function onBeforeSaveField(&$field, &$post, &$file, &$item) { if (!in_array($field->field_type, self::$field_types)) { return; } $use_ingroup = $field->parameters->get('use_ingroup', 0); if (!is_array($post) && !strlen($post) && !$use_ingroup) { return; } // Make sure posted data is an array //echo "<pre>"; print_r($post); exit; $post = !is_array($post) ? array($post) : $post; //echo "<pre>"; print_r($post); // Get configuration $inputmode = (int) $field->parameters->get('inputmode', 1); $is_importcsv = JRequest::getVar('task') == 'importcsv'; $import_docs_folder = JRequest::getVar('import_docs_folder'); $iform_allowdel = $field->parameters->get('iform_allowdel', 1); $iform_title = $inputmode == 1 ? 0 : $field->parameters->get('iform_title', 1); $iform_desc = $inputmode == 1 ? 0 : $field->parameters->get('iform_desc', 1); $iform_lang = $inputmode == 1 ? 0 : $field->parameters->get('iform_lang', 0); $iform_dir = $inputmode == 1 ? 0 : $field->parameters->get('iform_dir', 0); // Execute once static $initialized = null; static $srcpath_original = ''; if (!$initialized) { $initialized = 1; jimport('joomla.filesystem.folder'); jimport('joomla.filesystem.path'); $srcpath_original = JPath::clean(JPATH_SITE . DS . $import_docs_folder . DS); } $newpost = array(); $new = 0; foreach ($post as $n => $v) { if (empty($v)) { if ($use_ingroup) { // empty value for group $newpost[$new] = ''; $new++; } continue; } // support for basic CSV import / export if ($is_importcsv) { if (!is_numeric($v)) { $filename = basename($v); $sub_folder = dirname($v); $sub_folder = $sub_folder && $sub_folder != '.' ? DS . $sub_folder : ''; $fman = new FlexicontentControllerFilemanager(); $Fobj = new stdClass(); $Fobj->return_url = null; $Fobj->file_dir_path = DS . $import_docs_folder . $sub_folder; $Fobj->file_filter_re = preg_quote($filename); $Fobj->secure = 0; $Fobj->keep = 1; $file_ids = $fman->addlocal($Fobj); $v = !empty($file_ids) ? reset($file_ids) : false; // Get fist element //$_filetitle = key($file_ids); this is the cleaned up filename, currently not needed } } else { $file_id = isset($v['file-id']) ? (int) $v['file-id'] : $v; $file_id = is_numeric($file_id) ? (int) $file_id : 0; // if $v is not an array $err_code = $_FILES["custom"]["error"][$field->name][$n]['file-data']; $new_file = $err_code == 0; if ($err_code && $err_code != UPLOAD_ERR_NO_FILE) { $err_msg = array(UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the upload_max_filesize directive in php.ini', UPLOAD_ERR_INI_SIZE => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form', UPLOAD_ERR_PARTIAL => 'The uploaded file was only partially uploaded', UPLOAD_ERR_NO_FILE => 'No file was uploaded', UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder', UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk', UPLOAD_ERR_EXTENSION => 'A PHP extension stopped the file upload'); JFactory::getApplication()->enqueueMessage("FILE FIELD: " . $err_msg[$err_code], 'warning'); continue; } // validate data or empty/set default values $v['file-del'] = !$iform_allowdel ? 0 : (int) @$v['file-del']; $v['file-title'] = !$iform_title ? '' : flexicontent_html::dataFilter($v['file-title'], 1000, 'STRING', 0); $v['file-desc'] = !$iform_desc ? '' : flexicontent_html::dataFilter($v['file-desc'], 10000, 'STRING', 0); $v['file-lang'] = !$iform_lang ? '' : flexicontent_html::dataFilter($v['file-lang'], 9, 'STRING', 0); $v['secure'] = !$iform_dir ? 0 : ((int) $v['secure'] ? 1 : 0); // UPDATE existing file if (!$new_file && $file_id) { $dbdata = array(); $dbdata['id'] = $file_id; if ($iform_title) { $dbdata['altname'] = $v['file-title']; } if ($iform_desc) { $dbdata['description'] = $v['file-desc']; } if ($iform_lang) { $dbdata['language'] = $v['file-lang']; } // !! Do not change folder for existing files //if ($iform_dir) { $dbdata['secure'] = $v['secure']; // Load file data from DB $row = JTable::getInstance('flexicontent_files', ''); $row->load($file_id); $_filename = $row->filename_original ? $row->filename_original : $row->filename; $dbdata['secure'] = $row->secure ? 1 : 0; // !! Do not change media/secure -folder- for existing files // Security concern, check file is assigned to current item $isAssigned = $this->checkFileAssignment($field, $file_id, $item); if ($v['file-del']) { if (!$isAssigned) { //JFactory::getApplication()->enqueueMessage("FILE FIELD: refusing to delete file: '".$_filename."', that is not assigned to current item", 'warning' ); } else { //JFactory::getApplication()->enqueueMessage("FILE FIELD: refusing to update file properties of a file: '".$_filename."', that is not assigned to current item", 'warning' ); } } // Delete existing file if so requested if ($v['file-del']) { $canDelete = $this->canDeleteFile($field, $file_id, $item); if ($isAssigned && $canDelete) { $fm = new FlexicontentModelFilemanager(); $fm->delete(array($file_id)); } continue; // Skip file since unloading / removal was requested } // Set the changed data into the object foreach ($dbdata as $index => $data) { $row->{$index} = $data; } // Update DB data of the file if (!$row->check() || !$row->store()) { JFactory::getApplication()->enqueueMessage("FILE FIELD: " . JFactory::getDBO()->getErrorMsg(), 'warning'); continue; } // Set file id as value of the field $v = $file_id; } else { if ($new_file) { // new file was uploaded, but also handle previous selected file ... if ($file_id) { // Security concern, check file is assigned to current item $isAssigned = $this->checkFileAssignment($field, $file_id, $item); if (!$isAssigned) { /*$row = JTable::getInstance('flexicontent_files', ''); $row->load( $file_id ); $_filename = $row->filename_original ? $row->filename_original : $row->filename; JFactory::getApplication()->enqueueMessage("FILE FIELD: refusing to delete file: '".$_filename."', that is not assigned to current item", 'warning' );*/ } else { if ($this->canDeleteFile($field, $file_id, $item)) { $fm = new FlexicontentModelFilemanager(); $fm->delete(array($file_id)); } } } // Skip file if unloading / removal was requested if ($v['file-del']) { continue; } $fman = new FlexicontentControllerFilemanager(); // Controller will do the data filter too JRequest::setVar('return-url', null, 'post'); // needed ! JRequest::setVar('secure', $v['secure'], 'post'); JRequest::setVar('file-title', $v['file-title'], 'post'); JRequest::setVar('file-desc', $v['file-desc'], 'post'); JRequest::setVar('file-lang', $v['file-lang'], 'post'); // The dform field name of the <input type="file" ... JRequest::setVar('file-ffname', 'custom', 'post'); JRequest::setVar('fname_level1', $field->name, 'post'); JRequest::setVar('fname_level2', $n, 'post'); JRequest::setVar('fname_level3', 'file-data', 'post'); $file_id = $fman->upload(); $v = !empty($file_id) ? $file_id : false; } else { // no existing file and no new file uploaded $v = 0; } } } if (!$use_ingroup) { // NOT inside field group, add it only if not empty reverse the file array, indexing it by file IDs, to add each file only once if (!empty($v) && is_numeric($v)) { $newpost[(int) $v] = $new++; } } else { // Inside fieldgroup, allow same file multiple times $newpost[$new++] = (int) $v; } } // IF NOT inside field group, the file array was reversed (indexed by file IDs), so that the same file can be added once $post = !$use_ingroup ? array_flip($newpost) : $newpost; }