/** * Vetos (denies) a login attempt, and forces the user to change his password. * * This handler is triggered by the 'user.login.veto' event. It vetos (denies) a * login attempt if the users's account record is flagged to force the user to change * his password maintained by the Users module. If the user does not maintain a * password on his Users account (e.g., he registered with and logs in with a Google * Account or an OpenID, and never established a Users password), then this handler * will not trigger a change of password. * * @param GenericEvent $event The event that triggered this handler. * * @return void */ public static function forcedPasswordChangeListener(GenericEvent $event) { $userObj = $event->getSubject(); $userMustChangePassword = UserUtil::getVar('_Users_mustChangePassword', $userObj['uid'], false); if ($userMustChangePassword && $userObj['pass'] != UsersConstant::PWD_NO_USERS_AUTHENTICATION) { $event->stopPropagation(); $event->setData(array('redirect_func' => array('modname' => self::$modname, 'type' => 'user', 'func' => 'changePassword', 'args' => array('login' => true), 'session' => array('var' => 'Users_Controller_User_changePassword', 'namespace' => 'Zikula_Users')))); LogUtil::registerError(__("Your log-in request was not completed. You must change your web site account's password first.")); } }
/** * Add 'anotherfunction' Event handler . * * @param GenericEvent $event Handler. * * @return void */ public function anotherfunction(GenericEvent $event) { // check if this is for this handler $subject = $event->getSubject(); if (!($event['method'] == 'anotherfunction' && $subject instanceof Users_Controller_Admin)) { return; } if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_ADMIN)) { throw new \Zikula\Framework\Exception\ForbiddenException(); } $view = Zikula_View_plugin::getModulePluginInstance($this->moduleName, $this->pluginName); $event->setData($view->fetch('anotherfunction.tpl')); $event->stopPropagation(); }
/** * Event handler here. * * @param GenericEvent $event Event handler. * * @return void */ public function handler(GenericEvent $event) { // check if this is for this handler $subject = $event->getSubject(); if (!($event['method'] == 'extensions' && $subject instanceof \Users\Controller\AdminController)) { return; } if (!SecurityUtil::checkPermission('Users::', '::', ACCESS_ADMIN)) { throw new \Zikula\Framework\Exception\ForbiddenException(); } // Zikula Modules and Themes versions $view = Zikula_View::getInstance('Users'); $view->assign('mods', ModUtil::getModules()); $view->assign('themes', ThemeUtil::getAllThemes()); $event->setData($view->fetch('users_admin_extensions.tpl')); $event->stopPropagation(); }
/** * Available plugins list. * * @return array List of the available plugins. */ public static function getPluginsAvailable() { $classNames = array(); $classNames['category'] = 'FilterUtil_Filter_Category'; $classNames['default'] = 'FilterUtil_Filter_Default'; $classNames['date'] = 'FilterUtil_Filter_Date'; $classNames['mnlist'] = 'FilterUtil_Filter_Mnlist'; $classNames['pmlist'] = 'FilterUtil_Filter_Pmlist'; $classNames['replaceName'] = 'FilterUtil_Filter_ReplaceName'; // collect classes from other providers also allows for override // TODO A [This is only allowed for the module which owns this object.] $event = new GenericEvent(); $event->setData($classNames); EventUtil::getManager()->dispatch('zikula.filterutil.get_plugin_classes', $event); $classNames = $event->getData(); return $classNames; }
/** * Run a module function. * * @param string $modname The name of the module. * @param string $type The type of function to run. * @param string $func The specific function to run. * @param array $args The arguments to pass to the function. * @param boolean $api Whether or not to execute an API (or regular) function. * * @throws Zikula_Exception_NotFound If method was not found. * * @return mixed. */ public static function exec($modname, $type = 'user', $func = 'index', $args = array(), $api = false) { // define input, all numbers and booleans to strings $modname = preg_match('/\\w+Module$/i', $modname) || !$modname ? $modname : $modname . 'Module'; $modname = isset($modname) ? (string) $modname : ''; $loadfunc = $api ? 'ModUtil::loadApi' : 'ModUtil::load'; // validate if (!System::varValidate($modname, 'mod')) { return null; } $modinfo = self::getInfo(self::getIDFromName($modname)); $controller = null; $modfunc = null; $loaded = call_user_func_array($loadfunc, array($modname, $type)); $result = self::getCallable($modname, $type, $func, $api); if ($result) { $modfunc = $result['callable']; $controller = $modfunc[0]; } $dispatcher = EventUtil::getManager(); if ($loaded) { $preExecuteEvent = new GenericEvent($controller, array('modname' => $modname, 'modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api)); $postExecuteEvent = new GenericEvent($controller, array('modname' => $modname, 'modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api)); if (is_callable($modfunc)) { $dispatcher->dispatch('module_dispatch.preexecute', $preExecuteEvent); $modfunc[0]->preDispatch(); $postExecuteEvent->setData(call_user_func($modfunc, $args)); $modfunc[0]->postDispatch(); return $dispatcher->dispatch('module_dispatch.postexecute', $postExecuteEvent)->getData(); } // try to load plugin // This kind of eventhandler should // 1. Check $event['modfunc'] to see if it should run else exit silently. // 2. Do something like $result = {$event['modfunc']}({$event['args'}); // 3. Save the result $event->setData($result). // 4. $event->setNotify(). // return void // This event means that no $type was found $event = new GenericEvent(null, array('modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api), false); $dispatcher->dispatch('module_dispatch.type_not_found', $event); if ($preExecuteEvent->isPropagationStopped()) { return $preExecuteEvent->getData(); } return false; } // Issue not found exception for controller requests if (!$api) { throw new \Zikula\Framework\Exception\NotFoundException(__f('The requested controller action %s_Controller_%s::%s() could not be found', array($modname, $type, $func))); } }
/** * Format a variable for HTML display. This method is recursive array safe. * * @param string $var The variable to format. * * @return string The formatted variable. */ public static function formatForDisplayHTML($var) { // This search and replace finds the text 'x@y' and replaces // it with HTML entities, this provides protection against // email harvesters // // Note that the use of \024 and \022 are needed to ensure that // this does not break HTML tags that might be around either // the username or the domain name static $search = array('/([^\\024])@([^\\022])/se'); static $replace = array('"&#" . sprintf("%03d", ord("\\1")) . ";@&#" . sprintf("%03d", ord("\\2")) . ";";'); static $allowedtags = null; static $outputfilter; static $event; if (!$event) { $event = new GenericEvent(); } if (!isset($allowedtags)) { $allowedHTML = array(); $allowableHTML = System::getVar('AllowableHTML'); if (is_array($allowableHTML)) { foreach ($allowableHTML as $k => $v) { if ($k == '!--') { if ($v != 0) { $allowedHTML[] = "{$k}.*?--"; } } else { switch ($v) { case 0: break; case 1: $allowedHTML[] = "/?{$k}\\s*/?"; break; case 2: $allowedHTML[] = "/?\\s*{$k}" . "(\\s+[\\w:]+\\s*=\\s*(\"[^\"]*\"|'[^']*'))*" . '\\s*/?'; break; } } } } if (count($allowedHTML) > 0) { $allowedtags = '~<\\s*(' . implode('|', $allowedHTML) . ')\\s*>~is'; } else { $allowedtags = ''; } } if (!isset($outputfilter)) { if (ModUtil::available('SecurityCenterModule') && !System::isInstalling()) { $outputfilter = System::getVar('outputfilter'); } else { $outputfilter = 0; } } if (is_array($var)) { foreach ($var as $k => $v) { $var[$k] = self::formatForDisplayHTML($v); } } else { // Run additional filters if ($outputfilter > 0) { $event->setData($var)->setArgument('filter', $outputfilter); $var = EventUtil::dispatch('system.outputfilter', $event)->getData(); } // Preparse var to mark the HTML that we want if (!empty($allowedtags)) { $var = preg_replace($allowedtags, "\\1", $var); } // Encode email addresses $var = preg_replace($search, $replace, $var); // Fix html entities $var = htmlspecialchars($var); // Fix the HTML that we want $var = preg_replace_callback('#\\022([^\\024]*)\\024#', create_function('$m', 'return DataUtil::formatForDisplayHTML_callback($m);'), $var); // Fix entities if required if (System::getVar('htmlentities')) { $var = preg_replace('/&([a-z#0-9]+);/i', "&\\1;", $var); } } return $var; }
/** * Run a module function. * * @param string $modname The name of the module. * @param string $type The type of function to run. * @param string $func The specific function to run. * @param array $args The arguments to pass to the function. * @param boolean $api Whether or not to execute an API (or regular) function. * @param string $instanceof Perform instanceof checking of target class. * * @throws Zikula_Exception_NotFound If method was not found. * @throws InvalidArgumentException If the controller is not an instance of the class specified in $instanceof. * * @return mixed. */ public static function exec($modname, $type = 'user', $func = 'main', $args = array(), $api = false, $instanceof = null) { // define input, all numbers and booleans to strings $modname = isset($modname) ? (string) $modname : ''; $modname = static::convertModuleName($modname); // validate if (!System::varValidate($modname, 'mod')) { return null; } // Remove from 1.4 if (System::isLegacyMode('1.4.0') && $modname == 'Modules') { LogUtil::log(__('Warning! "Modules" module has been renamed to "ZikulaExtensionsModule". Please update your ModUtil::func() and ModUtil::apiFunc() calls.')); $modname = 'ZikulaExtensionsModule'; } $modinfo = self::getInfo(self::getIDFromName($modname)); $controller = null; $modfunc = null; $loaded = call_user_func_array($api ? 'ModUtil::loadApi' : 'ModUtil::load', array($modname, $type)); if (self::isOO($modname)) { $result = self::getCallable($modname, $type, $func, $api); if ($result) { $modfunc = $result['callable']; $controller = $modfunc[0]; if (!is_null($instanceof)) { if (!$controller instanceof $instanceof) { throw new InvalidArgumentException(__f('%1$s must be an instance of $2$s', array(get_class($controller), $instanceof))); } } } } $eventManager = EventUtil::getManager(); $sm = ServiceUtil::getManager(); if ($loaded) { $preExecuteEvent = new \Zikula\Core\Event\GenericEvent($controller, array('modname' => $modname, 'modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api)); $postExecuteEvent = new \Zikula\Core\Event\GenericEvent($controller, array('modname' => $modname, 'modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api)); if (is_callable($modfunc)) { $eventManager->dispatch('module_dispatch.preexecute', $preExecuteEvent); // Check $modfunc is an object instance (OO) or a function (old) if (is_array($modfunc)) { try { self::getModule($modname); $newType = true; } catch (\Exception $e) { $newType = false; } if ($args) { $newType = false; } if (!$api && $newType) { // resolve request args. $resolver = new ControllerResolver($sm, new ControllerNameParser(ServiceUtil::get('kernel'))); try { $r = new \ReflectionClass($modfunc[0]); if (!$r->hasMethod($modfunc[1])) { // Method doesn't exist. Do some BC handling. // First try to remove the 'Action' suffix. $modfunc[1] = preg_replace('/(\\w+)Action$/', '$1', $modfunc[1]); if (!$r->hasMethod($modfunc[1])) { // Method still not found. Try to use the old 'main' method name. if ($modfunc[1] == 'index') { $modfunc[1] = $r->hasMethod('mainAction') ? 'mainAction' : 'main'; } } } if ($r->hasMethod($modfunc[1])) { // Did we get a valid method? If so, resolve arguments! $methodArgs = $resolver->getArguments($sm->get('request'), $modfunc); } else { // We still didn't get a valid method. Do not use argument resolving. $newType = false; } } catch (\RuntimeException $e) { // Something went wrong. Check if the method still uses the old non-Symfony $args array. if ($modfunc[0] instanceof \Zikula_AbstractBase) { $r = new \ReflectionMethod($modfunc[0], $modfunc[1]); $parameters = $r->getParameters(); if (count($parameters) == 1) { $firstParameter = $parameters[0]; if ($firstParameter->getName() == 'args') { // The method really uses the old $args parameter. In this case we can continue // using the old Controller call and don't have to throw an exception. $newType = false; } } } if ($newType !== false) { throw $e; } } } if ($modfunc[0] instanceof Zikula_AbstractController) { $reflection = call_user_func(array($modfunc[0], 'getReflection')); $subclassOfReflection = new ReflectionClass($reflection->getParentClass()); if ($subclassOfReflection->hasMethod($modfunc[1])) { // Don't allow front controller to access any public methods inside the controller's parents throw new Zikula_Exception_NotFound(); } $modfunc[0]->preDispatch(); } if (!$api && $newType && isset($methodArgs)) { $postExecuteEvent->setData(call_user_func_array($modfunc, $methodArgs)); } else { $postExecuteEvent->setData(call_user_func($modfunc, $args)); } if ($modfunc[0] instanceof Zikula_AbstractController) { $modfunc[0]->postDispatch(); } } else { $postExecuteEvent->setData($modfunc($args)); } return $eventManager->dispatch('module_dispatch.postexecute', $postExecuteEvent)->getData(); } // try to load plugin // This kind of eventhandler should // 1. Check $event['modfunc'] to see if it should run else exit silently. // 2. Do something like $result = {$event['modfunc']}({$event['args'}); // 3. Save the result $event->setData($result). // 4. $event->setNotify(). // return void // This event means that no $type was found $event = new \Zikula\Core\Event\GenericEvent(null, array('modfunc' => $modfunc, 'args' => $args, 'modinfo' => $modinfo, 'type' => $type, 'api' => $api), false); $eventManager->dispatch('module_dispatch.type_not_found', $event); if ($preExecuteEvent->isPropagationStopped()) { return $preExecuteEvent->getData(); } return false; } // Issue not found exception for controller requests if (!System::isLegacyMode() && !$api) { throw new Zikula_Exception_NotFound(__f('The requested controller action %s_Controller_%s::%s() could not be found', array($modname, $type, $func))); } }
/** * Vetos (denies) a login attempt, and forces the user to change his password. * This handler is triggered by the 'user.login.veto' event. It vetos (denies) a * login attempt if the users's account record is flagged to force the user to change * his password maintained by the Users module. If the user does not maintain a * password on his Users account (e.g., he registered with and logs in with a Google * Account or an OpenID, and never established a Users password), then this handler * will not trigger a change of password. * * @param GenericEvent $event The event that triggered this handler. * * @return void * * @throws \RuntimeException Thrown if the user hasn't changed the account password */ public function forcedPasswordChange(GenericEvent $event) { $userObj = $event->getSubject(); $userMustChangePassword = UserUtil::getVar('_Users_mustChangePassword', $userObj['uid'], false); if ($userMustChangePassword && $userObj['pass'] != UsersConstant::PWD_NO_USERS_AUTHENTICATION) { $event->stopPropagation(); $event->setData(array('redirect_func' => array('modname' => UsersConstant::MODNAME, 'type' => 'user', 'func' => 'changePassword', 'args' => array('login' => true), 'session' => array('var' => 'User_changePassword', 'namespace' => UsersConstant::SESSION_VAR_NAMESPACE)))); $this->requestStack->getCurrentRequest()->getSession()->getFlashBag()->add('error', __("Your log-in request was not completed. You must change your web site account's password first.")); } }
/** * Debug toolbar rendering (listener for 'theme.prefetch' and 'theme.postfetch' events). * * @param GenericEvent $event Event. * * @return void */ public function debugToolbarRendering(GenericEvent $event) { if (!$event->getSubject() instanceof \Zikula_ErrorHandler_Ajax) { if ($event->getName() == 'theme.prefetch') { // force object construction (debug toolbar constructor registers javascript and css files via PageUtil) $this->container->get('debug.toolbar'); } else { $toolbar = $this->container->get('debug.toolbar'); $html = $toolbar->getContent() . "\n</body>"; $event->setData(str_replace('</body>', $html, $event->getData())); } } }
public static function moduleservices(GenericEvent $event) { // check if this is for this handler $subject = $event->getSubject(); if (!($event['method'] == 'moduleservices' && strrpos(get_class($subject), '_Controller_Admin'))) { return; } $moduleName = $subject->getName(); if (!SecurityUtil::checkPermission($moduleName . '::', '::', ACCESS_ADMIN)) { throw new \Zikula\Framework\Exception\ForbiddenException(); } $view = Zikula_View::getInstance('Extensions', false); $view->assign('currentmodule', $moduleName); // notify EVENT here to gather any system service links $localevent = new GenericEvent($subject, array('modname' => $moduleName)); EventUtil::dispatch('module_dispatch.service_links', $localevent); $sublinks = $localevent->getData(); $view->assign('sublinks', $sublinks); $event->setData($view->fetch('HookUi/moduleservices.tpl')); $event->stopPropagation(); }