shell bypass 403
<?php
/**
* @package Joomla.Administrator
* @subpackage com_newsfeeds
*
* @copyright (C) 2008 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Component\Newsfeeds\Administrator\View\Newsfeeds;
use Joomla\CMS\Factory;
use Joomla\CMS\Helper\ContentHelper;
use Joomla\CMS\Language\Multilanguage;
use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\View\GenericDataException;
use Joomla\CMS\MVC\View\HtmlView as BaseHtmlView;
use Joomla\CMS\Object\CMSObject;
use Joomla\CMS\Toolbar\Button\DropdownButton;
use Joomla\CMS\Toolbar\Toolbar;
use Joomla\CMS\Toolbar\ToolbarHelper;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
/**
* View class for a list of newsfeeds.
*
* @since 1.6
*/
class HtmlView extends BaseHtmlView
{
/**
* The list of newsfeeds
*
* @var CMSObject
*
* @since 1.6
*/
protected $items;
/**
* The pagination object
*
* @var \Joomla\CMS\Pagination\Pagination
*
* @since 1.6
*/
protected $pagination;
/**
* The model state
*
* @var CMSObject
*
* @since 1.6
*/
protected $state;
/**
* Is this view an Empty State
*
* @var boolean
*
* @since 4.0.0
*/
private $isEmptyState = false;
/**
* Form object for search filters
*
* @var \Joomla\CMS\Form\Form
*/
public $filterForm;
/**
* The active search filters
*
* @var array
*/
public $activeFilters;
/**
* Execute and display a template script.
*
* @param string $tpl The name of the template file to parse; automatically searches through the template paths.
*
* @return void
*
* @since 1.6
*/
public function display($tpl = null)
{
$this->items = $this->get('Items');
$this->pagination = $this->get('Pagination');
$this->state = $this->get('State');
$this->filterForm = $this->get('FilterForm');
$this->activeFilters = $this->get('ActiveFilters');
if (!\count($this->items) && $this->isEmptyState = $this->get('IsEmptyState')) {
$this->setLayout('emptystate');
}
// Check for errors.
if (\count($errors = $this->get('Errors'))) {
throw new GenericDataException(implode("\n", $errors), 500);
}
// We don't need toolbar in the modal layout.
if ($this->getLayout() !== 'modal') {
$this->addToolbar();
// We do not need to filter by language when multilingual is disabled
if (!Multilanguage::isEnabled()) {
unset($this->activeFilters['language']);
$this->filterForm->removeField('language', 'filter');
}
} else {
// In article associations modal we need to remove language filter if forcing a language.
// We also need to change the category filter to show show categories with All or the forced language.
if ($forcedLanguage = Factory::getApplication()->getInput()->get('forcedLanguage', '', 'CMD')) {
// If the language is forced we can't allow to select the language, so transform the language selector filter into a hidden field.
$languageXml = new \SimpleXMLElement('<field name="language" type="hidden" default="' . $forcedLanguage . '" />');
$this->filterForm->setField($languageXml, 'filter', true);
// Also, unset the active language filter so the search tools is not open by default with this filter.
unset($this->activeFilters['language']);
// One last changes needed is to change the category filter to just show categories with All language or with the forced language.
$this->filterForm->setFieldAttribute('category_id', 'language', '*,' . $forcedLanguage, 'filter');
}
}
parent::display($tpl);
}
/**
* Add the page title and toolbar.
*
* @return void
*
* @since 1.6
*/
protected function addToolbar()
{
$state = $this->get('State');
$canDo = ContentHelper::getActions('com_newsfeeds', 'category', $state->get('filter.category_id'));
$user = Factory::getApplication()->getIdentity();
$toolbar = Toolbar::getInstance();
ToolbarHelper::title(Text::_('COM_NEWSFEEDS_MANAGER_NEWSFEEDS'), 'rss newsfeeds');
if ($canDo->get('core.create') || count($user->getAuthorisedCategories('com_newsfeeds', 'core.create')) > 0) {
$toolbar->addNew('newsfeed.add');
}
if (!$this->isEmptyState && ($canDo->get('core.edit.state') || $user->authorise('core.admin'))) {
/** @var DropdownButton $dropdown */
$dropdown = $toolbar->dropdownButton('status-group', 'JTOOLBAR_CHANGE_STATUS')
->toggleSplit(false)
->icon('icon-ellipsis-h')
->buttonClass('btn btn-action')
->listCheck(true);
$childBar = $dropdown->getChildToolbar();
$childBar->publish('newsfeeds.publish')->listCheck(true);
$childBar->unpublish('newsfeeds.unpublish')->listCheck(true);
$childBar->archive('newsfeeds.archive')->listCheck(true);
if ($user->authorise('core.admin')) {
$childBar->checkin('newsfeeds.checkin')->listCheck(true);
}
if ($this->state->get('filter.published') != -2) {
$childBar->trash('newsfeeds.trash')->listCheck(true);
}
// Add a batch button
if (
$user->authorise('core.create', 'com_newsfeeds')
&& $user->authorise('core.edit', 'com_newsfeeds')
&& $user->authorise('core.edit.state', 'com_newsfeeds')
) {
$childBar->popupButton('batch', 'JTOOLBAR_BATCH')
->selector('collapseModal')
->listCheck(true);
}
}
if (!$this->isEmptyState && $state->get('filter.published') == -2 && $canDo->get('core.delete')) {
$toolbar->delete('newsfeeds.delete', 'JTOOLBAR_EMPTY_TRASH')
->message('JGLOBAL_CONFIRM_DELETE')
->listCheck(true);
}
if ($user->authorise('core.admin', 'com_newsfeeds') || $user->authorise('core.options', 'com_newsfeeds')) {
$toolbar->preferences('com_newsfeeds');
}
$toolbar->help('News_Feeds');
}
}