From 83e4562d62b575c6e4e6bb13ce9e38e8b0a110b0 Mon Sep 17 00:00:00 2001 From: Llewellyn van der Merwe Date: Thu, 3 Dec 2020 02:13:49 +0200 Subject: [PATCH] Fixed the access filter in query. Fixed the array to int helper use. Added the correct language strings to category and access filters. gh-378 --- README.md | 4 +- admin/README.txt | 4 +- admin/controllers/admin_views.php | 2 +- admin/controllers/class_methods.php | 2 +- admin/controllers/class_properties.php | 2 +- admin/controllers/custom_admin_views.php | 2 +- admin/controllers/custom_codes.php | 2 +- admin/controllers/dynamic_gets.php | 2 +- admin/controllers/fields.php | 2 +- admin/controllers/fieldtypes.php | 2 +- admin/controllers/help_documents.php | 2 +- admin/controllers/joomla_components.php | 2 +- admin/controllers/language_translations.php | 2 +- admin/controllers/languages.php | 2 +- admin/controllers/layouts.php | 2 +- admin/controllers/placeholders.php | 2 +- admin/controllers/servers.php | 2 +- admin/controllers/site_views.php | 2 +- admin/controllers/snippets.php | 2 +- admin/controllers/templates.php | 2 +- admin/controllers/validation_rules.php | 2 +- admin/helpers/compiler/b_Structure.php | 2 +- admin/helpers/compiler/c_Fields.php | 10 +- admin/helpers/compiler/e_Interpretation.php | 200 ++++++++++++++---- admin/helpers/compiler/f_Infusion.php | 5 +- admin/models/admin_views.php | 14 +- admin/models/admins_custom_tabs.php | 14 +- admin/models/admins_fields.php | 14 +- admin/models/admins_fields_conditions.php | 14 +- admin/models/admins_fields_relations.php | 14 +- admin/models/class_extendings.php | 14 +- admin/models/class_methods.php | 14 +- admin/models/class_properties.php | 14 +- admin/models/components_admin_views.php | 14 +- admin/models/components_config.php | 14 +- .../models/components_custom_admin_menus.php | 14 +- .../models/components_custom_admin_views.php | 14 +- admin/models/components_dashboard.php | 14 +- admin/models/components_files_folders.php | 14 +- admin/models/components_modules.php | 14 +- admin/models/components_mysql_tweaks.php | 14 +- admin/models/components_placeholders.php | 14 +- admin/models/components_plugins.php | 14 +- admin/models/components_site_views.php | 14 +- admin/models/components_updates.php | 14 +- admin/models/custom_admin_views.php | 14 +- admin/models/custom_codes.php | 14 +- admin/models/dynamic_gets.php | 14 +- admin/models/fields.php | 16 +- admin/models/fieldtype.php | 12 +- admin/models/fieldtypes.php | 16 +- admin/models/joomla_components.php | 14 +- admin/models/joomla_modules.php | 14 +- .../joomla_modules_files_folders_urls.php | 14 +- admin/models/joomla_modules_updates.php | 14 +- admin/models/joomla_plugin_groups.php | 14 +- admin/models/joomla_plugins.php | 14 +- .../joomla_plugins_files_folders_urls.php | 14 +- admin/models/joomla_plugins_updates.php | 14 +- admin/models/language_translations.php | 14 +- admin/models/languages.php | 14 +- admin/models/layouts.php | 14 +- admin/models/libraries.php | 14 +- admin/models/libraries_config.php | 14 +- admin/models/libraries_files_folders_urls.php | 14 +- admin/models/placeholders.php | 14 +- admin/models/server.php | 12 +- admin/models/servers.php | 14 +- admin/models/site_views.php | 14 +- admin/models/snippet_types.php | 14 +- admin/models/snippets.php | 14 +- admin/models/templates.php | 14 +- admin/models/validation_rules.php | 14 +- componentbuilder.xml | 2 +- 74 files changed, 763 insertions(+), 174 deletions(-) diff --git a/README.md b/README.md index 07c1f213f..b2fc72de9 100644 --- a/README.md +++ b/README.md @@ -144,11 +144,11 @@ TODO + *Author*: [Llewellyn van der Merwe](mailto:llewellyn@joomlacomponentbuilder.com) + *Name*: [Component Builder](https://github.com/vdm-io/Joomla-Component-Builder) + *First Build*: 30th April, 2015 -+ *Last Build*: 1st December, 2020 ++ *Last Build*: 3rd December, 2020 + *Version*: 2.11.7 + *Copyright*: Copyright (C) 2015 - 2020 Vast Development Method. All rights reserved. + *License*: GNU General Public License version 2 or later; see LICENSE.txt -+ *Line count*: **284731** ++ *Line count*: **285207** + *Field count*: **1537** + *File count*: **1799** + *Folder count*: **304** diff --git a/admin/README.txt b/admin/README.txt index 07c1f213f..b2fc72de9 100644 --- a/admin/README.txt +++ b/admin/README.txt @@ -144,11 +144,11 @@ TODO + *Author*: [Llewellyn van der Merwe](mailto:llewellyn@joomlacomponentbuilder.com) + *Name*: [Component Builder](https://github.com/vdm-io/Joomla-Component-Builder) + *First Build*: 30th April, 2015 -+ *Last Build*: 1st December, 2020 ++ *Last Build*: 3rd December, 2020 + *Version*: 2.11.7 + *Copyright*: Copyright (C) 2015 - 2020 Vast Development Method. All rights reserved. + *License*: GNU General Public License version 2 or later; see LICENSE.txt -+ *Line count*: **284731** ++ *Line count*: **285207** + *Field count*: **1537** + *File count*: **1799** + *Folder count*: **304** diff --git a/admin/controllers/admin_views.php b/admin/controllers/admin_views.php index bb3825f81..4f9562d3a 100644 --- a/admin/controllers/admin_views.php +++ b/admin/controllers/admin_views.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerAdmin_views extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Admin_views'); // get the data to export diff --git a/admin/controllers/class_methods.php b/admin/controllers/class_methods.php index 709f69dd7..77fc19054 100644 --- a/admin/controllers/class_methods.php +++ b/admin/controllers/class_methods.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerClass_methods extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Class_methods'); // get the data to export diff --git a/admin/controllers/class_properties.php b/admin/controllers/class_properties.php index f55e8a472..ee06679a2 100644 --- a/admin/controllers/class_properties.php +++ b/admin/controllers/class_properties.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerClass_properties extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Class_properties'); // get the data to export diff --git a/admin/controllers/custom_admin_views.php b/admin/controllers/custom_admin_views.php index aa3a2def6..895d90bf1 100644 --- a/admin/controllers/custom_admin_views.php +++ b/admin/controllers/custom_admin_views.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerCustom_admin_views extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Custom_admin_views'); // get the data to export diff --git a/admin/controllers/custom_codes.php b/admin/controllers/custom_codes.php index 8fd2baf75..69416ba32 100644 --- a/admin/controllers/custom_codes.php +++ b/admin/controllers/custom_codes.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerCustom_codes extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Custom_codes'); // get the data to export diff --git a/admin/controllers/dynamic_gets.php b/admin/controllers/dynamic_gets.php index 8f2779626..b12db48b1 100644 --- a/admin/controllers/dynamic_gets.php +++ b/admin/controllers/dynamic_gets.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerDynamic_gets extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Dynamic_gets'); // get the data to export diff --git a/admin/controllers/fields.php b/admin/controllers/fields.php index 333d6c2a3..37aa93fb9 100644 --- a/admin/controllers/fields.php +++ b/admin/controllers/fields.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerFields extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Fields'); // get the data to export diff --git a/admin/controllers/fieldtypes.php b/admin/controllers/fieldtypes.php index b3f11562c..9ab64e184 100644 --- a/admin/controllers/fieldtypes.php +++ b/admin/controllers/fieldtypes.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerFieldtypes extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Fieldtypes'); // get the data to export diff --git a/admin/controllers/help_documents.php b/admin/controllers/help_documents.php index 1fd855f42..c196281df 100644 --- a/admin/controllers/help_documents.php +++ b/admin/controllers/help_documents.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerHelp_documents extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Help_documents'); // get the data to export diff --git a/admin/controllers/joomla_components.php b/admin/controllers/joomla_components.php index b6268f976..40f89410c 100644 --- a/admin/controllers/joomla_components.php +++ b/admin/controllers/joomla_components.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerJoomla_components extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Joomla_components'); // get the data to export diff --git a/admin/controllers/language_translations.php b/admin/controllers/language_translations.php index 63f63c677..707f1fa8a 100644 --- a/admin/controllers/language_translations.php +++ b/admin/controllers/language_translations.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerLanguage_translations extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Language_translations'); // get the data to export diff --git a/admin/controllers/languages.php b/admin/controllers/languages.php index 4a5f9527c..122219384 100644 --- a/admin/controllers/languages.php +++ b/admin/controllers/languages.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerLanguages extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Languages'); // get the data to export diff --git a/admin/controllers/layouts.php b/admin/controllers/layouts.php index 5c46d7201..4cffcf47b 100644 --- a/admin/controllers/layouts.php +++ b/admin/controllers/layouts.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerLayouts extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Layouts'); // get the data to export diff --git a/admin/controllers/placeholders.php b/admin/controllers/placeholders.php index 7e1cedf00..d42263160 100644 --- a/admin/controllers/placeholders.php +++ b/admin/controllers/placeholders.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerPlaceholders extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Placeholders'); // get the data to export diff --git a/admin/controllers/servers.php b/admin/controllers/servers.php index c2dce20e0..c1d011ba4 100644 --- a/admin/controllers/servers.php +++ b/admin/controllers/servers.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerServers extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Servers'); // get the data to export diff --git a/admin/controllers/site_views.php b/admin/controllers/site_views.php index e85fe2e21..0054fd1c4 100644 --- a/admin/controllers/site_views.php +++ b/admin/controllers/site_views.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerSite_views extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Site_views'); // get the data to export diff --git a/admin/controllers/snippets.php b/admin/controllers/snippets.php index 649f3270a..d3b64683a 100644 --- a/admin/controllers/snippets.php +++ b/admin/controllers/snippets.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerSnippets extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Snippets'); // get the data to export diff --git a/admin/controllers/templates.php b/admin/controllers/templates.php index 5557a929f..4da43d674 100644 --- a/admin/controllers/templates.php +++ b/admin/controllers/templates.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerTemplates extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Templates'); // get the data to export diff --git a/admin/controllers/validation_rules.php b/admin/controllers/validation_rules.php index f99585aaf..4807eaa6d 100644 --- a/admin/controllers/validation_rules.php +++ b/admin/controllers/validation_rules.php @@ -55,7 +55,7 @@ class ComponentbuilderControllerValidation_rules extends JControllerAdmin $input = JFactory::getApplication()->input; $pks = $input->post->get('cid', array(), 'array'); // Sanitize the input - ArrayHelper::toInteger($pks); + $pks = ArrayHelper::toInteger($pks); // Get the model $model = $this->getModel('Validation_rules'); // get the data to export diff --git a/admin/helpers/compiler/b_Structure.php b/admin/helpers/compiler/b_Structure.php index 858847f38..281044758 100644 --- a/admin/helpers/compiler/b_Structure.php +++ b/admin/helpers/compiler/b_Structure.php @@ -2929,7 +2929,7 @@ class Structure extends Get /** * set the Joomla Version Data * - * @return oject The version data + * @return object The version data * */ private function setJoomlaVersionData() diff --git a/admin/helpers/compiler/c_Fields.php b/admin/helpers/compiler/c_Fields.php index c5cf40f05..badbc27fd 100644 --- a/admin/helpers/compiler/c_Fields.php +++ b/admin/helpers/compiler/c_Fields.php @@ -393,12 +393,12 @@ class Fields extends Structure // add metadata to the view if (isset($view['metadata']) && $view['metadata']) { - $this->metadataBuilder[$nameSingleCode] = $nameSingleCode; + $this->metadataBuilder[$nameSingleCode] = $nameListCode; } // add access to the view if (isset($view['access']) && $view['access']) { - $this->accessBuilder[$nameSingleCode] = $nameSingleCode; + $this->accessBuilder[$nameSingleCode] = $nameListCode; } // main lang prefix $langView = $this->langPrefix . '_' @@ -5628,7 +5628,7 @@ class Fields extends Structure $field_filter_sets[] = $this->_t(3) . 'type="category"'; $field_filter_sets[] = $this->_t(3) . 'name="category_id"'; $field_filter_sets[] = $this->_t(3) - . 'label="JOPTION_FILTER_CATEGORY"'; + . 'label="' . $this->categoryBuilder[$nameListCode]['name'] . '"'; $field_filter_sets[] = $this->_t(3) . 'description="JOPTION_FILTER_CATEGORY_DESC"'; $field_filter_sets[] = $this->_t(3) . 'multiple="true"'; @@ -5654,9 +5654,9 @@ class Fields extends Structure $field_filter_sets[] = $this->_t(3) . 'type="accesslevel"'; $field_filter_sets[] = $this->_t(3) . 'name="access"'; $field_filter_sets[] = $this->_t(3) - . 'label="JOPTION_FILTER_ACCESS"'; + . 'label="JFIELD_ACCESS_LABEL"'; $field_filter_sets[] = $this->_t(3) - . 'description="JOPTION_FILTER_ACCESS_DESC"'; + . 'description="JFIELD_ACCESS_DESC"'; $field_filter_sets[] = $this->_t(3) . 'multiple="true"'; $field_filter_sets[] = $this->_t(3) . 'class="multipleAccessLevels"'; diff --git a/admin/helpers/compiler/e_Interpretation.php b/admin/helpers/compiler/e_Interpretation.php index b40751e6d..3c61545bf 100644 --- a/admin/helpers/compiler/e_Interpretation.php +++ b/admin/helpers/compiler/e_Interpretation.php @@ -10581,7 +10581,7 @@ class Interpretation extends Fields if (1) { // https://github.com/joomla/joomla-cms/blob/3.10.0-alpha3/installation/sql/mysql/joomla.sql#L22 - // Checked 1st December 2020 + // Checked 1st December 2020 (let us know if this changes) $db .= PHP_EOL; $db .= PHP_EOL . '--'; $db .= PHP_EOL @@ -10594,13 +10594,13 @@ class Interpretation extends Fields . "ALTER TABLE `#__assets` CHANGE `rules` `rules` varchar(5120) NOT NULL COMMENT 'JSON encoded access control.';"; } - // check if this component used larger rules + // check if this component used larger names // now revert them back on uninstall // TODO still adding to GUI the needed switches and code if (1) { // https://github.com/joomla/joomla-cms/blob/3.10.0-alpha3/installation/sql/mysql/joomla.sql#L20 - // Checked 1st December 2020 + // Checked 1st December 2020 (let us know if this changes) $db .= PHP_EOL; $db .= PHP_EOL . '--'; $db .= PHP_EOL @@ -14310,14 +14310,35 @@ class Interpretation extends Fields . "\$query->select('ag.title AS access_level');"; $query .= PHP_EOL . $this->_t(2) . "\$query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access');"; - $query .= PHP_EOL . $this->_t(2) . "//" . $this->setLine(__LINE__) - . " Filter by access level."; - $query .= PHP_EOL . $this->_t(2) - . "if (\$access = \$this->getState('filter.access'))"; - $query .= PHP_EOL . $this->_t(2) . "{"; - $query .= PHP_EOL . $this->_t(3) - . "\$query->where('a.access = ' . (int) \$access);"; - $query .= PHP_EOL . $this->_t(2) . "}"; + // check if the access field was over ridden + if (!isset($this->fieldsNames[$nameSingleCode]['access'])) + { + // component helper name + $Helper = $this->fileContentStatic[$this->hhh . 'Component' + . $this->hhh] . 'Helper'; + // load the access filter query code + $query .= PHP_EOL . $this->_t(2) . "//" . $this->setLine(__LINE__) + . " Filter by access level."; + $query .= PHP_EOL . $this->_t(2) + . "\$_access = \$this->getState('filter.access');"; + $query .= PHP_EOL . $this->_t(2) . "if (\$_access && is_numeric(\$_access))"; + $query .= PHP_EOL . $this->_t(2) . "{"; + $query .= PHP_EOL . $this->_t(3) + . "\$query->where('a.access = ' . (int) \$_access);"; + $query .= PHP_EOL . $this->_t(2) . "}"; + $query .= PHP_EOL . $this->_t(2) . "elseif (" + . $Helper . "::checkArray(\$_access))"; + $query .= PHP_EOL . $this->_t(2) . "{"; + $query .= PHP_EOL . $this->_t(3) . "//" + . $this->setLine(__LINE__) . " Secure the array for the query"; + $query .= PHP_EOL . $this->_t(3) . "\$_access = ArrayHelper::toInteger(\$_access);"; + $query .= PHP_EOL . $this->_t(3) . "//" + . $this->setLine(__LINE__) . " Filter by the Access Array."; + $query .= PHP_EOL . $this->_t(3) + . "\$query->where('a.access IN (' . implode(',', \$_access) . ')');"; + $query .= PHP_EOL . $this->_t(2) . "}"; + } + // TODO the following will fight against the above access filter $query .= PHP_EOL . $this->_t(2) . "//" . $this->setLine(__LINE__) . " Implement View Level Access"; $query .= PHP_EOL . $this->_t(2) @@ -14733,7 +14754,7 @@ class Interpretation extends Fields . "\$pks = \$input->post->get('cid', array(), 'array');"; $method[] = $this->_t(3) . "//" . $this->setLine(__LINE__) . " Sanitize the input"; - $method[] = $this->_t(3) . "ArrayHelper::toInteger(\$pks);"; + $method[] = $this->_t(3) . "\$pks = ArrayHelper::toInteger(\$pks);"; $method[] = $this->_t(3) . "//" . $this->setLine(__LINE__) . " convert to string"; $method[] = $this->_t(3) . "\$ids = implode('_', \$pks);"; @@ -15075,7 +15096,7 @@ class Interpretation extends Fields . "\$pks = \$input->post->get('cid', array(), 'array');"; $method[] = $this->_t(3) . "//" . $this->setLine(__LINE__) . " Sanitize the input"; - $method[] = $this->_t(3) . "ArrayHelper::toInteger(\$pks);"; + $method[] = $this->_t(3) . "\$pks = ArrayHelper::toInteger(\$pks);"; $method[] = $this->_t(3) . "//" . $this->setLine(__LINE__) . " Get the model"; $method[] = $this->_t(3) . "\$model = \$this->getModel('" @@ -15415,14 +15436,35 @@ class Interpretation extends Fields . "\$query->select('ag.title AS access_level');"; $query .= PHP_EOL . $this->_t(2) . "\$query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access');"; - $query .= PHP_EOL . $this->_t(2) . "//" . $this->setLine(__LINE__) - . " Filter by access level."; - $query .= PHP_EOL . $this->_t(2) - . "if (\$access = \$this->getState('filter.access'))"; - $query .= PHP_EOL . $this->_t(2) . "{"; - $query .= PHP_EOL . $this->_t(3) - . "\$query->where('a.access = ' . (int) \$access);"; - $query .= PHP_EOL . $this->_t(2) . "}"; + // check if the access field was over ridden + if (!isset($this->fieldsNames[$nameSingleCode]['access'])) + { + // component helper name + $Helper = $this->fileContentStatic[$this->hhh . 'Component' + . $this->hhh] . 'Helper'; + // load the access filter query code + $query .= PHP_EOL . $this->_t(2) . "//" . $this->setLine(__LINE__) + . " Filter by access level."; + $query .= PHP_EOL . $this->_t(2) + . "\$_access = \$this->getState('filter.access');"; + $query .= PHP_EOL . $this->_t(2) . "if (\$_access && is_numeric(\$_access))"; + $query .= PHP_EOL . $this->_t(2) . "{"; + $query .= PHP_EOL . $this->_t(3) + . "\$query->where('a.access = ' . (int) \$_access);"; + $query .= PHP_EOL . $this->_t(2) . "}"; + $query .= PHP_EOL . $this->_t(2) . "elseif (" + . $Helper . "::checkArray(\$_access))"; + $query .= PHP_EOL . $this->_t(2) . "{"; + $query .= PHP_EOL . $this->_t(3) . "//" + . $this->setLine(__LINE__) . " Secure the array for the query"; + $query .= PHP_EOL . $this->_t(3) . "\$_access = ArrayHelper::toInteger(\$_access);"; + $query .= PHP_EOL . $this->_t(3) . "//" + . $this->setLine(__LINE__) . " Filter by the Access Array."; + $query .= PHP_EOL . $this->_t(3) + . "\$query->where('a.access IN (' . implode(',', \$_access) . ')');"; + $query .= PHP_EOL . $this->_t(2) . "}"; + } + // TODO the following will fight against the above access filter $query .= PHP_EOL . $this->_t(2) . "//" . $this->setLine(__LINE__) . " Implement View Level Access"; $query .= PHP_EOL . $this->_t(2) @@ -15467,7 +15509,7 @@ class Interpretation extends Fields . "elseif (is_array(\$categoryId))"; $query .= PHP_EOL . $this->_t(2) . "{"; $query .= PHP_EOL . $this->_t(3) - . "ArrayHelper::toInteger(\$categoryId);"; + . "\$categoryId = ArrayHelper::toInteger(\$categoryId);"; $query .= PHP_EOL . $this->_t(3) . "\$categoryId = implode(',', \$categoryId);"; $query .= PHP_EOL . $this->_t(3) @@ -20259,12 +20301,13 @@ class Interpretation extends Fields /** * set the filter fields * - * @param string $nameListCode The list view name + * @param string $nameSingleCode The single view name + * @param string $nameListCode The list view name * * @return string The code for the filter fields array * */ - public function setFilterFieldsArray(&$nameListCode) + public function setFilterFieldsArray(&$nameSingleCode, &$nameListCode) { // keep track of all fields already added $donelist = array('id' => true, 'search' => true, @@ -20273,9 +20316,9 @@ class Interpretation extends Fields // default filter fields $fields = "'a.id','id'"; $fields .= "," . PHP_EOL . $this->_t(4) . "'a.published','published'"; - if (isset($this->accessBuilder[$nameListCode]) + if (isset($this->accessBuilder[$nameSingleCode]) && ComponentbuilderHelper::checkString( - $this->accessBuilder[$nameListCode] + $this->accessBuilder[$nameSingleCode] )) { $fields .= "," . PHP_EOL . $this->_t(4) . "'a.access','access'"; @@ -20381,12 +20424,13 @@ class Interpretation extends Fields /** * set the sotred ids * - * @param string $nameListCode The list view name + * @param string $nameSingleCode The single view name + * @param string $nameListCode The list view name * * @return string The code for the populate state * */ - public function setStoredId(&$nameListCode) + public function setStoredId(&$nameSingleCode, &$nameListCode) { // keep track of all fields already added $donelist = array('id' => true, 'search' => true, @@ -20400,9 +20444,9 @@ class Interpretation extends Fields . "\$id .= ':' . \$this->getState('filter.search');"; $stored .= PHP_EOL . $this->_t(2) . "\$id .= ':' . \$this->getState('filter.published');"; - if (isset($this->accessBuilder[$nameListCode]) + if (isset($this->accessBuilder[$nameSingleCode]) && ComponentbuilderHelper::checkString( - $this->accessBuilder[$nameListCode] + $this->accessBuilder[$nameSingleCode] )) { $stored .= PHP_EOL . $this->_t(2) @@ -21895,26 +21939,92 @@ class Interpretation extends Fields { // check that the filter type is the new filter option if (isset($this->adminFilterType[$nameListCode]) - && $this->adminFilterType[$nameListCode] == 2 - && isset($this->filterBuilder[$nameListCode]) - && ComponentbuilderHelper::checkArray( - $this->filterBuilder[$nameListCode] - )) + && $this->adminFilterType[$nameListCode] == 2) { - foreach ($this->filterBuilder[$nameListCode] as $filter) + // add category switch + $add_category = false; + if (isset($this->categoryBuilder[$nameListCode]) + && ComponentbuilderHelper::checkArray( + $this->categoryBuilder[$nameListCode] + ) + && isset($this->categoryBuilder[$nameListCode]['extension'])) { - // we need this only for filters that are multi - if (isset($filter['multi']) - && $filter['multi'] == 2) + // is found so add it + $add_category = true; + } + // add accessLevels switch + $add_access_levels = false; + if (in_array($nameListCode, $this->accessBuilder)) + { + // is found so add it + $add_access_levels = true; + } + // check if this view have filters + if (isset($this->filterBuilder[$nameListCode]) + && ComponentbuilderHelper::checkArray( + $this->filterBuilder[$nameListCode] + )) + { + foreach ($this->filterBuilder[$nameListCode] as $filter) { - // add the header - $headers[] - = 'JHtml::_(\'formbehavior.chosen\', \'.multiple' - . $filter['class'] - . '\', null, array(\'placeholder_text_multiple\' => \'- \' . JText::_(\'' - . $filter['lang_select'] . '\') . \' -\'));'; + // we need this only for filters that are multi + if (isset($filter['multi']) + && $filter['multi'] == 2) + { + // add the header + $headers[] + = 'JHtml::_(\'formbehavior.chosen\', \'.multiple' + . $filter['class'] + . '\', null, array(\'placeholder_text_multiple\' => \'- \' . JText::_(\'' + . $filter['lang_select'] . '\') . \' -\'));'; + // check if this was an access field + if ($filter['type'] === 'accesslevel') + { + // already added here so no need to add again + $add_access_levels = false; + } + } + elseif ($add_category && $filter['type'] === 'category') + { + // add the header + $headers[] + = 'JHtml::_(\'formbehavior.chosen\', \'.multipleCategories' + . '\', null, array(\'placeholder_text_multiple\' => \'- \' . JText::_(\'' + . $filter['lang_select'] . '\') . \' -\'));'; + // already added here so no need to add again + $add_category = false; + } } } + // add category if not already added + if ($add_category) + { + // add the header + $headers[] + = 'JHtml::_(\'formbehavior.chosen\', \'.multipleCategories' + . '\', null, array(\'placeholder_text_multiple\' => \'- \' . JText::_(\'' + . $this->categoryBuilder[$nameListCode]['name'] + . '\') . \' -\'));'; + } + // add accessLevels if not already added + if ($add_access_levels) + { + // set the language strings for selection + $filter_name_select = 'Select Access'; + $filter_name_select_lang = $this->langPrefix . '_FILTER_' + . ComponentbuilderHelper::safeString( + $filter_name_select, 'U' + ); + // and to translation + $this->setLangContent( + $this->lang, $filter_name_select_lang, $filter_name_select + ); + // add the header + $headers[] + = 'JHtml::_(\'formbehavior.chosen\', \'.multipleAccessLevels' + . '\', null, array(\'placeholder_text_multiple\' => \'- \' . JText::_(\'' + . $filter_name_select_lang . '\') . \' -\'));'; + } } } diff --git a/admin/helpers/compiler/f_Infusion.php b/admin/helpers/compiler/f_Infusion.php index 6c41d475a..439200d24 100644 --- a/admin/helpers/compiler/f_Infusion.php +++ b/admin/helpers/compiler/f_Infusion.php @@ -819,13 +819,16 @@ class Infusion extends Interpretation $this->fileContentDynamic[$nameListCode][$this->hhh . 'FILTER_FIELDS' . $this->hhh] = $this->setFilterFieldsArray( + $nameSingleCode, $nameListCode ); // STOREDID <<>> $this->fileContentDynamic[$nameListCode][$this->hhh . 'STOREDID' . $this->hhh] - = $this->setStoredId($nameListCode); + = $this->setStoredId( + $nameSingleCode, $nameListCode + ); // POPULATESTATE <<>> $this->fileContentDynamic[$nameListCode][$this->hhh diff --git a/admin/models/admin_views.php b/admin/models/admin_views.php index 5b17926ed..14014c039 100644 --- a/admin/models/admin_views.php +++ b/admin/models/admin_views.php @@ -26,6 +26,7 @@ class ComponentbuilderModelAdmin_views extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -276,9 +277,17 @@ class ComponentbuilderModelAdmin_views extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -608,6 +617,7 @@ class ComponentbuilderModelAdmin_views extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/admins_custom_tabs.php b/admin/models/admins_custom_tabs.php index 4fea3127f..918c5408b 100644 --- a/admin/models/admins_custom_tabs.php +++ b/admin/models/admins_custom_tabs.php @@ -26,6 +26,7 @@ class ComponentbuilderModelAdmins_custom_tabs extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelAdmins_custom_tabs extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelAdmins_custom_tabs extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/admins_fields.php b/admin/models/admins_fields.php index 7306824ba..1ca8fbeba 100644 --- a/admin/models/admins_fields.php +++ b/admin/models/admins_fields.php @@ -26,6 +26,7 @@ class ComponentbuilderModelAdmins_fields extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelAdmins_fields extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelAdmins_fields extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/admins_fields_conditions.php b/admin/models/admins_fields_conditions.php index 94251940a..a72e2ca2e 100644 --- a/admin/models/admins_fields_conditions.php +++ b/admin/models/admins_fields_conditions.php @@ -26,6 +26,7 @@ class ComponentbuilderModelAdmins_fields_conditions extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelAdmins_fields_conditions extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelAdmins_fields_conditions extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/admins_fields_relations.php b/admin/models/admins_fields_relations.php index 20eaf152d..9bd570096 100644 --- a/admin/models/admins_fields_relations.php +++ b/admin/models/admins_fields_relations.php @@ -26,6 +26,7 @@ class ComponentbuilderModelAdmins_fields_relations extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelAdmins_fields_relations extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelAdmins_fields_relations extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/class_extendings.php b/admin/models/class_extendings.php index 709f221bf..7f27ea83c 100644 --- a/admin/models/class_extendings.php +++ b/admin/models/class_extendings.php @@ -26,6 +26,7 @@ class ComponentbuilderModelClass_extendings extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -194,9 +195,17 @@ class ComponentbuilderModelClass_extendings extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -260,6 +269,7 @@ class ComponentbuilderModelClass_extendings extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/class_methods.php b/admin/models/class_methods.php index c444452ef..db4525561 100644 --- a/admin/models/class_methods.php +++ b/admin/models/class_methods.php @@ -26,6 +26,7 @@ class ComponentbuilderModelClass_methods extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -218,9 +219,17 @@ class ComponentbuilderModelClass_methods extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -429,6 +438,7 @@ class ComponentbuilderModelClass_methods extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/class_properties.php b/admin/models/class_properties.php index 9e633399f..8e2b85934 100644 --- a/admin/models/class_properties.php +++ b/admin/models/class_properties.php @@ -26,6 +26,7 @@ class ComponentbuilderModelClass_properties extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -218,9 +219,17 @@ class ComponentbuilderModelClass_properties extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -427,6 +436,7 @@ class ComponentbuilderModelClass_properties extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_admin_views.php b/admin/models/components_admin_views.php index 22b82a4fb..6accc1b0c 100644 --- a/admin/models/components_admin_views.php +++ b/admin/models/components_admin_views.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_admin_views extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_admin_views extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_admin_views extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_config.php b/admin/models/components_config.php index f68e0a373..ac1693e82 100644 --- a/admin/models/components_config.php +++ b/admin/models/components_config.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_config extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_config extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_config extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_custom_admin_menus.php b/admin/models/components_custom_admin_menus.php index 5adfdee6a..706fdd4d8 100644 --- a/admin/models/components_custom_admin_menus.php +++ b/admin/models/components_custom_admin_menus.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_custom_admin_menus extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_custom_admin_menus extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_custom_admin_menus extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_custom_admin_views.php b/admin/models/components_custom_admin_views.php index e4aa235d1..f59edcd26 100644 --- a/admin/models/components_custom_admin_views.php +++ b/admin/models/components_custom_admin_views.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_custom_admin_views extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_custom_admin_views extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_custom_admin_views extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_dashboard.php b/admin/models/components_dashboard.php index 743c43615..4108f69f1 100644 --- a/admin/models/components_dashboard.php +++ b/admin/models/components_dashboard.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_dashboard extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_dashboard extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_dashboard extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_files_folders.php b/admin/models/components_files_folders.php index bf14573a4..9dee8f0f8 100644 --- a/admin/models/components_files_folders.php +++ b/admin/models/components_files_folders.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_files_folders extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_files_folders extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_files_folders extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_modules.php b/admin/models/components_modules.php index 49677f5fc..404505fdd 100644 --- a/admin/models/components_modules.php +++ b/admin/models/components_modules.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_modules extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_modules extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_modules extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_mysql_tweaks.php b/admin/models/components_mysql_tweaks.php index e875192bf..3d12771c1 100644 --- a/admin/models/components_mysql_tweaks.php +++ b/admin/models/components_mysql_tweaks.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_mysql_tweaks extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_mysql_tweaks extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_mysql_tweaks extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_placeholders.php b/admin/models/components_placeholders.php index bbaa25eec..94eb60770 100644 --- a/admin/models/components_placeholders.php +++ b/admin/models/components_placeholders.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_placeholders extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_placeholders extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_placeholders extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_plugins.php b/admin/models/components_plugins.php index bf34fe716..dfaa4f074 100644 --- a/admin/models/components_plugins.php +++ b/admin/models/components_plugins.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_plugins extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_plugins extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_plugins extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_site_views.php b/admin/models/components_site_views.php index 40afd2908..6ca160011 100644 --- a/admin/models/components_site_views.php +++ b/admin/models/components_site_views.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_site_views extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_site_views extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_site_views extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/components_updates.php b/admin/models/components_updates.php index c80f61143..c7582bcfd 100644 --- a/admin/models/components_updates.php +++ b/admin/models/components_updates.php @@ -26,6 +26,7 @@ class ComponentbuilderModelComponents_updates extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelComponents_updates extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelComponents_updates extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/custom_admin_views.php b/admin/models/custom_admin_views.php index 84dd49fa8..2f529843a 100644 --- a/admin/models/custom_admin_views.php +++ b/admin/models/custom_admin_views.php @@ -26,6 +26,7 @@ class ComponentbuilderModelCustom_admin_views extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -227,9 +228,17 @@ class ComponentbuilderModelCustom_admin_views extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -473,6 +482,7 @@ class ComponentbuilderModelCustom_admin_views extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/custom_codes.php b/admin/models/custom_codes.php index e827c0395..edff310dc 100644 --- a/admin/models/custom_codes.php +++ b/admin/models/custom_codes.php @@ -26,6 +26,7 @@ class ComponentbuilderModelCustom_codes extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -255,9 +256,17 @@ class ComponentbuilderModelCustom_codes extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -513,6 +522,7 @@ class ComponentbuilderModelCustom_codes extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/dynamic_gets.php b/admin/models/dynamic_gets.php index a76ac2665..0c312b04e 100644 --- a/admin/models/dynamic_gets.php +++ b/admin/models/dynamic_gets.php @@ -26,6 +26,7 @@ class ComponentbuilderModelDynamic_gets extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -215,9 +216,17 @@ class ComponentbuilderModelDynamic_gets extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -436,6 +445,7 @@ class ComponentbuilderModelDynamic_gets extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/fields.php b/admin/models/fields.php index 30189fe02..d53e75fd2 100644 --- a/admin/models/fields.php +++ b/admin/models/fields.php @@ -26,6 +26,7 @@ class ComponentbuilderModelFields extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -294,9 +295,17 @@ class ComponentbuilderModelFields extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -421,7 +430,7 @@ class ComponentbuilderModelFields extends JModelList } elseif (is_array($categoryId)) { - ArrayHelper::toInteger($categoryId); + $categoryId = ArrayHelper::toInteger($categoryId); $categoryId = implode(',', $categoryId); $query->where('a.catid IN (' . $categoryId . ')'); } @@ -588,6 +597,7 @@ class ComponentbuilderModelFields extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/fieldtype.php b/admin/models/fieldtype.php index f303e90b1..b79279e9f 100644 --- a/admin/models/fieldtype.php +++ b/admin/models/fieldtype.php @@ -288,9 +288,17 @@ class ComponentbuilderModelFieldtype extends JModelAdmin $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) diff --git a/admin/models/fieldtypes.php b/admin/models/fieldtypes.php index b6b705326..ca610db2d 100644 --- a/admin/models/fieldtypes.php +++ b/admin/models/fieldtypes.php @@ -26,6 +26,7 @@ class ComponentbuilderModelFieldtypes extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -172,9 +173,17 @@ class ComponentbuilderModelFieldtypes extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -214,7 +223,7 @@ class ComponentbuilderModelFieldtypes extends JModelList } elseif (is_array($categoryId)) { - ArrayHelper::toInteger($categoryId); + $categoryId = ArrayHelper::toInteger($categoryId); $categoryId = implode(',', $categoryId); $query->where('a.catid IN (' . $categoryId . ')'); } @@ -365,6 +374,7 @@ class ComponentbuilderModelFieldtypes extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/joomla_components.php b/admin/models/joomla_components.php index 853586910..dfeca31ef 100644 --- a/admin/models/joomla_components.php +++ b/admin/models/joomla_components.php @@ -26,6 +26,7 @@ class ComponentbuilderModelJoomla_components extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -2206,9 +2207,17 @@ class ComponentbuilderModelJoomla_components extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -2475,6 +2484,7 @@ class ComponentbuilderModelJoomla_components extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/joomla_modules.php b/admin/models/joomla_modules.php index d336d0651..8a240b8c9 100644 --- a/admin/models/joomla_modules.php +++ b/admin/models/joomla_modules.php @@ -26,6 +26,7 @@ class ComponentbuilderModelJoomla_modules extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -196,9 +197,17 @@ class ComponentbuilderModelJoomla_modules extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -262,6 +271,7 @@ class ComponentbuilderModelJoomla_modules extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/joomla_modules_files_folders_urls.php b/admin/models/joomla_modules_files_folders_urls.php index be888b42d..48690e4f4 100644 --- a/admin/models/joomla_modules_files_folders_urls.php +++ b/admin/models/joomla_modules_files_folders_urls.php @@ -26,6 +26,7 @@ class ComponentbuilderModelJoomla_modules_files_folders_urls extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelJoomla_modules_files_folders_urls extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelJoomla_modules_files_folders_urls extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/joomla_modules_updates.php b/admin/models/joomla_modules_updates.php index 59e554ab7..6afa748d1 100644 --- a/admin/models/joomla_modules_updates.php +++ b/admin/models/joomla_modules_updates.php @@ -26,6 +26,7 @@ class ComponentbuilderModelJoomla_modules_updates extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelJoomla_modules_updates extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelJoomla_modules_updates extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/joomla_plugin_groups.php b/admin/models/joomla_plugin_groups.php index 352681349..371a97016 100644 --- a/admin/models/joomla_plugin_groups.php +++ b/admin/models/joomla_plugin_groups.php @@ -26,6 +26,7 @@ class ComponentbuilderModelJoomla_plugin_groups extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -141,9 +142,17 @@ class ComponentbuilderModelJoomla_plugin_groups extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -207,6 +216,7 @@ class ComponentbuilderModelJoomla_plugin_groups extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/joomla_plugins.php b/admin/models/joomla_plugins.php index bcfb68fc3..2eeffdd4d 100644 --- a/admin/models/joomla_plugins.php +++ b/admin/models/joomla_plugins.php @@ -26,6 +26,7 @@ class ComponentbuilderModelJoomla_plugins extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -340,9 +341,17 @@ class ComponentbuilderModelJoomla_plugins extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -423,6 +432,7 @@ class ComponentbuilderModelJoomla_plugins extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/joomla_plugins_files_folders_urls.php b/admin/models/joomla_plugins_files_folders_urls.php index f0b4b6588..1ac147696 100644 --- a/admin/models/joomla_plugins_files_folders_urls.php +++ b/admin/models/joomla_plugins_files_folders_urls.php @@ -26,6 +26,7 @@ class ComponentbuilderModelJoomla_plugins_files_folders_urls extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelJoomla_plugins_files_folders_urls extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelJoomla_plugins_files_folders_urls extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/joomla_plugins_updates.php b/admin/models/joomla_plugins_updates.php index 9932e633a..544556a73 100644 --- a/admin/models/joomla_plugins_updates.php +++ b/admin/models/joomla_plugins_updates.php @@ -26,6 +26,7 @@ class ComponentbuilderModelJoomla_plugins_updates extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelJoomla_plugins_updates extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelJoomla_plugins_updates extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/language_translations.php b/admin/models/language_translations.php index ab757e5a0..922789cd3 100644 --- a/admin/models/language_translations.php +++ b/admin/models/language_translations.php @@ -26,6 +26,7 @@ class ComponentbuilderModelLanguage_translations extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -208,9 +209,17 @@ class ComponentbuilderModelLanguage_translations extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -430,6 +439,7 @@ class ComponentbuilderModelLanguage_translations extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/languages.php b/admin/models/languages.php index f1b605d64..be73a6638 100644 --- a/admin/models/languages.php +++ b/admin/models/languages.php @@ -26,6 +26,7 @@ class ComponentbuilderModelLanguages extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -281,9 +282,17 @@ class ComponentbuilderModelLanguages extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -452,6 +461,7 @@ class ComponentbuilderModelLanguages extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/layouts.php b/admin/models/layouts.php index 5e71fc8c2..5f0fc8669 100644 --- a/admin/models/layouts.php +++ b/admin/models/layouts.php @@ -26,6 +26,7 @@ class ComponentbuilderModelLayouts extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -204,9 +205,17 @@ class ComponentbuilderModelLayouts extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -413,6 +422,7 @@ class ComponentbuilderModelLayouts extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/libraries.php b/admin/models/libraries.php index 38606ae02..43104f790 100644 --- a/admin/models/libraries.php +++ b/admin/models/libraries.php @@ -26,6 +26,7 @@ class ComponentbuilderModelLibraries extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -241,9 +242,17 @@ class ComponentbuilderModelLibraries extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -341,6 +350,7 @@ class ComponentbuilderModelLibraries extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/libraries_config.php b/admin/models/libraries_config.php index cce06d8aa..8e01fdf9c 100644 --- a/admin/models/libraries_config.php +++ b/admin/models/libraries_config.php @@ -26,6 +26,7 @@ class ComponentbuilderModelLibraries_config extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelLibraries_config extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelLibraries_config extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/libraries_files_folders_urls.php b/admin/models/libraries_files_folders_urls.php index b0ae9b948..02d3bdb1d 100644 --- a/admin/models/libraries_files_folders_urls.php +++ b/admin/models/libraries_files_folders_urls.php @@ -26,6 +26,7 @@ class ComponentbuilderModelLibraries_files_folders_urls extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by' @@ -154,9 +155,17 @@ class ComponentbuilderModelLibraries_files_folders_urls extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -188,6 +197,7 @@ class ComponentbuilderModelLibraries_files_folders_urls extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/placeholders.php b/admin/models/placeholders.php index ca26a0bc9..b56c2a263 100644 --- a/admin/models/placeholders.php +++ b/admin/models/placeholders.php @@ -26,6 +26,7 @@ class ComponentbuilderModelPlaceholders extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -160,9 +161,17 @@ class ComponentbuilderModelPlaceholders extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -333,6 +342,7 @@ class ComponentbuilderModelPlaceholders extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/server.php b/admin/models/server.php index dd6b3b2c9..3ea769427 100644 --- a/admin/models/server.php +++ b/admin/models/server.php @@ -224,9 +224,17 @@ class ComponentbuilderModelServer extends JModelAdmin $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) diff --git a/admin/models/servers.php b/admin/models/servers.php index 8274b04b2..fd0122e5f 100644 --- a/admin/models/servers.php +++ b/admin/models/servers.php @@ -26,6 +26,7 @@ class ComponentbuilderModelServers extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -193,9 +194,17 @@ class ComponentbuilderModelServers extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -448,6 +457,7 @@ class ComponentbuilderModelServers extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/site_views.php b/admin/models/site_views.php index 03692d7ce..e5c530231 100644 --- a/admin/models/site_views.php +++ b/admin/models/site_views.php @@ -26,6 +26,7 @@ class ComponentbuilderModelSite_views extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -231,9 +232,17 @@ class ComponentbuilderModelSite_views extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -477,6 +486,7 @@ class ComponentbuilderModelSite_views extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/snippet_types.php b/admin/models/snippet_types.php index 92c73f716..49260361b 100644 --- a/admin/models/snippet_types.php +++ b/admin/models/snippet_types.php @@ -26,6 +26,7 @@ class ComponentbuilderModelSnippet_types extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -158,9 +159,17 @@ class ComponentbuilderModelSnippet_types extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -207,6 +216,7 @@ class ComponentbuilderModelSnippet_types extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/snippets.php b/admin/models/snippets.php index 099b5ba6f..5f6284d45 100644 --- a/admin/models/snippets.php +++ b/admin/models/snippets.php @@ -26,6 +26,7 @@ class ComponentbuilderModelSnippets extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -292,9 +293,17 @@ class ComponentbuilderModelSnippets extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -499,6 +508,7 @@ class ComponentbuilderModelSnippets extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/templates.php b/admin/models/templates.php index 520a2a71c..f16b44084 100644 --- a/admin/models/templates.php +++ b/admin/models/templates.php @@ -26,6 +26,7 @@ class ComponentbuilderModelTemplates extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -204,9 +205,17 @@ class ComponentbuilderModelTemplates extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -413,6 +422,7 @@ class ComponentbuilderModelTemplates extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/admin/models/validation_rules.php b/admin/models/validation_rules.php index ed65df775..b0e936ba8 100644 --- a/admin/models/validation_rules.php +++ b/admin/models/validation_rules.php @@ -26,6 +26,7 @@ class ComponentbuilderModelValidation_rules extends JModelList $config['filter_fields'] = array( 'a.id','id', 'a.published','published', + 'a.access','access', 'a.ordering','ordering', 'a.created_by','created_by', 'a.modified_by','modified_by', @@ -158,9 +159,17 @@ class ComponentbuilderModelValidation_rules extends JModelList $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Filter by access level. - if ($access = $this->getState('filter.access')) + $_access = $this->getState('filter.access'); + if ($_access && is_numeric($_access)) { - $query->where('a.access = ' . (int) $access); + $query->where('a.access = ' . (int) $_access); + } + elseif (ComponentbuilderHelper::checkArray($_access)) + { + // Secure the array for the query + $_access = ArrayHelper::toInteger($_access); + // Filter by the Access Array. + $query->where('a.access IN (' . implode(',', $_access) . ')'); } // Implement View Level Access if (!$user->authorise('core.options', 'com_componentbuilder')) @@ -331,6 +340,7 @@ class ComponentbuilderModelValidation_rules extends JModelList $id .= ':' . $this->getState('filter.id'); $id .= ':' . $this->getState('filter.search'); $id .= ':' . $this->getState('filter.published'); + $id .= ':' . $this->getState('filter.access'); $id .= ':' . $this->getState('filter.ordering'); $id .= ':' . $this->getState('filter.created_by'); $id .= ':' . $this->getState('filter.modified_by'); diff --git a/componentbuilder.xml b/componentbuilder.xml index 3aa7296d2..3b5b34c39 100644 --- a/componentbuilder.xml +++ b/componentbuilder.xml @@ -1,7 +1,7 @@ COM_COMPONENTBUILDER - 1st December, 2020 + 3rd December, 2020 Llewellyn van der Merwe llewellyn@joomlacomponentbuilder.com http://www.joomlacomponentbuilder.com