strTag] = $strUrl;
break;
case 'article_title':
$arrCache[$strTag] = \StringUtil::specialchars($objArticle->title);
break;
}
break;
// Article teaser
// Article teaser
case 'article_teaser':
$objTeaser = \ArticleModel::findByIdOrAlias($elements[1]);
if ($objTeaser !== null) {
$arrCache[$strTag] = \StringUtil::toHtml5($objTeaser->teaser);
}
break;
// Last update
// Last update
case 'last_update':
$strQuery = "SELECT MAX(tstamp) AS tc";
$bundles = \System::getContainer()->getParameter('kernel.bundles');
if (isset($bundles['ContaoNewsBundle'])) {
$strQuery .= ", (SELECT MAX(tstamp) FROM tl_news) AS tn";
}
if (isset($bundles['ContaoCalendarBundle'])) {
$strQuery .= ", (SELECT MAX(tstamp) FROM tl_calendar_events) AS te";
}
$strQuery .= " FROM tl_content";
$objUpdate = \Database::getInstance()->query($strQuery);
if ($objUpdate->numRows) {
$arrCache[$strTag] = \Date::parse($elements[1] ?: \Config::get('datimFormat'), max($objUpdate->tc, $objUpdate->tn, $objUpdate->te));
}
break;
// Version
// Version
case 'version':
$arrCache[$strTag] = VERSION . '.' . BUILD;
break;
// Request token
// Request token
case 'request_token':
$arrCache[$strTag] = REQUEST_TOKEN;
break;
// POST data
// POST data
case 'post':
$arrCache[$strTag] = \Input::post($elements[1]);
break;
// Mobile/desktop toggle (see #6469)
// Mobile/desktop toggle (see #6469)
case 'toggle_view':
$strUrl = ampersand(\Environment::get('request'));
$strGlue = strpos($strUrl, '?') === false ? '?' : '&';
if (\Input::cookie('TL_VIEW') == 'mobile' || \Environment::get('agent')->mobile && \Input::cookie('TL_VIEW') != 'desktop') {
$arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=desktop" class="toggle_desktop" title="' . \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['toggleDesktop'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleDesktop'][0] . '</a>';
} else {
$arrCache[$strTag] = '<a href="' . $strUrl . $strGlue . 'toggle_view=mobile" class="toggle_mobile" title="' . \StringUtil::specialchars($GLOBALS['TL_LANG']['MSC']['toggleMobile'][1]) . '">' . $GLOBALS['TL_LANG']['MSC']['toggleMobile'][0] . '</a>';
}
break;
// Conditional tags (if)
// Conditional tags (if)
case 'iflng':
if ($elements[1] != '' && $elements[1] != $objPage->language) {
for (; $_rit < $_cnt; $_rit += 2) {
if ($tags[$_rit + 1] == 'iflng' || $tags[$_rit + 1] == 'iflng::' . $objPage->language) {
break;
}
}
}
unset($arrCache[$strTag]);
break;
// Conditional tags (if not)
// Conditional tags (if not)
case 'ifnlng':
if ($elements[1] != '') {
$langs = \StringUtil::trimsplit(',', $elements[1]);
if (in_array($objPage->language, $langs)) {
for (; $_rit < $_cnt; $_rit += 2) {
if ($tags[$_rit + 1] == 'ifnlng') {
break;
}
}
}
}
unset($arrCache[$strTag]);
break;
// Environment
// Environment
case 'env':
switch ($elements[1]) {
case 'host':
$arrCache[$strTag] = \Idna::decode(\Environment::get('host'));
break;
case 'http_host':
$arrCache[$strTag] = \Idna::decode(\Environment::get('httpHost'));
break;
case 'url':
$arrCache[$strTag] = \Idna::decode(\Environment::get('url'));
break;
case 'path':
$arrCache[$strTag] = \Idna::decode(\Environment::get('base'));
break;
case 'request':
$arrCache[$strTag] = \Environment::get('indexFreeRequest');
break;
case 'ip':
$arrCache[$strTag] = \Environment::get('ip');
break;
case 'referer':
$arrCache[$strTag] = $this->getReferer(true);
break;
case 'files_url':
$arrCache[$strTag] = TL_FILES_URL;
break;
case 'assets_url':
case 'plugins_url':
case 'script_url':
$arrCache[$strTag] = TL_ASSETS_URL;
break;
case 'base_url':
$arrCache[$strTag] = \System::getContainer()->get('request_stack')->getCurrentRequest()->getBaseUrl();
break;
}
break;
// Page
// Page
case 'page':
if ($elements[1] == 'pageTitle' && $objPage->pageTitle == '') {
$elements[1] = 'title';
} elseif ($elements[1] == 'parentPageTitle' && $objPage->parentPageTitle == '') {
$elements[1] = 'parentTitle';
} elseif ($elements[1] == 'mainPageTitle' && $objPage->mainPageTitle == '') {
$elements[1] = 'mainTitle';
}
// Do not use \StringUtil::specialchars() here (see #4687)
$arrCache[$strTag] = $objPage->{$elements[1]};
break;
// User agent
// User agent
case 'ua':
$ua = \Environment::get('agent');
if ($elements[1] != '') {
$arrCache[$strTag] = $ua->{$elements[1]};
} else {
$arrCache[$strTag] = '';
}
break;
// Abbreviations
// Abbreviations
case 'abbr':
case 'acronym':
if ($elements[1] != '') {
$arrCache[$strTag] = '<abbr title="' . \StringUtil::specialchars($elements[1]) . '">';
} else {
$arrCache[$strTag] = '</abbr>';
}
break;
// Images
// Images
case 'image':
case 'picture':
$width = null;
$height = null;
$alt = '';
$class = '';
$rel = '';
$strFile = $elements[1];
$mode = '';
$size = null;
$strTemplate = 'picture_default';
// Take arguments
if (strpos($elements[1], '?') !== false) {
$arrChunks = explode('?', urldecode($elements[1]), 2);
$strSource = \StringUtil::decodeEntities($arrChunks[1]);
$strSource = str_replace('[&]', '&', $strSource);
$arrParams = explode('&', $strSource);
foreach ($arrParams as $strParam) {
list($key, $value) = explode('=', $strParam);
switch ($key) {
case 'width':
$width = $value;
break;
case 'height':
$height = $value;
break;
case 'alt':
$alt = $value;
break;
case 'class':
$class = $value;
break;
case 'rel':
$rel = $value;
break;
case 'mode':
$mode = $value;
break;
case 'size':
$size = (int) $value;
break;
case 'template':
$strTemplate = preg_replace('/[^a-z0-9_]/i', '', $value);
break;
}
}
$strFile = $arrChunks[0];
}
if (\Validator::isUuid($strFile)) {
// Handle UUIDs
$objFile = \FilesModel::findByUuid($strFile);
if ($objFile === null) {
$arrCache[$strTag] = '';
break;
}
$strFile = $objFile->path;
} elseif (is_numeric($strFile)) {
// Handle numeric IDs (see #4805)
$objFile = \FilesModel::findByPk($strFile);
if ($objFile === null) {
$arrCache[$strTag] = '';
break;
}
$strFile = $objFile->path;
} else {
// Check the path
if (\Validator::isInsecurePath($strFile)) {
throw new \RuntimeException('Invalid path ' . $strFile);
}
}
// Check the maximum image width
if (\Config::get('maxImageWidth') > 0 && $width > \Config::get('maxImageWidth')) {
$width = \Config::get('maxImageWidth');
$height = null;
}
// Generate the thumbnail image
try {
// Image
if (strtolower($elements[0]) == 'image') {
$dimensions = '';
$src = \System::getContainer()->get('contao.image.image_factory')->create(TL_ROOT . '/' . rawurldecode($strFile), array($width, $height, $mode))->getUrl(TL_ROOT);
$objFile = new \File(rawurldecode($src));
// Add the image dimensions
if (($imgSize = $objFile->imageSize) !== false) {
$dimensions = ' width="' . \StringUtil::specialchars($imgSize[0]) . '" height="' . \StringUtil::specialchars($imgSize[1]) . '"';
}
$arrCache[$strTag] = '<img src="' . TL_FILES_URL . $src . '" ' . $dimensions . ' alt="' . \StringUtil::specialchars($alt) . '"' . ($class != '' ? ' class="' . \StringUtil::specialchars($class) . '"' : '') . '>';
} else {
$picture = \System::getContainer()->get('contao.image.picture_factory')->create(TL_ROOT . '/' . $strFile, $size);
$picture = array('img' => $picture->getImg(TL_ROOT), 'sources' => $picture->getSources(TL_ROOT));
$picture['alt'] = $alt;
$picture['class'] = $class;
$pictureTemplate = new \FrontendTemplate($strTemplate);
$pictureTemplate->setData($picture);
$arrCache[$strTag] = $pictureTemplate->parse();
}
// Add a lightbox link
if ($rel != '') {
if (strncmp($rel, 'lightbox', 8) !== 0) {
$attribute = ' rel="' . \StringUtil::specialchars($rel) . '"';
} else {
$attribute = ' data-lightbox="' . \StringUtil::specialchars(substr($rel, 8)) . '"';
}
$arrCache[$strTag] = '<a href="' . TL_FILES_URL . $strFile . '"' . ($alt != '' ? ' title="' . \StringUtil::specialchars($alt) . '"' : '') . $attribute . '>' . $arrCache[$strTag] . '</a>';
}
} catch (\Exception $e) {
$arrCache[$strTag] = '';
}
break;
// Files (UUID or template path)
// Files (UUID or template path)
case 'file':
if (\Validator::isUuid($elements[1])) {
$objFile = \FilesModel::findByUuid($elements[1]);
if ($objFile !== null) {
$arrCache[$strTag] = $objFile->path;
break;
}
}
$arrGet = $_GET;
\Input::resetCache();
$strFile = $elements[1];
// Take arguments and add them to the $_GET array
if (strpos($elements[1], '?') !== false) {
$arrChunks = explode('?', urldecode($elements[1]));
$strSource = \StringUtil::decodeEntities($arrChunks[1]);
$strSource = str_replace('[&]', '&', $strSource);
$arrParams = explode('&', $strSource);
foreach ($arrParams as $strParam) {
$arrParam = explode('=', $strParam);
$_GET[$arrParam[0]] = $arrParam[1];
}
$strFile = $arrChunks[0];
}
// Check the path
if (\Validator::isInsecurePath($strFile)) {
throw new \RuntimeException('Invalid path ' . $strFile);
}
// Include .php, .tpl, .xhtml and .html5 files
if (preg_match('/\\.(php|tpl|xhtml|html5)$/', $strFile) && file_exists(TL_ROOT . '/templates/' . $strFile)) {
ob_start();
include TL_ROOT . '/templates/' . $strFile;
$arrCache[$strTag] = ob_get_clean();
}
$_GET = $arrGet;
\Input::resetCache();
break;
// HOOK: pass unknown tags to callback functions
// HOOK: pass unknown tags to callback functions
default:
if (isset($GLOBALS['TL_HOOKS']['replaceInsertTags']) && is_array($GLOBALS['TL_HOOKS']['replaceInsertTags'])) {
foreach ($GLOBALS['TL_HOOKS']['replaceInsertTags'] as $callback) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($tag, $blnCache, $arrCache[$strTag], $flags, $tags, $arrCache, $_rit, $_cnt);
// see #6672
// Replace the tag and stop the loop
if ($varValue !== false) {
$arrCache[$strTag] = $varValue;
break;
}
}
}
\System::getContainer()->get('monolog.logger.contao')->log(LogLevel::INFO, 'Unknown insert tag: ' . $strTag);
break;
}
// Handle the flags
if (!empty($flags)) {
foreach ($flags as $flag) {
switch ($flag) {
case 'addslashes':
case 'standardize':
case 'ampersand':
case 'specialchars':
case 'nl2br':
case 'nl2br_pre':
case 'strtolower':
case 'utf8_strtolower':
case 'strtoupper':
case 'utf8_strtoupper':
case 'ucfirst':
case 'lcfirst':
case 'ucwords':
case 'trim':
case 'rtrim':
case 'ltrim':
case 'utf8_romanize':
case 'urlencode':
case 'rawurlencode':
$arrCache[$strTag] = $flag($arrCache[$strTag]);
break;
case 'encodeEmail':
$arrCache[$strTag] = \StringUtil::$flag($arrCache[$strTag]);
break;
case 'number_format':
$arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 0);
break;
case 'currency_format':
$arrCache[$strTag] = \System::getFormattedNumber($arrCache[$strTag], 2);
break;
case 'readable_size':
$arrCache[$strTag] = \System::getReadableSize($arrCache[$strTag]);
break;
case 'flatten':
if (!is_array($arrCache[$strTag])) {
break;
}
$it = new \RecursiveIteratorIterator(new \RecursiveArrayIterator($arrCache[$strTag]));
$result = array();
foreach ($it as $leafValue) {
$keys = array();
foreach (range(0, $it->getDepth()) as $depth) {
$keys[] = $it->getSubIterator($depth)->key();
}
$result[] = implode('.', $keys) . ': ' . $leafValue;
}
$arrCache[$strTag] = implode(', ', $result);
break;
// HOOK: pass unknown flags to callback functions
// HOOK: pass unknown flags to callback functions
default:
if (isset($GLOBALS['TL_HOOKS']['insertTagFlags']) && is_array($GLOBALS['TL_HOOKS']['insertTagFlags'])) {
foreach ($GLOBALS['TL_HOOKS']['insertTagFlags'] as $callback) {
$this->import($callback[0]);
$varValue = $this->{$callback[0]}->{$callback[1]}($flag, $tag, $arrCache[$strTag], $flags, $blnCache, $tags, $arrCache, $_rit, $_cnt);
// see #5806
// Replace the tag and stop the loop
if ($varValue !== false) {
$arrCache[$strTag] = $varValue;
break;
}
}
}
\System::getContainer()->get('monolog.logger.contao')->log(LogLevel::INFO, 'Unknown insert tag flag: ' . $flag);
break;
}
}
}
$strBuffer .= $arrCache[$strTag];
}
return \StringUtil::restoreBasicEntities($strBuffer);
}
/**
* Add a new recipient
*
* @param string $strEmail
* @param array $arrNew
*/
protected function addRecipient($strEmail, $arrNew)
{
// Remove old subscriptions that have not been activated yet
if (($objOld = \NewsletterRecipientsModel::findBy(array("email=? AND active=''"), $strEmail)) !== null) {
while ($objOld->next()) {
$objOld->delete();
}
}
$time = time();
$strToken = md5(uniqid(mt_rand(), true));
// Add the new subscriptions
foreach ($arrNew as $id) {
$objRecipient = new \NewsletterRecipientsModel();
$objRecipient->pid = $id;
$objRecipient->tstamp = $time;
$objRecipient->email = $strEmail;
$objRecipient->active = '';
$objRecipient->addedOn = $time;
$objRecipient->ip = $this->anonymizeIp(\Environment::get('ip'));
$objRecipient->token = $strToken;
$objRecipient->confirmed = '';
$objRecipient->save();
// Remove the blacklist entry (see #4999)
if (($objBlacklist = \NewsletterBlacklistModel::findByHashAndPid(md5($strEmail), $id)) !== null) {
$objBlacklist->delete();
}
}
// Get the channels
$objChannel = \NewsletterChannelModel::findByIds($arrNew);
// Prepare the simple token data
$arrData = array();
$arrData['token'] = $strToken;
$arrData['domain'] = \Idna::decode(\Environment::get('host'));
$arrData['link'] = \Idna::decode(\Environment::get('base')) . \Environment::get('request') . (strpos(\Environment::get('request'), '?') !== false ? '&' : '?') . 'token=' . $strToken;
$arrData['channel'] = $arrData['channels'] = implode("\n", $objChannel->fetchEach('title'));
// Activation e-mail
$objEmail = new \Email();
$objEmail->from = $GLOBALS['TL_ADMIN_EMAIL'];
$objEmail->fromName = $GLOBALS['TL_ADMIN_NAME'];
$objEmail->subject = sprintf($GLOBALS['TL_LANG']['MSC']['nl_subject'], \Idna::decode(\Environment::get('host')));
$objEmail->text = \StringUtil::parseSimpleTokens($this->nl_subscribe, $arrData);
$objEmail->sendTo($strEmail);
// Redirect to the jumpTo page
if ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) instanceof PageModel) {
/** @var PageModel $objTarget */
$this->redirect($objTarget->getFrontendUrl());
}
\System::getContainer()->get('session')->getFlashBag()->set('nl_confirm', $GLOBALS['TL_LANG']['MSC']['nl_confirm']);
$this->reload();
}
