if (!Guardian::happy(1) && Guardian::get('author') !== $post->author) { Shield::abort(); } Config::set(array('page_title' => $speak->deleting . ': ' . $post->title . $config->title_separator . $config->manager->title, 'page' => $post, 'cargo' => 'kill.post.php')); $G = array('data' => Mecha::A($post)); if ($request = Request::post()) { Guardian::checkToken($request['token']); File::open($post->path)->delete(); // Deleting response(s) ... if ($responses = call_user_func('Get::' . $response . 's', 'DESC', 'post:' . $id, 'txt,hold')) { foreach ($responses as $v) { File::open($v)->delete(); } } $P = array('data' => $request); include __DIR__ . DS . 'task.kill.substance.php'; // Deleting custom CSS and JavaScript file of post ... File::open(CUSTOM . DS . Date::slug($id) . '.txt')->delete(); File::open(CUSTOM . DS . Date::slug($id) . '.draft')->delete(); Weapon::fire(array('on_custom_update', 'on_custom_destruct'), array($G, $P)); // Deleting custom PHP file of post ... File::open(File::D($post->path) . DS . $post->slug . '.php')->delete(); Notify::success(Config::speak('notify_success_deleted', $post->title)); Weapon::fire(array('on_' . $segment . '_update', 'on_' . $segment . '_destruct'), array($G, $G)); Guardian::kick($config->manager->slug . '/' . $segment); } else { Notify::warning(Config::speak('notify_confirm_delete_', '<strong>' . $post->title . '</strong>')); Notify::warning(Config::speak('notify_confirm_delete_page', strtolower($speak->{$segment}), strtolower($speak->{$response . 's'}))); } Shield::lot(array('segment' => $segment))->attach('manager'); });
/** * Remove one or more entries * * @return void */ public function removeTask() { // Check for request forgeries Request::checkToken(); $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // Make sure we have an ID if (empty($ids)) { Notify::warning(Lang::txt('COM_GROUPS_ERROR_NO_ITEMS_SELECTED')); return $this->cancelTask(); } $i = 0; foreach ($ids as $id) { // Remove the entry $model = Role::oneOrFail(intval($id)); if (!$model->destroy()) { Notify::error($model->getError()); continue; } $i++; } if ($i) { Notify::success(Lang::txt('COM_GROUPS_ROLE_REMOVED')); } $this->cancelTask(); }
/** * Unapprove a group * * @return void */ public function unapproveTask() { // Incoming $ids = Request::getVar('id', array()); // Get the single ID we're working with if (!is_array($ids)) { $ids = array($ids); } // Do we have any IDs? if (!empty($ids)) { // foreach group id passed in foreach ($ids as $id) { // Load the group page $group = new Group(); $group->read($id); // Ensure we found the group info if (!$group) { continue; } // Set the group to be published and update $group->set('approved', 0); $group->update(); // log publishing Log::log(array('gidNumber' => $group->get('gidNumber'), 'action' => 'group_unapproved', 'comments' => 'unapproved by administrator')); } Notify::success(Lang::txt('COM_GROUPS_UNAPPROVED')); } // Output messsage and redirect App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false)); }
} else { $deletes = array($name); } } Config::set(array('page_title' => $speak->deleting . ': ' . (count($deletes) === 1 ? File::B($name) : $speak->assets) . $config->title_separator . $config->manager->title, 'files' => $deletes, 'cargo' => DECK . DS . 'workers' . DS . 'kill.asset.php')); if ($request = Request::post()) { Guardian::checkToken($request['token']); $info_path = array(); $is_folder_or_file = count($deletes) === 1 && is_dir(ASSET . DS . $deletes[0]) ? 'folder' : 'file'; foreach ($deletes as $file_to_delete) { $_path = ASSET . DS . $file_to_delete; $info_path[] = $_path; File::open($_path)->delete(); } $P = array('data' => array('files' => $info_path)); Notify::success(Config::speak('notify_' . $is_folder_or_file . '_deleted', '<code>' . implode('</code>, <code>', $deletes) . '</code>')); Weapon::fire('on_asset_update', array($P, $P)); Weapon::fire('on_asset_destruct', array($P, $P)); Guardian::kick($config->manager->slug . '/asset/1' . $p); } else { Notify::warning(count($deletes) === 1 ? Config::speak('notify_confirm_delete_', '<code>' . File::path($name) . '</code>') : $speak->notify_confirm_delete); } Shield::lot('segment', 'asset')->attach('manager', false); }); /** * Multiple Asset Killer * --------------------- */ Route::accept($config->manager->slug . '/asset/kill', function ($path = "") use($config, $speak) { if ($request = Request::post()) { Guardian::checkToken($request['token']);
<?php /** * Shortcode Manager * ----------------- */ Route::accept($config->manager->slug . '/shortcode', function () use($config, $speak) { if (!Guardian::happy(1)) { Shield::abort(); } $shortcodes = Get::state_shortcode(null, array(), false); $G = array('data' => $shortcodes); Config::set(array('page_title' => $speak->shortcodes . $config->title_separator . $config->manager->title, 'cargo' => 'cargo.shortcode.php')); if ($request = Request::post()) { $request = Filter::apply('request:__shortcode', $request); Guardian::checkToken($request['token']); $data = array(); for ($i = 0, $keys = $request['key'], $count = count($keys); $i < $count; ++$i) { if (trim($keys[$i]) !== "") { $data[$keys[$i]] = $request['value'][$i]; } } $P = array('data' => $data); File::serialize($data)->saveTo(STATE . DS . 'shortcode.txt', 0600); Notify::success(Config::speak('notify_success_updated', $speak->shortcode)); Weapon::fire('on_shortcode_update', array($G, $P)); Guardian::kick($config->url_current); } Shield::lot(array('segment' => 'shortcode', 'files' => Mecha::O($shortcodes)))->attach('manager'); });
return Extend::where('key', '=', $str)->where('type', '=', $input['type'])->where('id', '<>', $id)->count() == 0; }); $validator->check('key')->is_max(1, __('extend.key_missing'))->is_valid_key(__('extend.key_exists')); $validator->check('label')->is_max(1, __('extend.label_missing')); if ($errors = $validator->errors()) { Input::flash(); Notify::error($errors); return Response::redirect('admin/extend/fields/edit/' . $id); } if ($input['field'] == 'image') { $attributes = Json::encode($input['attributes']); } elseif ($input['field'] == 'file') { $attributes = Json::encode(array('attributes' => array('type' => $input['attributes']['type']))); } else { $attributes = ''; } Extend::update($id, array('type' => $input['type'], 'pagetype' => $input['pagetype'], 'field' => $input['field'], 'key' => $input['key'], 'label' => $input['label'], 'attributes' => $attributes)); Notify::success(__('extend.field_updated')); return Response::redirect('admin/extend/fields/edit/' . $id); }); /* Delete Field */ Route::get('admin/extend/fields/delete/(:num)', function ($id) { $field = Extend::find($id); Query::table(Base::table($field->type . '_meta'))->where('extend', '=', $field->id)->delete(); $field->delete(); Notify::success(__('extend.field_deleted')); return Response::redirect('admin/extend/fields'); }); });
<?php foreach ($field as $k => $v) { $f = $v['type'] === 'file' || $v['type'] === 'f'; // Remove asset field value and data if (isset($v['remove']) && $f) { File::open(SUBSTANCE . DS . $v['remove'])->delete(); Weapon::fire(array('on_substance_update', 'on_substance_destruct'), array($G, $P)); Notify::success(Config::speak('notify_file_deleted', '<code>' . $v['remove'] . '</code>')); unset($field[$k]); } // Remove empty field value if (!isset($v['value']) || $v['value'] === "") { unset($field[$k]); } else { $e = File::E($v['value']); if (!file_exists(SUBSTANCE . DS . $e . DS . $v['value']) && $f) { unset($field[$k]); } else { $field[$k] = $v['value']; } } }
<?php /** * Menu Manager * ------------ */ Route::accept($config->manager->slug . '/menu', function () use($config, $speak) { if (Guardian::get('status') !== 'pilot') { Shield::abort(); } $menus = Get::state_menu(); Config::set(array('page_title' => $speak->menus . $config->title_separator . $config->manager->title, 'cargo' => DECK . DS . 'workers' . DS . 'cargo.menu.php')); $G = array('data' => array('content' => $menus)); if ($request = Request::post()) { Guardian::checkToken($request['token']); // Check for invalid input if (preg_match('#(^|\\n)(\\t| {1,3})(?:[^ ])#', $request['content'])) { Notify::error($speak->notify_invalid_indent_character); Guardian::memorize($request); } $P = array('data' => $request); if (!Notify::errors()) { File::write($request['content'])->saveTo(STATE . DS . 'menu.txt', 0600); Notify::success(Config::speak('notify_success_updated', $speak->menu)); Weapon::fire('on_menu_update', array($G, $P)); Guardian::kick($config->url_current); } } Shield::lot(array('segment' => 'menu', 'the_content' => $menus))->attach('manager', false); });
public function update_permissions() { //return Input::all(); // // create the validation rules ------------------------ $rules = array('group_name' => 'required', 'permissions' => 'required'); $messages = array('required' => 'The :attribute required.', 'permissions.required' => 'permissions.required'); // do the validation ---------------------------------- // validate against the inputs from our form $validator = Validator::make(Input::all(), $rules, $messages); // check if the validator failed ----------------------- if ($validator->fails()) { // get the error messages from the validator $messages = $validator->messages(); // redirect our user back to the form with the errors from the validator return Redirect::to('settings/user-management/user-groups')->withErrors($validator)->withInput(); } else { // validation successful --------------------------- $permissionArray = array(); // Creating permission array foreach (Input::get('permissions') as $permission) { $permissionArray[$permission] = 1; } $is_group_exists = DB::table('groups')->where('name', '=', urldecode(Input::get('group_name')))->get(); if ($is_group_exists) { $sucsess = DB::table('groups')->where('name', '=', urldecode(Input::get('group_name')))->update(array('permissions' => json_encode($permissionArray))); if ($sucsess == 1) { Notify::success('Permissions Successfully Updated'); return Redirect::to('settings/user-management/user-groups'); } } else { try { // Create the group $group = Sentry::createGroup(array('name' => Input::get('group_name'), 'permissions' => $permissionArray)); } catch (Cartalyst\Sentry\Groups\NameRequiredException $e) { echo 'Name field is required'; } catch (Cartalyst\Sentry\Groups\GroupExistsException $e) { //echo 'Group already exists'; Notify::error('Group already exists'); return Redirect::to('settings/user-management/user-groups')->withErrors('Group already exists'); } } // redirect ---------------------------------------- return Redirect::to('settings/user-management/user-groups'); } }
$id = (int) time(); $parent = Request::post('parent'); $P = array('data' => $request); $name = strip_tags($request['name']); $email = Text::parse($request['email'], '->broken_entity'); $url = isset($request['url']) ? $request['url'] : false; $parser = strip_tags(Request::post('content_type', $config->html_parser)); $message = $request['message']; $field = Request::post('fields', array()); include DECK . DS . 'workers' . DS . 'task.field.1.php'; // Temporarily disallow image(s) in comment to prevent XSS $message = strip_tags($message, '<br><img>' . ($parser === 'HTML' ? '<a><abbr><b><blockquote><code><del><dfn><em><i><ins><p><pre><span><strong><sub><sup><time><u><var>' : "")); $message = preg_replace('#(\\!\\[.*?\\]\\(.*?\\))#', '`$1`', $message); $message = preg_replace('#<img(\\s[^<>]*?)>#', '<img$1>', $message); Page::header(array('Name' => $name, 'Email' => $email, 'URL' => $url, 'Status' => Guardian::happy() ? 'pilot' : 'passenger', 'Content Type' => $parser, 'Fields' => !empty($field) ? Text::parse($field, '->encoded_json') : false, 'UA' => Get::UA(), 'IP' => Get::IP()))->content($message)->saveTo(RESPONSE . DS . $post . '_' . Date::format($id, 'Y-m-d-H-i-s') . '_' . ($parent ? Date::format($parent, 'Y-m-d-H-i-s') : '0000-00-00-00-00-00') . $extension); Notify::success(Config::speak('notify_success_submitted', $speak->comment)); if ($extension === '.hold') { Notify::info($speak->notify_info_comment_moderation); } Weapon::fire('on_comment_update', array($P, $P)); Weapon::fire('on_comment_construct', array($P, $P)); if ($config->comment_notification_email) { $mail = '<p>' . Config::speak('comment_notification', $article->url . '#' . sprintf($comment_id, Date::format($id, 'U'))) . '</p>'; $mail .= '<p><strong>' . $name . ':</strong></p>'; $mail .= $parser !== 'HTML' ? Text::parse($message, '->html') : $message; $mail .= '<p>' . Date::format($id, 'Y/m/d H:i:s') . '</p>'; // Sending email notification ... if (!Guardian::happy()) { if (Notify::send($request['email'], $config->author_email, $speak->comment_notification_subject, $mail, 'comment:')) { Weapon::fire('on_comment_notification_construct', array($request, $config->author_email, $speak->comment_notification_subject, $mail)); }
* Login Page * ---------- * * [1]. manager/login * */ Route::accept($config->manager->slug . '/login', function () use($config, $speak) { if (!File::exist(File::D(__DIR__) . DS . 'launch.php')) { Shield::abort('404-manager'); } if (Guardian::happy()) { Guardian::kick($config->manager->slug . '/article'); } Config::set(array('page_title' => $speak->log_in . $config->title_separator . $config->title, 'cargo' => 'cargo.login.php')); include __DIR__ . DS . 'cargo.php'; if ($request = Request::post()) { Guardian::authorize()->kick(isset($request['kick']) ? $request['kick'] : $config->manager->slug . '/article'); } Shield::attach('manager-login'); }, 20); /** * Logout Page * ----------- * * [1]. manager/logout * */ Route::accept($config->manager->slug . '/logout', function () use($config, $speak) { Notify::success(ucfirst(strtolower($speak->logged_out)) . '.'); Guardian::reject()->kick($config->manager->slug . '/login'); }, 21);
return Page::where('slug', '=', $str)->count() == 0; }); $validator->check('title')->is_max(3, __('pages.title_missing')); $validator->check('slug')->is_max(3, __('pages.slug_missing'))->is_duplicate(__('pages.slug_duplicate'))->not_regex('#^[0-9_-]+$#', __('pages.slug_invalid')); if ($input['redirect']) { $validator->check('redirect')->is_url(__('pages.redirect_missing')); } if ($errors = $validator->errors()) { Input::flash(); Notify::error($errors); return Response::redirect('admin/pages/add'); } if (empty($input['name'])) { $input['name'] = $input['title']; } $input['show_in_menu'] = is_null($input['show_in_menu']) ? 0 : 1; $page = Page::create($input); Extend::process('page', $page->id); Notify::success(__('pages.created')); return Response::redirect('admin/pages'); }); /* Delete Page */ Route::get('admin/pages/delete/(:num)', function ($id) { Page::find($id)->delete(); Query::table(Base::table('page_meta'))->where('page', '=', $id)->delete(); Notify::success(__('pages.deleted')); return Response::redirect('admin/pages'); }); });
/** * Sets the state of one or more entries * * @return void */ public function stateTask() { // Check for request forgeries Request::checkToken('get'); $id = Request::getInt('id', 0, 'get'); switch ($this->_task) { case 'publish': case 'unpublish': $publish = $this->_task == 'publish' ? 1 : 0; // Check for an ID if (!$id) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_STORE_ALERT_SELECT_ITEM') . ' ' . ($publish == 1 ? 'published' : 'unpublished'), 'error'); return; } // Update record(s) $obj = new Store($this->database); $obj->load($id); $obj->published = $publish; if (!$obj->store()) { throw new Exception($obj->getError(), 500); } // Set message if ($publish == '1') { Notify::success(Lang::txt('COM_STORE_MSG_ITEM_ADDED')); } else { if ($publish == '0') { Notify::success(Lang::txt('COM_STORE_MSG_ITEM_DELETED')); } } break; case 'available': case 'unavailable': $avail = $this->_task == 'available' ? 1 : 0; // Check for an ID if (!$id) { App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_STORE_ALERT_SELECT_ITEM') . ' ' . ($avail == 1 ? 'available' : 'unavailable'), 'error'); return; } // Update record(s) $obj = new Store($this->database); $obj->load($id); $obj->available = $avail; if (!$obj->store()) { throw new Exception($obj->getError(), 500); } // Set message if ($avail == '1') { Notify::success(Lang::txt('COM_STORE_MSG_ITEM_AVAIL')); } else { if ($avail == '0') { Notify::success(Lang::txt('COM_STORE_MSG_ITEM_UNAVAIL')); } } break; } App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false)); }
/** * Update the associated resource page for this tool * * @param integer $rid Resource ID * @param array $status Fields to update * @param integer $published Published state * @param integer $newtool Updating for a new tool? * @return boolean True if no errors */ public function updatePage($rid, $status = array(), $published = 0, $newtool = 0) { if ($rid === NULL) { return false; } $resource = new \Components\Resources\Tables\Resource($this->database); $resource->load($rid); if (count($status) > 0) { $resource->fulltxt = addslashes($status['fulltxt']); $resource->introtext = $status['description']; $resource->title = preg_replace('/\\s+/', ' ', $status['title']); $resource->modified = Date::toSql(); $resource->modified_by = User::get('id'); } if ($published) { $resource->published = $published; } if ($newtool && $published == 1) { $resource->publish_up = Date::toSql(); } if (!$resource->store()) { $this->setError($row->getError()); return false; } else { if ($newtool) { \Notify::success(Lang::txt('COM_TOOLS_NOTICE_RES_PUBLISHED'), 'tools'); } else { \Notify::success(Lang::txt('COM_TOOLS_NOTICE_RES_UPDATED'), 'tools'); } } return true; }
<?php // The `__launch.php` file will be included only in the backend Route::accept($config->manager->slug . '/plugin/' . File::B(__DIR__) . '/update', function () use($config, $speak) { if ($request = Request::post()) { Guardian::checkToken($request['token']); // [2] File::write('test!')->saveTo(__DIR__ . DS . 'states' . DS . 'config.txt', 0600); Notify::success(Config::speak('notify_success_updated', $speak->plugin)); // [3] Guardian::kick(File::D($config->url_current)); // [4] } });
$input = Input::get(array('key', 'value')); $input['key'] = slug($input['key'], '_'); $validator = new Validator($input); $validator->add('valid_key', function ($str) use($key) { // no change if ($str == $key) { return true; } // check the new key $str is available return Query::table(Base::table('pagetypes'))->where('key', '=', $str)->count() == 0; }); $validator->check('key')->is_max(2, __('extend.key_missing'))->is_valid_key(__('extend.key_exists')); $validator->check('value')->is_max(1, __('extend.name_missing')); if ($errors = $validator->errors()) { Input::flash(); Notify::error($errors); return Response::redirect('admin/extend/pagetypes/edit/' . $key); } Query::table(Base::table('pagetypes'))->where('key', '=', $key)->update($input); Notify::success(__('extend.pagetype_updated')); return Response::redirect('admin/extend/pagetypes'); }); /* Delete Var */ Route::get('admin/extend/pagetypes/delete/(:any)', function ($key) { Query::table(Base::table('pagetypes'))->where('key', '=', $key)->delete(); Notify::success(__('extend.pagetype_deleted')); return Response::redirect('admin/extend/pagetypes'); }); });
$input['comments'] = 0; } if (empty($input['html'])) { $input['status'] = 'draft'; } $post = Post::create($input); Extend::process('post', $post->id); Notify::success(__('posts.created')); return Response::redirect('admin/posts'); }); /* Preview post */ Route::post('admin/posts/preview', function () { $html = Input::get('html'); // apply markdown processing $md = new Markdown(); $output = Json::encode(array('html' => $md->transform($html))); return Response::create($output, 200, array('content-type' => 'application/json')); }); /* Delete post */ Route::get('admin/posts/delete/(:num)', function ($id) { Post::find($id)->delete(); Comment::where('post', '=', $id)->delete(); Query::table(Base::table('post_meta'))->where('post', '=', $id)->delete(); Notify::success(__('posts.deleted')); return Response::redirect('admin/posts'); }); });
$vars['themes'] = Themes::all(); return View::create('extend/metadata/edit', $vars)->partial('header', 'partials/header')->partial('footer', 'partials/footer'); }); /* Update Metadata */ Route::post('admin/extend/metadata', function () { $input = Input::get(array('sitename', 'description', 'home_page', 'posts_page', 'posts_per_page', 'auto_published_comments', 'theme', 'comment_notifications', 'comment_moderation_keys', 'show_all_posts', 'dashboard_page')); foreach ($input as $key => $value) { $input[$key] = eq($value); } $validator = new Validator($input); $validator->check('sitename')->is_max(3, __('metadata.sitename_missing')); $validator->check('description')->is_max(3, __('metadata.sitedescription_missing')); $validator->check('posts_per_page')->is_regex('#^[0-9]+$#', __('metadata.missing_posts_per_page', 'Please enter a number for posts per page')); if ($errors = $validator->errors()) { Input::flash(); Notify::error($errors); return Response::redirect('admin/extend/metadata'); } // convert double quotes so we dont break html $input['sitename'] = e($input['sitename'], ENT_COMPAT); $input['description'] = e($input['description'], ENT_COMPAT); foreach ($input as $key => $v) { $v = is_null($v) ? 0 : $v; Query::table(Base::table('meta'))->where('key', '=', $key)->update(array('value' => $v)); } Notify::success(__('metadata.updated')); return Response::redirect('admin/extend/metadata'); }); });
public static function upload($file, $destination = ROOT, $callback = null) { $config = Config::get(); $speak = Config::speak(); $destination = self::path($destination); $errors = Mecha::A($speak->notify_file); // Create a safe file name $file['name'] = Text::parse($file['name'], '->safe_file_name'); $extension = self::E($file['name']); // Something goes wrong if ($file['error'] > 0 && isset($errors[$file['error']])) { Notify::error($errors[$file['error']]); } else { // Destination not found if (!file_exists($destination)) { self::pocket($destination); } // Unknown file type if (!isset($file['type']) || empty($file['type'])) { Notify::error($speak->notify_error_file_type_unknown); } // Bad file extension $extension_allow = ',' . implode(',', self::$config['file_extension_allow']) . ','; if (strpos($extension_allow, ',' . $extension . ',') === false) { Notify::error(Config::speak('notify_error_file_extension', $extension)); } // Too small if ($file['size'] < self::$config['file_size_min_allow']) { Notify::error(Config::speak('notify_error_file_size_min', self::size(self::$config['file_size_min_allow'], 'KB'))); } // Too large if ($file['size'] > self::$config['file_size_max_allow']) { Notify::error(Config::speak('notify_error_file_size_max', self::size(self::$config['file_size_max_allow'], 'KB'))); } } if (!Notify::errors()) { // Move the uploaded file to the destination folder if (!file_exists($destination . DS . $file['name'])) { move_uploaded_file($file['tmp_name'], $destination . DS . $file['name']); } else { Notify::error(Config::speak('notify_file_exist', '<code>' . $file['name'] . '</code>')); } if (!Notify::errors()) { // Create public asset link to show on file uploaded $link = self::url($destination) . '/' . $file['name']; Notify::success(Config::speak('notify_file_uploaded', '<code>' . $file['name'] . '</code>')); self::$open = $destination . DS . $file['name']; if (is_callable($callback)) { call_user_func($callback, $file['name'], $file['type'], $file['size'], $link); } } return new static(); } return false; }
/** * Process import selections * * @return void */ private function processAction() { // Check if they're logged in if (User::isGuest()) { return $this->loginAction(); } if (!$this->params->get('access-manage')) { throw new Exception(Lang::txt('PLG_MEMBERS_CITATIONS_NOT_AUTHORIZED'), 403); } Request::checkToken(); $cites_require_attention = $this->importer->readRequiresAttention(); $cites_require_no_attention = $this->importer->readRequiresNoAttention(); // action for citations needing attention $citations_action_attention = Request::getVar('citation_action_attention', array()); // action for citations needing no attention $citations_action_no_attention = Request::getVar('citation_action_no_attention', array()); // check to make sure we have citations if (!$cites_require_attention && !$cites_require_no_attention) { App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=import'), Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_MISSING_FILE_CONTINUE'), 'error'); return; } // vars $allow_tags = "yes"; $allow_badges = "yes"; $this->importer->set('user', User::get('id')); $this->importer->setTags($allow_tags == 'yes'); $this->importer->setBadges($allow_badges == 'yes'); $this->importer->set('scope_id', $this->member->get('uidNumber')); $this->importer->set('scope', 'member'); // Process $results = $this->importer->process($citations_action_attention, $citations_action_no_attention); // success message a redirect Notify::success(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVED', count($results['saved'])), 'plg_citations'); // if we have citations not getting saved if (count($results['not_saved']) > 0) { Notify::warning(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_NOT_SAVED', count($results['not_saved'])), 'plg_citations'); } if (count($results['error']) > 0) { Notify::error(Lang::txt('PLG_MEMBERS_CITATIONS_IMPORT_RESULTS_SAVE_ERROR', count($results['error'])), 'plg_citations'); } //get the session object $session = App::get('session'); //ids of sessions saved and not saved $session->set('citations_saved', $results['saved']); $session->set('citations_not_saved', $results['not_saved']); $session->set('citations_error', $results['error']); //delete the temp files that hold citation data $this->importer->cleanup(true); //redirect App::redirect(Route::url($this->member->getLink() . '&active=' . $this->_name . '&action=saved')); }
/** * Method to save the form data. * * @param array The form data. * @return boolean True on success. */ public function save($data) { // Detect disabled extension $extension = JTable::getInstance('Extension'); if ($extension->load(array('enabled' => 0, 'type' => 'template', 'element' => $data['template'], 'client_id' => $data['client_id']))) { $this->setError(Lang::txt('COM_TEMPLATES_ERROR_SAVE_DISABLED_TEMPLATE')); return false; } // Initialise variables; $table = $this->getTable(); $pk = !empty($data['id']) ? $data['id'] : (int) $this->getState('style.id'); $isNew = true; // Load the row if saving an existing record. if ($pk > 0) { $table->load($pk); $isNew = false; } if (Request::getVar('task') == 'save2copy') { $data['title'] = $this->generateNewTitle(null, null, $data['title']); $data['home'] = 0; $data['assigned'] = ''; } // Bind the data. if (!$table->bind($data)) { $this->setError($table->getError()); return false; } // Prepare the row for saving $this->prepareTable($table); // Check the data. if (!$table->check()) { $this->setError($table->getError()); return false; } // Trigger the onExtensionBeforeSave event. $result = Event::trigger('extension.onExtensionBeforeSave', array('com_templates.style', &$table, $isNew)); if (in_array(false, $result, true)) { $this->setError($table->getError()); return false; } // Store the data. if (!$table->store()) { $this->setError($table->getError()); return false; } if (User::authorise('core.edit', 'com_menus') && $table->client_id == 0) { $n = 0; $db = App::get('db'); if (!empty($data['assigned']) && is_array($data['assigned'])) { \Hubzero\Utility\Arr::toInteger($data['assigned']); // Update the mapping for menu items that this style IS assigned to. $query = $db->getQuery(true); $query->update('#__menu'); $query->set('template_style_id=' . (int) $table->id); $query->where('id IN (' . implode(',', $data['assigned']) . ')'); $query->where('template_style_id!=' . (int) $table->id); $query->where('checked_out in (0,' . (int) User::get('id') . ')'); $db->setQuery($query); $db->query(); $n += $db->getAffectedRows(); } // Remove style mappings for menu items this style is NOT assigned to. // If unassigned then all existing maps will be removed. $query = $db->getQuery(true); $query->update('#__menu'); $query->set('template_style_id=0'); if (!empty($data['assigned'])) { $query->where('id NOT IN (' . implode(',', $data['assigned']) . ')'); } $query->where('template_style_id=' . (int) $table->id); $query->where('checked_out in (0,' . (int) User::get('id') . ')'); $db->setQuery($query); $db->query(); $n += $db->getAffectedRows(); if ($n > 0) { Notify::success(Lang::txts('COM_TEMPLATES_MENU_CHANGED', $n)); } } // Clean the cache. $this->cleanCache(); // Trigger the onExtensionAfterSave event. Event::trigger('extension.onExtensionAfterSave', array('com_templates.style', &$table, $isNew)); $this->setState('style.id', $table->id); return true; }
/** * Vote on a comment * * @return void */ protected function _vote() { // Ensure the user is logged in if (User::isGuest()) { return $this->_login(); } $no_html = Request::getInt('no_html', 0); // Record the vote if ($item_id = Request::getInt('voteup', 0)) { $how = 1; } else { if ($item_id = Request::getInt('votedown', 0)) { $how = -1; } } $item = \Plugins\Hubzero\Comments\Models\Comment::oneOrFail($item_id); if (!$item->vote($how)) { $this->setError($item->getError()); } if (!$no_html) { if ($this->getError()) { Notify::error($this->getError()); } else { Notify::success(Lang::txt('PLG_HUBZERO_COMMENTS_VOTE_SAVED')); } App::redirect($this->url); } $item->set('vote', $how); $this->view->setLayout('vote'); $this->view->set('item', $item); $this->view->setErrors($this->getErrors()); // Ugly brute force method of cleaning output ob_clean(); echo $this->view->loadTemplate(); exit; }
Notify::error($errors); return Response::redirect('admin/categories/add'); } if (empty($input['slug'])) { $input['slug'] = $input['title']; } $input['slug'] = slug($input['slug']); $category = Category::create($input); Extend::process('category', $category->id); Notify::success(__('categories.created')); return Response::redirect('admin/categories'); }); /* Delete Category */ Route::get('admin/categories/delete/(:num)', function ($id) { $total = Category::count(); if ($total == 1) { Notify::error(__('categories.delete_error')); return Response::redirect('admin/categories/edit/' . $id); } // move posts $category = Category::where('id', '<>', $id)->fetch(); // delete selected Category::find($id)->delete(); // update posts Post::where('category', '=', $id)->update(array('category' => $category->id)); Notify::success(__('categories.deleted')); return Response::redirect('admin/categories'); }); });
function do_comment_construct() { $config = Config::get(); $speak = Config::speak(); if ($config->page_type === 'article') { $comment_id = 'comment-%d'; // Your comment ID $comment_form_id = 'comment-form'; // Your comment form ID $article = isset($config->article->path) ? $config->article : false; $G = array('data' => array('article' => Mecha::A($article), 'comment_id' => $comment_id, 'comment_form_id' => $comment_form_id)); if ($article !== false && ($request = Request::post())) { if ($task = File::exist(SHIELD . DS . $config->shield . DS . 'workers' . DS . 'task.comment.php')) { require $task; // Custom comment constructor } else { // Check token Guardian::checkToken($request['token'], $article->url . '#' . $comment_form_id); $extension = $config->comments->moderation && !Guardian::happy() ? '.hold' : '.txt'; // Check name if (trim($request['name']) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->name)); } // Check email if (trim($request['email']) !== "") { if (!Guardian::check($request['email'], '->email')) { Notify::error($speak->notify_invalid_email); } else { // Disallow passenger(s) from entering your email address in the comment email field if (!Guardian::happy() && $request['email'] === $config->author->email) { Notify::warning(Config::speak('notify_warning_forbidden_input', array('<em>' . $request['email'] . '</em>', strtolower($speak->email)))); } } } else { Notify::error(Config::speak('notify_error_empty_field', $speak->email)); } // Check URL if (trim($request['url']) !== "" && !Guardian::check($request['url'], '->url')) { Notify::error($speak->notify_invalid_url); } // Check message if (trim($request['message']) === "") { Notify::error(Config::speak('notify_error_empty_field', $speak->message)); } // Check challenge if (!Guardian::checkMath($request['math'])) { Notify::error($speak->notify_invalid_math_answer); } // Check name length if (Guardian::check($request['name'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->name)); } // Check email length if (Guardian::check($request['email'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->email)); } // Check URL length if (Guardian::check($request['url'], '->too_long', 100)) { Notify::error(Config::speak('notify_error_too_long', $speak->url)); } // Check message length if (Guardian::check($request['message'], '->too_long', 1700)) { Notify::error(Config::speak('notify_error_too_long', $speak->message)); } // Check for spam keyword(s) in comment $fucking_words = explode(',', $config->keywords_spam); foreach ($fucking_words as $spam) { if ($f**k = trim($spam)) { if ($request['email'] === $f**k || strpos(strtolower($request['message']), strtolower($f**k)) !== false) { Notify::warning($speak->notify_warning_intruder_detected . ' <strong class="text-error pull-right">' . $f**k . '</strong>'); break; } } } if (!Notify::errors()) { $post = Date::slug($article->time); $id = (int) time(); $parent = Request::post('parent'); $P = array('data' => $request); $P['data']['id'] = $id; $name = strip_tags($request['name']); $email = Text::parse($request['email'], '->broken_entity'); $url = isset($request['url']) && trim($request['url']) !== "" ? $request['url'] : false; $parser = strip_tags(Request::post('content_type', $config->html_parser->active)); $message = Text::parse($request['message'], '->text', WISE_CELL . '<img>', false); $field = Request::post('fields', array()); include File::D(__DIR__, 2) . DS . 'task.fields.php'; // Temporarily disallow image(s) in comment to prevent XSS $message = preg_replace('#<img(\\s[^<>]*?)>#i', '<img$1>', $message); Page::header(array('Name' => $name, 'Email' => $email, 'URL' => $url, 'Status' => Guardian::happy() ? 1 : 2, 'Content Type' => $parser, 'Fields' => !empty($field) ? Text::parse($field, '->encoded_json') : false))->content($message)->saveTo(COMMENT . DS . $post . '_' . Date::slug($id) . '_' . ($parent ? Date::slug($parent) : '0000-00-00-00-00-00') . $extension); Notify::success(Config::speak('notify_success_submitted', $speak->comment)); if ($extension === '.hold') { Notify::info($speak->notify_info_comment_moderation); } Weapon::fire(array('on_comment_update', 'on_comment_construct'), array($G, $P)); Guardian::kick($config->url_current . $config->ur_query . (!Guardian::happy() && $config->comments->moderation ? '#' . $comment_form_id : '#' . sprintf($comment_id, Date::format($id, 'U')))); } else { Guardian::kick($config->url_current . $config->url_query . '#' . $comment_form_id); } } } } }
<?php /** * Error Log * --------- */ Route::accept($config->manager->slug . '/error', function () use($config, $speak) { Config::set(array('page_title' => $speak->errors . $config->title_separator . $config->manager->title, 'cargo' => 'cargo.error.php')); Shield::lot(array('segment' => 'error', 'content' => File::open(ini_get('error_log'))->read(false)))->attach('manager'); }); /** * Error Log Killer * ---------------- */ Route::accept($config->manager->slug . '/error/kill', function () use($config, $speak) { if (!Guardian::happy(1)) { Shield::abort(); } $errors = LOG . DS . 'errors.log'; $G = array('data' => array('content' => File::open($errors)->read())); File::open($errors)->delete(); Weapon::fire('on_error_destruct', array($G, $G)); Notify::success(Config::speak('notify_success_deleted', $speak->file)); Guardian::kick(File::D($config->url_current)); });
if ($errors = $validator->errors()) { Input::flash(); Notify::error($errors); return Response::redirect($posts_page->slug . '/' . $slug . '#comment'); } $input['post'] = Post::slug($slug)->id; $input['date'] = Date::mysql('now'); $input['status'] = Config::meta('auto_published_comments') ? 'approved' : 'pending'; // remove bad tags $input['text'] = strip_tags($input['text'], '<a>,<b>,<blockquote>,<code>,<em>,<i>,<p>,<pre>'); // check if the comment is possibly spam if ($spam = Comment::spam($input)) { $input['status'] = 'spam'; } $comment = Comment::create($input); Notify::success(__('comments.created')); // dont notify if we have marked as spam if (!$spam and Config::meta('comment_notifications')) { $comment->notify(); } return Response::redirect($posts_page->slug . '/' . $slug . '#comment'); }); /** * Rss feed */ Route::get(array('rss', 'feeds/rss'), function () { $uri = 'http://' . $_SERVER['HTTP_HOST']; $rss = new Rss(Config::meta('sitename'), Config::meta('description'), $uri, Config::app('language')); $query = Post::where('status', '=', 'published')->sort(Base::table('posts.created'), 'desc'); foreach ($query->get() as $article) { $rss->item($article->title, Uri::full(Registry::get('posts_page')->slug . '/' . $article->slug), $article->description, $article->created);
} else { Notify::warning(Config::speak('notify_confirm_delete_', $path ? '<code>' . File::path($path) . '</code>' : '<strong>' . $info['title'] . '</strong>')); } Shield::lot(array('segment' => 'shield', 'the_shield' => $folder, 'the_name' => $path, 'the_info' => $info))->attach('manager', false); }); /** * Shield Attacher * --------------- */ Route::accept($config->manager->slug . '/shield/(attach|eject)/id:(:any)', function ($path = "", $slug = "") use($config, $speak) { $new_config = Get::state_config(); $new_config['shield'] = $path === 'attach' ? $slug : 'normal'; File::serialize($new_config)->saveTo(STATE . DS . 'config.txt', 0600); $G = array('data' => array('id' => $slug, 'action' => $path)); $mode = $path === 'eject' ? 'eject' : 'mount'; Notify::success(Config::speak('notify_success_updated', $speak->shield)); Weapon::fire('on_shield_update', array($G, $G)); Weapon::fire('on_shield_' . $mode, array($G, $G)); Weapon::fire('on_shield_' . md5($slug) . '_update', array($G, $G)); Weapon::fire('on_shield_' . md5($slug) . '_' . $mode, array($G, $G)); foreach (glob(SYSTEM . DS . 'log' . DS . 'asset.*.log', GLOB_NOSORT) as $asset_cache) { File::open($asset_cache)->delete(); } Guardian::kick($config->manager->slug . '/shield/' . $slug); }); /** * Shield Backup * ------------- */ Route::accept($config->manager->slug . '/shield/backup/id:(:any)', function ($folder = "") use($config, $speak) { $name = $folder . '.zip';
if (trim($request['name']) === "") { $request['name'] = $id . '.txt'; // empty file name } $_path = Text::parse(sprintf($request['name'], $id), '->safe_path_name'); $e = File::E($_path, false); if ($e !== 'txt' && $e !== 'php') { $e = 'txt'; $_path .= '.txt'; } $_path_ = File::path($_path); $file = ASSET . DS . '__snippet' . DS . $e . DS . $_path; if (File::exist($file)) { // file already exists Notify::error(Config::speak('notify_file_exist', '<code>' . $_path_ . '</code>')); } if (trim($request['content']) === "") { // empty file content Notify::error($speak->notify_error_content_empty); } if (!Notify::errors()) { $recent = array_slice(File::open(CACHE . DS . 'plugin.snippet.cache')->unserialize(), 0, $config->per_page); File::serialize(array_merge(array($_path), $recent))->saveTo(CACHE . DS . 'plugin.snippet.cache', 0600); $url = $config->manager->slug . '/asset/repair/file:__snippet/' . $e . '/' . File::url($_path) . '?path=' . urlencode(rtrim('__snippet/' . $e . '/' . File::D(File::url($_path)), '/')); File::write($request['content'])->saveTo($file, 0600); Notify::success(Config::speak('notify_file_created', '<code>' . $_path_ . '</code>' . (!isset($request['redirect']) ? ' <a class="pull-right" href="' . $config->url . '/' . $url . '" target="_blank">' . Jot::icon('pencil') . ' ' . $speak->edit . '</a>' : ""))); Notify::info('<strong>' . $speak->shortcode . ':</strong> <code>{{' . ($e === 'php' ? 'include' : 'print') . ':' . str_replace('.' . $e . X, "", File::url($_path) . X) . '}}</code>'); Guardian::kick(isset($request['redirect']) ? $url : File::D($config->url_current)); } Guardian::kick(File::D($config->url_current)); });
}); Route::post('admin/users/add', function () { $input = Input::get(array('username', 'email', 'real_name', 'password', 'bio', 'status', 'role')); $validator = new Validator($input); $validator->check('username')->is_max(3, __('users.username_missing', 2)); $validator->check('email')->is_email(__('users.email_missing')); $validator->check('password')->is_max(6, __('users.password_too_short', 6)); if ($errors = $validator->errors()) { Input::flash(); Notify::error($errors); return Response::redirect('admin/users/add'); } $input['password'] = Hash::make($input['password']); User::create($input); Notify::success(__('users.created')); return Response::redirect('admin/users'); }); /* Delete user */ Route::get('admin/users/delete/(:num)', function ($id) { $self = Auth::user(); if ($self->id == $id) { Notify::error(__('users.delete_error')); return Response::redirect('admin/users/edit/' . $id); } User::where('id', '=', $id)->delete(); Notify::success(__('users.deleted')); return Response::redirect('admin/users'); }); });
/** * Delete Import * * @return void */ public function removeTask() { // check token Session::checkToken(); // get request vars $ids = Request::getVar('id', array()); $ids = !is_array($ids) ? array($ids) : $ids; // loop through all ids posted $i = 0; foreach ($ids as $id) { // make sure we have an object $import = Import::oneOrFail($id); if (!$import->get('id')) { continue; } // attempt to delete import if (!$import->destroy()) { Notify::error($import->getError()); continue; } $i++; } if ($i) { Notify::success(Lang::txt('COM_MEMBERS_IMPORT_REMOVED')); } //inform user & redirect $this->cancelTask(); }