| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2019-03-20 12:52:16 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | namespace Grav\Plugin\Admin; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-14 12:19:31 +03:00
										 |  |  | use Grav\Common\Cache; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | use Grav\Common\Config\Config; | 
					
						
							| 
									
										
										
										
											2019-03-05 15:46:55 +02:00
										 |  |  | use Grav\Common\Data\Data; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | use Grav\Common\Filesystem\Folder; | 
					
						
							|  |  |  | use Grav\Common\Grav; | 
					
						
							| 
									
										
										
										
											2018-05-16 21:49:20 +03:00
										 |  |  | use Grav\Common\Media\Interfaces\MediaInterface; | 
					
						
							| 
									
										
										
										
											2019-03-05 15:46:55 +02:00
										 |  |  | use Grav\Common\Page\Interfaces\PageInterface; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | use Grav\Common\Page\Media; | 
					
						
							| 
									
										
										
										
											2019-09-03 11:56:22 -06:00
										 |  |  | use Grav\Common\Security; | 
					
						
							| 
									
										
										
										
											2019-01-08 11:28:41 +02:00
										 |  |  | use Grav\Common\Uri; | 
					
						
							| 
									
										
										
										
											2019-03-28 11:14:55 +02:00
										 |  |  | use Grav\Common\User\Interfaces\UserInterface; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | use Grav\Common\Utils; | 
					
						
							| 
									
										
										
										
											2017-05-15 14:47:26 -06:00
										 |  |  | use Grav\Common\Plugin; | 
					
						
							|  |  |  | use Grav\Common\Theme; | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  | use Grav\Framework\Controller\Traits\ControllerResponseTrait; | 
					
						
							|  |  |  | use Grav\Framework\RequestHandler\Exception\RequestException; | 
					
						
							|  |  |  | use Psr\Http\Message\ResponseInterface; | 
					
						
							|  |  |  | use Psr\Http\Message\ServerRequestInterface; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | use RocketTheme\Toolbox\Event\Event; | 
					
						
							|  |  |  | use RocketTheme\Toolbox\File\File; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /** | 
					
						
							|  |  |  |  * Class AdminController | 
					
						
							|  |  |  |  * | 
					
						
							|  |  |  |  * @package Grav\Plugin | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | class AdminBaseController | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |     use ControllerResponseTrait; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * @var Grav | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public $grav; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var string | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public $view; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var string | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public $task; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var string | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public $route; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var array | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public $post; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var array|null | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public $data; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var \Grav\Common\Uri | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected $uri; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var Admin | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected $admin; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var string | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected $redirect; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @var int | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected $redirectCode; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     protected $upload_errors = [ | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |         0 => 'There is no error, the file uploaded with success', | 
					
						
							|  |  |  |         1 => 'The uploaded file exceeds the max upload size', | 
					
						
							|  |  |  |         2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML', | 
					
						
							|  |  |  |         3 => 'The uploaded file was only partially uploaded', | 
					
						
							|  |  |  |         4 => 'No file was uploaded', | 
					
						
							|  |  |  |         6 => 'Missing a temporary folder', | 
					
						
							|  |  |  |         7 => 'Failed to write file to disk', | 
					
						
							|  |  |  |         8 => 'A PHP extension stopped the file upload' | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     ]; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  |     /** @var array */ | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     public $blacklist_views = []; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Performs a task. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return bool True if the action was performed successfully. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function execute() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |         if (in_array($this->view, $this->blacklist_views, true)) { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-02-08 17:17:05 -07:00
										 |  |  | //        if (!$this->validateNonce()) {
 | 
					
						
							|  |  |  | //            return false;
 | 
					
						
							|  |  |  | //        }
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $method = 'task' . ucfirst($this->task); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (method_exists($this, $method)) { | 
					
						
							|  |  |  |             try { | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |                 $response = $this->{$method}(); | 
					
						
							|  |  |  |             } catch (RequestException $e) { | 
					
						
							|  |  |  |                 $response = $this->createErrorResponse($e); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             } catch (\RuntimeException $e) { | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |                 $response = true; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                 $this->admin->setMessage($e->getMessage(), 'error'); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } else { | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |             $response = $this->grav->fireEvent('onAdminTaskExecute', | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  |                 new Event(['controller' => $this, 'method' => $method])); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |         if ($response instanceof ResponseInterface) { | 
					
						
							|  |  |  |             $this->close($response); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         // Grab redirect parameter.
 | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |         $redirect = $this->post['_redirect'] ?? null; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         unset($this->post['_redirect']); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Redirect if requested.
 | 
					
						
							|  |  |  |         if ($redirect) { | 
					
						
							|  |  |  |             $this->setRedirect($redirect); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |         return $response; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     protected function validateNonce() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |         if (strtolower($_SERVER['REQUEST_METHOD']) === 'post') { | 
					
						
							|  |  |  |             if (isset($this->post['admin-nonce'])) { | 
					
						
							|  |  |  |                 $nonce = $this->post['admin-nonce']; | 
					
						
							|  |  |  |             } else { | 
					
						
							|  |  |  |                 $nonce = $this->grav['uri']->param('admin-nonce'); | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |             if (!$nonce || !Utils::verifyNonce($nonce, 'admin-form')) { | 
					
						
							|  |  |  |                 if ($this->task === 'addmedia') { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                     $message = sprintf($this->admin::translate('PLUGIN_ADMIN.FILE_TOO_LARGE', null), | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                         ini_get('post_max_size')); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                     //In this case it's more likely that the image is too big than POST can handle. Show message
 | 
					
						
							|  |  |  |                     $this->admin->json_response = [ | 
					
						
							|  |  |  |                         'status'  => 'error', | 
					
						
							|  |  |  |                         'message' => $message | 
					
						
							|  |  |  |                     ]; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                     return false; | 
					
						
							|  |  |  |                 } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                 $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error'); | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                 $this->admin->json_response = [ | 
					
						
							|  |  |  |                     'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                     'message' => $this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN') | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                 ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 return false; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             unset($this->post['admin-nonce']); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |             if ($this->task === 'logout') { | 
					
						
							|  |  |  |                 $nonce = $this->grav['uri']->param('logout-nonce'); | 
					
						
							|  |  |  |                 if (null === $nonce || !Utils::verifyNonce($nonce, 'logout-form')) { | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                     $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                         'error'); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                     $this->admin->json_response = [ | 
					
						
							|  |  |  |                         'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                         'message' => $this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN') | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                     ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     return false; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } else { | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                 $nonce = $this->grav['uri']->param('admin-nonce'); | 
					
						
							|  |  |  |                 if (null === $nonce || !Utils::verifyNonce($nonce, 'admin-form')) { | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                     $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                         'error'); | 
					
						
							|  |  |  |                     $this->admin->json_response = [ | 
					
						
							|  |  |  |                         'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                         'message' => $this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN') | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                     ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     return false; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Sets the page redirect. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param string $path The path to redirect to | 
					
						
							|  |  |  |      * @param int    $code The HTTP redirect code | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function setRedirect($path, $code = 303) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $this->redirect     = $path; | 
					
						
							|  |  |  |         $this->redirectCode = $code; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-11-07 19:11:36 +02:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Sends JSON response and terminates the call. | 
					
						
							|  |  |  |      * | 
					
						
							| 
									
										
										
										
											2019-06-03 13:17:16 +03:00
										 |  |  |      * @param array $json | 
					
						
							| 
									
										
										
										
											2018-11-07 19:11:36 +02:00
										 |  |  |      * @param int $code | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2019-06-03 13:17:16 +03:00
										 |  |  |     protected function sendJsonResponse(array $json, $code = 200): void | 
					
						
							| 
									
										
										
										
											2018-11-07 19:11:36 +02:00
										 |  |  |     { | 
					
						
							|  |  |  |         // JSON response.
 | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |         $response = $this->createJsonResponse($json, $code); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->close($response); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2019-06-03 13:17:16 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * @param ResponseInterface $response | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function close(ResponseInterface $response): void | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-08-14 20:36:33 +03:00
										 |  |  |         $this->grav->close($response); | 
					
						
							| 
									
										
										
										
											2018-11-07 19:11:36 +02:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Handles ajax upload for files. | 
					
						
							|  |  |  |      * Stores in a flash object the temporary file and deals with potential file errors. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return bool True if the action was performed. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function taskFilesUpload() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |         if (null === $_FILES || !$this->authorizeTask('save', $this->dataPermissions())) { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         /** @var Config $config */ | 
					
						
							|  |  |  |         $config   = $this->grav['config']; | 
					
						
							| 
									
										
										
										
											2017-12-05 16:27:20 -07:00
										 |  |  |         $data     = $this->view === 'pages' ? $this->admin->page(true) : $this->prepareData([]); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         $settings = $data->blueprints()->schema()->getProperty($this->post['name']); | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  |         $settings = (object)array_merge([ | 
					
						
							|  |  |  |             'avoid_overwriting' => false, | 
					
						
							|  |  |  |             'random_name'       => false, | 
					
						
							|  |  |  |             'accept'            => ['image/*'], | 
					
						
							|  |  |  |             'limit'             => 10, | 
					
						
							| 
									
										
										
										
											2019-03-12 06:28:52 -06:00
										 |  |  |             'filesize'          => Utils::getUploadLimit() | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  |         ], (array)$settings, ['name' => $this->post['name']]); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $upload = $this->normalizeFiles($_FILES['data'], $settings->name); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-04 15:42:59 +03:00
										 |  |  |         $filename = $upload->file->name; | 
					
						
							| 
									
										
										
										
											2017-12-05 16:27:20 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // Handle bad filenames.
 | 
					
						
							| 
									
										
										
										
											2018-10-04 15:42:59 +03:00
										 |  |  |         if (!Utils::checkFilename($filename)) { | 
					
						
							| 
									
										
										
										
											2017-12-05 16:27:20 -07:00
										 |  |  |             $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                 'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_UPLOAD', null), | 
					
						
							| 
									
										
										
										
											2017-12-05 16:27:20 -07:00
										 |  |  |                     $filename, 'Bad filename') | 
					
						
							|  |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         if (!isset($settings->destination)) { | 
					
						
							|  |  |  |             $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                 'message' => $this->admin::translate('PLUGIN_ADMIN.DESTINATION_NOT_SPECIFIED', null) | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Do not use self@ outside of pages
 | 
					
						
							| 
									
										
										
										
											2018-10-01 21:42:20 +03:00
										 |  |  |         if ($this->view !== 'pages' && in_array($settings->destination, ['@self', 'self@', '@self@'])) { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                 'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_PREVENT_SELF', null), | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  |                     $settings->destination) | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Handle errors and breaks without proceeding further
 | 
					
						
							| 
									
										
										
										
											2018-05-22 10:58:35 +03:00
										 |  |  |         if ($upload->file->error !== UPLOAD_ERR_OK) { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                 'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_UPLOAD', null), | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |                     $filename, $this->upload_errors[$upload->file->error]) | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Handle file size limits
 | 
					
						
							|  |  |  |         $settings->filesize *= 1048576; // 2^20 [MB in Bytes]
 | 
					
						
							|  |  |  |         if ($settings->filesize > 0 && $upload->file->size > $settings->filesize) { | 
					
						
							|  |  |  |             $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                 'message' => $this->admin::translate('PLUGIN_ADMIN.EXCEEDED_GRAV_FILESIZE_LIMIT') | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Handle Accepted file types
 | 
					
						
							|  |  |  |         // Accept can only be mime types (image/png | image/*) or file extensions (.pdf|.jpg)
 | 
					
						
							|  |  |  |         $accepted = false; | 
					
						
							|  |  |  |         $errors   = []; | 
					
						
							| 
									
										
										
										
											2017-12-05 16:27:20 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-04 15:42:59 +03:00
										 |  |  |         // Do not trust mimetype sent by the browser
 | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |         $mime = Utils::getMimeByFilename($filename); | 
					
						
							| 
									
										
										
										
											2018-10-04 15:42:59 +03:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         foreach ((array)$settings->accept as $type) { | 
					
						
							|  |  |  |             // Force acceptance of any file when star notation
 | 
					
						
							| 
									
										
										
										
											2017-12-05 16:27:20 -07:00
										 |  |  |             if ($type === '*') { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                 $accepted = true; | 
					
						
							|  |  |  |                 break; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             $isMime = strstr($type, '/'); | 
					
						
							| 
									
										
										
										
											2019-10-23 22:48:06 +02:00
										 |  |  |             $find   = str_replace(['.', '*', '+'], ['\.', '.*', '\+'], $type); | 
					
						
							| 
									
										
										
										
											2018-10-04 15:42:59 +03:00
										 |  |  | 
 | 
					
						
							|  |  |  |             if ($isMime) { | 
					
						
							|  |  |  |                 $match = preg_match('#' . $find . '$#', $mime); | 
					
						
							|  |  |  |                 if (!$match) { | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |                     $errors[] = 'The MIME type "' . $mime . '" for the file "' . $filename . '" is not an accepted.'; | 
					
						
							| 
									
										
										
										
											2018-10-04 15:42:59 +03:00
										 |  |  |                 } else { | 
					
						
							|  |  |  |                     $accepted = true; | 
					
						
							|  |  |  |                     break; | 
					
						
							|  |  |  |                 } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             } else { | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |                 $match = preg_match('#' . $find . '$#', $filename); | 
					
						
							| 
									
										
										
										
											2018-10-04 15:42:59 +03:00
										 |  |  |                 if (!$match) { | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |                     $errors[] = 'The File Extension for the file "' . $filename . '" is not an accepted.'; | 
					
						
							| 
									
										
										
										
											2018-10-04 15:42:59 +03:00
										 |  |  |                 } else { | 
					
						
							|  |  |  |                     $accepted = true; | 
					
						
							|  |  |  |                     break; | 
					
						
							|  |  |  |                 } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (!$accepted) { | 
					
						
							|  |  |  |             $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'error', | 
					
						
							|  |  |  |                 'message' => implode('<br />', $errors) | 
					
						
							|  |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-05 16:27:20 -07:00
										 |  |  |         // Remove the error object to avoid storing it
 | 
					
						
							|  |  |  |         unset($upload->file->error); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // we need to move the file at this stage or else
 | 
					
						
							|  |  |  |         // it won't be available upon save later on
 | 
					
						
							|  |  |  |         // since php removes it from the upload location
 | 
					
						
							|  |  |  |         $tmp_dir  = Admin::getTempDir(); | 
					
						
							|  |  |  |         $tmp_file = $upload->file->tmp_name; | 
					
						
							|  |  |  |         $tmp      = $tmp_dir . '/uploaded-files/' . basename($tmp_file); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         Folder::create(dirname($tmp)); | 
					
						
							|  |  |  |         if (!move_uploaded_file($tmp_file, $tmp)) { | 
					
						
							|  |  |  |             $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                 'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_MOVE', null), '', | 
					
						
							| 
									
										
										
										
											2017-12-05 16:27:20 -07:00
										 |  |  |                     $tmp) | 
					
						
							|  |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-09-03 11:56:22 -06:00
										 |  |  |         // Special Sanitization for SVG
 | 
					
						
							|  |  |  |         if (Utils::contains($mime, 'svg', false)) { | 
					
						
							|  |  |  |             Security::sanitizeSVG($tmp); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-12-05 16:27:20 -07:00
										 |  |  |         $upload->file->tmp_name = $tmp; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         // Retrieve the current session of the uploaded files for the field
 | 
					
						
							|  |  |  |         // and initialize it if it doesn't exist
 | 
					
						
							|  |  |  |         $sessionField = base64_encode($this->grav['uri']->url()); | 
					
						
							|  |  |  |         $flash        = $this->admin->session()->getFlashObject('files-upload'); | 
					
						
							|  |  |  |         if (!$flash) { | 
					
						
							|  |  |  |             $flash = []; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (!isset($flash[$sessionField])) { | 
					
						
							|  |  |  |             $flash[$sessionField] = []; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (!isset($flash[$sessionField][$upload->field])) { | 
					
						
							|  |  |  |             $flash[$sessionField][$upload->field] = []; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Set destination
 | 
					
						
							| 
									
										
										
										
											2017-03-29 22:41:24 -07:00
										 |  |  |         if ($this->grav['locator']->isStream($settings->destination)) { | 
					
						
							|  |  |  |             $destination = $this->grav['locator']->findResource($settings->destination, false, true); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |             $destination = Folder::getRelativePath(rtrim($settings->destination, '/')); | 
					
						
							|  |  |  |             $destination = $this->admin->getPagePathFromToken($destination); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // Create destination if needed
 | 
					
						
							|  |  |  |         if (!is_dir($destination)) { | 
					
						
							|  |  |  |             Folder::mkdir($destination); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Generate random name if required
 | 
					
						
							|  |  |  |         if ($settings->random_name) { // TODO: document
 | 
					
						
							| 
									
										
										
										
											2018-10-04 06:43:36 -04:00
										 |  |  |             $extension          = pathinfo($upload->file->name, PATHINFO_EXTENSION); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             $upload->file->name = Utils::generateRandomString(15) . '.' . $extension; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Handle conflicting name if needed
 | 
					
						
							|  |  |  |         if ($settings->avoid_overwriting) { // TODO: document
 | 
					
						
							|  |  |  |             if (file_exists($destination . '/' . $upload->file->name)) { | 
					
						
							|  |  |  |                 $upload->file->name = date('YmdHis') . '-' . $upload->file->name; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Prepare object for later save
 | 
					
						
							|  |  |  |         $path               = $destination . '/' . $upload->file->name; | 
					
						
							|  |  |  |         $upload->file->path = $path; | 
					
						
							|  |  |  |         // $upload->file->route = $page ? $path : null;
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Prepare data to be saved later
 | 
					
						
							|  |  |  |         $flash[$sessionField][$upload->field][$path] = (array)$upload->file; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Finally store the new uploaded file in the field session
 | 
					
						
							|  |  |  |         $this->admin->session()->setFlashObject('files-upload', $flash); | 
					
						
							|  |  |  |         $this->admin->json_response = [ | 
					
						
							|  |  |  |             'status'  => 'success', | 
					
						
							|  |  |  |             'session' => \json_encode([ | 
					
						
							|  |  |  |                 'sessionField' => base64_encode($this->grav['uri']->url()), | 
					
						
							|  |  |  |                 'path'         => $upload->file->path, | 
					
						
							|  |  |  |                 'field'        => $settings->name | 
					
						
							|  |  |  |             ]) | 
					
						
							|  |  |  |         ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Checks if the user is allowed to perform the given task with its associated permissions | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param string $task        The task to execute | 
					
						
							|  |  |  |      * @param array  $permissions The permissions given | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return bool True if authorized. False if not. | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2017-08-14 20:50:56 -06:00
										 |  |  |     public function authorizeTask($task = '', $permissions = []) | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     { | 
					
						
							|  |  |  |         if (!$this->admin->authorize($permissions)) { | 
					
						
							|  |  |  |             if ($this->grav['uri']->extension() === 'json') { | 
					
						
							|  |  |  |                 $this->admin->json_response = [ | 
					
						
							|  |  |  |                     'status'  => 'unauthorized', | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |                     'message' => $this->admin::translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' ' . $task . '.' | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                 ]; | 
					
						
							|  |  |  |             } else { | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |                 $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' ' . $task . '.', | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                     'error'); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Checks if the user is allowed to perform the given task with its associated permissions. | 
					
						
							|  |  |  |      * Throws exception if the check fails. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param string $task        The task to execute | 
					
						
							|  |  |  |      * @param array  $permissions The permissions given | 
					
						
							|  |  |  |      * @throws RequestException | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function checkTaskAuthorization($task = '', $permissions = []) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         if (!$this->admin->authorize($permissions)) { | 
					
						
							|  |  |  |             throw new RequestException($this->getRequest(), $this->admin::translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' ' . $task . '.', 403); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Gets the permissions needed to access a given view | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return array An array of permissions | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function dataPermissions() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $type        = $this->view; | 
					
						
							|  |  |  |         $permissions = ['admin.super']; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         switch ($type) { | 
					
						
							|  |  |  |             case 'configuration': | 
					
						
							| 
									
										
										
										
											2017-01-03 10:58:24 +01:00
										 |  |  |             case 'config': | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             case 'system': | 
					
						
							| 
									
										
										
										
											2020-02-03 11:43:18 +02:00
										 |  |  |                 $permissions[] = 'admin.configuration.system'; | 
					
						
							| 
									
										
										
										
											2020-02-03 11:51:09 +02:00
										 |  |  |                 $permissions[] = 'admin.configuration_system'; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                 break; | 
					
						
							|  |  |  |             case 'settings': | 
					
						
							|  |  |  |             case 'site': | 
					
						
							| 
									
										
										
										
											2020-02-03 11:43:18 +02:00
										 |  |  |                 $permissions[] = 'admin.configuration.site'; | 
					
						
							| 
									
										
										
										
											2020-02-03 11:51:09 +02:00
										 |  |  |                 $permissions[] = 'admin.configuration_site'; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                 $permissions[] = 'admin.settings'; | 
					
						
							|  |  |  |                 break; | 
					
						
							|  |  |  |             case 'plugins': | 
					
						
							|  |  |  |                 $permissions[] = 'admin.plugins'; | 
					
						
							|  |  |  |                 break; | 
					
						
							|  |  |  |             case 'themes': | 
					
						
							|  |  |  |                 $permissions[] = 'admin.themes'; | 
					
						
							|  |  |  |                 break; | 
					
						
							|  |  |  |             case 'users': | 
					
						
							|  |  |  |                 $permissions[] = 'admin.users'; | 
					
						
							|  |  |  |                 break; | 
					
						
							| 
									
										
										
										
											2017-01-28 16:48:11 +01:00
										 |  |  |             case 'user': | 
					
						
							|  |  |  |                 $permissions[] = 'admin.login'; | 
					
						
							|  |  |  |                 $permissions[] = 'admin.users'; | 
					
						
							|  |  |  |                 break; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             case 'pages': | 
					
						
							|  |  |  |                 $permissions[] = 'admin.pages'; | 
					
						
							|  |  |  |                 break; | 
					
						
							| 
									
										
										
										
											2020-02-03 11:48:10 +02:00
										 |  |  |             default: | 
					
						
							|  |  |  |                 $permissions[] = 'admin.configuration.' . $type; | 
					
						
							|  |  |  |                 $permissions[] = 'admin.configuration_' . $type; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $permissions; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Gets the configuration data for a given view & post | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param array $data | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return array | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function prepareData(array $data) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         return $data; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Internal method to normalize the $_FILES array | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param array  $data $_FILES starting point data | 
					
						
							|  |  |  |      * @param string $key | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return object a new Object with a normalized list of files | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function normalizeFiles($data, $key = '') | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $files        = new \stdClass(); | 
					
						
							|  |  |  |         $files->field = $key; | 
					
						
							|  |  |  |         $files->file  = new \stdClass(); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         foreach ($data as $fieldName => $fieldValue) { | 
					
						
							|  |  |  |             // Since Files Upload are always happening via Ajax
 | 
					
						
							|  |  |  |             // we are not interested in handling `multiple="true"`
 | 
					
						
							|  |  |  |             // because they are always handled one at a time.
 | 
					
						
							|  |  |  |             // For this reason we normalize the value to string,
 | 
					
						
							|  |  |  |             // in case it is arriving as an array.
 | 
					
						
							|  |  |  |             $value                     = (array)Utils::getDotNotation($fieldValue, $key); | 
					
						
							|  |  |  |             $files->file->{$fieldName} = array_shift($value); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $files; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Removes a file from the flash object session, before it gets saved | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return bool True if the action was performed. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     public function taskFilesSessionRemove() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |         if (!$this->authorizeTask('save', $this->dataPermissions())) { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Retrieve the current session of the uploaded files for the field
 | 
					
						
							|  |  |  |         // and initialize it if it doesn't exist
 | 
					
						
							|  |  |  |         $sessionField = base64_encode($this->grav['uri']->url()); | 
					
						
							|  |  |  |         $request      = \json_decode($this->post['session']); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Ensure the URI requested matches the current one, otherwise fail
 | 
					
						
							|  |  |  |         if ($request->sessionField !== $sessionField) { | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Retrieve the flash object and remove the requested file from it
 | 
					
						
							|  |  |  |         $flash    = $this->admin->session()->getFlashObject('files-upload'); | 
					
						
							|  |  |  |         $endpoint = $flash[$request->sessionField][$request->field][$request->path]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (isset($endpoint)) { | 
					
						
							|  |  |  |             if (file_exists($endpoint['tmp_name'])) { | 
					
						
							|  |  |  |                 unlink($endpoint['tmp_name']); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             unset($endpoint); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Walk backward to cleanup any empty field that's left
 | 
					
						
							|  |  |  |         // Field
 | 
					
						
							| 
									
										
										
										
											2017-03-13 17:57:05 -06:00
										 |  |  |         if (isset($flash[$request->sessionField][$request->field][$request->path])) { | 
					
						
							|  |  |  |             unset($flash[$request->sessionField][$request->field][$request->path]); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Field
 | 
					
						
							|  |  |  |         if (isset($flash[$request->sessionField][$request->field]) && empty($flash[$request->sessionField][$request->field])) { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             unset($flash[$request->sessionField][$request->field]); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Session Field
 | 
					
						
							| 
									
										
										
										
											2017-03-13 17:57:05 -06:00
										 |  |  |         if (isset($flash[$request->sessionField]) && empty($flash[$request->sessionField])) { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             unset($flash[$request->sessionField]); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // If there's anything left to restore in the flash object, do so
 | 
					
						
							|  |  |  |         if (count($flash)) { | 
					
						
							|  |  |  |             $this->admin->session()->setFlashObject('files-upload', $flash); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->admin->json_response = ['status' => 'success']; | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Redirect to the route stored in $this->redirect | 
					
						
							| 
									
										
										
										
											2019-06-27 13:19:30 +03:00
										 |  |  |      * | 
					
						
							|  |  |  |      * Route may or may not be prefixed by /en or /admin or /en/admin. | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function redirect() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-06-27 13:19:30 +03:00
										 |  |  |         $this->admin->redirect($this->redirect, $this->redirectCode); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Prepare and return POST data. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param array $post | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return array | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function getPost($post) | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-11-13 12:39:22 +02:00
										 |  |  |         if (!is_array($post)) { | 
					
						
							|  |  |  |             return []; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         unset($post['task']); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Decode JSON encoded fields and merge them to data.
 | 
					
						
							|  |  |  |         if (isset($post['_json'])) { | 
					
						
							|  |  |  |             $post = array_replace_recursive($post, $this->jsonDecode($post['_json'])); | 
					
						
							|  |  |  |             unset($post['_json']); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $post = $this->cleanDataKeys($post); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $post; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Recursively JSON decode data. | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param  array $data | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return array | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function jsonDecode(array $data) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         foreach ($data as &$value) { | 
					
						
							|  |  |  |             if (is_array($value)) { | 
					
						
							|  |  |  |                 $value = $this->jsonDecode($value); | 
					
						
							|  |  |  |             } else { | 
					
						
							|  |  |  |                 $value = json_decode($value, true); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $data; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     protected function cleanDataKeys($source = []) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $out = []; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (is_array($source)) { | 
					
						
							|  |  |  |             foreach ($source as $key => $value) { | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                 $key = str_replace(['%5B', '%5D'], ['[', ']'], $key); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                 if (is_array($value)) { | 
					
						
							|  |  |  |                     $out[$key] = $this->cleanDataKeys($value); | 
					
						
							|  |  |  |                 } else { | 
					
						
							|  |  |  |                     $out[$key] = $value; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $out; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Return true if multilang is active | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return bool True if multilang is active | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function isMultilang() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         return count($this->grav['config']->get('system.languages.supported', [])) > 1; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							| 
									
										
										
										
											2019-03-28 11:14:55 +02:00
										 |  |  |      * @param PageInterface|UserInterface|Data $obj | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |      * | 
					
						
							| 
									
										
										
										
											2019-03-28 11:14:55 +02:00
										 |  |  |      * @return PageInterface|UserInterface|Data | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |      */ | 
					
						
							|  |  |  |     protected function storeFiles($obj) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         // Process previously uploaded files for the current URI
 | 
					
						
							|  |  |  |         // and finally store them. Everything else will get discarded
 | 
					
						
							|  |  |  |         $queue = $this->admin->session()->getFlashObject('files-upload'); | 
					
						
							|  |  |  |         if (is_array($queue)) { | 
					
						
							| 
									
										
										
										
											2019-12-03 12:26:56 +02:00
										 |  |  |             $queue = $queue[base64_encode($this->grav['uri']->url())]; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             foreach ($queue as $key => $files) { | 
					
						
							|  |  |  |                 foreach ($files as $destination => $file) { | 
					
						
							|  |  |  |                     if (!rename($file['tmp_name'], $destination)) { | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  |                         throw new \RuntimeException(sprintf($this->admin->translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_MOVE', | 
					
						
							|  |  |  |                             null), '"' . $file['tmp_name'] . '"', $destination)); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                     unset($files[$destination]['tmp_name']); | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                 if ($this->view === 'pages') { | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                     $keys     = explode('.', preg_replace('/^header./', '', $key)); | 
					
						
							|  |  |  |                     $init_key = array_shift($keys); | 
					
						
							|  |  |  |                     if (count($keys) > 0) { | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |                         $new_data = $obj->header()->{$init_key} ?? []; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                         Utils::setDotNotation($new_data, implode('.', $keys), $files, true); | 
					
						
							|  |  |  |                     } else { | 
					
						
							|  |  |  |                         $new_data = $files; | 
					
						
							|  |  |  |                     } | 
					
						
							| 
									
										
										
										
											2018-05-31 18:41:18 +03:00
										 |  |  |                     if (isset($obj->header()->{$init_key})) { | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  |                         $obj->modifyHeader($init_key, | 
					
						
							| 
									
										
										
										
											2018-05-23 10:24:22 -07:00
										 |  |  |                             array_replace_recursive([], $obj->header()->{$init_key}, $new_data)); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                     } else { | 
					
						
							|  |  |  |                         $obj->modifyHeader($init_key, $new_data); | 
					
						
							|  |  |  |                     } | 
					
						
							| 
									
										
										
										
											2019-04-15 11:27:39 +03:00
										 |  |  |                 } elseif ($obj instanceof UserInterface and $key === 'avatar') { | 
					
						
							|  |  |  |                     $obj->set($key, $files); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |                 } else { | 
					
						
							|  |  |  |                     // TODO: [this is JS handled] if it's single file, remove existing and use set, if it's multiple, use join
 | 
					
						
							|  |  |  |                     $obj->join($key, $files); // stores
 | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $obj; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Used by the filepicker field to get a list of files in a folder. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function taskGetFilesInFolder() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         if (!$this->authorizeTask('save', $this->dataPermissions())) { | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-16 21:49:20 +03:00
										 |  |  |         $data = $this->view === 'pages' ? $this->admin->page(true) : $this->prepareData([]); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (null === $data) { | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-06-14 16:47:06 +03:00
										 |  |  |         if (method_exists($data, 'blueprints')) { | 
					
						
							| 
									
										
										
										
											2018-05-16 21:49:20 +03:00
										 |  |  |             $settings = $data->blueprints()->schema()->getProperty($this->post['name']); | 
					
						
							|  |  |  |         } elseif (method_exists($data, 'getBlueprint')) { | 
					
						
							|  |  |  |             $settings = $data->getBlueprint()->schema()->getProperty($this->post['name']); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         if (isset($settings['folder'])) { | 
					
						
							|  |  |  |             $folder = $settings['folder']; | 
					
						
							|  |  |  |         } else { | 
					
						
							| 
									
										
										
										
											2018-06-14 16:47:06 +03:00
										 |  |  |             $folder = 'self@'; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Do not use self@ outside of pages
 | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |         if ($this->view !== 'pages' && in_array($folder, ['@self', 'self@', '@self@'])) { | 
					
						
							| 
									
										
										
										
											2018-05-16 21:49:20 +03:00
										 |  |  |             if (!$data instanceof MediaInterface) { | 
					
						
							|  |  |  |                 $this->admin->json_response = [ | 
					
						
							|  |  |  |                     'status'  => 'error', | 
					
						
							| 
									
										
										
										
											2018-12-05 10:34:54 +02:00
										 |  |  |                     'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_PREVENT_SELF', null), $folder) | 
					
						
							| 
									
										
										
										
											2018-05-16 21:49:20 +03:00
										 |  |  |                 ]; | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-16 21:49:20 +03:00
										 |  |  |                 return false; | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-16 21:49:20 +03:00
										 |  |  |             $media = $data->getMedia(); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |             // Set destination
 | 
					
						
							|  |  |  |             $folder = Folder::getRelativePath(rtrim($folder, '/')); | 
					
						
							|  |  |  |             $folder = $this->admin->getPagePathFromToken($folder); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-22 10:58:35 +03:00
										 |  |  |             $media = new Media($folder); | 
					
						
							| 
									
										
										
										
											2018-05-16 21:49:20 +03:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $available_files = []; | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:15 -06:00
										 |  |  |         $metadata = []; | 
					
						
							| 
									
										
										
										
											2017-05-19 13:40:48 -06:00
										 |  |  |         $thumbs = []; | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:15 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         foreach ($media->all() as $name => $medium) { | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:15 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-19 11:41:05 -06:00
										 |  |  |            $available_files[] = $name; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (isset($settings['include_metadata'])) { | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:15 -06:00
										 |  |  |                 $img_metadata = $medium->metadata(); | 
					
						
							|  |  |  |                 if ($img_metadata) { | 
					
						
							|  |  |  |                     $metadata[$name] = $img_metadata; | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Peak in the flashObject for optimistic filepicker updates
 | 
					
						
							|  |  |  |         $pending_files = []; | 
					
						
							|  |  |  |         $sessionField  = base64_encode($this->grav['uri']->url()); | 
					
						
							|  |  |  |         $flash         = $this->admin->session()->getFlashObject('files-upload'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ($flash && isset($flash[$sessionField])) { | 
					
						
							|  |  |  |             foreach ($flash[$sessionField] as $field => $data) { | 
					
						
							|  |  |  |                 foreach ($data as $file) { | 
					
						
							|  |  |  |                     if (dirname($file['path']) === $folder) { | 
					
						
							|  |  |  |                         $pending_files[] = $file['name']; | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->admin->session()->setFlashObject('files-upload', $flash); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Handle Accepted file types
 | 
					
						
							|  |  |  |         // Accept can only be file extensions (.pdf|.jpg)
 | 
					
						
							|  |  |  |         if (isset($settings['accept'])) { | 
					
						
							|  |  |  |             $available_files = array_filter($available_files, function ($file) use ($settings) { | 
					
						
							|  |  |  |                 return $this->filterAcceptedFiles($file, $settings); | 
					
						
							|  |  |  |             }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             $pending_files = array_filter($pending_files, function ($file) use ($settings) { | 
					
						
							|  |  |  |                 return $this->filterAcceptedFiles($file, $settings); | 
					
						
							|  |  |  |             }); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-20 22:20:36 -06:00
										 |  |  |         // Generate thumbs if needed
 | 
					
						
							|  |  |  |         if (isset($settings['preview_images']) && $settings['preview_images'] === true) { | 
					
						
							| 
									
										
										
										
											2017-05-19 13:40:48 -06:00
										 |  |  |             foreach ($available_files as $filename) { | 
					
						
							|  |  |  |                 $thumbs[$filename] = $media[$filename]->zoomCrop(100,100)->url(); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         $this->admin->json_response = [ | 
					
						
							|  |  |  |             'status'  => 'success', | 
					
						
							|  |  |  |             'files'   => array_values($available_files), | 
					
						
							|  |  |  |             'pending' => array_values($pending_files), | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:15 -06:00
										 |  |  |             'folder'  => $folder, | 
					
						
							| 
									
										
										
										
											2017-05-19 13:40:48 -06:00
										 |  |  |             'metadata' => $metadata, | 
					
						
							|  |  |  |             'thumbs' => $thumbs | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     protected function filterAcceptedFiles($file, $settings) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $valid = false; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         foreach ((array)$settings['accept'] as $type) { | 
					
						
							|  |  |  |             $find = str_replace('*', '.*', $type); | 
					
						
							|  |  |  |             $valid |= preg_match('#' . $find . '$#', $file); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $valid; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Handle deleting a file from a blueprint | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return bool True if the action was performed. | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function taskRemoveFileFromBlueprint() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-01-08 11:28:41 +02:00
										 |  |  |         /** @var Uri $uri */ | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         $uri       = $this->grav['uri']; | 
					
						
							|  |  |  |         $blueprint = base64_decode($uri->param('blueprint')); | 
					
						
							|  |  |  |         $path      = base64_decode($uri->param('path')); | 
					
						
							| 
									
										
										
										
											2019-01-14 18:48:31 +02:00
										 |  |  |         $filename  = basename($this->post['filename'] ?? ''); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         $proute    = base64_decode($uri->param('proute')); | 
					
						
							|  |  |  |         $type      = $uri->param('type'); | 
					
						
							|  |  |  |         $field     = $uri->param('field'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-01-14 18:48:31 +02:00
										 |  |  |         if ($filename === '') { | 
					
						
							|  |  |  |            $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'error', | 
					
						
							|  |  |  |                 'message' => 'Filename is empty' | 
					
						
							|  |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-04 16:30:07 -06:00
										 |  |  |         // Get Blueprint
 | 
					
						
							| 
									
										
										
										
											2019-01-08 11:28:41 +02:00
										 |  |  |         if ($type === 'pages' || strpos($blueprint, 'pages/') === 0) { | 
					
						
							|  |  |  |             $page = $this->admin->page(true, $proute); | 
					
						
							|  |  |  |             if (!$page) { | 
					
						
							|  |  |  |                 $this->admin->json_response = [ | 
					
						
							|  |  |  |                     'status'  => 'error', | 
					
						
							|  |  |  |                     'message' => 'Page not found' | 
					
						
							|  |  |  |                 ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |                 return false; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             $blueprints = $page->blueprints(); | 
					
						
							|  |  |  |             $path = Folder::getRelativePath($page->path()); | 
					
						
							|  |  |  |             $settings = (object)$blueprints->schema()->getProperty($field); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |             $page = null; | 
					
						
							| 
									
										
										
										
											2019-08-09 16:45:31 -06:00
										 |  |  |             if ($type === 'themes') { | 
					
						
							|  |  |  |                 $obj = $this->grav[$type]->get(Utils::substrToString($blueprint, '/')); //here
 | 
					
						
							|  |  |  |                 $settings = (object) $obj->blueprints()->schema()->getProperty($field); | 
					
						
							| 
									
										
										
										
											2019-04-09 10:36:13 +03:00
										 |  |  |             } else { | 
					
						
							| 
									
										
										
										
											2019-08-09 16:45:31 -06:00
										 |  |  |                 $settings = (object)$this->admin->blueprints($blueprint)->schema()->getProperty($field); | 
					
						
							| 
									
										
										
										
											2019-04-09 10:36:13 +03:00
										 |  |  |             } | 
					
						
							| 
									
										
										
										
											2019-01-08 11:28:41 +02:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-10-04 16:30:07 -06:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // Get destination
 | 
					
						
							|  |  |  |         if ($this->grav['locator']->isStream($settings->destination)) { | 
					
						
							|  |  |  |             $destination = $this->grav['locator']->findResource($settings->destination, false, true); | 
					
						
							| 
									
										
										
										
											2019-01-14 18:48:31 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-10-04 16:30:07 -06:00
										 |  |  |         } else { | 
					
						
							|  |  |  |             $destination = Folder::getRelativePath(rtrim($settings->destination, '/')); | 
					
						
							| 
									
										
										
										
											2019-01-08 11:28:41 +02:00
										 |  |  |             $destination = $this->admin->getPagePathFromToken($destination, $page); | 
					
						
							| 
									
										
										
										
											2018-10-04 16:30:07 -06:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Not in path
 | 
					
						
							|  |  |  |         if (!Utils::startsWith($path, $destination)) { | 
					
						
							|  |  |  |             $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'error', | 
					
						
							|  |  |  |                 'message' => 'Path not valid for this data type' | 
					
						
							|  |  |  |             ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Only remove files from correct destination...
 | 
					
						
							| 
									
										
										
										
											2019-01-08 11:28:41 +02:00
										 |  |  |         $this->taskRemoveMedia($destination . '/' . $filename); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-01-08 11:28:41 +02:00
										 |  |  |         if ($page) { | 
					
						
							| 
									
										
										
										
											2019-09-19 12:55:46 -06:00
										 |  |  |             $keys = explode('.', preg_replace('/^header./', '', $field)); | 
					
						
							|  |  |  |             $header = (array)$page->header(); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             $data_path = implode('.', $keys); | 
					
						
							| 
									
										
										
										
											2019-09-19 12:55:46 -06:00
										 |  |  |             $data = Utils::getDotNotation($header, $data_path); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |             if (isset($data[$path])) { | 
					
						
							|  |  |  |                 unset($data[$path]); | 
					
						
							|  |  |  |                 Utils::setDotNotation($header, $data_path, $data); | 
					
						
							|  |  |  |                 $page->header($header); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             $page->save(); | 
					
						
							| 
									
										
										
										
											2019-09-19 12:55:46 -06:00
										 |  |  |         } elseif ($type === 'user') { | 
					
						
							|  |  |  |             $user = Grav::instance()['user']; | 
					
						
							|  |  |  |             unset($user->avatar); | 
					
						
							|  |  |  |             $user->save(); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         } else { | 
					
						
							| 
									
										
										
										
											2018-10-04 16:30:07 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |             $blueprint_prefix = $type === 'config' ? '' : $type . '.'; | 
					
						
							|  |  |  |             $blueprint_name   = str_replace(['config/', '/blueprints'], '', $blueprint); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             $blueprint_field  = $blueprint_prefix . $blueprint_name . '.' . $field; | 
					
						
							| 
									
										
										
										
											2018-10-04 16:30:07 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             $files            = $this->grav['config']->get($blueprint_field); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if ($files) { | 
					
						
							|  |  |  |                 foreach ($files as $key => $value) { | 
					
						
							|  |  |  |                     if ($key == $path) { | 
					
						
							|  |  |  |                         unset($files[$key]); | 
					
						
							|  |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             $this->grav['config']->set($blueprint_field, $files); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             switch ($type) { | 
					
						
							|  |  |  |                 case 'config': | 
					
						
							|  |  |  |                     $data   = $this->grav['config']->get($blueprint_name); | 
					
						
							|  |  |  |                     $config = $this->admin->data($blueprint, $data); | 
					
						
							|  |  |  |                     $config->save(); | 
					
						
							|  |  |  |                     break; | 
					
						
							|  |  |  |                 case 'themes': | 
					
						
							|  |  |  |                     Theme::saveConfig($blueprint_name); | 
					
						
							|  |  |  |                     break; | 
					
						
							|  |  |  |                 case 'plugins': | 
					
						
							|  |  |  |                     Plugin::saveConfig($blueprint_name); | 
					
						
							|  |  |  |                     break; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2019-06-14 12:19:31 +03:00
										 |  |  |         Cache::clearCache('invalidate'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         $this->admin->json_response = [ | 
					
						
							|  |  |  |             'status'  => 'success', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |             'message' => $this->admin::translate('PLUGIN_ADMIN.REMOVE_SUCCESSFUL') | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         ]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * Handles removing a media file | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return bool True if the action was performed | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2018-10-04 16:30:07 -06:00
										 |  |  |     public function taskRemoveMedia($filename = null) | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     { | 
					
						
							|  |  |  |         if (!$this->canEditMedia()) { | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |         if (null === $filename) { | 
					
						
							| 
									
										
										
										
											2018-10-04 16:30:07 -06:00
										 |  |  |             $filename = base64_decode($this->grav['uri']->param('route')); | 
					
						
							|  |  |  |             if (!$filename) { | 
					
						
							|  |  |  |                 $filename = base64_decode($this->route); | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2017-01-28 19:08:58 +01:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         $file                  = File::instance($filename); | 
					
						
							|  |  |  |         $resultRemoveMedia     = false; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ($file->exists()) { | 
					
						
							|  |  |  |             $resultRemoveMedia = $file->delete(); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:58 -06:00
										 |  |  |             $fileParts = pathinfo($filename); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:58 -06:00
										 |  |  |             foreach (scandir($fileParts['dirname']) as $file) { | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |                 $regex_pattern = '/' . preg_quote($fileParts['filename'], '/') . "@\d+x\." . $fileParts['extension'] . "(?:\.meta\.yaml)?$|" . preg_quote($fileParts['basename'], '/') . "\.meta\.yaml$/"; | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:58 -06:00
										 |  |  |                 if (preg_match($regex_pattern, $file)) { | 
					
						
							|  |  |  |                     $path = $fileParts['dirname'] . '/' . $file; | 
					
						
							|  |  |  |                     @unlink($path); | 
					
						
							|  |  |  |                 } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |             } | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:58 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-15 14:48:58 -06:00
										 |  |  |         if ($resultRemoveMedia) { | 
					
						
							| 
									
										
										
										
											2017-01-28 19:08:58 +01:00
										 |  |  |             if ($this->grav['uri']->extension() === 'json') { | 
					
						
							|  |  |  |                 $this->admin->json_response = [ | 
					
						
							|  |  |  |                     'status'  => 'success', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                     'message' => $this->admin::translate('PLUGIN_ADMIN.REMOVE_SUCCESSFUL') | 
					
						
							| 
									
										
										
										
											2017-01-28 19:08:58 +01:00
										 |  |  |                 ]; | 
					
						
							|  |  |  |             } else { | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                 $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.REMOVE_SUCCESSFUL'), 'info'); | 
					
						
							| 
									
										
										
										
											2017-01-28 19:08:58 +01:00
										 |  |  |                 $this->clearMediaCache(); | 
					
						
							|  |  |  |                 $this->setRedirect('/media-manager'); | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |             return true; | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |         if ($this->grav['uri']->extension() === 'json') { | 
					
						
							|  |  |  |             $this->admin->json_response = [ | 
					
						
							|  |  |  |                 'status'  => 'success', | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |                 'message' => $this->admin::translate('PLUGIN_ADMIN.REMOVE_FAILED') | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  |             ]; | 
					
						
							|  |  |  |         } else { | 
					
						
							| 
									
										
										
										
											2018-12-05 08:20:38 +02:00
										 |  |  |             $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.REMOVE_FAILED'), 'error'); | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-05-09 12:24:01 +03:00
										 |  |  | 
 | 
					
						
							|  |  |  |         return false; | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-01-28 19:09:30 +01:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Handles clearing the media cache | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return bool True if the action was performed | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function clearMediaCache() | 
					
						
							|  |  |  |     { | 
					
						
							| 
									
										
										
										
											2017-02-26 19:36:01 +01:00
										 |  |  |         $key   = 'media-manager-files'; | 
					
						
							| 
									
										
										
										
											2017-01-28 19:09:30 +01:00
										 |  |  |         $cache = $this->grav['cache']; | 
					
						
							|  |  |  |         $cache->delete(md5($key)); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * Determine if the user can edit media | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param string $type | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @return bool True if the media action is allowed | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function canEditMedia($type = 'media') | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         if (!$this->authorizeTask('edit media', ['admin.' . $type, 'admin.super'])) { | 
					
						
							|  |  |  |             return false; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return true; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @param string $message | 
					
						
							|  |  |  |      * @param string $type | 
					
						
							|  |  |  |      * @return $this | 
					
						
							|  |  |  |      */ | 
					
						
							| 
									
										
										
										
											2019-08-26 10:51:10 +03:00
										 |  |  |     protected function setMessage($message, $type = 'info') | 
					
						
							| 
									
										
										
										
											2019-08-23 12:54:41 +03:00
										 |  |  |     { | 
					
						
							|  |  |  |         $this->admin->setMessage($message, $type); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $this; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @return Config | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function getConfig(): Config | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         return $this->grav['config']; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @return ServerRequestInterface | 
					
						
							|  |  |  |      */ | 
					
						
							|  |  |  |     protected function getRequest(): ServerRequestInterface | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         /** @var ServerRequestInterface $request */ | 
					
						
							|  |  |  |         return $this->grav['request']; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2016-11-07 09:54:10 -07:00
										 |  |  | } |