本文整理汇总了PHP中flexicontent_html::is_safe_url方法的典型用法代码示例。如果您正苦于以下问题:PHP flexicontent_html::is_safe_url方法的具体用法?PHP flexicontent_html::is_safe_url怎么用?PHP flexicontent_html::is_safe_url使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类flexicontent_html的用法示例。
在下文中一共展示了flexicontent_html::is_safe_url方法的2个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: vote
/**
* Method of the voting without AJAX. Exists for compatibility reasons, since it can be called by Joomla's content vote plugin.
*
* @access public
* @since 1.0
*/
function vote()
{
$id = JRequest::getInt('id', 0);
$cid = JRequest::getInt('cid', 0);
$url = JRequest::getString('url', '');
$dolog = JComponentHelper::getParams('com_flexicontent')->get('print_logging_info');
// Check that the pased URL variable is 'safe' (allowed) , e.g. not an offsite URL, otherwise for returning to HOME page
if (!$url || !flexicontent_html::is_safe_url($url)) {
if ($dolog) {
JFactory::getApplication()->enqueueMessage('refused redirection to possible unsafe URL: ' . $url, 'notice');
}
$url = JRoute::_('index.php?view=' . FLEXI_ITEMVIEW . '&cid=' . $cid . '&id=' . $id);
}
// Finally store the vote
JRequest::setVar('no_ajax', 1);
$this->ajaxvote();
$msg = '';
$this->setRedirect($url, $msg);
}示例2: _check_viewing_access
/**
* Method to CHECK item's -VIEWING- ACCESS, this could be moved to the controller,
* if we do this, then we must check the view variable, because DISPLAY() CONTROLLER TASK
* is shared among all views ... or create a separate FRONTEND controller for the ITEM VIEW
*
* @access private
* @return array
* @since 1.5
*/
function _check_viewing_access($version = false)
{
global $globalcats;
$app = JFactory::getApplication();
$user = JFactory::getUser();
$session = JFactory::getSession();
$aid = (int) $user->get('aid');
$gid = (int) $user->get('gid');
$cid = $this->_cid;
$params = $this->_item->parameters;
$cparams = $this->_cparams;
$fcreturn = serialize(array('id' => @$this->_item->id, 'cid' => $cid));
// a special url parameter, used by some SEF code
$referer = @$_SERVER['HTTP_REFERER'];
// the previously viewed page (refer)
if (!flexicontent_html::is_safe_url($referer)) {
$referer = JURI::base();
}
// Ignore it if potentially non safe URL, e.g. non-internal
// a basic item title string
$title_str = "<br />" . JText::_('FLEXI_TITLE') . ": " . $this->_item->title . '[id: ' . $this->_item->id . ']';
// Since we will check access for VIEW (=read) only, we skip checks if TASK Variable is set,
// the edit() or add() or other controller task, will be responsible for checking permissions.
if (@$this->_item->id && !JRequest::getVar('task', false) && JRequest::getVar('view') == FLEXI_ITEMVIEW) {
//*************************************************************
// STEP A: Calculate ownership, edit permission and read access
// (a) isOwner, (b) canedititem, (c) canviewitem
//*************************************************************
// (a) Calculate if owned by current user
$isOwner = $this->_item->created_by == $user->get('id');
// (b) Calculate edit access ...
// NOTE: we will allow view access if current user can edit the item (but set a warning message about it, see bellow)
$canedititem = $params->get('access-edit');
$caneditstate = $params->get('access-edit-state');
if (!$caneditstate) {
// Item not editable, check if item is editable till logoff
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent');
$canedititem = isset($rendered_uneditable[$this->_item->id]);
}
}
// (c) Calculate read access ... also considering the access level of parent categories
$_cid_ = $cid ? $cid : $this->_item->catid;
if (!isset($this->_item->ancestor_cats_accessible)) {
$aid_arr = JAccess::getAuthorisedViewLevels($user->id);
$allowed_levels = array_flip($aid_arr);
$catshelper = new flexicontent_cats($_cid_);
$parents = $catshelper->getParentlist($all_cols = false);
$ancestor_cats_accessible = true;
foreach ($parents as $parent) {
if (!isset($allowed_levels[$parent->access])) {
$ancestor_cats_accessible = false;
break;
}
}
$this->_item->ancestor_cats_accessible = $ancestor_cats_accessible;
}
$canviewitem = $params->get('access-view') && $this->_item->ancestor_cats_accessible;
// *********************************************************************************************
// STEP B: Calculate SOME ITEM PUBLICATION STATE FLAGS, used to decide if current item is active
// FLAGS: item_is_published, item_is_scheduled, item_is_expired, ancestor_cats_published
// *********************************************************************************************
$item_is_published = $this->_item->state == 1 || $this->_item->state == -5 || $this->_item->state == (FLEXI_J16GE ? 2 : -1);
$item_is_scheduled = $this->_item->publication_scheduled;
$item_is_expired = $this->_item->publication_expired;
if ($cid) {
// cid is set, check state of current item category only
// NOTE: J1.6+ all ancestor categories from current one to the root, for J1.5 only the current one ($cid)
if (!isset($this->_item->ancestor_cats_published)) {
$ancestor_cats_published = true;
foreach ($globalcats[$cid]->ancestorsarray as $pcid) {
$ancestor_cats_published = $ancestor_cats_published && $globalcats[$pcid]->published == 1;
}
$this->_item->ancestor_cats_published = $ancestor_cats_published;
}
$ancestor_cats_published = $this->_item->ancestor_cats_published;
//$this->_item->catpublished;
$cats_np_err_mssg = JText::sprintf('FLEXI_CONTENT_UNAVAILABLE_ITEM_CURRCAT_UNPUBLISHED', $cid);
} else {
// cid is not set, we have no current category, the item is visible if it belongs to at one published category
$itemcats = $this->_item->categories;
$ancestor_cats_published = true;
foreach ($itemcats as $catid) {
if (!isset($globalcats[$catid])) {
continue;
}
$ancestor_cats_published |= $globalcats[$catid]->published;
// For J1.6+ check all ancestor categories from current one to the root
foreach ($globalcats[$catid]->ancestorsarray as $pcid) {
$ancestor_cats_published = $ancestor_cats_published && $globalcats[$pcid]->published == 1;
}
//.........这里部分代码省略.........