shell bypass 403
<?php
/**
* @package pkg_dearflip
* @subpackage com_dearflip
* @since 1.0.0
* @copyright Copyright © 2007 Free Software Foundation, Inc. All rights reserved.
* @license GNU General Public License version 3 or later; see https://www.gnu.org/licenses/gpl-3.0.en.html
*/
// No direct access to this file
defined( '_JEXEC' ) or die( 'Restricted access' );
/**
* HelloWorldList Model
*
* @since 0.0.1
*/
class DearflipModelDearflipcats extends JModelList {
/**
* Constructor.
*
* @param array $config An optional associative array of configuration settings.
*
* @see JController
* @since 1.6
*/
public function __construct( $config = array() ) {
if ( empty( $config['filter_fields'] ) ) {
$config['filter_fields'] = array(
'id',
'cat_title',
'dfx_cat_description',
'dfx_cat_view_mode',
'dfx_cat_button_text_type',
'published',
);
}
parent::__construct( $config );
}
/**
* Method to build an SQL query to load the list data.
*
* @return string An SQL query
*/
protected function getListQuery() {
// Initialize variables.
$db = JFactory::getDbo();
$query = $db->getQuery( true );
// Create the base select statement
$query->select( '*' )
->from( $db->quoteName( '#__dearflipcat' ) )
->order( $db->quoteName( 'id' ) . ' DESC' );
// Filter: like / search
$search = $this->getState( 'filter.search' );
if ( !empty( $search ) ) {
$like = $db->quote( '%' . $search . '%' );
$query->where( 'cat_title LIKE ' . $like );
}
// Filter by published state
$published = $this->getState( 'filter.published' );
if ( is_numeric( $published ) ) {
$query->where( 'published = ' . (int)$published );
} elseif ( $published === '' ) {
$query->where( '(published IN (0, 1))' );
}
// Add the list ordering clause.
$orderCol = $this->state->get( 'list.ordering', 'cat_title' );
$orderDirn = $this->state->get( 'list.direction', 'ASC' );
$query->order( $db->escape( $orderCol ) . ' ' . $db->escape( $orderDirn ) );
return $query;
}
}