/** * Facebook Open Graph implementation * * @param mixed $listing * @param mixed $meta */ function facebookOpenGraph(&$listing, $meta) { // http://developers.facebook.com/docs/opengraph/ $option = Sanitize::getString($_REQUEST, 'option', ''); $view = Sanitize::getString($_REQUEST, 'view', ''); $id = Sanitize::getInt($_REQUEST, 'id'); // Make sure this is a Joomla article page if (!($option == 'com_content' && $view == 'article' && $id)) { return; } $Config = Configure::read('JreviewsSystem.Config'); if (empty($Config)) { $cache_file = 'jreviews_config_' . md5(cmsFramework::getConfig('secret')); $Config = S2Cache::read($cache_file); } $facebook_xfbml = Sanitize::getBool($Config, 'facebook_opengraph') && Sanitize::getBool($Config, 'facebook_appid'); // Make sure FB is enabled and we have an FB App Id if (!$facebook_xfbml) { return; } extract($meta); $title == '' and $title = $listing['Listing']['title']; $description == '' and $description = Sanitize::htmlClean(Sanitize::stripAll($listing['Listing'], 'summary')); $image = isset($listing['Listing']['images'][0]) ? cmsFramework::makeAbsUrl(_DS . _JR_WWW_IMAGES . $listing['Listing']['images'][0]['path']) : null; if (!$image) { $img_src = '/<img[^>]+src[\\s=\'"]+([^"\'>\\s]+(jpg)+)/is'; preg_match($img_src, $listing['Listing']['summary'], $matches); if (isset($matches[1])) { $image = $matches[1]; } } $url = cmsFramework::makeAbsUrl($listing['Listing']['url'], array('sef' => true, 'ampreplace' => true)); $fields = $listing['Field']['pairs']; // You can add other Open Graph meta tags by adding the attribute, custom field pair to the array below $tags = array('title' => $title, 'url' => $url, 'image' => $image, 'site_name' => cmsFramework::getConfig('sitename'), 'description' => $description, 'type' => Sanitize::getString($listing['ListingType']['config'], 'facebook_opengraph_type'), 'latitude' => Sanitize::getString($Config, 'geomaps.latitude'), 'longitude' => Sanitize::getString($Config, 'geomaps.longitude'), 'street-address' => Sanitize::getString($Config, 'geomaps.address1'), 'locality' => Sanitize::getString($Config, 'geomaps.city'), 'region' => Sanitize::getString($Config, 'geomaps.state'), 'postal-code' => Sanitize::getString($Config, 'geomaps.postal_code'), 'country-name' => Sanitize::getString($Config, 'geomaps.country', Sanitize::getString($Config, 'geomaps.default_country'))); cmsFramework::addScript('<meta property="fb:app_id" content="' . Sanitize::getString($Config, 'facebook_appid') . '"/>'); Sanitize::getString($Config, 'facebook_admins') != '' and cmsFramework::addScript('<meta property="fb:admins" content="' . str_replace(' ', '', $Config->facebook_admins) . '"/>'); // cmsFramework::addScript('<meta property="fb:admins" content="YOUR-ADMIN-ID"/>'); // It's app_id or this, not both # Loop through the tags array to add the additional FB meta tags foreach ($tags as $attr => $fname) { $content = ''; if (substr($fname, 0, 3) == 'jr_') { // It's a custom field $content = isset($fields[$fname]) ? htmlspecialchars($fields[$fname]['text'][0], ENT_QUOTES, 'utf-8') : ''; } elseif ($fname != '') { // It's a static text, not a custom field $content = htmlspecialchars($fname); } $content != '' and cmsFramework::addScript('<meta property="og:' . $attr . '" content="' . $content . '"/>'); } }
function listings() { if (Sanitize::getString($this->params, 'action') == 'xml') { $access = $this->cmsVersion == CMS_JOOMLA15 ? $this->Access->getAccessId() : $this->Access->getAccessLevels(); $feed_filename = PATH_ROOT . 'cache' . DS . 'jreviewsfeed_' . md5($access . $this->here) . '.xml'; $this->Feeds->useCached($feed_filename, 'listings'); } $this->name = 'categories'; // Required for assets helper if ($this->_user->id === 0 && ($this->action != 'search' || $this->action == 'search' && Sanitize::getVar($this->params, 'tag') != '')) { $this->cacheAction = Configure::read('Cache.expires'); } $this->autoRender = false; $action = Sanitize::paranoid($this->action); $dir_id = str_replace(array('_', ' '), array(',', ''), Sanitize::getString($this->params, 'dir')); $section_id = Sanitize::getString($this->params, 'section'); $cat_id = Sanitize::getString($this->params, 'cat'); $criteria_id = Sanitize::getString($this->params, 'criteria'); $user_id = Sanitize::getInt($this->params, 'user', $this->_user->id); $index = Sanitize::getString($this->params, 'index'); $sort = Sanitize::getString($this->params, 'order'); if ($sort == '' && in_array($this->action, array('category', 'section', 'alphaindex', 'search', 'custom'))) { $sort = Sanitize::getString($this->Config, 'list_order_field'); } $sort == '' and $sort = Sanitize::getString($this->Config, 'list_order_default'); $menu_id = Sanitize::getInt($this->params, 'menu', Sanitize::getString($this->params, 'Itemid')); // Avoid running the listing query if in section page and listings disabled $query_listings = $this->action != 'section' || $this->action == 'section' && $this->Config->list_show_sectionlist; $total_special = Sanitize::getInt($this->data, 'total_special'); if (!in_array($this->action, array('section', 'category')) && $total_special > 0) { $total_special <= $this->limit and $this->limit = $total_special; } $listings = array(); $parent_categories = array(); $count = 0; $conditions = array(); $joins = array(); if ($action == 'category') { // Find directory and section id if ($this->cmsVersion == CMS_JOOMLA15 && ($category = $this->Category->findRow(array('conditions' => array('Category.id = ' . $cat_id))))) { $dir_id = $this->params['dir'] = $category['Category']['dir_id']; $section_id = $this->params['section'] = $category['Category']['section_id']; } elseif ($parent_categories = $this->Category->findParents($cat_id)) { $category = end($parent_categories); // This is the current category if (!$category['Category']['published'] || !$this->Access->isAuthorized($category['Category']['access'])) { echo $this->render('elements', 'login'); return; } $dir_id = $this->params['dir'] = $category['Directory']['dir_id']; $categories = $this->Category->findTree(array('cat_id' => $cat_id)); } # Override global configuration isset($category['ListingType']) and $this->Config->override($category['ListingType']['config']); $sort = Sanitize::getString($this->params, 'order', Sanitize::getString($this->Config, 'list_order_field')); $sort == '' and $sort = Sanitize::getString($this->Config, 'list_order_default'); } # Remove unnecessary fields from model query $this->Listing->modelUnbind('Listing.fulltext AS `Listing.description`'); # Get section and category database information if ($this->cmsVersion == CMS_JOOMLA15 && in_array($action, array('section', 'category'))) { $fields = array(); # Get all categories for page if ($this->Config->dir_cat_num_entries || $this->Config->dir_category_hide_empty) { $fields = array(' (SELECT count(*) FROM #__content AS Listing INNER JOIN #__jreviews_categories AS JreviewsCategory ON JreviewsCategory.id = Listing.catid AND JreviewsCategory.`option` = "com_content" WHERE Listing.sectionid = ' . $section_id . ' AND Listing.catid = Category.id AND Listing.state = 1 AND Listing.access <= ' . $this->Access->getAccessId() . ' AND ( Listing.publish_up = "' . NULL_DATE . '" OR Listing.publish_up <= "' . _CURRENT_SERVER_TIME . '" ) AND ( Listing.publish_down = "' . NULL_DATE . '" OR Listing.publish_down >= "' . _CURRENT_SERVER_TIME . '" ) ) AS `Category.listing_count` '); } $categories = $this->Category->findAll(array('fields' => $fields, 'conditions' => array('Category.section = ' . (int) $section_id, 'Category.published = 1'), 'order' => $this->Config->dir_category_order ? 'Category.title ASC' : 'Category.ordering ASC')); $category_tmp = current($categories); $dir_id = $category_tmp['Category']['dir_id']; $section = $this->Section->findRow(array('fields' => array((int) $dir_id . ' AS `Section.dir_id`'), 'conditions' => array('Section.id = ' . (int) $section_id))); # Fake the parent_categories array based on section and category isset($section) and $parent_categories[]['Category'] = $section['Section']; isset($category) and $parent_categories[]['Category'] = $category['Category']; } # Set the theme layout and suffix $this->Theming->setSuffix(array('categories' => $parent_categories)); $this->Theming->setLayout(array('categories' => $parent_categories)); if (isset($section) && !empty($section) && (!$this->Access->isAuthorized($section['Section']['access']) || !$section['Section']['published']) || $this->action == 'category' && isset($category) && !empty($category) && (!$this->Access->isAuthorized($category['Category']['access']) || !$category['Category']['published'])) { echo $this->render('elements', 'login'); return; } # Get listings # Modify and perform database query based on lisPage type if ($action == 'section' && $this->Config->list_show_sectionlist || $action != 'section') { // Build where statement switch ($action) { case 'alphaindex': // $index = isset($index{0}) ? $index{0} : ''; $conditions[] = $index == '0' ? 'Listing.title REGEXP "^[0-9]"' : 'Listing.title LIKE ' . $this->quote($index . '%'); break; } $section_id = cleanIntegerCommaList($section_id); $cat_id = cleanIntegerCommaList($cat_id); $dir_id = cleanIntegerCommaList($dir_id); $criteria_id = cleanIntegerCommaList($criteria_id); if (!empty($cat_id)) { if ($this->cmsVersion == CMS_JOOMLA15 || $this->cmsVersion != CMS_JOOMLA15 && !$this->Config->list_show_child_listings) { if ($this->cmsVersion != CMS_JOOMLA15) { $conditions[] = 'ParentCategory.id IN (' . $cat_id . ')'; } $conditions[] = 'Category.id IN (' . $cat_id . ')'; // Exclude listings from child categories } else { $conditions[] = 'ParentCategory.id IN (' . $cat_id . ')'; } } else { unset($this->Listing->joins['ParentCategory']); } empty($cat_id) and !empty($section_id) and $conditions[] = 'Listing.sectionid IN (' . $section_id . ')'; empty($cat_id) and !empty($dir_id) and $conditions[] = 'JreviewsCategory.dirid IN (' . $dir_id . ')'; empty($cat_id) and !empty($criteria_id) and $conditions[] = 'JreviewsCategory.criteriaid IN (' . $criteria_id . ')'; if ($this->action == 'mylistings' && $user_id == $this->_user->id || $this->Access->isPublisher()) { $conditions[] = 'Listing.state >= 0'; } else { $conditions[] = 'Listing.state = 1'; $conditions[] = '( Listing.publish_up = "' . NULL_DATE . '" OR Listing.publish_up <= "' . _CURRENT_SERVER_TIME . '" )'; $conditions[] = '( Listing.publish_down = "' . NULL_DATE . '" OR Listing.publish_down >= "' . _CURRENT_SERVER_TIME . '" )'; } # Shows only links users can access if ($this->cmsVersion == CMS_JOOMLA15) { // $conditions[] = 'Section.access <= ' . $this->Access->getAccessId(); $conditions[] = 'Category.access <= ' . $this->Access->getAccessId(); $conditions[] = 'Listing.access <= ' . $this->Access->getAccessId(); } else { $conditions[] = 'Category.access IN ( ' . $this->Access->getAccessLevels() . ')'; $conditions[] = 'Listing.access IN ( ' . $this->Access->getAccessLevels() . ')'; } $queryData = array('joins' => $joins, 'conditions' => $conditions, 'limit' => $this->limit, 'offset' => $this->offset); # Modify query for correct ordering. Change FIELDS, ORDER BY and HAVING BY directly in Listing Model variables if ($this->action != 'custom' || $this->action == 'custom' && empty($this->Listing->order)) { $this->Listing->processSorting($action, $sort); } // This is used in Listings model to know whether this is a list page to remove the plugin tags $this->Listing->controller = 'categories'; // Check if review scope checked in advancd search $scope = explode('_', Sanitize::getString($this->params, 'scope')); if ($this->action == 'search' && in_array('reviews', $scope)) { $queryData['joins'][] = "LEFT JOIN #__jreviews_comments AS Review ON Listing.id = Review.pid AND Review.published = 1 AND Review.mode = 'com_content'"; $queryData['group'][] = "Listing.id"; // Group By required due to one to many relationship between listings => reviews table } $query_listings and $listings = $this->Listing->findAll($queryData); # If only one result then redirect to it if ($this->Config->search_one_result && count($listings) == 1 && $this->action == 'search' && $this->page == 1) { $listing = array_shift($listings); $url = cmsFramework::makeAbsUrl($listing['Listing']['url'], array('sef' => true)); cmsFramework::redirect($url); } # Get the listing count if (in_array($action, array('section', 'category'))) { unset($queryData['joins']); $this->Listing->joins = array("INNER JOIN #__jreviews_categories AS JreviewsCategory ON Listing.catid = JreviewsCategory.id AND JreviewsCategory.`option` = 'com_content'", 'Category' => "LEFT JOIN #__categories AS Category ON JreviewsCategory.id = Category.id", 'ParentCategory' => "LEFT JOIN #__categories AS ParentCategory ON Category.lft BETWEEN ParentCategory.lft AND ParentCategory.rgt", "LEFT JOIN #__jreviews_listing_totals AS Totals ON Totals.listing_id = Listing.id AND Totals.extension = 'com_content'", "LEFT JOIN #__jreviews_content AS Field ON Field.contentid = Listing.id", "LEFT JOIN #__jreviews_directories AS Directory ON JreviewsCategory.dirid = Directory.id"); } elseif ($action != 'favorites') { unset($queryData['joins']); $this->Listing->joins = array("INNER JOIN #__jreviews_categories AS JreviewsCategory ON Listing.catid = JreviewsCategory.id AND JreviewsCategory.`option` = 'com_content'", 'Category' => "LEFT JOIN #__categories AS Category ON JreviewsCategory.id = Category.id", 'ParentCategory' => "LEFT JOIN #__categories AS ParentCategory ON Category.lft BETWEEN ParentCategory.lft AND ParentCategory.rgt", "LEFT JOIN #__jreviews_listing_totals AS Totals ON Totals.listing_id = Listing.id AND Totals.extension = 'com_content'", "LEFT JOIN #__jreviews_content AS Field ON Field.contentid = Listing.id", "LEFT JOIN #__jreviews_directories AS Directory ON JreviewsCategory.dirid = Directory.id"); if ($this->action == 'search' && in_array('reviews', $scope)) { $queryData['joins'][] = "LEFT JOIN #__jreviews_comments AS Review ON Listing.id = Review.pid AND Review.published = 1 AND Review.mode = 'com_content'"; } } if ($this->cmsVersion == CMS_JOOMLA15 || empty($cat_id)) { unset($this->Listing->joins['ParentCategory']); // Exclude listings from child categories } // Need to add user table join for author searches if (isset($this->params['author'])) { $queryData['joins'][] = "LEFT JOIN #__users AS User ON User.id = Listing.created_by"; } if ($query_listings && !isset($this->Listing->count)) { $count = $this->Listing->findCount($queryData, $this->action == 'search' && in_array('reviews', $scope) ? 'DISTINCT Listing.id' : '*'); } else { $count = $this->Listing->count; } if ($total_special > 0 && $total_special < $count) { $count = Sanitize::getInt($this->data, 'total_special'); } } # Get directory info for breadcrumb if dir id is a url parameter $directory = array(); if (is_numeric($dir_id)) { $directory = $this->Directory->findRow(array('fields' => array('Directory.id AS `Directory.dir_id`', 'Directory.title AS `Directory.slug`', 'Directory.desc AS `Directory.title`'), 'conditions' => array('Directory.id = ' . $dir_id))); } /****************************************************************** * Process page title and description *******************************************************************/ $name_choice = $this->Config->name_choice == 'alias' ? 'username' : 'name'; $page['show_title'] = 1; $page['show_description'] = 1; switch ($action) { case 'section': $menuParams = $this->Menu->getMenuParams($menu_id); $page = $section['Section']; $page['title'] = trim(Sanitize::getString($menuParams, 'title')) != '' ? Sanitize::getString($menuParams, 'title') : $section['Section']['title']; $page['show_title'] = Sanitize::getInt($this->data, 'dirtitle', 1); $page['show_description'] = 1; break; case 'category': $menuParams = $this->Menu->getMenuParams($menu_id); $page = $category['Category']; $page['title'] = trim(Sanitize::getString($menuParams, 'title')) != '' ? Sanitize::getString($menuParams, 'title') : $category['Category']['title']; $page['show_title'] = Sanitize::getInt($this->data, 'dirtitle', 1); $page['show_description'] = 1; Sanitize::getString($category['Category'], 'metadesc') == '' and $page['metadesc'] = Sanitize::htmlClean($category['Category']['description']); # Check if this is a listing submit category or disable listing submissions if (Sanitize::getInt($category['Category'], 'criteria_id') == 0) { $this->Config->list_show_addnew = 0; } break; case 'custom': $menuParams = $this->Menu->getMenuParams($menu_id); $page['top_description'] = Sanitize::getString($menuParams, 'custom_description'); $page['top_description'] = str_replace('\\n', '', $page['top_description']); $page['show_description'] = $page['top_description'] != ''; $page['show_title'] = Sanitize::getInt($menuParams, 'dirtitle'); $page['title'] = Sanitize::getString($menuParams, 'title'); if (!$page['title']) { $page['title'] = $this->Menu->getMenuName($menu_id); } break; case 'alphaindex': $title = isset($directory['Directory']) ? Sanitize::getString($directory['Directory'], 'title', '') : ''; $page['title'] = $title != '' ? $title . ' - ' . ($index == '0' ? '0-9' : $index) : ($index == '0' ? '0-9' : $index); break; case 'mylistings': if ($user_id > 0) { $user_name = $this->User->findOne(array('fields' => array('User.' . $name_choice . ' AS `User.name`'), 'conditions' => array('User.id = ' . $user_id))); } elseif ($this->_user->id > 0) { $user_name = $this->_user->{$name_choice}; } $page['title'] = sprintf(__t("Listings by %s", true), $user_name); break; case 'favorites': // Not running from CB Plugin so we change the page title if (!isset($this->Config->in_cb)) { if ($user_id > 0) { $user_name = $this->User->findOne(array('fields' => array('User.' . $name_choice . ' AS `User.name`'), 'conditions' => array('User.id = ' . $user_id))); } elseif ($this->_user->id > 0) { $user_name = $this->_user->{$name_choice}; } $page['title'] = sprintf(__t("Favorites by %s", true), $user_name); } break; case 'list': case 'search': $this->__seo_fields($page); break; case 'featured': case 'latest': case 'mostreviews': case 'popular': case 'toprated': case 'topratededitor': $menuParams = $this->Menu->getMenuParams($menu_id); $page['show_title'] = Sanitize::getInt($menuParams, 'dirtitle'); $page['title'] = Sanitize::getString($menuParams, 'title'); if (!$page['title'] && isset($this->Menu->menues[$menu_id])) { $page['title'] = $this->Menu->menues[$menu_id]->name; } break; default: $page['title'] = $this->Menu->getMenuName($menu_id); break; } // If empty unset the keys so they don't overwrite the ones set via menu if (trim(strip_tags(Sanitize::getString($page, 'description'))) == '') { unset($page['description']); } if (trim(strip_tags(Sanitize::getString($page, 'keywords'))) == '') { unset($page['keywords']); } /****************************************************************** * Generate SEO titles for re-ordered pages (most reviews, top user rated, etc.) *******************************************************************/ # Category ids to be used for ordering list $cat_ids = array(); if (in_array($action, array('search', 'category'))) { $cat_ids = $cat_id; } elseif (!empty($categories)) { $cat_ids = implode(',', array_keys($categories)); } $field_order_array = $this->Field->getOrderList($cat_ids, 'listing', $this->action, array('section', 'category', 'search', 'alphaindex')); isset($page['title']) and $page['title_seo'] = $page['title']; if (($this->action != 'search' || Sanitize::getVar($this->params, 'tag')) && isset($this->params['order']) && $sort != '') { App::import('helper', 'jreviews', 'jreviews'); $ordering_options = JreviewsHelper::orderingOptions(); $tmp_order = str_replace('rjr', 'jr', $sort); if (isset($ordering_options[$sort])) { $page['title_seo'] .= ' ' . sprintf(__t("ordered by %s", true), mb_strtolower($ordering_options[$sort], 'UTF-8')); } elseif (isset($field_order_array[$tmp_order])) { if ($sort[0] == 'r') { $page['title_seo'] .= ' ' . sprintf(__t("ordered by %s desc", true), mb_strtolower($field_order_array[$tmp_order]['text'], 'UTF-8')); } else { $page['title_seo'] .= ' ' . sprintf(__t("ordered by %s", true), mb_strtolower($field_order_array[$sort]['text'], 'UTF-8')); } } } $this->params['order'] = $sort; // This is the param read in the views so we need to update it /****************************************************************** * Set view (theme) vars *******************************************************************/ $this->set(array('Config' => $this->Config, 'Access' => $this->Access, 'User' => $this->_user, 'subclass' => 'listing', 'page' => $page, 'directory' => $directory, 'section' => isset($section) ? $section : array(), 'category' => isset($category) ? $category : array(), 'categories' => isset($categories) ? $categories : array(), 'parent_categories' => $parent_categories, 'listings' => $listings, 'pagination' => array('total' => $count))); $query_listings and $this->set('order_list', $field_order_array); /****************************************************************** * RSS Feed: caches and displays feed when xml action param is present *******************************************************************/ if (Sanitize::getString($this->params, 'action') == 'xml') { $this->Feeds->saveFeed($feed_filename, 'listings'); } echo $this->render('listings', 'listings_' . $this->tmpl_list); }
/** * Sanitizes given array or value for safe input. Use the options to specify * the connection to use, and what filters should be applied (with a boolean * value). Valid filters: odd_spaces, encode, dollar, carriage, unicode, * escape, backslash. * * @param mixed $data Data to sanitize * @param mixed $options If string, DB connection being used, otherwise set of options * @return mixed Sanitized data * @access public * @static */ function clean($data, $options = array()) { if (empty($data) || is_object($data)) { return $data; } if (is_string($options)) { $options = array('connection' => $options); } elseif (!is_array($options)) { $options = array(); } $options = array_merge(array('connection' => 'default', 'odd_spaces' => true, 'html' => true, 'dollar' => true, 'carriage' => true, 'unicode' => true, 'escape' => false, 'backslash' => true), $options); if (is_array($data)) { foreach ($data as $key => $val) { $data[$key] = Sanitize::clean($val, $options); } return $data; } else { if ($options['odd_spaces']) { $data = str_replace(chr(0xca), '', str_replace(' ', ' ', $data)); } if ($options['html']) { $data = Sanitize::htmlClean($data); } if ($options['dollar']) { $data = str_replace("\\\$", "\$", $data); } if ($options['carriage']) { $data = str_replace("\r", "", $data); } $data = str_replace("'", "'", str_replace("!", "!", $data)); if ($options['unicode']) { $data = preg_replace("/&#([0-9]+);/s", "&#\\1;", $data); } if ($options['escape']) { $data = mysql_real_escape_string($data); } if ($options['backslash']) { $data = preg_replace("/\\\\(?!&#|\\?#)/", "\\", $data); } return $data; } }