Пример #1
0
 public function init()
 {
     parent::init();
     // PHP 7.0 compatibility of adminer (throws some warnings)
     ini_set("display_errors", 0);
     // only for admins
     $this->checkPermission("adminer");
     // call this to keep the session 'open' so that Adminer can write to it
     $session = \Pimcore\Tool\Session::get();
     $this->adminerHome = PIMCORE_DOCUMENT_ROOT . '/vendor/vrana/adminer/';
     // proxy for resources
     $path = $this->getRequest()->getPathInfo();
     $path = str_replace("/admin/external_adminer/", "", $path);
     if (preg_match("@\\.(css|js|ico|png|jpg|gif)\$@", $path)) {
         $filePath = $this->adminerHome . "/" . $path;
         // it seems that css files need the right content-type (Chrome)
         if (preg_match("@.css\$@", $path)) {
             header("Content-Type: text/css");
         } elseif (preg_match("@.js\$@", $path)) {
             header("Content-Type: text/javascript");
         }
         if (file_exists($filePath)) {
             echo file_get_contents($filePath);
             if (preg_match("@default.css\$@", $path)) {
                 // append custom styles, because in Adminer everything is hardcoded
                 echo file_get_contents($this->adminerHome . "designs/konya/adminer.css");
                 echo file_get_contents(PIMCORE_DOCUMENT_ROOT . "/pimcore/static6/css/adminer-modifications.css");
             }
         }
         exit;
     }
 }
Пример #2
0
 public function init()
 {
     parent::init();
     $this->checkPermission("backup");
     @ini_set("memory_limit", "-1");
     $this->session = \Pimcore\Tool\Session::get("pimcore_backup");
 }
Пример #3
0
 /**
  * @static
  * @throws Exception
  * @return User
  */
 public static function authenticateSession()
 {
     if (!isset($_COOKIE["pimcore_admin_sid"]) && !isset($_REQUEST["pimcore_admin_sid"])) {
         // if no session cookie / ID no authentication possible, we don't need to start a session
         return null;
     }
     $session = Session::getReadOnly();
     $user = $session->user;
     if ($user instanceof User) {
         // renew user
         $user = User::getById($user->getId());
         if (self::isValidUser($user)) {
             return $user;
         }
     }
     return null;
 }
Пример #4
0
 public function logoutAction()
 {
     $controller = $this;
     // clear open edit locks for this session
     \Pimcore\Model\Element\Editlock::clearSession(session_id());
     Tool\Session::useSession(function ($adminSession) use($controller) {
         if ($adminSession->user instanceof User) {
             \Pimcore::getEventManager()->trigger("admin.login.logout", $controller, ["user" => $adminSession->user]);
             $adminSession->user = null;
         }
         \Zend_Session::destroy();
     });
     // cleanup pimcore-cookies => 315554400 => strtotime('1980-01-01')
     setcookie("pimcore_opentabs", false, 315554400, "/");
     $this->redirect("/admin/login/");
 }
Пример #5
0
 public function previewAction()
 {
     $id = $this->getParam("id");
     $key = "object_" . $id;
     $session = Tool\Session::getReadOnly("pimcore_objects");
     if ($session->{$key}) {
         $object = $session->{$key};
     } else {
         die("Preview not available, it seems that there's a problem with this object.");
     }
     $url = $object->getClass()->getPreviewUrl();
     // replace named variables
     $vars = get_object_vars($object);
     foreach ($vars as $key => $value) {
         if (!empty($value) && (is_string($value) || is_numeric($value))) {
             $url = str_replace("%" . $key, urlencode($value), $url);
         } else {
             if (strpos($url, "%" . $key) !== false) {
                 die("No preview available, please ensure that all fields which are required for the preview are filled correctly.");
             }
         }
     }
     // replace all remainaing % signs
     $url = str_replace("%", "%25", $url);
     $urlParts = parse_url($url);
     $this->redirect($urlParts["path"] . "?pimcore_object_preview=" . $id . "&_dc=" . time() . "&" . $urlParts["query"]);
 }
Пример #6
0
 /**
  *
  */
 public function removeFromSessionAction()
 {
     $key = "document_" . $this->getParam("id");
     Session::useSession(function ($session) use($key) {
         $session->{$key} = null;
     }, "pimcore_documents");
     $this->_helper->json(array("success" => true));
 }
Пример #7
0
 /**
  * @throws \Zend_Controller_Router_Exception
  */
 public function init()
 {
     // this is only executed once per request (first request)
     if (self::$isInitial) {
         \Pimcore::getEventManager()->trigger("frontend.controller.preInit", $this);
     }
     parent::init();
     // log exceptions if handled by error_handler
     $this->checkForErrors();
     // general definitions
     if (self::$isInitial) {
         \Pimcore::unsetAdminMode();
         Document::setHideUnpublished(true);
         Object\AbstractObject::setHideUnpublished(true);
         Object\AbstractObject::setGetInheritedValues(true);
         Object\Localizedfield::setGetFallbackValues(true);
     }
     // assign variables
     $this->view->controller = $this;
     // init website config
     $config = Config::getWebsiteConfig();
     $this->config = $config;
     $this->view->config = $config;
     $document = $this->getParam("document");
     if (!$document instanceof Document) {
         \Zend_Registry::set("pimcore_editmode", false);
         $this->editmode = false;
         $this->view->editmode = false;
         self::$isInitial = false;
         // check for a locale first, and set it if available
         if ($this->getParam("pimcore_parentDocument")) {
             // this is a special exception for renderlets in editmode (ajax request), because they depend on the locale of the parent document
             // otherwise there'll be notices like:  Notice: 'No translation for the language 'XX' available.'
             if ($parentDocument = Document::getById($this->getParam("pimcore_parentDocument"))) {
                 if ($parentDocument->getProperty("language")) {
                     $this->setLocaleFromDocument($parentDocument->getProperty("language"));
                 }
             }
         }
         // no document available, continue, ...
         return;
     } else {
         $this->setDocument($document);
         // register global locale if the document has the system property "language"
         if ($this->getDocument()->getProperty("language")) {
             $this->setLocaleFromDocument($this->getDocument()->getProperty("language"));
         }
         if (self::$isInitial) {
             // append meta-data to the headMeta() view helper,  if it is a document-request
             if (!Model\Staticroute::getCurrentRoute() && $this->getDocument() instanceof Document\Page) {
                 if (is_array($this->getDocument()->getMetaData())) {
                     foreach ($this->getDocument()->getMetaData() as $meta) {
                         // only name
                         if (!empty($meta["idName"]) && !empty($meta["idValue"]) && !empty($meta["contentValue"])) {
                             $method = "append" . ucfirst($meta["idName"]);
                             $this->view->headMeta()->{$method}($meta["idValue"], $meta["contentValue"]);
                         }
                     }
                 }
             }
         }
     }
     // this is only executed once per request (first request)
     if (self::$isInitial) {
         // contains the logged in user if necessary
         $user = null;
         // default is to set the editmode to false, is enabled later if necessary
         \Zend_Registry::set("pimcore_editmode", false);
         if (Tool::isFrontentRequestByAdmin()) {
             $this->disableBrowserCache();
             // start admin session & get logged in user
             $user = Authentication::authenticateSession();
         }
         if (\Pimcore::inDebugMode()) {
             $this->disableBrowserCache();
         }
         if (!$this->document->isPublished()) {
             if (Tool::isFrontentRequestByAdmin()) {
                 if (!$user) {
                     throw new \Zend_Controller_Router_Exception("access denied for " . $this->document->getFullPath());
                 }
             } else {
                 throw new \Zend_Controller_Router_Exception("access denied for " . $this->document->getFullPath());
             }
         }
         // logged in users only
         if ($user) {
             // set the user to registry so that it is available via \Pimcore\Tool\Admin::getCurrentUser();
             \Zend_Registry::set("pimcore_admin_user", $user);
             // document editmode
             if ($this->getParam("pimcore_editmode")) {
                 \Zend_Registry::set("pimcore_editmode", true);
                 // check if there is the document in the session
                 $docKey = "document_" . $this->getDocument()->getId();
                 $docSession = Session::getReadOnly("pimcore_documents");
                 if ($docSession->{$docKey}) {
                     // if there is a document in the session use it
                     $this->setDocument($docSession->{$docKey});
                 } else {
                     // set the latest available version for editmode if there is no doc in the session
                     $latestVersion = $this->getDocument()->getLatestVersion();
                     if ($latestVersion) {
                         $latestDoc = $latestVersion->loadData();
                         if ($latestDoc instanceof Document\PageSnippet) {
                             $this->setDocument($latestDoc);
                         }
                     }
                 }
                 // register editmode plugin
                 $front = \Zend_Controller_Front::getInstance();
                 $front->registerPlugin(new \Pimcore\Controller\Plugin\Frontend\Editmode($this), 1000);
             }
             // document preview
             if ($this->getParam("pimcore_preview")) {
                 // get document from session
                 $docKey = "document_" . $this->getParam("document")->getId();
                 $docSession = Session::getReadOnly("pimcore_documents");
                 if ($docSession->{$docKey}) {
                     $this->setDocument($docSession->{$docKey});
                 }
             }
             // object preview
             if ($this->getParam("pimcore_object_preview")) {
                 $key = "object_" . $this->getParam("pimcore_object_preview");
                 $session = Session::getReadOnly("pimcore_objects");
                 if ($session->{$key}) {
                     $object = $session->{$key};
                     // add the object to the registry so every call to Object::getById() will return this object instead of the real one
                     \Zend_Registry::set("object_" . $object->getId(), $object);
                 }
             }
             // for version preview
             if ($this->getParam("pimcore_version")) {
                 // only get version data at the first call || because of embedded Snippets ...
                 if (!\Zend_Registry::isRegistered("pimcore_version_active")) {
                     $version = Model\Version::getById($this->getParam("pimcore_version"));
                     $this->setDocument($version->getData());
                     \Zend_Registry::set("pimcore_version_active", true);
                 }
             }
         }
         // for public versions
         if ($this->getParam("v")) {
             try {
                 $version = Model\Version::getById($this->getParam("v"));
                 if ($version->getPublic()) {
                     $this->setDocument($version->getData());
                 }
             } catch (\Exception $e) {
             }
         }
         // check for persona
         if ($this->getDocument() instanceof Document\Page) {
             $this->getDocument()->setUsePersona(null);
             // reset because of preview and editmode (saved in session)
             if ($this->getParam("_ptp") && self::$isInitial) {
                 $this->getDocument()->setUsePersona($this->getParam("_ptp"));
             }
         }
         // check if document is a wrapped hardlink, if this is the case send a rel=canonical header to the source document
         if ($this->getDocument() instanceof Document\Hardlink\Wrapper\WrapperInterface) {
             // get the cononical (source) document
             $hardlinkCanonicalSourceDocument = Document::getById($this->getDocument()->getId());
             $request = $this->getRequest();
             if (\Pimcore\Tool\Frontend::isDocumentInCurrentSite($hardlinkCanonicalSourceDocument)) {
                 $this->getResponse()->setHeader("Link", '<' . $request->getScheme() . "://" . $request->getHttpHost() . $hardlinkCanonicalSourceDocument->getFullPath() . '>; rel="canonical"');
             }
         }
         \Pimcore::getEventManager()->trigger("frontend.controller.postInit", $this);
     }
     // set some parameters
     $this->editmode = \Zend_Registry::get("pimcore_editmode");
     $this->view->editmode = \Zend_Registry::get("pimcore_editmode");
     self::$isInitial = false;
 }
Пример #8
0
 /**
  *
  */
 protected function protectCSRF()
 {
     $csrfToken = Session::useSession(function ($adminSession) {
         return $adminSession->csrfToken;
     });
     if ($csrfToken != $_SERVER["HTTP_X_PIMCORE_CSRF_TOKEN"]) {
         die("Detected CSRF Attack! Do not do evil things with pimcore ... ;-)");
     }
 }
Пример #9
0
 * Pimcore
 *
 * This source file is subject to the GNU General Public License version 3 (GPLv3)
 * For the full copyright and license information, please view the LICENSE.md and gpl-3.0.txt
 * files that are distributed with this source code. dsf sdaf asdf asdf
 *
 * @copyright  Copyright (c) 2009-2015 pimcore GmbH (http://www.pimcore.org)
 * @license    http://www.pimcore.org/license     GNU General Public License version 3 (GPLv3)
 */
// adminer isn'T fully php 5.4 compatible
error_reporting(E_ERROR);
$workingDirectory = getcwd();
include "../../../cli/startup.php";
chdir($workingDirectory);
// start global session an keep it open (this is needed for the CSRF protections from adminer)
\Pimcore\Tool\Session::get();
// only for logged in users
$user = \Pimcore\Tool\Authentication::authenticateSession();
if (!$user instanceof User) {
    die("Authentication failed!");
}
if (!$user->isAllowed("database")) {
    die("Permission denied!");
}
$conf = \Pimcore\Config::getSystemConfig()->database->params;
if (empty($_SERVER["QUERY_STRING"])) {
    header("Location: /pimcore/modules/3rdparty/adminer/index.php?username="******"&db=" . $conf->dbname);
    exit;
}
// adminer plugin
function adminer_object()
Пример #10
0
 public function indexAction()
 {
     // IE compatibility
     //$this->getResponse()->setHeader("X-UA-Compatible", "IE=8; IE=9", true);
     // clear open edit locks for this session (in the case of a reload, ...)
     \Pimcore\Model\Element\Editlock::clearSession(session_id());
     // check maintenance
     $maintenance_enabled = false;
     $manager = Model\Schedule\Manager\Factory::getManager("maintenance.pid");
     $lastExecution = $manager->getLastExecution();
     if ($lastExecution) {
         if (time() - $lastExecution < 610) {
             // maintenance script should run at least every 10 minutes + a little tolerance
             $maintenance_enabled = true;
         }
     }
     $this->view->maintenance_enabled = \Zend_Json::encode($maintenance_enabled);
     // configuration
     $sysConfig = Config::getSystemConfig();
     $this->view->config = $sysConfig;
     //mail settings
     $mailIncomplete = false;
     if ($sysConfig->email) {
         if (!$sysConfig->email->debug->emailaddresses) {
             $mailIncomplete = true;
         }
         if (!$sysConfig->email->sender->email) {
             $mailIncomplete = true;
         }
         if ($sysConfig->email->method == "smtp" && !$sysConfig->email->smtp->host) {
             $mailIncomplete = true;
         }
     }
     $this->view->mail_settings_complete = \Zend_Json::encode(!$mailIncomplete);
     // report configuration
     $this->view->report_config = Config::getReportConfig();
     // customviews config
     $cvConfig = Tool::getCustomViewConfig();
     $cvData = array();
     if ($cvConfig) {
         foreach ($cvConfig as $node) {
             $tmpData = $node;
             $rootNode = Model\Object::getByPath($tmpData["rootfolder"]);
             if ($rootNode) {
                 $tmpData["rootId"] = $rootNode->getId();
                 $tmpData["allowedClasses"] = explode(",", $tmpData["classes"]);
                 $tmpData["showroot"] = (bool) $tmpData["showroot"];
                 $cvData[] = $tmpData;
             }
         }
     }
     $this->view->customview_config = $cvData;
     // upload limit
     $max_upload = filesize2bytes(ini_get("upload_max_filesize") . "B");
     $max_post = filesize2bytes(ini_get("post_max_size") . "B");
     $upload_mb = min($max_upload, $max_post);
     $this->view->upload_max_filesize = $upload_mb;
     // csrf token
     $user = $this->getUser();
     $this->view->csrfToken = Tool\Session::useSession(function ($adminSession) use($user) {
         if (!isset($adminSession->csrfToken) && !$adminSession->csrfToken) {
             $adminSession->csrfToken = sha1(microtime() . $user->getName() . uniqid());
         }
         return $adminSession->csrfToken;
     });
     if (\Pimcore\Tool\Admin::isExtJS6()) {
         $this->forward("index6");
     }
 }
Пример #11
0
 /**
  * if this method is called in self::shutdown() it forces the browser to close the connection an allows the
  * shutdown-function to run in the background
  * @static
  * @return string
  */
 public static function outputBufferEnd($data)
 {
     $output = null;
     $contentEncoding = null;
     if (headers_sent()) {
         return $data;
     }
     // cleanup admin session Set-Cookie headers if needed
     // a detailed description why this is necessary can be found in the doc-block of \Pimcore\Tool\Session::$sessionCookieCleanupNeeded
     if (Tool\Session::isSessionCookieCleanupNeeded()) {
         $headers = headers_list();
         $headers = array_reverse($headers);
         foreach ($headers as $header) {
             if (strpos($header, Tool\Session::getOption("name")) !== false) {
                 header($header, true);
                 // setting the header again with 2nd arg = true, overrides all duplicates
                 break;
             }
         }
     }
     // only send this headers in the shutdown-function, so that it is also possible to get the contents of this buffer earlier without sending headers
     if (self::$inShutdown) {
         // force closing the connection at the client, this enables to do certain tasks (writing the cache) in the "background"
         header("Connection: close\r\n");
         // check for supported content-encodings
         if (strpos($_SERVER["HTTP_ACCEPT_ENCODING"], "gzip") !== false) {
             $contentEncoding = "gzip";
         }
         if (!empty($data) && $contentEncoding) {
             ignore_user_abort(true);
             // find the content-type of the response
             $front = \Zend_Controller_Front::getInstance();
             $a = $front->getResponse()->getHeaders();
             $b = array_merge(headers_list(), $front->getResponse()->getRawHeaders());
             $contentType = null;
             // first check headers in headers_list() because they overwrite all other headers => see SOAP controller
             foreach ($b as $header) {
                 if (stripos($header, "content-type") !== false) {
                     $parts = explode(":", $header);
                     if (strtolower(trim($parts[0])) == "content-type") {
                         $contentType = trim($parts[1]);
                         break;
                     }
                 }
             }
             if (!$contentType) {
                 foreach ($a as $header) {
                     if (strtolower(trim($header["name"])) == "content-type") {
                         $contentType = $header["value"];
                         break;
                     }
                 }
             }
             // prepare the response to be sent (gzip or not)
             // do not add text/xml or a wildcard for text/* here because this causes problems with the SOAP server
             $gzipContentTypes = array("@text/html@i", "@application/json@", "@text/javascript@", "@text/css@");
             $gzipIt = false;
             foreach ($gzipContentTypes as $type) {
                 if (@preg_match($type, $contentType)) {
                     $gzipIt = true;
                     break;
                 }
             }
             // gzip the contents and send connection close tthat the process can run in the background to finish
             // some tasks like writing the cache ...
             // using mb_strlen() because of PIMCORE-1509
             if ($gzipIt) {
                 $output = "‹" . substr(gzcompress($data, 2), 0, -4) . pack('V', crc32($data)) . pack('V', mb_strlen($data, "latin1"));
                 // (although all modern browsers don't need it anymore) to work properly with google adwords check & co.
                 header("Content-Encoding: {$contentEncoding}\r\n");
             }
         }
         // no gzip/deflate encoding
         if (!$output) {
             $output = $data;
         }
         if (strlen($output) > 0) {
             // check here if there is actually content, otherwise readfile() and similar functions are not working anymore
             header("Content-Length: " . mb_strlen($output, "latin1"));
         }
         header("X-Powered-By: pimcore", true);
     }
     // return the data unchanged
     return $output;
 }
 public function copyAction()
 {
     $success = false;
     $sourceId = intval($this->getParam("sourceId"));
     $source = Asset::getById($sourceId);
     $session = Tool\Session::get("pimcore_copy");
     $targetId = intval($this->getParam("targetId"));
     if ($this->getParam("targetParentId")) {
         $sourceParent = Asset::getById($this->getParam("sourceParentId"));
         // this is because the key can get the prefix "_copy" if the target does already exists
         if ($session->{$this->getParam("transactionId")}["parentId"]) {
             $targetParent = Asset::getById($session->{$this->getParam("transactionId")}["parentId"]);
         } else {
             $targetParent = Asset::getById($this->getParam("targetParentId"));
         }
         $targetPath = preg_replace("@^" . $sourceParent->getFullPath() . "@", $targetParent . "/", $source->getPath());
         $target = Asset::getByPath($targetPath);
     } else {
         $target = Asset::getById($targetId);
     }
     if ($target->isAllowed("create")) {
         $source = Asset::getById($sourceId);
         if ($source != null) {
             if ($this->getParam("type") == "child") {
                 $newAsset = $this->_assetService->copyAsChild($target, $source);
                 // this is because the key can get the prefix "_copy" if the target does already exists
                 if ($this->getParam("saveParentId")) {
                     $session->{$this->getParam("transactionId")}["parentId"] = $newAsset->getId();
                 }
             } else {
                 if ($this->getParam("type") == "replace") {
                     $this->_assetService->copyContents($target, $source);
                 }
             }
             $success = true;
         } else {
             \Logger::debug("prevended copy/paste because asset with same path+key already exists in this location");
         }
     } else {
         \Logger::error("could not execute copy/paste because of missing permissions on target [ " . $targetId . " ]");
         $this->_helper->json(array("error" => false, "message" => "missing_permission"));
     }
     Tool\Session::writeClose();
     $this->_helper->json(array("success" => $success));
 }
Пример #13
0
 public function indexAction()
 {
     // clear open edit locks for this session (in the case of a reload, ...)
     \Pimcore\Model\Element\Editlock::clearSession(session_id());
     // check maintenance
     $maintenance_enabled = false;
     $manager = Model\Schedule\Manager\Factory::getManager("maintenance.pid");
     $lastExecution = $manager->getLastExecution();
     if ($lastExecution) {
         if (time() - $lastExecution < 610) {
             // maintenance script should run at least every 10 minutes + a little tolerance
             $maintenance_enabled = true;
         }
     }
     $this->view->maintenance_enabled = \Zend_Json::encode($maintenance_enabled);
     // configuration
     $sysConfig = Config::getSystemConfig();
     $this->view->config = $sysConfig;
     //mail settings
     $mailIncomplete = false;
     if ($sysConfig->email) {
         if (!$sysConfig->email->debug->emailaddresses) {
             $mailIncomplete = true;
         }
         if (!$sysConfig->email->sender->email) {
             $mailIncomplete = true;
         }
         if ($sysConfig->email->method == "smtp" && !$sysConfig->email->smtp->host) {
             $mailIncomplete = true;
         }
     }
     $this->view->mail_settings_complete = \Zend_Json::encode(!$mailIncomplete);
     // report configuration
     $this->view->report_config = Config::getReportConfig();
     $cvData = [];
     // still needed when publishing objects
     $cvConfig = Tool::getCustomViewConfig();
     if ($cvConfig) {
         foreach ($cvConfig as $node) {
             $tmpData = $node;
             // backwards compatibility
             $treeType = $tmpData["treetype"] ? $tmpData["treetype"] : "object";
             $rootNode = Model\Element\Service::getElementByPath($treeType, $tmpData["rootfolder"]);
             if ($rootNode) {
                 $tmpData["rootId"] = $rootNode->getId();
                 $tmpData["allowedClasses"] = $tmpData["classes"] ? explode(",", $tmpData["classes"]) : null;
                 $tmpData["showroot"] = (bool) $tmpData["showroot"];
                 // Check if a user has privileges to that node
                 if ($rootNode->isAllowed("list")) {
                     $cvData[] = $tmpData;
                 }
             }
         }
     }
     $this->view->customview_config = $cvData;
     // upload limit
     $max_upload = filesize2bytes(ini_get("upload_max_filesize") . "B");
     $max_post = filesize2bytes(ini_get("post_max_size") . "B");
     $upload_mb = min($max_upload, $max_post);
     $this->view->upload_max_filesize = $upload_mb;
     // session lifetime (gc)
     $session_gc_maxlifetime = ini_get("session.gc_maxlifetime");
     if (empty($session_gc_maxlifetime)) {
         $session_gc_maxlifetime = 120;
     }
     $this->view->session_gc_maxlifetime = $session_gc_maxlifetime;
     // csrf token
     $user = $this->getUser();
     $this->view->csrfToken = Tool\Session::useSession(function ($adminSession) use($user) {
         if (!isset($adminSession->csrfToken) && !$adminSession->csrfToken) {
             $adminSession->csrfToken = sha1(microtime() . $user->getName() . uniqid());
         }
         return $adminSession->csrfToken;
     });
     if (\Pimcore\Tool\Admin::isExtJS6()) {
         $this->forward("index6");
     }
 }
Пример #14
0
 public function diffVersionsAction()
 {
     $versionFrom = Version::getById($this->getParam("from"));
     $docFrom = $versionFrom->loadData();
     $request = $this->getRequest();
     $sessionName = Tool\Session::getOption("name");
     $prefix = $request->getScheme() . "://" . $request->getHttpHost() . $docFrom->getFullPath() . "?pimcore_version=";
     $fromUrl = $prefix . $this->getParam("from") . "&" . $sessionName . "=" . $_COOKIE[$sessionName];
     $toUrl = $prefix . $this->getParam("to") . "&" . $sessionName . "=" . $_COOKIE[$sessionName];
     $fromFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . "/version-diff-tmp-" . uniqid() . ".png";
     $toFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . "/version-diff-tmp-" . uniqid() . ".png";
     $diffFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . "/version-diff-tmp-" . uniqid() . ".png";
     if (\Pimcore\Image\HtmlToImage::isSupported() && class_exists("Imagick")) {
         \Pimcore\Image\HtmlToImage::convert($fromUrl, $fromFile);
         \Pimcore\Image\HtmlToImage::convert($toUrl, $toFile);
         $image1 = new Imagick($fromFile);
         $image2 = new Imagick($toFile);
         if ($image1->getImageWidth() == $image2->getImageWidth() && $image1->getImageHeight() == $image2->getImageHeight()) {
             $result = $image1->compareImages($image2, Imagick::METRIC_MEANSQUAREERROR);
             $result[0]->setImageFormat("png");
             $result[0]->writeImage($diffFile);
             $result[0]->clear();
             $result[0]->destroy();
             $this->view->image = base64_encode(file_get_contents($diffFile));
             unlink($diffFile);
         } else {
             $this->view->image1 = base64_encode(file_get_contents($fromFile));
             $this->view->image2 = base64_encode(file_get_contents($toFile));
         }
         // cleanup
         $image1->clear();
         $image1->destroy();
         $image2->clear();
         $image2->destroy();
         unlink($fromFile);
         unlink($toFile);
     } else {
         $this->renderScript("document/diff-versions-unsupported.php");
     }
 }
Пример #15
0
 public function updateCurrentUserAction()
 {
     $this->protectCSRF();
     $user = $this->getUser();
     if ($user != null) {
         if ($user->getId() == $this->getParam("id")) {
             $values = \Zend_Json::decode($this->getParam("data"));
             unset($values["name"]);
             unset($values["id"]);
             unset($values["admin"]);
             unset($values["permissions"]);
             unset($values["roles"]);
             unset($values["active"]);
             if (!empty($values["new_password"])) {
                 $oldPasswordCheck = false;
                 if (empty($values["old_password"])) {
                     // if the user want to reset the password, the old password isn't required
                     $oldPasswordCheck = Tool\Session::useSession(function ($adminSession) use($oldPasswordCheck) {
                         if ($adminSession->password_reset) {
                             return true;
                         }
                         return false;
                     });
                 } else {
                     // the password has to match
                     $checkUser = Tool\Authentication::authenticatePlaintext($user->getName(), $values["old_password"]);
                     if ($checkUser) {
                         $oldPasswordCheck = true;
                     }
                 }
                 if ($oldPasswordCheck && $values["new_password"] == $values["retype_password"]) {
                     $values["password"] = Tool\Authentication::getPasswordHash($user->getName(), $values["new_password"]);
                 } else {
                     $this->_helper->json(["success" => false, "message" => "password_cannot_be_changed"]);
                 }
             }
             $user->setValues($values);
             $user->save();
             $this->_helper->json(["success" => true]);
         } else {
             \Logger::warn("prevented save current user, because ids do not match. ");
             $this->_helper->json(false);
         }
     } else {
         $this->_helper->json(false);
     }
 }
Пример #16
0
 /**
  * Get CoreShop Session
  *
  * @return \stdClass
  */
 public static function getSession()
 {
     return Session::get('CoreShop');
 }
Пример #17
0
 public function saveAction()
 {
     try {
         if ($this->getParam("id")) {
             $page = Document\Page::getById($this->getParam("id"));
             // check if there's a document in session which should be used as data-source
             // see also self::clearEditableDataAction() | this is necessary to reset all fields and to get rid of
             // outdated and unused data elements in this document (eg. entries of area-blocks)
             $pageSession = Session::useSession(function ($session) use($page) {
                 if (isset($session->{"document_" . $page->getId()}) && isset($session->{"document_" . $page->getId() . "_useForSave"})) {
                     if ($session->{"document_" . $page->getId() . "_useForSave"}) {
                         // only use the page from the session once
                         unset($session->{"document_" . $page->getId() . "_useForSave"});
                         return $session->{"document_" . $page->getId()};
                     }
                 }
                 return null;
             }, "pimcore_documents");
             if ($pageSession) {
                 $page = $pageSession;
             } else {
                 $page = $this->getLatestVersion($page);
             }
             $page->setUserModification($this->getUser()->getId());
             if ($this->getParam("task") == "unpublish") {
                 $page->setPublished(false);
             }
             if ($this->getParam("task") == "publish") {
                 $page->setPublished(true);
             }
             $settings = [];
             if ($this->getParam("settings")) {
                 $settings = \Zend_Json::decode($this->getParam("settings"));
             }
             // check for redirects
             if ($this->getUser()->isAllowed("redirects") && $this->getParam("settings")) {
                 if (is_array($settings)) {
                     $redirectList = new Redirect\Listing();
                     $redirectList->setCondition("target = ?", $page->getId());
                     $existingRedirects = $redirectList->load();
                     $existingRedirectIds = [];
                     foreach ($existingRedirects as $existingRedirect) {
                         $existingRedirectIds[$existingRedirect->getId()] = $existingRedirect->getId();
                     }
                     for ($i = 1; $i < 100; $i++) {
                         if (array_key_exists("redirect_url_" . $i, $settings)) {
                             // check for existing
                             if ($settings["redirect_id_" . $i]) {
                                 $redirect = Redirect::getById($settings["redirect_id_" . $i]);
                                 unset($existingRedirectIds[$redirect->getId()]);
                             } else {
                                 // create new one
                                 $redirect = new Redirect();
                             }
                             $redirect->setSource($settings["redirect_url_" . $i]);
                             $redirect->setTarget($page->getId());
                             $redirect->setStatusCode(301);
                             $redirect->save();
                         }
                     }
                     // remove existing redirects which were delete
                     foreach ($existingRedirectIds as $existingRedirectId) {
                         $redirect = Redirect::getById($existingRedirectId);
                         $redirect->delete();
                     }
                 }
             }
             // check if settings exist, before saving meta data
             if ($this->getParam("settings") && is_array($settings)) {
                 $metaData = [];
                 for ($i = 1; $i < 30; $i++) {
                     if (array_key_exists("metadata_" . $i, $settings)) {
                         $metaData[] = $settings["metadata_" . $i];
                     }
                 }
                 $page->setMetaData($metaData);
             }
             // only save when publish or unpublish
             if ($this->getParam("task") == "publish" && $page->isAllowed("publish") or $this->getParam("task") == "unpublish" && $page->isAllowed("unpublish")) {
                 $this->setValuesToDocument($page);
                 try {
                     $page->save();
                     $this->saveToSession($page);
                     $this->_helper->json(["success" => true]);
                 } catch (\Exception $e) {
                     if (\Pimcore\Tool\Admin::isExtJS6() && $e instanceof Element\ValidationException) {
                         throw $e;
                     }
                     Logger::err($e);
                     $this->_helper->json(["success" => false, "message" => $e->getMessage()]);
                 }
             } else {
                 if ($page->isAllowed("save")) {
                     $this->setValuesToDocument($page);
                     try {
                         $page->saveVersion();
                         $this->saveToSession($page);
                         $this->_helper->json(["success" => true]);
                     } catch (\Exception $e) {
                         Logger::err($e);
                         $this->_helper->json(["success" => false, "message" => $e->getMessage()]);
                     }
                 }
             }
         }
     } catch (\Exception $e) {
         Logger::log($e);
         if (\Pimcore\Tool\Admin::isExtJS6() && $e instanceof Element\ValidationException) {
             $this->_helper->json(["success" => false, "type" => "ValidationException", "message" => $e->getMessage(), "stack" => $e->getTraceAsString(), "code" => $e->getCode()]);
         }
         throw $e;
     }
     $this->_helper->json(false);
 }