public static function rulePermissions($access) { $view = new Zikula_Request_Http(); $objectType = $view->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING); $objectId = $view->getGet()->filter('id', 0, FILTER_SANITIZE_NUMBER_INT); $permission = SecurityUtil::checkPermission($this->name . '::', '::', $access); if ($objectType == 'category') { $permission = SecurityUtil::checkPermission($this->name . ':Category:', $objectId, $access); } return $permission; }
/** * Retrieve identifier parameters for a given object type. * * @param Zikula_Request_Http $request Instance of Zikula_Request_Http. * @param array $args List of arguments used as fallback if request does not contain a field. * @param string $objectType Name of treated entity type. * @param array $idFields List of identifier field names. * * @return array List of fetched identifiers. */ public static function retrieveIdentifier(Zikula_Request_Http $request, array $args, $objectType = '', array $idFields) { foreach ($idFields as $idField) { $defaultValue = isset($args[$idField]) && is_numeric($args[$idField]) ? $args[$idField] : 0; $id = $request->getGet()->filter($idField, $defaultValue); if (!$id && $idField != 'id' && count($idFields) == 1) { $defaultValue = isset($args['id']) && is_numeric($args['id']) ? $args['id'] : 0; $id = (int) $request->getGet()->filter('id', $defaultValue, FILTER_VALIDATE_INT); } $idValues[$idField] = $id; } return $idValues; }
/** * Smarty function to wrap MUBoard_Form_View generated form controls with suitable form tags. * * @param array $params Parameters passed in the block tag. * @param string $content Content of the block. * @param Zikula_Form_View $view Reference to Zikula_Form_View object. * * @return string The rendered output. */ function smarty_block_muboardform($params, $content, $view) { if ($content) { PageUtil::addVar('stylesheet', 'system/Theme/style/form/style.css'); $encodingHtml = array_key_exists('enctype', $params) ? " enctype=\"{$params['enctype']}\"" : ''; $action = htmlspecialchars(System::getCurrentUri()); $classString = ''; if (isset($params['cssClass'])) { $classString = "class=\"{$params['cssClass']}\" "; } $request = new Zikula_Request_Http(); $id = $request->getGet()->filter('id', 0, FILTER_SANITIZE_NUMBER_INT); $forumid = $request->getGet()->filter('forum', 0, FILTER_SANITIZE_NUMBER_INT); // we check if the entrypoint is part of the url $stripentrypoint = ModUtil::getVar('ZConfig', 'shorturlsstripentrypoint'); // get url name $tables = DBUtil::getTables(); $modcolumn = $tables['modules_column']; $module = 'MUBoard'; $where = "{$modcolumn['name']} = '" . DataUtil::formatForStore($module) . "'"; $module = DBUtil::selectObject('modules', $where); $urlname = $module['url']; if (ModUtil::getVar('ZConfig', 'shorturls') == 0) { if (strpos($action, "func=display") !== false) { $action = 'index.php?module=' . $urlname . '&type=user&func=edit&ot=posting&answer=1'; } if (strpos($action, "func=edit&ot=posting") !== false && $forumid > 0) { $action = 'index.php?module=' . $urlname . '&type=user&func=edit&ot=posting&forum' . $forumid; } } else { if (strpos($action, $urlname . "/posting/id.") !== false) { if ($stripentrypoint == 1) { $action = $urlname . '/edit/ot/posting/answer/1'; } elseif ($stripentrypoint == 0) { $action = 'index.php/' . $urlname . '/edit/ot/posting/answer/1'; } } if (strpos($action, "edit/ot/posting/forum/") !== false && $forumid > 0) { if ($stripentrypoint == 1) { $action = $urlname . '/edit/ot/posting/forum/' . $forumid; } elseif ($stripentrypoint == 0) { $action = 'index.php/' . $urlname . '/edit/ot/posting/forum/' . $forumid; } } } $view->postRender(); $formId = $view->getFormId(); $out = "\n <form id=\"{$formId}\" {$classString}action=\"{$action}\" method=\"post\"{$encodingHtml}>\n {$content}\n <div>\n {$view->getStateHTML()}\n {$view->getStateDataHTML()}\n {$view->getIncludesHTML()}\n {$view->getCsrfTokenHtml()}\n <input type=\"hidden\" name=\"__formid\" id=\"form__id\" value=\"{$formId}\" />\n <input type=\"hidden\" name=\"FormEventTarget\" id=\"FormEventTarget\" value=\"\" />\n <input type=\"hidden\" name=\"FormEventArgument\" id=\"FormEventArgument\" value=\"\" />\n <script type=\"text/javascript\">\n <!--\n function FormDoPostBack(eventTarget, eventArgument)\n {\n var f = document.getElementById('{$formId}');\n if (!f.onsubmit || f.onsubmit())\n {\n f.FormEventTarget.value = eventTarget;\n f.FormEventArgument.value = eventArgument;\n f.submit();\n }\n }\n // -->\n </script>\n </div>\n </form>\n "; return $out; } }
protected function bootstrap($disableSessions = true, $loadZikulaCore = true, $fakeRequest = true) { define('_ZINSTALLVER', \Zikula_Core::VERSION_NUM); $kernel = $this->getContainer()->get('kernel'); $loader = (require $kernel->getRootDir() . '/autoload.php'); \ZLoader::register($loader); if ($loadZikulaCore && !$this->getContainer()->has('zikula')) { $core = new Zikula_Core(); $core->setKernel($kernel); $core->boot(); foreach ($GLOBALS['ZConfig'] as $config) { $core->getContainer()->loadArguments($config); } $GLOBALS['ZConfig']['System']['temp'] = $core->getContainer()->getParameter('temp_dir'); $GLOBALS['ZConfig']['System']['datadir'] = $core->getContainer()->getParameter('datadir'); $GLOBALS['ZConfig']['System']['system.chmod_dir'] = $core->getContainer()->getParameter('system.chmod_dir'); \ServiceUtil::getManager($core); \EventUtil::getManager($core); } if ($disableSessions) { // Disable sessions. $this->getContainer()->set('session.storage', new MockArraySessionStorage()); $this->getContainer()->set('session.handler', new NullSessionHandler()); } if ($fakeRequest) { // Fake request $request = Request::create('http://localhost/install'); $this->getContainer()->set('request', $request); } }
/** * Respond to a `module.users.ui.process_edit` event to store profile data gathered when editing or creating a user account. * * Parameters passed in via POST: * ------------------------------ * array dynadata An array containing the profile items to store for the user. * * @param Zikula_Event $event The event that triggered this function call, containing the id of the user for which profile information should be stored. * * @return void */ public function processEdit(Zikula_Event $event) { if ($this->request->isPost()) { if ($this->validation && !$this->validation->hasErrors()) { $user = $event->getSubject(); $dynadata = $this->request->getPost()->has('dynadata') ? $this->request->getPost()->get('dynadata') : array(); foreach ($dynadata as $dudName => $dudItem) { UserUtil::setVar($dudName, $dudItem, $user['uid']); } } } }
/** * Build a generic Doctrine query supporting WHERE and ORDER BY * * @param string $where The where clause to use when retrieving the collection (optional) (default=''). * @param string $orderBy The order-by clause to use when retrieving the collection (optional) (default=''). * @param boolean $useJoins Whether to include joining related objects (optional) (default=true). * * @return Doctrine\ORM\Query query instance to be further processed */ protected function _intBaseQuery($where = '', $orderBy = '', $useJoins = true) { $view = new Zikula_Request_Http(); $ot = $view->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING); $type = $view->getGet()->filter('type', 'user', FILTER_SANITIZE_STRING); $func = $view->getGet()->filter('func', 'view', FILTER_SANITIZE_STRING); $selection = 'tbl'; if ($useJoins === true) { $selection .= $this->addJoinsToSelection(); } $qb = $this->getEntityManager()->createQueryBuilder(); $qb->select($selection)->from('MUBoard_Entity_Posting', 'tbl'); if ($useJoins === true) { $this->addJoinsToFrom($qb); } if ($func == 'view' && $ot == 'posting') { if ($where != '') { $where .= ' AND '; } $where .= 'tbl.parent_id IS NULL'; } if (!empty($where)) { $qb->where($where); } // add order by clause if (!empty($orderBy)) { $qb->add('orderBy', 'tbl.' . $orderBy); } $query = $qb->getQuery(); // TODO - see https://github.com/zikula/core/issues/118 // use FilterUtil to support generic filtering //$fu = new FilterUtil('MUBoard', $this); // you could set explicit filters at this point, something like // $fu->setFilter('type:eq:' . $args['type'] . ',id:eq:' . $args['id']); // supported operators: eq, ne, like, lt, le, gt, ge, null, notnull // process request input filters and add them to the query. //$fu->enrichQuery($query); return $query; }
/** * Check Csrf token. * * @param string $token The token, if not set, will pull from $_POST['csrftoken']. * * @throws Zikula_Exception_Forbidden If check fails. * * @return void */ public function checkCsrfToken($token=null) { if (is_null($token)) { $token = $this->request->getPost()->get('csrftoken', false); } $tokenValidator = $this->serviceManager->getService('token.validator'); if (System::getVar('sessioncsrftokenonetime') && $tokenValidator->validate($token, false, false)) { return; } if ($tokenValidator->validate($token)) { return; } // Should we expire the session also? drak. throw new Zikula_Exception_Forbidden(__('Security token validation failed')); }
<?php /** * Copyright Zikula Foundation 2009 - Zikula Application Framework * This work is contributed to the Zikula Foundation under one or more * Contributor Agreements and licensed to You under the following license: * * @license GNU/LGPLv3 (or at your option, any later version). * @package Zikula * * Please see the NOTICE file distributed with this source code for further * information regarding copyright and licensing. */ use Zikula_Request_Http as Request; include 'lib/bootstrap.php'; $request = Request::createFromGlobals(); $core->init(Zikula_Core::STAGE_ALL, $request); // this event for BC only. remove in 2.0.0 $core->getDispatcher()->dispatch('frontcontroller.predispatch', new \Zikula\Core\Event\GenericEvent()); $response = $kernel->handle($request); $response->send(); $kernel->terminate($request, $response);
/** * Check Csrf token. * * @param string $token The token, if not set, will pull from $_POST['csrftoken']. * * @throws AccessDeniedException If check fails. * * @return void */ public function checkCsrfToken($token = null) { if (is_null($token)) { $token = $this->request->request->get('csrftoken', false); } $tokenValidator = $this->container->get('token.validator'); if (System::getVar('sessioncsrftokenonetime') && $tokenValidator->validate($token, false, false)) { return; } if ($tokenValidator->validate($token)) { return; } $this->throwForbidden(__f('Oops, something went wrong: security token validation failed. You might want to go to the <a href="%s">startpage</a>.', $this->request->getBaseUrl())); }
/** * Setup. * * @return void */ public function setup(Request $request) { $this->langRequested = preg_replace('#[^a-z-].#', '', FormUtil::getPassedValue('lang', null, 'GET')); // language for this request $this->detectLanguage(); $this->validate(); $this->fixLanguageToSession(); ModUtil::setupMultilingual(); $this->setLocale($this->languageCode); $request->setLocale($this->languageCode); $request->setDefaultLocale('en'); $this->bindCoreDomain(); $this->processErrors(); }
/** * * This method gets the state of the posting abo */ public static function getStateOfPostingAbo($postingid) { $request = new Zikula_Request_Http(); // get objecttype $ot = $request->getGet()->filter('ot', 'category', FILTER_SANITIZE_STRING); $forumid = $request->getGet()->filter('id', 0, FILTER_SANITIZE_NUMBER_INT); // get repositoy for Categories $repository = MUBoard_Util_Model::getAboRepository(); if (UserUtil::isLoggedIn() == true) { // get actual userid $userid = UserUtil::getVar('uid'); // look for abo $where = 'tbl.postingid = \'' . DataUtil::formatForStore($postingid) . '\''; $where .= ' AND '; $where .= 'tbl.userid = \'' . DataUtil::formatForStore($userid) . '\''; $abo = $repository->selectWhere($where); if ($ot == 'posting') { if (!$abo) { $url = ModUtil::url('MUBoard', 'admin', 'take', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot)); $out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_post_to.png' />\n </a>"; } if ($abo) { $url = ModUtil::url('MUBoard', 'admin', 'quit', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot)); $out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_get.png' />\n </a>"; } } if ($ot == 'forum') { if (!$abo) { $url = ModUtil::url('MUBoard', 'admin', 'take', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot, 'forum' => $forumid)); $out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_post_to.png' />\n </a>"; } if ($abo) { $url = ModUtil::url('MUBoard', 'admin', 'quit', array('ot' => 'abo', 'posting' => $postingid, 'object' => $ot, 'forum' => $forumid)); $out = "<a id='muboard-user-posting-header-infos-abo' href='{$url}'>\n <img src='/images/icons/extrasmall/mail_get.png' />\n </a>"; } } } else { $out = ''; } return $out; }
/** * Initialise Zikula. * * Carries out a number of initialisation tasks to get Zikula up and * running. * * @param integer $stage Stage to load. * @param Zikula_Request_Http $request * * @return boolean True initialisation successful false otherwise. */ public function init($stage = self::STAGE_ALL, Request $request) { $GLOBALS['__request'] = $request; // hack for pre 1.5.0 - drak $coreInitEvent = new GenericEvent($this); // store the load stages in a global so other API's can check whats loaded $this->stage = $this->stage | $stage; if ($stage & self::STAGE_PRE && $this->stage & ~self::STAGE_PRE) { ModUtil::flushCache(); System::flushCache(); $args = !System::isInstalling() ? array('lazy' => true) : array(); $this->dispatcher->dispatch('core.preinit', new GenericEvent($this, $args)); } // Initialise and load configuration if ($stage & self::STAGE_CONFIG) { // for BC only. remove this code in 2.0.0 if (!System::isInstalling()) { $this->dispatcher->dispatch('setup.errorreporting', new GenericEvent(null, array('stage' => $stage))); } // initialise custom event listeners from config.php settings $coreInitEvent->setArgument('stage', self::STAGE_CONFIG); $this->dispatcher->dispatch('core.init', $coreInitEvent); } // create several booleans to test condition of request regrading install/upgrade $installed = $this->getContainer()->getParameter('installed'); if ($installed) { self::defineCurrentInstalledCoreVersion($this->getContainer()); } $requiresUpgrade = $installed && version_compare(ZIKULACORE_CURRENT_INSTALLED_VERSION, self::VERSION_NUM, '<'); // can't use $request->get('_route') to get any of the following // all these routes are hard-coded in xml files $uriContainsInstall = strpos($request->getRequestUri(), '/install') !== false; $uriContainsUpgrade = strpos($request->getRequestUri(), '/upgrade') !== false; $uriContainsDoc = strpos($request->getRequestUri(), '/installdoc') !== false; $uriContainsWdt = strpos($request->getRequestUri(), '/_wdt') !== false; $uriContainsProfiler = strpos($request->getRequestUri(), '/_profiler') !== false; $uriContainsRouter = strpos($request->getRequestUri(), '/js/routing?callback=fos.Router.setData') !== false; $doNotRedirect = $uriContainsProfiler || $uriContainsWdt || $uriContainsRouter || $request->isXmlHttpRequest(); // check if Zikula Core is not installed if (!$installed && !$uriContainsDoc && !$uriContainsInstall && !$doNotRedirect) { $this->container->get('router')->getContext()->setBaseUrl($request->getBasePath()); // compensate for sub-directory installs $url = $this->container->get('router')->generate('install'); $response = new RedirectResponse($url); $response->send(); System::shutDown(); } // check if Zikula Core requires upgrade if ($requiresUpgrade && !$uriContainsDoc && !$uriContainsUpgrade && !$doNotRedirect) { $this->container->get('router')->getContext()->setBaseUrl($request->getBasePath()); // compensate for sub-directory installs $url = $this->container->get('router')->generate('upgrade'); $response = new RedirectResponse($url); $response->send(); System::shutDown(); } if (!$installed || $requiresUpgrade || $this->getContainer()->hasParameter('upgrading')) { System::setInstalling(true); } if ($stage & self::STAGE_DB) { try { $dbEvent = new GenericEvent($this, array('stage' => self::STAGE_DB)); $this->dispatcher->dispatch('core.init', $dbEvent); } catch (PDOException $e) { if (!System::isInstalling()) { header('HTTP/1.1 503 Service Unavailable'); require_once System::getSystemErrorTemplate('dbconnectionerror.tpl'); System::shutDown(); } else { return false; } } } if ($stage & self::STAGE_TABLES) { // Initialise dbtables ModUtil::dbInfoLoad('ZikulaExtensionsModule', 'ZikulaExtensionsModule'); ModUtil::initCoreVars(); ModUtil::dbInfoLoad('ZikulaSettingsModule', 'ZikulaSettingsModule'); ModUtil::dbInfoLoad('ZikulaThemeModule', 'ZikulaThemeModule'); ModUtil::dbInfoLoad('ZikulaUsersModule', 'ZikulaUsersModule'); ModUtil::dbInfoLoad('ZikulaGroupsModule', 'ZikulaGroupsModule'); ModUtil::dbInfoLoad('ZikulaPermissionsModule', 'ZikulaPermissionsModule'); ModUtil::dbInfoLoad('ZikulaCategoriesModule', 'ZikulaCategoriesModule'); // Add AutoLoading for non-symfony 1.3 modules in /modules if (!System::isInstalling()) { ModUtil::registerAutoloaders(); } $coreInitEvent->setArgument('stage', self::STAGE_TABLES); $this->dispatcher->dispatch('core.init', $coreInitEvent); } if ($stage & self::STAGE_SESSIONS) { // SessionUtil::requireSession(); $coreInitEvent->setArgument('stage', self::STAGE_SESSIONS); $this->dispatcher->dispatch('core.init', $coreInitEvent); } // Have to load in this order specifically since we cant setup the languages until we've decoded the URL if required (drak) // start block if ($stage & self::STAGE_LANGS) { $lang = ZLanguage::getInstance(); } if ($stage & self::STAGE_DECODEURLS) { System::queryStringDecode($request); $coreInitEvent->setArgument('stage', self::STAGE_DECODEURLS); $this->dispatcher->dispatch('core.init', $coreInitEvent); } if ($stage & self::STAGE_LANGS) { $lang->setup($request); $coreInitEvent->setArgument('stage', self::STAGE_LANGS); $this->dispatcher->dispatch('core.init', $coreInitEvent); } // end block if ($stage & self::STAGE_MODS) { if (!System::isInstalling()) { ModUtil::load('ZikulaSecurityCenterModule'); } $coreInitEvent->setArgument('stage', self::STAGE_MODS); $this->dispatcher->dispatch('core.init', $coreInitEvent); } if ($stage & self::STAGE_THEME) { // register default page vars PageUtil::registerVar('polyfill_features', true); PageUtil::registerVar('title'); PageUtil::setVar('title', System::getVar('defaultpagetitle')); PageUtil::registerVar('keywords', true); PageUtil::registerVar('stylesheet', true); PageUtil::registerVar('javascript', true); PageUtil::registerVar('jsgettext', true); PageUtil::registerVar('body', true); PageUtil::registerVar('header', true); PageUtil::registerVar('footer', true); // set some defaults // Metadata for SEO $this->container->setParameter('zikula_view.metatags', array('description' => System::getVar('defaultmetadescription'), 'keywords' => System::getVar('metakeywords'))); $coreInitEvent->setArgument('stage', self::STAGE_THEME); $this->dispatcher->dispatch('core.init', $coreInitEvent); } // check the users status, if not 1 then log him out if (!System::isInstalling() && UserUtil::isLoggedIn()) { $userstatus = UserUtil::getVar('activated'); if ($userstatus != Users_Constant::ACTIVATED_ACTIVE) { UserUtil::logout(); // TODO - When getting logged out this way, the existing session is destroyed and // then a new one is created on the reentry into index.php. The message // set by the registerStatus call below gets lost. LogUtil::registerStatus(__('You have been logged out.')); System::redirect(ModUtil::url('ZikulaUsersModule', 'user', 'login')); } } if ($stage & self::STAGE_POST && $this->stage & ~self::STAGE_POST) { $this->dispatcher->dispatch('core.postinit', new GenericEvent($this, array('stages' => $stage))); } }