@owner Deutsche Gesellschaft für International Zusammenarbeit (GIZ) Gmb @copyright Copyright (C) 2015. All Rights Reserved @license GNU/GPL Version 2 or later - http://www.gnu.org/licenses/gpl-2.0.html /-------------------------------------------------------------------------------------------------------/ Cost Benefit Projection Tool. /------------------------------------------------------------------------------------------------------*/ // No direct access to this file defined('_JEXEC') or die('Restricted access'); /** * Costbenefitprojection Component Controller */ class CostbenefitprojectionController extends JControllerLegacy { /** * Method to display a view. * * @param boolean $cachable If true, the view output will be cached. * @param boolean $urlparams An array of safe URL parameters and their variable types, for valid values see {@link JFilterInput::clean()}. * * @return JController This object to support chaining. * */ function display($cachable = false, $urlparams = false) { // set default view if not set $view = $this->input->getCmd('view', 'cpanel'); $this->input->set('view', $view); $isEdit = $this->checkEditView($view); $layout = $this->input->get('layout', null, 'WORD'); $id = $this->input->getInt('id'); // $cachable = true; (TODO) working on a fix [gh-238](https://github.com/vdm-io/Joomla-Component-Builder/issues/238) // insure that the view is not cashable if edit view or if user is logged in $user = JFactory::getUser(); if ($user->get('id') || $isEdit) { $cachable = false; } // Check for edit form. if($isEdit) { if ($layout == 'edit' && !$this->checkEditId('com_costbenefitprojection.edit.'.$view, $id)) { // Somehow the person just went to the form - we don't allow that. $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_UNHELD_ID', $id)); $this->setMessage($this->getError(), 'error'); // check if item was opend from other then its own list view $ref = $this->input->getCmd('ref', 0); $refid = $this->input->getInt('refid', 0); // set redirect if ($refid > 0 && CostbenefitprojectionHelper::checkString($ref)) { // redirect to item of ref $this->setRedirect(JRoute::_('index.php?option=com_costbenefitprojection&view='.(string)$ref.'&layout=edit&id='.(int)$refid, false)); } elseif (CostbenefitprojectionHelper::checkString($ref)) { // redirect to ref $this->setRedirect(JRoute::_('index.php?option=com_costbenefitprojection&view='.(string)$ref, false)); } else { // normal redirect back to the list default site view $this->setRedirect(JRoute::_('index.php?option=com_costbenefitprojection&view=cpanel', false)); } return false; } } // we may need to make this more dynamic in the future. (TODO) $safeurlparams = array( 'catid' => 'INT', 'id' => 'INT', 'cid' => 'ARRAY', 'year' => 'INT', 'month' => 'INT', 'limit' => 'UINT', 'limitstart' => 'UINT', 'showall' => 'INT', 'return' => 'BASE64', 'filter' => 'STRING', 'filter_order' => 'CMD', 'filter_order_Dir' => 'CMD', 'filter-search' => 'STRING', 'print' => 'BOOLEAN', 'lang' => 'CMD', 'Itemid' => 'INT'); // should these not merge? if (CostbenefitprojectionHelper::checkArray($urlparams)) { $safeurlparams = CostbenefitprojectionHelper::mergeArrays(array($urlparams, $safeurlparams)); } return parent::display($cachable, $safeurlparams); } protected function checkEditView($view) { if (CostbenefitprojectionHelper::checkString($view)) { $views = array( 'company', 'scaling_factor', 'intervention' ); // check if this is a edit view if (in_array($view,$views)) { return true; } } return false; } }