Skip to content

Commit

Permalink
fixed label, refactored hook
Browse files Browse the repository at this point in the history
  • Loading branch information
@koertho
koertho committed Dec 12, 2018
1 parent 354abf6 commit 5709e20
Show file tree
Hide file tree
Showing 17 changed files with 445 additions and 89 deletions.
6 changes: 5 additions & 1 deletion .php_cs
View file
Expand Up @@ -36,7 +36,11 @@ return PhpCsFixer\Config::create()
'expectedException',
'expectedExceptionMessage',
],
'blank_line_before_statement' => ['statements' => ['break', 'case', 'continue', 'declare', 'default', 'die', 'do', 'exit', 'for', 'foreach', 'goto', 'if', 'include', 'include_once', 'require', 'require_once', 'return', 'switch', 'throw', 'try', 'while', 'yield']]
'blank_line_before_statement' => [
'statements' => [
'break', 'case', 'continue', 'declare', 'default', 'die', 'do', 'exit', 'for', 'foreach', 'goto', 'if', 'include', 'include_once', 'require', 'require_once', 'return', 'switch', 'throw', 'try', 'while', 'yield'
]
]
])
->setFinder($finder)
->setRiskyAllowed(true)
Expand Down
9 changes: 9 additions & 0 deletions CHANGELOG.md
View file
@@ -1,6 +1,15 @@
# Changelog
All notable changes to this project will be documented in this file.

## [1.1.0] - 2018-12-12

#### Changed
- switched `heimrichhannot/dropzone-latest` for `heimrichhannot-contao-components/dropzone-latest`
- refactored `executePostActionsHook` into `HookListener` class

#### Fixed
- template label output

## [1.0.13] - 2018-12-11

### Fixed
Expand Down
1 change: 1 addition & 0 deletions README.md
View file
Expand Up @@ -78,6 +78,7 @@ thumbnailWidth | 90 | The thumbnail width (in px) of the uploaded file preview w
thumbnailHeight | 90 | The thumbnail height (in px) of the uploaded file preview within the dropzone preview container.
labels | array() | Overwrite the head and body labels within the upload field.
skipDeleteAfterSubmit | false | Prevent file removal from filesystem.
hideLabel | false | Hide widget label (Frontend)


### Field Callbacks
Expand Down
4 changes: 2 additions & 2 deletions composer.json
View file
Expand Up @@ -16,12 +16,12 @@
"php": "^7.1",
"contao/core-bundle": "^4.4",
"symfony/framework-bundle": "^3.4",
"heimrichhannot/dropzone-latest": "^5.0",
"heimrichhannot-contao-components/dropzone-latest": "^1.0",
"heimrichhannot/contao-ajax-bundle": "^1.0",
"heimrichhannot/contao-components": "^2.0"
},
"require-dev": {
"contao/test-case": "^1.1",
"contao/test-case": "1.1.*",
"contao/manager-plugin": "^2.0",
"friendsofphp/php-cs-fixer": "^2.2",
"phpunit/phpunit": ">=6.0 <6.5",
Expand Down
35 changes: 29 additions & 6 deletions src/Backend/MultiFileUpload.php
View file
Expand Up @@ -11,6 +11,7 @@
use Contao\BackendUser;
use Contao\Config;
use Contao\Controller;
use Contao\Environment;
use Contao\File;
use Contao\FileUpload;
use Contao\FrontendTemplate;
Expand Down Expand Up @@ -53,23 +54,27 @@ class MultiFileUpload extends FileUpload
* @var bool
*/
protected $isXhtml = false;
protected $container;

public function __construct(array $attributes, $widget = null)
{
parent::__construct();
$this->container = System::getContainer();
$this->framework = $this->container->get('contao.framework');
$this->data = $attributes;
$this->widget = $widget;

$file = System::getContainer()->get('huh.request')->getGet('file', true);
$file = $this->container->get('huh.request')->getGet('file', true);

// Send the file to the browser
if (!empty($file)) {
if (!$this->isAllowedDownload($file)) {
header('HTTP/1.1 403 Forbidden');

die('No file access.');
}

System::getContainer()->get('contao.framework')->getAdapter(Controller::class)->sendFileToBrowser($file);
$this->framework->getAdapter(Controller::class)->sendFileToBrowser($file);
}

global $objPage;
Expand Down Expand Up @@ -104,6 +109,7 @@ public function __get($key)
switch ($key) {
case 'name':
return $this->strName;

break;
}

Expand Down Expand Up @@ -149,9 +155,16 @@ public function generateMarkup()
$objT->class = $objT->class.' '.$this->widget->name;
$objT->class = trim($objT->class);

$hideLabel = isset($this->data['hideLabel']) ? (bool) $this->data['hideLabel'] : false;

$objT->hideLabel = !(
!$hideLabel
&& $this->container->get('huh.utils.container')->isFrontend()
);
// store in session to validate on upload that field is allowed by user
$fields = System::getContainer()->get('session')->get(static::SESSION_FIELD_KEY);
$dca = $this->widget->arrDca;

if (!$dca) {
$dca = $GLOBALS['TL_DCA'][$this->widget->strTable]['fields'][$this->widget->strField];
}
Expand Down Expand Up @@ -189,17 +202,25 @@ public function getDropZoneOption(&$key)
case 'thumbnailHeight':
case 'previewsContainer':
$varValue = $this->data[$key];

break;

case 'onchange':
$varValue = System::getContainer()->get('huh.utils.container')->isBackend() ? $this->data[$key] : 'this.form.submit()';

break;

case 'createImageThumbnails':
$varValue = ($this->thumbnailWidth || $this->thumbnailHeight && $this->data[$key]) ? 'true' : 'false';

break;

case 'name':
$varValue = $this->data[$key];
$key = 'paramName';

break;

case 'dictDefaultMessage':
case 'dictFallbackMessage':
case 'dictFallbackText':
Expand All @@ -210,7 +231,8 @@ public function getDropZoneOption(&$key)
case 'dictCancelUploadConfirmation':
case 'dictRemoveFile':
case 'dictMaxFilesExceeded':
$varValue = is_array($this->data[$key]) ? reset($this->data[$key]) : $this->data[$key];
$varValue = \is_array($this->data[$key]) ? reset($this->data[$key]) : $this->data[$key];

break;
}

Expand Down Expand Up @@ -255,7 +277,7 @@ public function addAllowedDownload(string $file)
{
$arrDownloads = System::getContainer()->get('session')->get(static::SESSION_ALLOWED_DOWNLOADS);

if (!is_array($arrDownloads)) {
if (!\is_array($arrDownloads)) {
$arrDownloads = [];
}

Expand All @@ -275,7 +297,7 @@ public function isAllowedDownload($file)
{
$arrDownloads = System::getContainer()->get('session')->get(static::SESSION_ALLOWED_DOWNLOADS);

if (!is_array($arrDownloads)) {
if (!\is_array($arrDownloads)) {
return false;
}

Expand Down Expand Up @@ -389,6 +411,7 @@ protected function loadDcaConfig()
$this->uploadMultiple = ('checkbox' === $this->fieldType);

$maxFilesDefault = 1;

if (System::getContainer()->hasParameter('huh.multifileupload.max_files_default')) {
$maxFilesDefault = System::getContainer()->getParameter('huh.multifileupload.max_files_default');
}
Expand Down Expand Up @@ -483,7 +506,7 @@ protected function getInfoAction(File $file)
$containerUtils = System::getContainer()->get('huh.utils.container');

if ($containerUtils->isFrontend()) {
$strHref = System::getContainer()->get('huh.ajax.action')->removeAjaxParametersFromUrl(\Environment::get('uri'));
$strHref = System::getContainer()->get('huh.ajax.action')->removeAjaxParametersFromUrl(Environment::get('uri'));
$strHref .= ((Config::get('disableAlias') || false !== strpos($strHref, '?')) ? '&' : '?').'file='.System::urlEncode($file->value);

return 'window.open("'.$strHref.'", "_blank");';
Expand Down
79 changes: 79 additions & 0 deletions src/EventListener/HookListener.php
View file
@@ -0,0 +1,79 @@
<?php

/*
* Copyright (c) 2018 Heimrich & Hannot GmbH
*
* @license LGPL-3.0-or-later
*/

namespace HeimrichHannot\MultiFileUploadBundle\EventListener;

use Contao\BackendUser;
use Contao\CoreBundle\Framework\ContaoFrameworkInterface;
use Contao\CoreBundle\Monolog\ContaoContext;
use Contao\DataContainer;
use Contao\Widget;
use HeimrichHannot\AjaxBundle\Response\Response;
use HeimrichHannot\AjaxBundle\Response\ResponseError;
use HeimrichHannot\MultiFileUploadBundle\Backend\MultiFileUpload;
use HeimrichHannot\MultiFileUploadBundle\Form\FormMultiFileUpload;
use Psr\Log\LogLevel;
use Symfony\Component\DependencyInjection\ContainerInterface;

class HookListener
{
/**
* @var ContaoFrameworkInterface
*/
protected $framework;
/**
* @var ContainerInterface
*/
protected $container;

/**
* HookListener constructor.
*/
public function __construct(ContaoFrameworkInterface $framework, ContainerInterface $container)
{
$this->framework = $framework;
$this->container = $container;
}

public function executePostActionsHook(string $action, DataContainer $dc)
{
if (MultiFileUpload::ACTION_UPLOAD_BACKEND !== $action) {
return false;
}
$request = $this->container->get('huh.request');

$fields = $this->container->get('session')->get(MultiFileUpload::SESSION_FIELD_KEY);

// Check whether the field is allowed for regular users
if (!isset($fields[$dc->table][$request->getPost('field')]) || (!isset($fields[$dc->table]['fields'][$request->getPost('field')]['exclude']) && !BackendUser::getInstance()->hasAccess($dc->table.'::'.$request->getPost('field'), 'alexf'))) {
$this->container->get('monolog.logger.contao')->log(
LogLevel::ERROR,
'Field "'.$request->getPost('field').'" is not an allowed selector field (possible SQL injection attempt)',
['contao' => new ContaoContext(__CLASS__.'::'.__METHOD__, TL_ERROR)]
);

$objResponse = new ResponseError();
$objResponse->setMessage('Bad Request');
$objResponse->output();
}

if (null === $dc->activeRecord) {
$dc->activeRecord = $this->container->get('huh.utils.model')->findModelInstancesBy($dc->table, [$dc->table.'.id'], [$dc->id]);
}

// add dca attributes and instantiate current object to set widget attributes
$attributes = $this->framework->getAdapter(Widget::class)->getAttributesFromDca($fields[$dc->table][$request->getPost('field')], $request->getPost('field'));
$objUploader = new FormMultiFileUpload($attributes);
$objResponse = $objUploader->upload();

/* @var Response */
if ($objResponse instanceof Response) {
$objResponse->output();
}
}
}

0 comments on commit 5709e20

Please sign in to comment.