shell bypass 403
<?php
/**
* @package Joomla.Administrator
* @subpackage com_categories
*
* @copyright (C) 2013 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Component\Categories\Administrator\Field\Modal;
use Joomla\CMS\Factory;
use Joomla\CMS\Form\FormField;
use Joomla\CMS\HTML\HTMLHelper;
use Joomla\CMS\Language\LanguageHelper;
use Joomla\CMS\Language\Text;
use Joomla\CMS\Session\Session;
use Joomla\Database\ParameterType;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* Supports a modal category picker.
*
* @since 3.1
*/
class CategoryField extends FormField
{
/**
* The form field type.
*
* @var string
* @since 1.6
*/
protected $type = 'Modal_Category';
/**
* Method to get the field input markup.
*
* @return string The field input markup.
*
* @since 1.6
*/
protected function getInput()
{
if ($this->element['extension']) {
$extension = (string) $this->element['extension'];
} else {
$extension = (string) Factory::getApplication()->getInput()->get('extension', 'com_content');
}
$allowNew = ((string) $this->element['new'] == 'true');
$allowEdit = ((string) $this->element['edit'] == 'true');
$allowClear = ((string) $this->element['clear'] != 'false');
$allowSelect = ((string) $this->element['select'] != 'false');
$allowPropagate = ((string) $this->element['propagate'] == 'true');
$languages = LanguageHelper::getContentLanguages([0, 1], false);
// Load language.
Factory::getLanguage()->load('com_categories', JPATH_ADMINISTRATOR);
// The active category id field.
$value = (int) $this->value ?: '';
// Create the modal id.
$modalId = 'Category_' . $this->id;
/** @var \Joomla\CMS\WebAsset\WebAssetManager $wa */
$wa = Factory::getApplication()->getDocument()->getWebAssetManager();
// Add the modal field script to the document head.
$wa->useScript('field.modal-fields');
// Script to proxy the select modal function to the modal-fields.js file.
if ($allowSelect) {
static $scriptSelect = null;
if (is_null($scriptSelect)) {
$scriptSelect = [];
}
if (!isset($scriptSelect[$this->id])) {
$wa->addInlineScript(
"
window.jSelectCategory_" . $this->id . " = function (id, title, object) {
window.processModalSelect('Category', '" . $this->id . "', id, title, '', object);
}",
[],
['type' => 'module']
);
Text::script('JGLOBAL_ASSOCIATIONS_PROPAGATE_FAILED');
$scriptSelect[$this->id] = true;
}
}
// Setup variables for display.
$linkCategories = 'index.php?option=com_categories&view=categories&layout=modal&tmpl=component&' . Session::getFormToken() . '=1'
. '&extension=' . $extension;
$linkCategory = 'index.php?option=com_categories&view=category&layout=modal&tmpl=component&' . Session::getFormToken() . '=1'
. '&extension=' . $extension;
$modalTitle = Text::_('COM_CATEGORIES_SELECT_A_CATEGORY');
if (isset($this->element['language'])) {
$linkCategories .= '&forcedLanguage=' . $this->element['language'];
$linkCategory .= '&forcedLanguage=' . $this->element['language'];
$modalTitle .= ' — ' . $this->element['label'];
}
$urlSelect = $linkCategories . '&function=jSelectCategory_' . $this->id;
$urlEdit = $linkCategory . '&task=category.edit&id=\' + document.getElementById("' . $this->id . '_id").value + \'';
$urlNew = $linkCategory . '&task=category.add';
if ($value) {
$db = $this->getDatabase();
$query = $db->getQuery(true)
->select($db->quoteName('title'))
->from($db->quoteName('#__categories'))
->where($db->quoteName('id') . ' = :value')
->bind(':value', $value, ParameterType::INTEGER);
$db->setQuery($query);
try {
$title = $db->loadResult();
} catch (\RuntimeException $e) {
Factory::getApplication()->enqueueMessage($e->getMessage(), 'error');
}
}
$title = empty($title) ? Text::_('COM_CATEGORIES_SELECT_A_CATEGORY') : htmlspecialchars($title, ENT_QUOTES, 'UTF-8');
// The current category display field.
$html = '';
if ($allowSelect || $allowNew || $allowEdit || $allowClear) {
$html .= '<span class="input-group">';
}
$html .= '<input class="form-control" id="' . $this->id . '_name" type="text" value="' . $title . '" readonly size="35">';
// Select category button.
if ($allowSelect) {
$html .= '<button'
. ' class="btn btn-primary' . ($value ? ' hidden' : '') . '"'
. ' id="' . $this->id . '_select"'
. ' data-bs-toggle="modal"'
. ' type="button"'
. ' data-bs-target="#ModalSelect' . $modalId . '">'
. '<span class="icon-file" aria-hidden="true"></span> ' . Text::_('JSELECT')
. '</button>';
}
// New category button.
if ($allowNew) {
$html .= '<button'
. ' class="btn btn-secondary' . ($value ? ' hidden' : '') . '"'
. ' id="' . $this->id . '_new"'
. ' data-bs-toggle="modal"'
. ' type="button"'
. ' data-bs-target="#ModalNew' . $modalId . '">'
. '<span class="icon-plus" aria-hidden="true"></span> ' . Text::_('JACTION_CREATE')
. '</button>';
}
// Edit category button.
if ($allowEdit) {
$html .= '<button'
. ' class="btn btn-primary' . ($value ? '' : ' hidden') . '"'
. ' id="' . $this->id . '_edit"'
. ' data-bs-toggle="modal"'
. ' type="button"'
. ' data-bs-target="#ModalEdit' . $modalId . '">'
. '<span class="icon-pen-square" aria-hidden="true"></span> ' . Text::_('JACTION_EDIT')
. '</button>';
}
// Clear category button.
if ($allowClear) {
$html .= '<button'
. ' class="btn btn-secondary' . ($value ? '' : ' hidden') . '"'
. ' id="' . $this->id . '_clear"'
. ' type="button"'
. ' onclick="window.processModalParent(\'' . $this->id . '\'); return false;">'
. '<span class="icon-times" aria-hidden="true"></span> ' . Text::_('JCLEAR')
. '</button>';
}
// Propagate category button
if ($allowPropagate && \count($languages) > 2) {
// Strip off language tag at the end
$tagLength = (int) \strlen($this->element['language']);
$callbackFunctionStem = substr("jSelectCategory_" . $this->id, 0, -$tagLength);
$html .= '<button'
. ' class="btn btn-primary' . ($value ? '' : ' hidden') . '"'
. ' type="button"'
. ' id="' . $this->id . '_propagate"'
. ' title="' . Text::_('JGLOBAL_ASSOCIATIONS_PROPAGATE_TIP') . '"'
. ' onclick="Joomla.propagateAssociation(\'' . $this->id . '\', \'' . $callbackFunctionStem . '\');">'
. '<span class="icon-sync" aria-hidden="true"></span> ' . Text::_('JGLOBAL_ASSOCIATIONS_PROPAGATE_BUTTON')
. '</button>';
}
if ($allowSelect || $allowNew || $allowEdit || $allowClear) {
$html .= '</span>';
}
// Select category modal.
if ($allowSelect) {
$html .= HTMLHelper::_(
'bootstrap.renderModal',
'ModalSelect' . $modalId,
[
'title' => $modalTitle,
'url' => $urlSelect,
'height' => '400px',
'width' => '800px',
'bodyHeight' => 70,
'modalWidth' => 80,
'footer' => '<button type="button" class="btn btn-secondary" data-bs-dismiss="modal">'
. Text::_('JLIB_HTML_BEHAVIOR_CLOSE') . '</button>',
]
);
}
// New category modal.
if ($allowNew) {
$html .= HTMLHelper::_(
'bootstrap.renderModal',
'ModalNew' . $modalId,
[
'title' => Text::_('COM_CATEGORIES_NEW_CATEGORY'),
'backdrop' => 'static',
'keyboard' => false,
'closeButton' => false,
'url' => $urlNew,
'height' => '400px',
'width' => '800px',
'bodyHeight' => 70,
'modalWidth' => 80,
'footer' => '<button type="button" class="btn btn-secondary"'
. ' onclick="window.processModalEdit(this, \'' . $this->id . '\', \'add\', \'category\', \'cancel\', \'item-form\'); return false;">'
. Text::_('JLIB_HTML_BEHAVIOR_CLOSE') . '</button>'
. '<button type="button" class="btn btn-primary"'
. ' onclick="window.processModalEdit(this, \'' . $this->id . '\', \'add\', \'category\', \'save\', \'item-form\'); return false;">'
. Text::_('JSAVE') . '</button>'
. '<button type="button" class="btn btn-success"'
. ' onclick="window.processModalEdit(this, \'' . $this->id . '\', \'add\', \'category\', \'apply\', \'item-form\'); return false;">'
. Text::_('JAPPLY') . '</button>',
]
);
}
// Edit category modal.
if ($allowEdit) {
$html .= HTMLHelper::_(
'bootstrap.renderModal',
'ModalEdit' . $modalId,
[
'title' => Text::_('COM_CATEGORIES_EDIT_CATEGORY'),
'backdrop' => 'static',
'keyboard' => false,
'closeButton' => false,
'url' => $urlEdit,
'height' => '400px',
'width' => '800px',
'bodyHeight' => 70,
'modalWidth' => 80,
'footer' => '<button type="button" class="btn btn-secondary"'
. ' onclick="window.processModalEdit(this, \'' . $this->id . '\', \'edit\', \'category\', \'cancel\', \'item-form\'); return false;">'
. Text::_('JLIB_HTML_BEHAVIOR_CLOSE') . '</button>'
. '<button type="button" class="btn btn-primary"'
. ' onclick="window.processModalEdit(this, \'' . $this->id . '\', \'edit\', \'category\', \'save\', \'item-form\'); return false;">'
. Text::_('JSAVE') . '</button>'
. '<button type="button" class="btn btn-success"'
. ' onclick="window.processModalEdit(this, \'' . $this->id . '\', \'edit\', \'category\', \'apply\', \'item-form\'); return false;">'
. Text::_('JAPPLY') . '</button>',
]
);
}
// Note: class='required' for client side validation
$class = $this->required ? ' class="required modal-value"' : '';
$html .= '<input type="hidden" id="' . $this->id . '_id"' . $class . ' data-required="' . (int) $this->required . '" name="' . $this->name
. '" data-text="' . htmlspecialchars(Text::_('COM_CATEGORIES_SELECT_A_CATEGORY', true), ENT_COMPAT, 'UTF-8') . '" value="' . $value . '">';
return $html;
}
/**
* Method to get the field label markup.
*
* @return string The field label markup.
*
* @since 3.7.0
*/
protected function getLabel()
{
return str_replace($this->id, $this->id . '_name', parent::getLabel());
}
}