shell bypass 403
<?php
/**
* @package Joomla.Administrator
* @subpackage com_finder
*
* @copyright (C) 2011 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('_JEXEC') or die;
use Joomla\Registry\Registry;
use Joomla\Utilities\ArrayHelper;
/**
* Filter table class for the Finder package.
*
* @since 2.5
*/
class FinderTableFilter extends JTable
{
/**
* Constructor
*
* @param JDatabaseDriver $db JDatabaseDriver connector object.
*
* @since 2.5
*/
public function __construct(&$db)
{
parent::__construct('#__finder_filters', 'filter_id', $db);
$this->setColumnAlias('published', 'state');
}
/**
* Method to bind an associative array or object to the JTable instance. This
* method only binds properties that are publicly accessible and optionally
* takes an array of properties to ignore when binding.
*
* @param array $array Named array
* @param mixed $ignore An optional array or space separated list of properties
* to ignore while binding. [optional]
*
* @return mixed Null if operation was satisfactory, otherwise returns an error string
*
* @since 2.5
*/
public function bind($array, $ignore = '')
{
if (isset($array['params']) && is_array($array['params']))
{
$registry = new Registry($array['params']);
$array['params'] = (string) $registry;
}
return parent::bind($array, $ignore);
}
/**
* Method to perform sanity checks on the JTable instance properties to ensure
* they are safe to store in the database. Child classes should override this
* method to make sure the data they are storing in the database is safe and
* as expected before storage.
*
* @return boolean True if the instance is sane and able to be stored in the database.
*
* @since 2.5
*/
public function check()
{
if (trim($this->alias) === '')
{
$this->alias = $this->title;
}
$this->alias = JApplicationHelper::stringURLSafe($this->alias);
if (trim(str_replace('-', '', $this->alias)) === '')
{
$this->alias = JFactory::getDate()->format('Y-m-d-H-i-s');
}
$params = new Registry($this->params);
$nullDate = $this->_db->getNullDate();
$d1 = $params->get('d1', $nullDate);
$d2 = $params->get('d2', $nullDate);
// Check the end date is not earlier than the start date.
if ($d2 > $nullDate && $d2 < $d1)
{
// Swap the dates.
$params->set('d1', $d2);
$params->set('d2', $d1);
$this->params = (string) $params;
}
return true;
}
/**
* Method to set the publishing state for a row or list of rows in the database
* table. The method respects checked out rows by other users and will attempt
* to checkin rows that it can after adjustments are made.
*
* @param mixed $pks An array of primary key values to update. If not
* set the instance property value is used. [optional]
* @param integer $state The publishing state. eg. [0 = unpublished, 1 = published] [optional]
* @param integer $userId The user id of the user performing the operation. [optional]
*
* @return boolean True on success.
*
* @since 2.5
*/
public function publish($pks = null, $state = 1, $userId = 0)
{
$k = $this->_tbl_key;
// Sanitize input.
$pks = ArrayHelper::toInteger($pks);
$userId = (int) $userId;
$state = (int) $state;
// If there are no primary keys set check to see if the instance key is set.
if (empty($pks))
{
if ($this->$k)
{
$pks = array($this->$k);
}
// Nothing to set publishing state on, return false.
else
{
$this->setError(JText::_('JLIB_DATABASE_ERROR_NO_ROWS_SELECTED'));
return false;
}
}
// Build the WHERE clause for the primary keys.
$where = $k . '=' . implode(' OR ' . $k . '=', $pks);
// Determine if there is checkin support for the table.
if (!property_exists($this, 'checked_out') || !property_exists($this, 'checked_out_time'))
{
$checkin = '';
}
else
{
$checkin = ' AND (checked_out = 0 OR checked_out = ' . (int) $userId . ')';
}
// Update the publishing state for rows with the given primary keys.
$query = $this->_db->getQuery(true)
->update($this->_db->quoteName($this->_tbl))
->set($this->_db->quoteName('state') . ' = ' . (int) $state)
->where($where);
$this->_db->setQuery($query . $checkin);
try
{
$this->_db->execute();
}
catch (RuntimeException $e)
{
$this->setError($e->getMessage());
return false;
}
// If checkin is supported and all rows were adjusted, check them in.
if ($checkin && count($pks) === $this->_db->getAffectedRows())
{
// Checkin the rows.
foreach ($pks as $pk)
{
$this->checkIn($pk);
}
}
// If the JTable instance value is in the list of primary keys that were set, set the instance.
if (in_array($this->$k, $pks))
{
$this->state = $state;
}
$this->setError('');
return true;
}
/**
* Method to store a row in the database from the JTable instance properties.
* If a primary key value is set the row with that primary key value will be
* updated with the instance property values. If no primary key value is set
* a new row will be inserted into the database with the properties from the
* JTable instance.
*
* @param boolean $updateNulls True to update fields even if they are null. [optional]
*
* @return boolean True on success.
*
* @since 2.5
*/
public function store($updateNulls = false)
{
$date = JFactory::getDate()->toSql();
$userId = JFactory::getUser()->id;
$this->modified = $date;
if ($this->filter_id)
{
// Existing item
$this->modified_by = $userId;
}
else
{
// New item. A filter's created field can be set by the user,
// so we don't touch it if it is set.
if (!(int) $this->created)
{
$this->created = $date;
}
if (empty($this->created_by))
{
$this->created_by = $userId;
}
}
if (is_array($this->data))
{
$this->map_count = count($this->data);
$this->data = implode(',', $this->data);
}
else
{
$this->map_count = 0;
$this->data = implode(',', array());
}
// Verify that the alias is unique
$table = JTable::getInstance('Filter', 'FinderTable', array('dbo' => $this->_db));
if ($table->load(array('alias' => $this->alias)) && ($table->filter_id != $this->filter_id || $this->filter_id == 0))
{
$this->setError(JText::_('JLIB_DATABASE_ERROR_ARTICLE_UNIQUE_ALIAS'));
return false;
}
return parent::store($updateNulls);
}
}