public function init()
{
parent::init();
// PHP 7.0 compatibility of adminer (throws some warnings)
ini_set("display_errors", 0);
// only for admins
$this->checkPermission("adminer");
// call this to keep the session 'open' so that Adminer can write to it
$session = \Pimcore\Tool\Session::get();
$this->adminerHome = PIMCORE_DOCUMENT_ROOT . '/vendor/vrana/adminer/';
// proxy for resources
$path = $this->getRequest()->getPathInfo();
$path = str_replace("/admin/external_adminer/", "", $path);
if (preg_match("@\\.(css|js|ico|png|jpg|gif)\$@", $path)) {
$filePath = $this->adminerHome . "/" . $path;
// it seems that css files need the right content-type (Chrome)
if (preg_match("@.css\$@", $path)) {
header("Content-Type: text/css");
} elseif (preg_match("@.js\$@", $path)) {
header("Content-Type: text/javascript");
}
if (file_exists($filePath)) {
echo file_get_contents($filePath);
if (preg_match("@default.css\$@", $path)) {
// append custom styles, because in Adminer everything is hardcoded
echo file_get_contents($this->adminerHome . "designs/konya/adminer.css");
echo file_get_contents(PIMCORE_DOCUMENT_ROOT . "/pimcore/static6/css/adminer-modifications.css");
}
}
exit;
}
}
public function init()
{
parent::init();
$this->checkPermission("backup");
@ini_set("memory_limit", "-1");
$this->session = \Pimcore\Tool\Session::get("pimcore_backup");
}
/**
* @static
* @throws Exception
* @return User
*/
public static function authenticateSession()
{
if (!isset($_COOKIE["pimcore_admin_sid"]) && !isset($_REQUEST["pimcore_admin_sid"])) {
// if no session cookie / ID no authentication possible, we don't need to start a session
return null;
}
$session = Session::getReadOnly();
$user = $session->user;
if ($user instanceof User) {
// renew user
$user = User::getById($user->getId());
if (self::isValidUser($user)) {
return $user;
}
}
return null;
}
public function logoutAction()
{
$controller = $this;
// clear open edit locks for this session
\Pimcore\Model\Element\Editlock::clearSession(session_id());
Tool\Session::useSession(function ($adminSession) use($controller) {
if ($adminSession->user instanceof User) {
\Pimcore::getEventManager()->trigger("admin.login.logout", $controller, ["user" => $adminSession->user]);
$adminSession->user = null;
}
\Zend_Session::destroy();
});
// cleanup pimcore-cookies => 315554400 => strtotime('1980-01-01')
setcookie("pimcore_opentabs", false, 315554400, "/");
$this->redirect("/admin/login/");
}
public function previewAction()
{
$id = $this->getParam("id");
$key = "object_" . $id;
$session = Tool\Session::getReadOnly("pimcore_objects");
if ($session->{$key}) {
$object = $session->{$key};
} else {
die("Preview not available, it seems that there's a problem with this object.");
}
$url = $object->getClass()->getPreviewUrl();
// replace named variables
$vars = get_object_vars($object);
foreach ($vars as $key => $value) {
if (!empty($value) && (is_string($value) || is_numeric($value))) {
$url = str_replace("%" . $key, urlencode($value), $url);
} else {
if (strpos($url, "%" . $key) !== false) {
die("No preview available, please ensure that all fields which are required for the preview are filled correctly.");
}
}
}
// replace all remainaing % signs
$url = str_replace("%", "%25", $url);
$urlParts = parse_url($url);
$this->redirect($urlParts["path"] . "?pimcore_object_preview=" . $id . "&_dc=" . time() . "&" . $urlParts["query"]);
}
/**
*
*/
public function removeFromSessionAction()
{
$key = "document_" . $this->getParam("id");
Session::useSession(function ($session) use($key) {
$session->{$key} = null;
}, "pimcore_documents");
$this->_helper->json(array("success" => true));
}
/**
* @throws \Zend_Controller_Router_Exception
*/
public function init()
{
// this is only executed once per request (first request)
if (self::$isInitial) {
\Pimcore::getEventManager()->trigger("frontend.controller.preInit", $this);
}
parent::init();
// log exceptions if handled by error_handler
$this->checkForErrors();
// general definitions
if (self::$isInitial) {
\Pimcore::unsetAdminMode();
Document::setHideUnpublished(true);
Object\AbstractObject::setHideUnpublished(true);
Object\AbstractObject::setGetInheritedValues(true);
Object\Localizedfield::setGetFallbackValues(true);
}
// assign variables
$this->view->controller = $this;
// init website config
$config = Config::getWebsiteConfig();
$this->config = $config;
$this->view->config = $config;
$document = $this->getParam("document");
if (!$document instanceof Document) {
\Zend_Registry::set("pimcore_editmode", false);
$this->editmode = false;
$this->view->editmode = false;
self::$isInitial = false;
// check for a locale first, and set it if available
if ($this->getParam("pimcore_parentDocument")) {
// this is a special exception for renderlets in editmode (ajax request), because they depend on the locale of the parent document
// otherwise there'll be notices like: Notice: 'No translation for the language 'XX' available.'
if ($parentDocument = Document::getById($this->getParam("pimcore_parentDocument"))) {
if ($parentDocument->getProperty("language")) {
$this->setLocaleFromDocument($parentDocument->getProperty("language"));
}
}
}
// no document available, continue, ...
return;
} else {
$this->setDocument($document);
// register global locale if the document has the system property "language"
if ($this->getDocument()->getProperty("language")) {
$this->setLocaleFromDocument($this->getDocument()->getProperty("language"));
}
if (self::$isInitial) {
// append meta-data to the headMeta() view helper, if it is a document-request
if (!Model\Staticroute::getCurrentRoute() && $this->getDocument() instanceof Document\Page) {
if (is_array($this->getDocument()->getMetaData())) {
foreach ($this->getDocument()->getMetaData() as $meta) {
// only name
if (!empty($meta["idName"]) && !empty($meta["idValue"]) && !empty($meta["contentValue"])) {
$method = "append" . ucfirst($meta["idName"]);
$this->view->headMeta()->{$method}($meta["idValue"], $meta["contentValue"]);
}
}
}
}
}
}
// this is only executed once per request (first request)
if (self::$isInitial) {
// contains the logged in user if necessary
$user = null;
// default is to set the editmode to false, is enabled later if necessary
\Zend_Registry::set("pimcore_editmode", false);
if (Tool::isFrontentRequestByAdmin()) {
$this->disableBrowserCache();
// start admin session & get logged in user
$user = Authentication::authenticateSession();
}
if (\Pimcore::inDebugMode()) {
$this->disableBrowserCache();
}
if (!$this->document->isPublished()) {
if (Tool::isFrontentRequestByAdmin()) {
if (!$user) {
throw new \Zend_Controller_Router_Exception("access denied for " . $this->document->getFullPath());
}
} else {
throw new \Zend_Controller_Router_Exception("access denied for " . $this->document->getFullPath());
}
}
// logged in users only
if ($user) {
// set the user to registry so that it is available via \Pimcore\Tool\Admin::getCurrentUser();
\Zend_Registry::set("pimcore_admin_user", $user);
// document editmode
if ($this->getParam("pimcore_editmode")) {
\Zend_Registry::set("pimcore_editmode", true);
// check if there is the document in the session
$docKey = "document_" . $this->getDocument()->getId();
$docSession = Session::getReadOnly("pimcore_documents");
if ($docSession->{$docKey}) {
// if there is a document in the session use it
$this->setDocument($docSession->{$docKey});
} else {
// set the latest available version for editmode if there is no doc in the session
$latestVersion = $this->getDocument()->getLatestVersion();
if ($latestVersion) {
$latestDoc = $latestVersion->loadData();
if ($latestDoc instanceof Document\PageSnippet) {
$this->setDocument($latestDoc);
}
}
}
// register editmode plugin
$front = \Zend_Controller_Front::getInstance();
$front->registerPlugin(new \Pimcore\Controller\Plugin\Frontend\Editmode($this), 1000);
}
// document preview
if ($this->getParam("pimcore_preview")) {
// get document from session
$docKey = "document_" . $this->getParam("document")->getId();
$docSession = Session::getReadOnly("pimcore_documents");
if ($docSession->{$docKey}) {
$this->setDocument($docSession->{$docKey});
}
}
// object preview
if ($this->getParam("pimcore_object_preview")) {
$key = "object_" . $this->getParam("pimcore_object_preview");
$session = Session::getReadOnly("pimcore_objects");
if ($session->{$key}) {
$object = $session->{$key};
// add the object to the registry so every call to Object::getById() will return this object instead of the real one
\Zend_Registry::set("object_" . $object->getId(), $object);
}
}
// for version preview
if ($this->getParam("pimcore_version")) {
// only get version data at the first call || because of embedded Snippets ...
if (!\Zend_Registry::isRegistered("pimcore_version_active")) {
$version = Model\Version::getById($this->getParam("pimcore_version"));
$this->setDocument($version->getData());
\Zend_Registry::set("pimcore_version_active", true);
}
}
}
// for public versions
if ($this->getParam("v")) {
try {
$version = Model\Version::getById($this->getParam("v"));
if ($version->getPublic()) {
$this->setDocument($version->getData());
}
} catch (\Exception $e) {
}
}
// check for persona
if ($this->getDocument() instanceof Document\Page) {
$this->getDocument()->setUsePersona(null);
// reset because of preview and editmode (saved in session)
if ($this->getParam("_ptp") && self::$isInitial) {
$this->getDocument()->setUsePersona($this->getParam("_ptp"));
}
}
// check if document is a wrapped hardlink, if this is the case send a rel=canonical header to the source document
if ($this->getDocument() instanceof Document\Hardlink\Wrapper\WrapperInterface) {
// get the cononical (source) document
$hardlinkCanonicalSourceDocument = Document::getById($this->getDocument()->getId());
$request = $this->getRequest();
if (\Pimcore\Tool\Frontend::isDocumentInCurrentSite($hardlinkCanonicalSourceDocument)) {
$this->getResponse()->setHeader("Link", '<' . $request->getScheme() . "://" . $request->getHttpHost() . $hardlinkCanonicalSourceDocument->getFullPath() . '>; rel="canonical"');
}
}
\Pimcore::getEventManager()->trigger("frontend.controller.postInit", $this);
}
// set some parameters
$this->editmode = \Zend_Registry::get("pimcore_editmode");
$this->view->editmode = \Zend_Registry::get("pimcore_editmode");
self::$isInitial = false;
}
/**
*
*/
protected function protectCSRF()
{
$csrfToken = Session::useSession(function ($adminSession) {
return $adminSession->csrfToken;
});
if ($csrfToken != $_SERVER["HTTP_X_PIMCORE_CSRF_TOKEN"]) {
die("Detected CSRF Attack! Do not do evil things with pimcore ... ;-)");
}
}
* Pimcore
*
* This source file is subject to the GNU General Public License version 3 (GPLv3)
* For the full copyright and license information, please view the LICENSE.md and gpl-3.0.txt
* files that are distributed with this source code. dsf sdaf asdf asdf
*
* @copyright Copyright (c) 2009-2015 pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GNU General Public License version 3 (GPLv3)
*/
// adminer isn'T fully php 5.4 compatible
error_reporting(E_ERROR);
$workingDirectory = getcwd();
include "../../../cli/startup.php";
chdir($workingDirectory);
// start global session an keep it open (this is needed for the CSRF protections from adminer)
\Pimcore\Tool\Session::get();
// only for logged in users
$user = \Pimcore\Tool\Authentication::authenticateSession();
if (!$user instanceof User) {
die("Authentication failed!");
}
if (!$user->isAllowed("database")) {
die("Permission denied!");
}
$conf = \Pimcore\Config::getSystemConfig()->database->params;
if (empty($_SERVER["QUERY_STRING"])) {
header("Location: /pimcore/modules/3rdparty/adminer/index.php?username="******"&db=" . $conf->dbname);
exit;
}
// adminer plugin
function adminer_object()
public function indexAction()
{
// IE compatibility
//$this->getResponse()->setHeader("X-UA-Compatible", "IE=8; IE=9", true);
// clear open edit locks for this session (in the case of a reload, ...)
\Pimcore\Model\Element\Editlock::clearSession(session_id());
// check maintenance
$maintenance_enabled = false;
$manager = Model\Schedule\Manager\Factory::getManager("maintenance.pid");
$lastExecution = $manager->getLastExecution();
if ($lastExecution) {
if (time() - $lastExecution < 610) {
// maintenance script should run at least every 10 minutes + a little tolerance
$maintenance_enabled = true;
}
}
$this->view->maintenance_enabled = \Zend_Json::encode($maintenance_enabled);
// configuration
$sysConfig = Config::getSystemConfig();
$this->view->config = $sysConfig;
//mail settings
$mailIncomplete = false;
if ($sysConfig->email) {
if (!$sysConfig->email->debug->emailaddresses) {
$mailIncomplete = true;
}
if (!$sysConfig->email->sender->email) {
$mailIncomplete = true;
}
if ($sysConfig->email->method == "smtp" && !$sysConfig->email->smtp->host) {
$mailIncomplete = true;
}
}
$this->view->mail_settings_complete = \Zend_Json::encode(!$mailIncomplete);
// report configuration
$this->view->report_config = Config::getReportConfig();
// customviews config
$cvConfig = Tool::getCustomViewConfig();
$cvData = array();
if ($cvConfig) {
foreach ($cvConfig as $node) {
$tmpData = $node;
$rootNode = Model\Object::getByPath($tmpData["rootfolder"]);
if ($rootNode) {
$tmpData["rootId"] = $rootNode->getId();
$tmpData["allowedClasses"] = explode(",", $tmpData["classes"]);
$tmpData["showroot"] = (bool) $tmpData["showroot"];
$cvData[] = $tmpData;
}
}
}
$this->view->customview_config = $cvData;
// upload limit
$max_upload = filesize2bytes(ini_get("upload_max_filesize") . "B");
$max_post = filesize2bytes(ini_get("post_max_size") . "B");
$upload_mb = min($max_upload, $max_post);
$this->view->upload_max_filesize = $upload_mb;
// csrf token
$user = $this->getUser();
$this->view->csrfToken = Tool\Session::useSession(function ($adminSession) use($user) {
if (!isset($adminSession->csrfToken) && !$adminSession->csrfToken) {
$adminSession->csrfToken = sha1(microtime() . $user->getName() . uniqid());
}
return $adminSession->csrfToken;
});
if (\Pimcore\Tool\Admin::isExtJS6()) {
$this->forward("index6");
}
}
/**
* if this method is called in self::shutdown() it forces the browser to close the connection an allows the
* shutdown-function to run in the background
* @static
* @return string
*/
public static function outputBufferEnd($data)
{
$output = null;
$contentEncoding = null;
if (headers_sent()) {
return $data;
}
// cleanup admin session Set-Cookie headers if needed
// a detailed description why this is necessary can be found in the doc-block of \Pimcore\Tool\Session::$sessionCookieCleanupNeeded
if (Tool\Session::isSessionCookieCleanupNeeded()) {
$headers = headers_list();
$headers = array_reverse($headers);
foreach ($headers as $header) {
if (strpos($header, Tool\Session::getOption("name")) !== false) {
header($header, true);
// setting the header again with 2nd arg = true, overrides all duplicates
break;
}
}
}
// only send this headers in the shutdown-function, so that it is also possible to get the contents of this buffer earlier without sending headers
if (self::$inShutdown) {
// force closing the connection at the client, this enables to do certain tasks (writing the cache) in the "background"
header("Connection: close\r\n");
// check for supported content-encodings
if (strpos($_SERVER["HTTP_ACCEPT_ENCODING"], "gzip") !== false) {
$contentEncoding = "gzip";
}
if (!empty($data) && $contentEncoding) {
ignore_user_abort(true);
// find the content-type of the response
$front = \Zend_Controller_Front::getInstance();
$a = $front->getResponse()->getHeaders();
$b = array_merge(headers_list(), $front->getResponse()->getRawHeaders());
$contentType = null;
// first check headers in headers_list() because they overwrite all other headers => see SOAP controller
foreach ($b as $header) {
if (stripos($header, "content-type") !== false) {
$parts = explode(":", $header);
if (strtolower(trim($parts[0])) == "content-type") {
$contentType = trim($parts[1]);
break;
}
}
}
if (!$contentType) {
foreach ($a as $header) {
if (strtolower(trim($header["name"])) == "content-type") {
$contentType = $header["value"];
break;
}
}
}
// prepare the response to be sent (gzip or not)
// do not add text/xml or a wildcard for text/* here because this causes problems with the SOAP server
$gzipContentTypes = array("@text/html@i", "@application/json@", "@text/javascript@", "@text/css@");
$gzipIt = false;
foreach ($gzipContentTypes as $type) {
if (@preg_match($type, $contentType)) {
$gzipIt = true;
break;
}
}
// gzip the contents and send connection close tthat the process can run in the background to finish
// some tasks like writing the cache ...
// using mb_strlen() because of PIMCORE-1509
if ($gzipIt) {
$output = " ‹" . substr(gzcompress($data, 2), 0, -4) . pack('V', crc32($data)) . pack('V', mb_strlen($data, "latin1"));
// (although all modern browsers don't need it anymore) to work properly with google adwords check & co.
header("Content-Encoding: {$contentEncoding}\r\n");
}
}
// no gzip/deflate encoding
if (!$output) {
$output = $data;
}
if (strlen($output) > 0) {
// check here if there is actually content, otherwise readfile() and similar functions are not working anymore
header("Content-Length: " . mb_strlen($output, "latin1"));
}
header("X-Powered-By: pimcore", true);
}
// return the data unchanged
return $output;
}
public function copyAction()
{
$success = false;
$sourceId = intval($this->getParam("sourceId"));
$source = Asset::getById($sourceId);
$session = Tool\Session::get("pimcore_copy");
$targetId = intval($this->getParam("targetId"));
if ($this->getParam("targetParentId")) {
$sourceParent = Asset::getById($this->getParam("sourceParentId"));
// this is because the key can get the prefix "_copy" if the target does already exists
if ($session->{$this->getParam("transactionId")}["parentId"]) {
$targetParent = Asset::getById($session->{$this->getParam("transactionId")}["parentId"]);
} else {
$targetParent = Asset::getById($this->getParam("targetParentId"));
}
$targetPath = preg_replace("@^" . $sourceParent->getFullPath() . "@", $targetParent . "/", $source->getPath());
$target = Asset::getByPath($targetPath);
} else {
$target = Asset::getById($targetId);
}
if ($target->isAllowed("create")) {
$source = Asset::getById($sourceId);
if ($source != null) {
if ($this->getParam("type") == "child") {
$newAsset = $this->_assetService->copyAsChild($target, $source);
// this is because the key can get the prefix "_copy" if the target does already exists
if ($this->getParam("saveParentId")) {
$session->{$this->getParam("transactionId")}["parentId"] = $newAsset->getId();
}
} else {
if ($this->getParam("type") == "replace") {
$this->_assetService->copyContents($target, $source);
}
}
$success = true;
} else {
\Logger::debug("prevended copy/paste because asset with same path+key already exists in this location");
}
} else {
\Logger::error("could not execute copy/paste because of missing permissions on target [ " . $targetId . " ]");
$this->_helper->json(array("error" => false, "message" => "missing_permission"));
}
Tool\Session::writeClose();
$this->_helper->json(array("success" => $success));
}
public function indexAction()
{
// clear open edit locks for this session (in the case of a reload, ...)
\Pimcore\Model\Element\Editlock::clearSession(session_id());
// check maintenance
$maintenance_enabled = false;
$manager = Model\Schedule\Manager\Factory::getManager("maintenance.pid");
$lastExecution = $manager->getLastExecution();
if ($lastExecution) {
if (time() - $lastExecution < 610) {
// maintenance script should run at least every 10 minutes + a little tolerance
$maintenance_enabled = true;
}
}
$this->view->maintenance_enabled = \Zend_Json::encode($maintenance_enabled);
// configuration
$sysConfig = Config::getSystemConfig();
$this->view->config = $sysConfig;
//mail settings
$mailIncomplete = false;
if ($sysConfig->email) {
if (!$sysConfig->email->debug->emailaddresses) {
$mailIncomplete = true;
}
if (!$sysConfig->email->sender->email) {
$mailIncomplete = true;
}
if ($sysConfig->email->method == "smtp" && !$sysConfig->email->smtp->host) {
$mailIncomplete = true;
}
}
$this->view->mail_settings_complete = \Zend_Json::encode(!$mailIncomplete);
// report configuration
$this->view->report_config = Config::getReportConfig();
$cvData = [];
// still needed when publishing objects
$cvConfig = Tool::getCustomViewConfig();
if ($cvConfig) {
foreach ($cvConfig as $node) {
$tmpData = $node;
// backwards compatibility
$treeType = $tmpData["treetype"] ? $tmpData["treetype"] : "object";
$rootNode = Model\Element\Service::getElementByPath($treeType, $tmpData["rootfolder"]);
if ($rootNode) {
$tmpData["rootId"] = $rootNode->getId();
$tmpData["allowedClasses"] = $tmpData["classes"] ? explode(",", $tmpData["classes"]) : null;
$tmpData["showroot"] = (bool) $tmpData["showroot"];
// Check if a user has privileges to that node
if ($rootNode->isAllowed("list")) {
$cvData[] = $tmpData;
}
}
}
}
$this->view->customview_config = $cvData;
// upload limit
$max_upload = filesize2bytes(ini_get("upload_max_filesize") . "B");
$max_post = filesize2bytes(ini_get("post_max_size") . "B");
$upload_mb = min($max_upload, $max_post);
$this->view->upload_max_filesize = $upload_mb;
// session lifetime (gc)
$session_gc_maxlifetime = ini_get("session.gc_maxlifetime");
if (empty($session_gc_maxlifetime)) {
$session_gc_maxlifetime = 120;
}
$this->view->session_gc_maxlifetime = $session_gc_maxlifetime;
// csrf token
$user = $this->getUser();
$this->view->csrfToken = Tool\Session::useSession(function ($adminSession) use($user) {
if (!isset($adminSession->csrfToken) && !$adminSession->csrfToken) {
$adminSession->csrfToken = sha1(microtime() . $user->getName() . uniqid());
}
return $adminSession->csrfToken;
});
if (\Pimcore\Tool\Admin::isExtJS6()) {
$this->forward("index6");
}
}
public function diffVersionsAction()
{
$versionFrom = Version::getById($this->getParam("from"));
$docFrom = $versionFrom->loadData();
$request = $this->getRequest();
$sessionName = Tool\Session::getOption("name");
$prefix = $request->getScheme() . "://" . $request->getHttpHost() . $docFrom->getFullPath() . "?pimcore_version=";
$fromUrl = $prefix . $this->getParam("from") . "&" . $sessionName . "=" . $_COOKIE[$sessionName];
$toUrl = $prefix . $this->getParam("to") . "&" . $sessionName . "=" . $_COOKIE[$sessionName];
$fromFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . "/version-diff-tmp-" . uniqid() . ".png";
$toFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . "/version-diff-tmp-" . uniqid() . ".png";
$diffFile = PIMCORE_SYSTEM_TEMP_DIRECTORY . "/version-diff-tmp-" . uniqid() . ".png";
if (\Pimcore\Image\HtmlToImage::isSupported() && class_exists("Imagick")) {
\Pimcore\Image\HtmlToImage::convert($fromUrl, $fromFile);
\Pimcore\Image\HtmlToImage::convert($toUrl, $toFile);
$image1 = new Imagick($fromFile);
$image2 = new Imagick($toFile);
if ($image1->getImageWidth() == $image2->getImageWidth() && $image1->getImageHeight() == $image2->getImageHeight()) {
$result = $image1->compareImages($image2, Imagick::METRIC_MEANSQUAREERROR);
$result[0]->setImageFormat("png");
$result[0]->writeImage($diffFile);
$result[0]->clear();
$result[0]->destroy();
$this->view->image = base64_encode(file_get_contents($diffFile));
unlink($diffFile);
} else {
$this->view->image1 = base64_encode(file_get_contents($fromFile));
$this->view->image2 = base64_encode(file_get_contents($toFile));
}
// cleanup
$image1->clear();
$image1->destroy();
$image2->clear();
$image2->destroy();
unlink($fromFile);
unlink($toFile);
} else {
$this->renderScript("document/diff-versions-unsupported.php");
}
}
public function updateCurrentUserAction()
{
$this->protectCSRF();
$user = $this->getUser();
if ($user != null) {
if ($user->getId() == $this->getParam("id")) {
$values = \Zend_Json::decode($this->getParam("data"));
unset($values["name"]);
unset($values["id"]);
unset($values["admin"]);
unset($values["permissions"]);
unset($values["roles"]);
unset($values["active"]);
if (!empty($values["new_password"])) {
$oldPasswordCheck = false;
if (empty($values["old_password"])) {
// if the user want to reset the password, the old password isn't required
$oldPasswordCheck = Tool\Session::useSession(function ($adminSession) use($oldPasswordCheck) {
if ($adminSession->password_reset) {
return true;
}
return false;
});
} else {
// the password has to match
$checkUser = Tool\Authentication::authenticatePlaintext($user->getName(), $values["old_password"]);
if ($checkUser) {
$oldPasswordCheck = true;
}
}
if ($oldPasswordCheck && $values["new_password"] == $values["retype_password"]) {
$values["password"] = Tool\Authentication::getPasswordHash($user->getName(), $values["new_password"]);
} else {
$this->_helper->json(["success" => false, "message" => "password_cannot_be_changed"]);
}
}
$user->setValues($values);
$user->save();
$this->_helper->json(["success" => true]);
} else {
\Logger::warn("prevented save current user, because ids do not match. ");
$this->_helper->json(false);
}
} else {
$this->_helper->json(false);
}
}
/**
* Get CoreShop Session
*
* @return \stdClass
*/
public static function getSession()
{
return Session::get('CoreShop');
}
public function saveAction()
{
try {
if ($this->getParam("id")) {
$page = Document\Page::getById($this->getParam("id"));
// check if there's a document in session which should be used as data-source
// see also self::clearEditableDataAction() | this is necessary to reset all fields and to get rid of
// outdated and unused data elements in this document (eg. entries of area-blocks)
$pageSession = Session::useSession(function ($session) use($page) {
if (isset($session->{"document_" . $page->getId()}) && isset($session->{"document_" . $page->getId() . "_useForSave"})) {
if ($session->{"document_" . $page->getId() . "_useForSave"}) {
// only use the page from the session once
unset($session->{"document_" . $page->getId() . "_useForSave"});
return $session->{"document_" . $page->getId()};
}
}
return null;
}, "pimcore_documents");
if ($pageSession) {
$page = $pageSession;
} else {
$page = $this->getLatestVersion($page);
}
$page->setUserModification($this->getUser()->getId());
if ($this->getParam("task") == "unpublish") {
$page->setPublished(false);
}
if ($this->getParam("task") == "publish") {
$page->setPublished(true);
}
$settings = [];
if ($this->getParam("settings")) {
$settings = \Zend_Json::decode($this->getParam("settings"));
}
// check for redirects
if ($this->getUser()->isAllowed("redirects") && $this->getParam("settings")) {
if (is_array($settings)) {
$redirectList = new Redirect\Listing();
$redirectList->setCondition("target = ?", $page->getId());
$existingRedirects = $redirectList->load();
$existingRedirectIds = [];
foreach ($existingRedirects as $existingRedirect) {
$existingRedirectIds[$existingRedirect->getId()] = $existingRedirect->getId();
}
for ($i = 1; $i < 100; $i++) {
if (array_key_exists("redirect_url_" . $i, $settings)) {
// check for existing
if ($settings["redirect_id_" . $i]) {
$redirect = Redirect::getById($settings["redirect_id_" . $i]);
unset($existingRedirectIds[$redirect->getId()]);
} else {
// create new one
$redirect = new Redirect();
}
$redirect->setSource($settings["redirect_url_" . $i]);
$redirect->setTarget($page->getId());
$redirect->setStatusCode(301);
$redirect->save();
}
}
// remove existing redirects which were delete
foreach ($existingRedirectIds as $existingRedirectId) {
$redirect = Redirect::getById($existingRedirectId);
$redirect->delete();
}
}
}
// check if settings exist, before saving meta data
if ($this->getParam("settings") && is_array($settings)) {
$metaData = [];
for ($i = 1; $i < 30; $i++) {
if (array_key_exists("metadata_" . $i, $settings)) {
$metaData[] = $settings["metadata_" . $i];
}
}
$page->setMetaData($metaData);
}
// only save when publish or unpublish
if ($this->getParam("task") == "publish" && $page->isAllowed("publish") or $this->getParam("task") == "unpublish" && $page->isAllowed("unpublish")) {
$this->setValuesToDocument($page);
try {
$page->save();
$this->saveToSession($page);
$this->_helper->json(["success" => true]);
} catch (\Exception $e) {
if (\Pimcore\Tool\Admin::isExtJS6() && $e instanceof Element\ValidationException) {
throw $e;
}
Logger::err($e);
$this->_helper->json(["success" => false, "message" => $e->getMessage()]);
}
} else {
if ($page->isAllowed("save")) {
$this->setValuesToDocument($page);
try {
$page->saveVersion();
$this->saveToSession($page);
$this->_helper->json(["success" => true]);
} catch (\Exception $e) {
Logger::err($e);
$this->_helper->json(["success" => false, "message" => $e->getMessage()]);
}
}
}
}
} catch (\Exception $e) {
Logger::log($e);
if (\Pimcore\Tool\Admin::isExtJS6() && $e instanceof Element\ValidationException) {
$this->_helper->json(["success" => false, "type" => "ValidationException", "message" => $e->getMessage(), "stack" => $e->getTraceAsString(), "code" => $e->getCode()]);
}
throw $e;
}
$this->_helper->json(false);
}