shell bypass 403
<?php
/**
* @package Joomla.Administrator
* @subpackage com_contact
*
* @copyright (C) 2008 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Component\Contact\Administrator\View\Contacts;
use Joomla\CMS\Factory;
use Joomla\CMS\Helper\ContentHelper;
use Joomla\CMS\Language\Multilanguage;
use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\View\GenericDataException;
use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
use Joomla\CMS\Toolbar\Button\DropdownButton;
use Joomla\CMS\Toolbar\Toolbar;
use Joomla\CMS\Toolbar\ToolbarHelper;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* View class for a list of contacts.
*
* @since 1.6
*/
class HtmlView extends BaseHtmlView
{
/**
* An array of items
*
* @var array
*/
protected $items;
/**
* The pagination object
*
* @var \Joomla\CMS\Pagination\Pagination
*/
protected $pagination;
/**
* The model state
*
* @var \Joomla\CMS\Object\CMSObject
*/
protected $state;
/**
* Form object for search filters
*
* @var \Joomla\CMS\Form\Form
*/
public $filterForm;
/**
* The active search filters
*
* @var array
*/
public $activeFilters;
/**
* Is this view an Empty State
*
* @var boolean
*
* @since 4.0.0
*/
private $isEmptyState = false;
/**
* Display the view.
*
* @param string $tpl The name of the template file to parse; automatically searches through the template paths.
*
* @return void
*/
public function display($tpl = null)
{
$this->items = $this->get('Items');
$this->pagination = $this->get('Pagination');
$this->state = $this->get('State');
$this->filterForm = $this->get('FilterForm');
$this->activeFilters = $this->get('ActiveFilters');
if (!\count($this->items) && $this->isEmptyState = $this->get('IsEmptyState')) {
$this->setLayout('emptystate');
}
// Check for errors.
if (\count($errors = $this->get('Errors'))) {
throw new GenericDataException(implode("\n", $errors), 500);
}
// Preprocess the list of items to find ordering divisions.
// @todo: Complete the ordering stuff with nested sets
foreach ($this->items as &$item) {
$item->order_up = true;
$item->order_dn = true;
}
// We don't need toolbar in the modal window.
if ($this->getLayout() !== 'modal') {
$this->addToolbar();
// We do not need to filter by language when multilingual is disabled
if (!Multilanguage::isEnabled()) {
unset($this->activeFilters['language']);
$this->filterForm->removeField('language', 'filter');
}
} else {
// In article associations modal we need to remove language filter if forcing a language.
// We also need to change the category filter to show show categories with All or the forced language.
if ($forcedLanguage = Factory::getApplication()->getInput()->get('forcedLanguage', '', 'CMD')) {
// If the language is forced we can't allow to select the language, so transform the language selector filter into a hidden field.
$languageXml = new \SimpleXMLElement('<field name="language" type="hidden" default="' . $forcedLanguage . '" />');
$this->filterForm->setField($languageXml, 'filter', true);
// Also, unset the active language filter so the search tools is not open by default with this filter.
unset($this->activeFilters['language']);
// One last changes needed is to change the category filter to just show categories with All language or with the forced language.
$this->filterForm->setFieldAttribute('category_id', 'language', '*,' . $forcedLanguage, 'filter');
}
}
parent::display($tpl);
}
/**
* Add the page title and toolbar.
*
* @return void
*
* @since 1.6
*/
protected function addToolbar()
{
$canDo = ContentHelper::getActions('com_contact', 'category', $this->state->get('filter.category_id'));
$user = Factory::getApplication()->getIdentity();
// Get the toolbar object instance
$toolbar = Toolbar::getInstance();
ToolbarHelper::title(Text::_('COM_CONTACT_MANAGER_CONTACTS'), 'address-book contact');
if ($canDo->get('core.create') || \count($user->getAuthorisedCategories('com_contact', 'core.create')) > 0) {
$toolbar->addNew('contact.add');
}
if (!$this->isEmptyState && $canDo->get('core.edit.state')) {
/** @var DropdownButton $dropdown */
$dropdown = $toolbar->dropdownButton('status-group', 'JTOOLBAR_CHANGE_STATUS')
->toggleSplit(false)
->icon('icon-ellipsis-h')
->buttonClass('btn btn-action')
->listCheck(true);
$childBar = $dropdown->getChildToolbar();
$childBar->publish('contacts.publish')->listCheck(true);
$childBar->unpublish('contacts.unpublish')->listCheck(true);
$childBar->standardButton('featured', 'JFEATURE', 'contacts.featured')
->listCheck(true);
$childBar->standardButton('unfeatured', 'JUNFEATURE', 'contacts.unfeatured')
->listCheck(true);
$childBar->archive('contacts.archive')->listCheck(true);
if ($user->authorise('core.admin')) {
$childBar->checkin('contacts.checkin');
}
if ($this->state->get('filter.published') != -2) {
$childBar->trash('contacts.trash')->listCheck(true);
}
// Add a batch button
if (
$user->authorise('core.create', 'com_contact')
&& $user->authorise('core.edit', 'com_contact')
&& $user->authorise('core.edit.state', 'com_contact')
) {
$childBar->popupButton('batch', 'JTOOLBAR_BATCH')
->selector('collapseModal')
->listCheck(true);
}
}
if (!$this->isEmptyState && $this->state->get('filter.published') == -2 && $canDo->get('core.delete')) {
$toolbar->delete('contacts.delete', 'JTOOLBAR_EMPTY_TRASH')
->message('JGLOBAL_CONFIRM_DELETE')
->listCheck(true);
}
if ($user->authorise('core.admin', 'com_contact') || $user->authorise('core.options', 'com_contact')) {
$toolbar->preferences('com_contact');
}
$toolbar->help('Contacts');
}
}