shell bypass 403
<?php
/**
* @package Joomla.Site
* @subpackage com_weblinks
*
* @copyright Copyright (C) 2005 - 2017 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
namespace Joomla\Component\Weblinks\Site\Controller;
// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
// phpcs:enable PSR1.Files.SideEffects
use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\Controller\FormController;
use Joomla\CMS\Uri\Uri;
use Joomla\Utilities\ArrayHelper;
/**
* Weblinks class.
*
* @since 1.5
*/
class WeblinkController extends FormController
{
/**
* The URL view item variable.
*
* @var string
* @since 1.6
*/
protected $view_item = 'form';
/**
* The URL view list variable.
*
* @var string
* @since 1.6
*/
protected $view_list = 'categories';
/**
* The URL edit variable.
*
* @var string
* @since 3.2
*/
protected $urlVar = 'a.id';
/**
* Method to add a new record.
*
* @return boolean True if the article can be added, false if not.
*
* @since 1.6
*/
public function add()
{
if (!parent::add()) {
// Redirect to the return page.
$this->setRedirect($this->getReturnPage());
return false;
}
return true;
}
/**
* Method override to check if you can add a new record.
*
* @param array $data An array of input data.
*
* @return boolean
*
* @since 1.6
*/
protected function allowAdd($data = [])
{
$categoryId = ArrayHelper::getValue($data, 'catid', $this->input->getInt('id'), 'int');
if ($categoryId) {
// If the category has been passed in the URL check it.
return $this->app->getIdentity()->authorise('core.create', $this->option . '.category.' . $categoryId);
}
// In the absence of better information, revert to the component permissions.
return parent::allowAdd($data);
}
/**
* Method to check if you can add a new record.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
*
* @since 1.6
*/
protected function allowEdit($data = [], $key = 'id')
{
$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
if (!$recordId) {
return false;
}
$record = $this->getModel()->getItem($recordId);
$categoryId = (int) $record->catid;
if ($categoryId) {
// The category has been set. Check the category permissions.
$user = $this->app->getIdentity();
// First, check edit permission
if ($user->authorise('core.edit', $this->option . '.category.' . $categoryId)) {
return true;
}
// Fallback on edit.own
if ($user->authorise('core.edit.own', $this->option . '.category.' . $categoryId) && $record->created_by == $user->id) {
return true;
}
return false;
}
// Since there is no asset tracking, revert to the component permissions.
return parent::allowEdit($data, $key);
}
/**
* Method to cancel an edit.
*
* @param string $key The name of the primary key of the URL variable.
*
* @return boolean True if access level checks pass, false otherwise.
*
* @since 1.6
*/
public function cancel($key = 'w_id')
{
$return = parent::cancel($key);
// Redirect to the return page.
$this->setRedirect($this->getReturnPage());
return $return;
}
/**
* Method to edit an existing record.
*
* @param string $key The name of the primary key of the URL variable.
* @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions).
*
* @return boolean True if access level check and checkout passes, false otherwise.
*
* @since 1.6
*/
public function edit($key = null, $urlVar = 'w_id')
{
return parent::edit($key, $urlVar);
}
/**
* Method to get a model object, loading it if required.
*
* @param string $name The model name. Optional.
* @param string $prefix The class prefix. Optional.
* @param array $config Configuration array for model. Optional.
*
* @return object The model.
*
* @since 1.5
*/
public function getModel($name = 'form', $prefix = 'Site', $config = ['ignore_request' => true])
{
return parent::getModel($name, $prefix, $config);
}
/**
* Gets the URL arguments to append to an item redirect.
*
* @param integer $recordId The primary key id for the item.
* @param string $urlVar The name of the URL variable for the id.
*
* @return string The arguments to append to the redirect URL.
*
* @since 1.6
*/
protected function getRedirectToItemAppend($recordId = null, $urlVar = null)
{
$append = parent::getRedirectToItemAppend($recordId, $urlVar);
$itemId = $this->input->getInt('Itemid');
$return = $this->getReturnPage();
if ($itemId) {
$append .= '&Itemid=' . $itemId;
}
if ($return) {
$append .= '&return=' . base64_encode($return);
}
return $append;
}
/**
* Get the return URL if a "return" variable has been passed in the request
*
* @return string The return URL.
*
* @since 1.6
*/
protected function getReturnPage()
{
$return = $this->input->get('return', null, 'base64');
if (empty($return) || !Uri::isInternal(base64_decode($return))) {
return Uri::base();
}
return base64_decode($return);
}
/**
* Method to save a record.
*
* @param string $key The name of the primary key of the URL variable.
* @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions).
*
* @return boolean True if successful, false otherwise.
*
* @since 1.6
*/
public function save($key = null, $urlVar = 'w_id')
{
// Get the application
$app = $this->app;
// Get the data from POST
$data = $this->input->post->get('jform', [], 'array');
// Save the data in the session.
$app->setUserState('com_weblinks.edit.weblink.data', $data);
$result = parent::save($key, $urlVar);
// If ok, redirect to the return page.
if ($result) {
// Flush the data from the session
$app->setUserState('com_weblinks.edit.weblink.data', null);
$this->setRedirect($this->getReturnPage());
}
return $result;
}
/**
* Go to a weblink
*
* @return void
*
* @throws \Exception
*
* @since 1.6
*/
public function go()
{
// Get the ID from the request
$id = $this->input->getInt('id');
// Get the model, requiring published items
$modelLink = $this->getModel('Weblink');
$modelLink->setState('filter.published', 1);
// Get the item
$link = $modelLink->getItem($id);
// Make sure the item was found.
if (empty($link)) {
throw new \Exception(Text::_('COM_WEBLINKS_ERROR_WEBLINK_NOT_FOUND'), 404);
}
// Check whether item access level allows access.
$groups = $this->app->getIdentity()->getAuthorisedViewLevels();
if (!\in_array($link->access, $groups)) {
throw new \Exception(Text::_('JERROR_ALERTNOAUTHOR'), 403);
}
// Check whether category access level allows access.
$modelCat = $this->getModel('Category', 'Site', ['ignore_request' => true]);
$modelCat->setState('filter.published', 1);
// Get the category
$category = $modelCat->getCategory($link->catid);
// Make sure the category was found.
if (empty($category)) {
throw new \Exception(Text::_('COM_WEBLINKS_ERROR_WEBLINK_NOT_FOUND'), 404);
}
// Check whether item access level allows access.
if (!\in_array($category->access, $groups)) {
throw new \Exception(Text::_('JERROR_ALERTNOAUTHOR'), 403);
}
// Redirect to the URL
if ($link->url) {
$modelLink->hit($id);
$this->app->redirect($link->url, 301);
}
throw new \Exception(Text::_('COM_WEBLINKS_ERROR_WEBLINK_URL_INVALID'), 404);
}
}