shell bypass 403
<?php
/**
* @package pkg_dearflip
* @subpackage com_dearflip
* @since 1.0.0
* @copyright Copyright © 2007 Free Software Foundation, Inc. All rights reserved.
* @license GNU General Public License version 3 or later; see https://www.gnu.org/licenses/gpl-3.0.en.html
*/
// No direct access to this file
defined( '_JEXEC' ) or die( 'Restricted access' );
/**
* DearflipsList Model
*
* @since 0.0.1
*/
class DearflipModelDearflips extends JModelList {
/**
* Constructor.
*
* @param array $config An optional associative array of configuration settings.
*
* @see JController
* @since 1.6
*/
public function __construct( $config = array() ) {
if ( empty( $config['filter_fields'] ) ) {
$config['filter_fields'] = array(
'id', 'a.id',
'book_title', 'a.book_title',
'df_cat', 'a.df_cat',
'published', 'a.published',
'ordering', 'a.ordering',
);
}
parent::__construct( $config );
}
protected function populateState($ordering = null, $direction = null)
{
$app = JFactory::getApplication();
// Adjust the context to support modal layouts.
if ($layout = $app->input->get('layout'))
{
$this->context .= '.' . $layout;
}
parent::populateState('id', 'DESC');
}
/**
* Method to build an SQL query to load the list data.
*
* @return string An SQL query
*/
protected function getListQuery() {
// Initialize variables.
$db = JFactory::getDbo();
$query = $db->getQuery( true );
// Create the base select statement.
$query->select(['a.id',
'a.book_title',
'a.df_cat',
'a.published',
'a.ordering',
'a.dfx_book_type_list',
'a.dfx_pdf',
'a.dfx_images_source',
'a.dfx_images_sort_by',
'a.dfx_view_mode',
'a.dfx_thumb',
'a.dfx_button_text',
'a.dfx_custom_text',
'a.dfx_3d_2d',
'a.dfx_hardpages',
'a.dfx_bgColor',
'a.dfx_bgImage',
'a.dfx_flipduration',
'a.dfx_containerHeight',
'a.dfx_pdfPagerenderSize',
'a.dfx_autoEnableSound',
'a.dfx_enableDownload',
'a.dfx_pageMode',
'a.dfx_singlePageMode',
'a.dfx_controlsPosition',
'a.dfx_hide_controls',
'a.dfx_direction',
'a.dfx_forcePageFit',
'a.dfx_enableAutoPlay',
'a.dfx_autoPlayDuration',
'a.dfx_enableAutoPlayAutomatically',
'a.dfx_pageSize',
'a.dfx_autoEnableOutline',
'a.dfx_autoEnableThumbnail'])
->from( $db->quoteName( '#__dearflip', 'a' ) )
/*->order( $db->quoteName( 'a.book_title' ) . 'ASC' )*/
->order($db->escape($this->getState('list.ordering', 'a.id')).' '.
$db->escape($this->getState('list.direction', 'DESC')))
// Join over the categories.
// $query->select($db->quoteName('c.cat_title', 'category_title'))
->join('LEFT', $db->quoteName('#__dearflipcat', 'c') . ' ON c.id = a.df_cat');
// Filter: like / search
$search = $this->getState( 'filter.search' );
if ( !empty( $search ) ) {
$like = $db->quote( '%' . $search . '%' );
$query->where( 'a.book_title LIKE ' . $like );
}
// Filter by published state
$published = $this->getState( 'filter.published' );
if ( is_numeric( $published ) ) {
$query->where( 'a.published = ' . (int)$published );
} elseif ( $published === '' ) {
$query->where( '(a.published IN (0, 1))' );
}
// Filter by categories
$catid = $this->getState('filter.df_cat');
if ($catid)
{
$query->where("a.df_cat = " . $db->quote($db->escape($catid)));
}
// Add the list ordering clause.
$orderCol = $this->state->get( 'list.ordering', 'a.id' );
$orderDirn = $this->state->get( 'list.direction', 'DESC' );
$query->order( $db->escape( $orderCol ) . ' ' . $db->escape( $orderDirn ) );
return $query;
}
}