Startsida Utforska Hjälp
Logga in
valentin_le_moign
/
figureslibres.cc
forkad från bachir/figureslibres.cc
1
0
Fork 0
Filer
Gren: master
Grenar Taggar
figureslibre...
/
user
/
plugins
/
admin
/
classes
/
plugin
/
AdminBaseController.php

AdminBaseController.php 38 KB
Permalänk Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167 
  1. <?php
    2. 

  2. 

  3. namespace Grav\Plugin\Admin;
    4. 

  4. 

  5. use Grav\Common\Cache;
    6. 

  6. use Grav\Common\Config\Config;
    7. 

  7. use Grav\Common\Data\Data;
    8. 

  8. use Grav\Common\Debugger;
    9. 

  9. use Grav\Common\Filesystem\Folder;
    10. 

  10. use Grav\Common\Grav;
    11. 

  11. use Grav\Common\Media\Interfaces\MediaInterface;
    12. 

  12. use Grav\Common\Page\Interfaces\PageInterface;
    13. 

  13. use Grav\Common\Page\Media;
    14. 

  14. use Grav\Common\Security;
    15. 

  15. use Grav\Common\Uri;
    16. 

  16. use Grav\Common\User\Interfaces\UserInterface;
    17. 

  17. use Grav\Common\Utils;
    18. 

  18. use Grav\Common\Plugin;
    19. 

  19. use Grav\Common\Theme;
    20. 

  20. use Grav\Framework\Controller\Traits\ControllerResponseTrait;
    21. 

  21. use Grav\Framework\RequestHandler\Exception\RequestException;
    22. 

  22. use JsonException;
    23. 

  23. use Psr\Http\Message\ResponseInterface;
    24. 

  24. use Psr\Http\Message\ServerRequestInterface;
    25. 

  25. use RocketTheme\Toolbox\Event\Event;
    26. 

  26. use RocketTheme\Toolbox\File\File;
    27. 

  27. use RocketTheme\Toolbox\ResourceLocator\UniformResourceLocator;
    28. 

  28. 

  29. /**
    30. 

  30.  * Class AdminController
    31. 

  31.  *
    32. 

  32.  * @package Grav\Plugin
    33. 

  33.  */
    34. 

  34. class AdminBaseController
    35. 

  35. {
    36. 

  36.     use ControllerResponseTrait;
    37. 

  37. 

  38.     /** @var Grav */
    39. 

  39.     public $grav;
    40. 

  40.     /** @var string */
    41. 

  41.     public $view;
    42. 

  42.     /** @var string */
    43. 

  43.     public $task;
    44. 

  44.     /** @var string */
    45. 

  45.     public $route;
    46. 

  46.     /** @var array */
    47. 

  47.     public $post;
    48. 

  48.     /** @var array|null */
    49. 

  49.     public $data;
    50. 

  50.     /** @var array */
    51. 

  51.     public $blacklist_views = [];
    52. 

  52. 

  53.     /** @var Uri */
    54. 

  54.     protected $uri;
    55. 

  55.     /** @var Admin */
    56. 

  56.     protected $admin;
    57. 

  57.     /** @var string */
    58. 

  58.     protected $redirect;
    59. 

  59.     /** @var int */
    60. 

  60.     protected $redirectCode;
    61. 

  61. 

  62.     /** @var string[] */
    63. 

  63.     protected $upload_errors = [
    64. 

  64.         0 => 'There is no error, the file uploaded with success',
    65. 

  65.         1 => 'The uploaded file exceeds the max upload size',
    66. 

  66.         2 => 'The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML',
    67. 

  67.         3 => 'The uploaded file was only partially uploaded',
    68. 

  68.         4 => 'No file was uploaded',
    69. 

  69.         6 => 'Missing a temporary folder',
    70. 

  70.         7 => 'Failed to write file to disk',
    71. 

  71.         8 => 'A PHP extension stopped the file upload'
    72. 

  72.     ];
    73. 

  73. 

  74.     /**
    75. 

  75.      * Performs a task.
    76. 

  76.      *
    77. 

  77.      * @return bool True if the action was performed successfully.
    78. 

  78.      */
    79. 

  79.     public function execute()
    80. 

  80.     {
    81. 

  81.         if (null === $this->admin) {
    82. 

  82.             $this->admin = $this->grav['admin'];
    83. 

  83.         }
    84. 

  84. 

  85.         // Ignore blacklisted views.
    86. 

  86.         if (in_array($this->view, $this->blacklist_views, true)) {
    87. 

  87.             return false;
    88. 

  88.         }
    89. 

  89. 

  90.         // Make sure that user is logged into admin.
    91. 

  91.         if (!$this->admin->authorize()) {
    92. 

  92.             return false;
    93. 

  93.         }
    94. 

  94. 

  95.         // Always validate nonce.
    96. 

  96.         if (!$this->validateNonce()) {
    97. 

  97.             return false;
    98. 

  98.         }
    99. 

  99. 

  100.         $method = 'task' . ucfirst($this->task);
    101. 

  101. 

  102.         if (method_exists($this, $method)) {
    103. 

  103.             try {
    104. 

  104.                 $response = $this->{$method}();
    105. 

  105.             } catch (RequestException $e) {
    106. 

  106.                 /** @var Debugger $debugger */
    107. 

  107.                 $debugger = $this->grav['debugger'];
    108. 

  108.                 $debugger->addException($e);
    109. 

  109. 

  110.                 $response = $this->createErrorResponse($e);
    111. 

  111.             } catch (\RuntimeException $e) {
    112. 

  112.                 /** @var Debugger $debugger */
    113. 

  113.                 $debugger = $this->grav['debugger'];
    114. 

  114.                 $debugger->addException($e);
    115. 

  115. 

  116.                 $response = true;
    117. 

  117.                 $this->admin->setMessage($e->getMessage(), 'error');
    118. 

  118.             }
    119. 

  119.         } else {
    120. 

  120.             $response = $this->grav->fireEvent('onAdminTaskExecute',
    121. 

  121.                 new Event(['controller' => $this, 'method' => $method]));
    122. 

  122.         }
    123. 

  123. 

  124.         if ($response instanceof ResponseInterface) {
    125. 

  125.             $this->close($response);
    126. 

  126.         }
    127. 

  127. 

  128.         // Grab redirect parameter.
    129. 

  129.         $redirect = $this->post['_redirect'] ?? null;
    130. 

  130.         unset($this->post['_redirect']);
    131. 

  131. 

  132.         // Redirect if requested.
    133. 

  133.         if ($redirect) {
    134. 

  134.             $this->setRedirect($redirect);
    135. 

  135.         }
    136. 

  136. 

  137.         return $response;
    138. 

  138.     }
    139. 

  139. 

  140.     protected function validateNonce()
    141. 

  141.     {
    142. 

  142.         if (strtolower($_SERVER['REQUEST_METHOD']) === 'post') {
    143. 

  143.             if (isset($this->post['admin-nonce'])) {
    144. 

  144.                 $nonce = $this->post['admin-nonce'];
    145. 

  145.             } else {
    146. 

  146.                 $nonce = $this->grav['uri']->param('admin-nonce');
    147. 

  147.             }
    148. 

  148. 

  149.             if (!$nonce || !Utils::verifyNonce($nonce, 'admin-form')) {
    150. 

  150.                 if ($this->task === 'addmedia') {
    151. 

  151. 

  152.                     $message = sprintf($this->admin::translate('PLUGIN_ADMIN.FILE_TOO_LARGE', null),
    153. 

  153.                         ini_get('post_max_size'));
    154. 

  154. 

  155.                     //In this case it's more likely that the image is too big than POST can handle. Show message
    156. 

  156.                     $this->admin->json_response = [
    157. 

  157.                         'status'  => 'error',
    158. 

  158.                         'message' => $message
    159. 

  159.                     ];
    160. 

  160. 

  161.                     return false;
    162. 

  162.                 }
    163. 

  163. 

  164.                 $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'), 'error');
    165. 

  165.                 $this->admin->json_response = [
    166. 

  166.                     'status'  => 'error',
    167. 

  167.                     'message' => $this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN')
    168. 

  168.                 ];
    169. 

  169. 

  170.                 return false;
    171. 

  171.             }
    172. 

  172.             unset($this->post['admin-nonce']);
    173. 

  173.         } else {
    174. 

  174.             if ($this->task === 'logout') {
    175. 

  175.                 $nonce = $this->grav['uri']->param('logout-nonce');
    176. 

  176.                 if (null === $nonce || !Utils::verifyNonce($nonce, 'logout-form')) {
    177. 

  177.                     $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'),
    178. 

  178.                         'error');
    179. 

  179.                     $this->admin->json_response = [
    180. 

  180.                         'status'  => 'error',
    181. 

  181.                         'message' => $this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN')
    182. 

  182.                     ];
    183. 

  183. 

  184.                     return false;
    185. 

  185.                 }
    186. 

  186.             } else {
    187. 

  187.                 $nonce = $this->grav['uri']->param('admin-nonce');
    188. 

  188.                 if (null === $nonce || !Utils::verifyNonce($nonce, 'admin-form')) {
    189. 

  189.                     $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN'),
    190. 

  190.                         'error');
    191. 

  191.                     $this->admin->json_response = [
    192. 

  192.                         'status'  => 'error',
    193. 

  193.                         'message' => $this->admin::translate('PLUGIN_ADMIN.INVALID_SECURITY_TOKEN')
    194. 

  194.                     ];
    195. 

  195. 

  196.                     return false;
    197. 

  197.                 }
    198. 

  198.             }
    199. 

  199.         }
    200. 

  200. 

  201.         return true;
    202. 

  202.     }
    203. 

  203. 

  204.     /**
    205. 

  205.      * Sets the page redirect.
    206. 

  206.      *
    207. 

  207.      * @param string $path The path to redirect to
    208. 

  208.      * @param int    $code The HTTP redirect code
    209. 

  209.      * @return void
    210. 

  210.      */
    211. 

  211.     public function setRedirect($path, $code = 303)
    212. 

  212.     {
    213. 

  213.         $this->redirect     = $path;
    214. 

  214.         $this->redirectCode = $code;
    215. 

  215.     }
    216. 

  216. 

  217.     /**
    218. 

  218.      * Sends JSON response and terminates the call.
    219. 

  219.      *
    220. 

  220.      * @param array $json
    221. 

  221.      * @param int $code
    222. 

  222.      * @return never-return
    223. 

  223.      */
    224. 

  224.     protected function sendJsonResponse(array $json, $code = 200): void
    225. 

  225.     {
    226. 

  226.         // JSON response.
    227. 

  227.         $response = $this->createJsonResponse($json, $code);
    228. 

  228. 

  229.         $this->close($response);
    230. 

  230.     }
    231. 

  231. 

  232.     /**
    233. 

  233.      * @param ResponseInterface $response
    234. 

  234.      * @return never-return
    235. 

  235.      */
    236. 

  236.     protected function close(ResponseInterface $response): void
    237. 

  237.     {
    238. 

  238.         $this->grav->close($response);
    239. 

  239.     }
    240. 

  240. 

  241.     /**
    242. 

  242.      * Handles ajax upload for files.
    243. 

  243.      * Stores in a flash object the temporary file and deals with potential file errors.
    244. 

  244.      *
    245. 

  245.      * @return bool True if the action was performed.
    246. 

  246.      */
    247. 

  247.     public function taskFilesUpload()
    248. 

  248.     {
    249. 

  249.         if (null === $_FILES || !$this->authorizeTask('upload file', $this->dataPermissions())) {
    250. 

  250.             return false;
    251. 

  251.         }
    252. 

  252. 

  253.         /** @var Config $config */
    254. 

  254.         $config   = $this->grav['config'];
    255. 

  255.         $data     = $this->view === 'pages' ? $this->admin->page(true) : $this->prepareData([]);
    256. 

  256.         $settings = $data->blueprints()->schema()->getProperty($this->post['name']);
    257. 

  257.         $settings = (object)array_merge([
    258. 

  258.             'avoid_overwriting' => false,
    259. 

  259.             'random_name'       => false,
    260. 

  260.             'accept'            => ['image/*'],
    261. 

  261.             'limit'             => 10,
    262. 

  262.             'filesize'          => Utils::getUploadLimit()
    263. 

  263.         ], (array)$settings, ['name' => $this->post['name']]);
    264. 

  264. 

  265.         $upload = $this->normalizeFiles($_FILES['data'], $settings->name);
    266. 

  266. 

  267.         $filename = $upload->file->name;
    268. 

  268. 

  269.         // Handle bad filenames.
    270. 

  270.         if (!Utils::checkFilename($filename)) {
    271. 

  271.             $this->admin->json_response = [
    272. 

  272.                 'status'  => 'error',
    273. 

  273.                 'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_UPLOAD', null),
    274. 

  274.                     htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8'), 'Bad filename')
    275. 

  275.             ];
    276. 

  276. 

  277.             return false;
    278. 

  278.         }
    279. 

  279. 

  280.         if (!isset($settings->destination)) {
    281. 

  281.             $this->admin->json_response = [
    282. 

  282.                 'status'  => 'error',
    283. 

  283.                 'message' => $this->admin::translate('PLUGIN_ADMIN.DESTINATION_NOT_SPECIFIED', null)
    284. 

  284.             ];
    285. 

  285. 

  286.             return false;
    287. 

  287.         }
    288. 

  288. 

  289.         // Do not use self@ outside of pages
    290. 

  290.         if ($this->view !== 'pages' && in_array($settings->destination, ['@self', 'self@', '@self@'])) {
    291. 

  291.             $this->admin->json_response = [
    292. 

  292.                 'status'  => 'error',
    293. 

  293.                 'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_PREVENT_SELF', null),
    294. 

  294.                     htmlspecialchars($settings->destination, ENT_QUOTES | ENT_HTML5, 'UTF-8'))
    295. 

  295.             ];
    296. 

  296. 

  297.             return false;
    298. 

  298.         }
    299. 

  299. 

  300.         // Handle errors and breaks without proceeding further
    301. 

  301.         if ($upload->file->error !== UPLOAD_ERR_OK) {
    302. 

  302.             $this->admin->json_response = [
    303. 

  303.                 'status'  => 'error',
    304. 

  304.                 'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_UPLOAD', null),
    305. 

  305.                     htmlspecialchars($filename, ENT_QUOTES | ENT_HTML5, 'UTF-8'),
    306. 

  306.                     $this->upload_errors[$upload->file->error])
    307. 

  307.             ];
    308. 

  308. 

  309.             return false;
    310. 

  310.         }
    311. 

  311. 

  312.         // Handle file size limits
    313. 

  313.         $settings->filesize *= 1048576; // 2^20 [MB in Bytes]
    314. 

  314.         if ($settings->filesize > 0 && $upload->file->size > $settings->filesize) {
    315. 

  315.             $this->admin->json_response = [
    316. 

  316.                 'status'  => 'error',
    317. 

  317.                 'message' => $this->admin::translate('PLUGIN_ADMIN.EXCEEDED_GRAV_FILESIZE_LIMIT')
    318. 

  318.             ];
    319. 

  319. 

  320.             return false;
    321. 

  321.         }
    322. 

  322. 

  323.         // Handle Accepted file types
    324. 

  324.         // Accept can only be mime types (image/png | image/*) or file extensions (.pdf|.jpg)
    325. 

  325.         $accepted = false;
    326. 

  326.         $errors   = [];
    327. 

  327. 

  328.         // Do not trust mimetype sent by the browser
    329. 

  329.         $mime = Utils::getMimeByFilename($filename);
    330. 

  330. 

  331.         foreach ((array)$settings->accept as $type) {
    332. 

  332.             // Force acceptance of any file when star notation
    333. 

  333.             if ($type === '*') {
    334. 

  334.                 $accepted = true;
    335. 

  335.                 break;
    336. 

  336.             }
    337. 

  337. 

  338.             $isMime = strstr($type, '/');
    339. 

  339.             $find   = str_replace(['.', '*', '+'], ['\.', '.*', '\+'], $type);
    340. 

  340. 

  341.             if ($isMime) {
    342. 

  342.                 $match = preg_match('#' . $find . '$#', $mime);
    343. 

  343.                 if (!$match) {
    344. 

  344.                     $errors[] = htmlspecialchars('The MIME type "' . $mime . '" for the file "' . $filename . '" is not an accepted.', ENT_QUOTES | ENT_HTML5, 'UTF-8');
    345. 

  345.                 } else {
    346. 

  346.                     $accepted = true;
    347. 

  347.                     break;
    348. 

  348.                 }
    349. 

  349.             } else {
    350. 

  350.                 $match = preg_match('#' . $find . '$#', $filename);
    351. 

  351.                 if (!$match) {
    352. 

  352.                     $errors[] = htmlspecialchars('The File Extension for the file "' . $filename . '" is not an accepted.', ENT_QUOTES | ENT_HTML5, 'UTF-8');
    353. 

  353.                 } else {
    354. 

  354.                     $accepted = true;
    355. 

  355.                     break;
    356. 

  356.                 }
    357. 

  357.             }
    358. 

  358.         }
    359. 

  359. 

  360.         if (!$accepted) {
    361. 

  361.             $this->admin->json_response = [
    362. 

  362.                 'status'  => 'error',
    363. 

  363.                 'message' => implode('<br />', $errors)
    364. 

  364.             ];
    365. 

  365. 

  366.             return false;
    367. 

  367.         }
    368. 

  368. 

  369.         // Remove the error object to avoid storing it
    370. 

  370.         unset($upload->file->error);
    371. 

  371. 

  372.         // we need to move the file at this stage or else
    373. 

  373.         // it won't be available upon save later on
    374. 

  374.         // since php removes it from the upload location
    375. 

  375.         $tmp_dir  = Admin::getTempDir();
    376. 

  376.         $tmp_file = $upload->file->tmp_name;
    377. 

  377.         $tmp      = $tmp_dir . '/uploaded-files/' . basename($tmp_file);
    378. 

  378. 

  379.         Folder::create(dirname($tmp));
    380. 

  380.         if (!move_uploaded_file($tmp_file, $tmp)) {
    381. 

  381.             $this->admin->json_response = [
    382. 

  382.                 'status'  => 'error',
    383. 

  383.                 'message' => sprintf(
    384. 

  384.                     $this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_MOVE', null),
    385. 

  385.                     '',
    386. 

  386.                     htmlspecialchars($tmp, ENT_QUOTES | ENT_HTML5, 'UTF-8')
    387. 

  387.                 )
    388. 

  388.             ];
    389. 

  389. 

  390.             return false;
    391. 

  391.         }
    392. 

  392. 

  393.         // Special Sanitization for SVG
    394. 

  394.         if (Utils::contains($mime, 'svg', false)) {
    395. 

  395.             Security::sanitizeSVG($tmp);
    396. 

  396.         }
    397. 

  397. 

  398.         $upload->file->tmp_name = $tmp;
    399. 

  399. 

  400.         // Retrieve the current session of the uploaded files for the field
    401. 

  401.         // and initialize it if it doesn't exist
    402. 

  402.         $sessionField = base64_encode($this->grav['uri']->url());
    403. 

  403.         $flash        = $this->admin->session()->getFlashObject('files-upload') ?? [];
    404. 

  404.         if (!isset($flash[$sessionField])) {
    405. 

  405.             $flash[$sessionField] = [];
    406. 

  406.         }
    407. 

  407.         if (!isset($flash[$sessionField][$upload->field])) {
    408. 

  408.             $flash[$sessionField][$upload->field] = [];
    409. 

  409.         }
    410. 

  410. 

  411.         // Set destination
    412. 

  412.         if ($this->grav['locator']->isStream($settings->destination)) {
    413. 

  413.             $destination = $this->grav['locator']->findResource($settings->destination, false, true);
    414. 

  414.         } else {
    415. 

  415.             $destination = Folder::getRelativePath(rtrim($settings->destination, '/'));
    416. 

  416.             $destination = $this->admin->getPagePathFromToken($destination);
    417. 

  417.         }
    418. 

  418. 

  419.         // Create destination if needed
    420. 

  420.         if (!is_dir($destination)) {
    421. 

  421.             Folder::mkdir($destination);
    422. 

  422.         }
    423. 

  423. 

  424.         // Generate random name if required
    425. 

  425.         if ($settings->random_name) { // TODO: document
    426. 

  426.             $extension          = pathinfo($upload->file->name, PATHINFO_EXTENSION);
    427. 

  427.             $upload->file->name = Utils::generateRandomString(15) . '.' . $extension;
    428. 

  428.         }
    429. 

  429. 

  430.         // Handle conflicting name if needed
    431. 

  431.         if ($settings->avoid_overwriting) { // TODO: document
    432. 

  432.             if (file_exists($destination . '/' . $upload->file->name)) {
    433. 

  433.                 $upload->file->name = date('YmdHis') . '-' . $upload->file->name;
    434. 

  434.             }
    435. 

  435.         }
    436. 

  436. 

  437.         // Prepare object for later save
    438. 

  438.         $path               = $destination . '/' . $upload->file->name;
    439. 

  439.         $upload->file->path = $path;
    440. 

  440.         // $upload->file->route = $page ? $path : null;
    441. 

  441. 

  442.         // Prepare data to be saved later
    443. 

  443.         $flash[$sessionField][$upload->field][$path] = (array)$upload->file;
    444. 

  444. 

  445.         // Finally store the new uploaded file in the field session
    446. 

  446.         $this->admin->session()->setFlashObject('files-upload', $flash);
    447. 

  447.         $this->admin->json_response = [
    448. 

  448.             'status'  => 'success',
    449. 

  449.             'session' => \json_encode([
    450. 

  450.                 'sessionField' => base64_encode($this->grav['uri']->url()),
    451. 

  451.                 'path'         => $upload->file->path,
    452. 

  452.                 'field'        => $settings->name
    453. 

  453.             ])
    454. 

  454.         ];
    455. 

  455. 

  456.         return true;
    457. 

  457.     }
    458. 

  458. 

  459.     /**
    460. 

  460.      * Checks if the user is allowed to perform the given task with its associated permissions
    461. 

  461.      *
    462. 

  462.      * @param string $task        The task to execute
    463. 

  463.      * @param array  $permissions The permissions given
    464. 

  464.      *
    465. 

  465.      * @return bool True if authorized. False if not.
    466. 

  466.      */
    467. 

  467.     public function authorizeTask($task = '', $permissions = [])
    468. 

  468.     {
    469. 

  469.         if (!$this->admin->authorize($permissions)) {
    470. 

  470.             if ($this->grav['uri']->extension() === 'json') {
    471. 

  471.                 $this->admin->json_response = [
    472. 

  472.                     'status'  => 'unauthorized',
    473. 

  473.                     'message' => $this->admin::translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' ' . $task . '.'
    474. 

  474.                 ];
    475. 

  475.             } else {
    476. 

  476.                 $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' ' . $task . '.',
    477. 

  477.                     'error');
    478. 

  478.             }
    479. 

  479. 

  480.             return false;
    481. 

  481.         }
    482. 

  482. 

  483.         return true;
    484. 

  484.     }
    485. 

  485. 

  486.     /**
    487. 

  487.      * Checks if the user is allowed to perform the given task with its associated permissions.
    488. 

  488.      * Throws exception if the check fails.
    489. 

  489.      *
    490. 

  490.      * @param string $task        The task to execute
    491. 

  491.      * @param array  $permissions The permissions given
    492. 

  492.      * @throws RequestException
    493. 

  493.      */
    494. 

  494.     public function checkTaskAuthorization($task = '', $permissions = [])
    495. 

  495.     {
    496. 

  496.         if (!$this->admin->authorize($permissions)) {
    497. 

  497.             throw new RequestException($this->getRequest(), $this->admin::translate('PLUGIN_ADMIN.INSUFFICIENT_PERMISSIONS_FOR_TASK') . ' ' . $task . '.', 403);
    498. 

  498.         }
    499. 

  499.     }
    500. 

  500. 

  501.     /**
    502. 

  502.      * Gets the permissions needed to access a given view
    503. 

  503.      *
    504. 

  504.      * @return array An array of permissions
    505. 

  505.      */
    506. 

  506.     protected function dataPermissions()
    507. 

  507.     {
    508. 

  508.         $type        = $this->view;
    509. 

  509.         $permissions = ['admin.super'];
    510. 

  510. 

  511.         switch ($type) {
    512. 

  512.             case 'config':
    513. 

  513.                 $type = $this->route ?: 'system';
    514. 

  514.                 $permissions[] = 'admin.configuration.' . $type;
    515. 

  515.                 break;
    516. 

  516.             case 'plugins':
    517. 

  517.                 $permissions[] = 'admin.plugins';
    518. 

  518.                 break;
    519. 

  519.             case 'themes':
    520. 

  520.                 $permissions[] = 'admin.themes';
    521. 

  521.                 break;
    522. 

  522.             case 'users':
    523. 

  523.                 $permissions[] = 'admin.users';
    524. 

  524.                 break;
    525. 

  525.             case 'user':
    526. 

  526.                 $permissions[] = 'admin.login';
    527. 

  527.                 $permissions[] = 'admin.users';
    528. 

  528.                 break;
    529. 

  529.             case 'pages':
    530. 

  530.                 $permissions[] = 'admin.pages';
    531. 

  531.                 break;
    532. 

  532.             default:
    533. 

  533.                 $permissions[] = 'admin.configuration.' . $type;
    534. 

  534.                 $permissions[] = 'admin.configuration_' . $type;
    535. 

  535.         }
    536. 

  536. 

  537.         return $permissions;
    538. 

  538.     }
    539. 

  539. 

  540.     /**
    541. 

  541.      * Gets the configuration data for a given view & post
    542. 

  542.      *
    543. 

  543.      * @param array $data
    544. 

  544.      *
    545. 

  545.      * @return array
    546. 

  546.      */
    547. 

  547.     protected function prepareData(array $data)
    548. 

  548.     {
    549. 

  549.         return $data;
    550. 

  550.     }
    551. 

  551. 

  552.     /**
    553. 

  553.      * Internal method to normalize the $_FILES array
    554. 

  554.      *
    555. 

  555.      * @param array  $data $_FILES starting point data
    556. 

  556.      * @param string $key
    557. 

  557.      *
    558. 

  558.      * @return object a new Object with a normalized list of files
    559. 

  559.      */
    560. 

  560.     protected function normalizeFiles($data, $key = '')
    561. 

  561.     {
    562. 

  562.         $files        = new \stdClass();
    563. 

  563.         $files->field = $key;
    564. 

  564.         $files->file  = new \stdClass();
    565. 

  565. 

  566.         foreach ($data as $fieldName => $fieldValue) {
    567. 

  567.             // Since Files Upload are always happening via Ajax
    568. 

  568.             // we are not interested in handling `multiple="true"`
    569. 

  569.             // because they are always handled one at a time.
    570. 

  570.             // For this reason we normalize the value to string,
    571. 

  571.             // in case it is arriving as an array.
    572. 

  572.             $value                     = (array)Utils::getDotNotation($fieldValue, $key);
    573. 

  573.             $files->file->{$fieldName} = array_shift($value);
    574. 

  574.         }
    575. 

  575. 

  576.         return $files;
    577. 

  577.     }
    578. 

  578. 

  579.     /**
    580. 

  580.      * Removes a file from the flash object session, before it gets saved
    581. 

  581.      *
    582. 

  582.      * @return bool True if the action was performed.
    583. 

  583.      */
    584. 

  584.     public function taskFilesSessionRemove()
    585. 

  585.     {
    586. 

  586.         if (!$this->authorizeTask('delete file', $this->dataPermissions())) {
    587. 

  587.             return false;
    588. 

  588.         }
    589. 

  589. 

  590.         // Retrieve the current session of the uploaded files for the field
    591. 

  591.         // and initialize it if it doesn't exist
    592. 

  592.         $sessionField = base64_encode($this->grav['uri']->url());
    593. 

  593.         $request      = \json_decode($this->post['session']);
    594. 

  594. 

  595.         // Ensure the URI requested matches the current one, otherwise fail
    596. 

  596.         if ($request->sessionField !== $sessionField) {
    597. 

  597.             return false;
    598. 

  598.         }
    599. 

  599. 

  600.         // Retrieve the flash object and remove the requested file from it
    601. 

  601.         $flash    = $this->admin->session()->getFlashObject('files-upload') ?? [];
    602. 

  602.         $endpoint = $flash[$request->sessionField][$request->field][$request->path] ?? null;
    603. 

  603. 

  604.         if (isset($endpoint)) {
    605. 

  605.             if (file_exists($endpoint['tmp_name'])) {
    606. 

  606.                 unlink($endpoint['tmp_name']);
    607. 

  607.             }
    608. 

  608. 

  609.             unset($endpoint);
    610. 

  610.         }
    611. 

  611. 

  612.         // Walk backward to cleanup any empty field that's left
    613. 

  613.         // Field
    614. 

  614.         if (isset($flash[$request->sessionField][$request->field][$request->path])) {
    615. 

  615.             unset($flash[$request->sessionField][$request->field][$request->path]);
    616. 

  616.         }
    617. 

  617. 

  618.         // Field
    619. 

  619.         if (isset($flash[$request->sessionField][$request->field]) && empty($flash[$request->sessionField][$request->field])) {
    620. 

  620.             unset($flash[$request->sessionField][$request->field]);
    621. 

  621.         }
    622. 

  622. 

  623.         // Session Field
    624. 

  624.         if (isset($flash[$request->sessionField]) && empty($flash[$request->sessionField])) {
    625. 

  625.             unset($flash[$request->sessionField]);
    626. 

  626.         }
    627. 

  627. 

  628. 

  629.         // If there's anything left to restore in the flash object, do so
    630. 

  630.         if (count($flash)) {
    631. 

  631.             $this->admin->session()->setFlashObject('files-upload', $flash);
    632. 

  632.         }
    633. 

  633. 

  634.         $this->admin->json_response = ['status' => 'success'];
    635. 

  635. 

  636.         return true;
    637. 

  637.     }
    638. 

  638. 

  639.     /**
    640. 

  640.      * Redirect to the route stored in $this->redirect
    641. 

  641.      *
    642. 

  642.      * Route may or may not be prefixed by /en or /admin or /en/admin.
    643. 

  643.      *
    644. 

  644.      * @return void
    645. 

  645.      */
    646. 

  646.     public function redirect()
    647. 

  647.     {
    648. 

  648.         $this->admin->redirect($this->redirect, $this->redirectCode);
    649. 

  649.     }
    650. 

  650. 

  651.     /**
    652. 

  652.      * Prepare and return POST data.
    653. 

  653.      *
    654. 

  654.      * @param array $post
    655. 

  655.      * @return array
    656. 

  656.      */
    657. 

  657.     protected function getPost($post)
    658. 

  658.     {
    659. 

  659.         if (!is_array($post)) {
    660. 

  660.             return [];
    661. 

  661.         }
    662. 

  662. 

  663.         unset($post['task']);
    664. 

  664. 

  665.         // Decode JSON encoded fields and merge them to data.
    666. 

  666.         if (isset($post['_json'])) {
    667. 

  667.             $post = array_replace_recursive($post, $this->jsonDecode($post['_json']));
    668. 

  668.             unset($post['_json']);
    669. 

  669.         }
    670. 

  670. 

  671.         return $this->cleanDataKeys($post);
    672. 

  672.     }
    673. 

  673. 

  674.     /**
    675. 

  675.      * Recursively JSON decode data.
    676. 

  676.      *
    677. 

  677.      * @param array $data
    678. 

  678.      * @return array
    679. 

  679.      * @throws JsonException
    680. 

  680.      * @internal Do not use directly!
    681. 

  681.      */
    682. 

  682.     protected function jsonDecode(array $data): array
    683. 

  683.     {
    684. 

  684.         foreach ($data as &$value) {
    685. 

  685.             if (is_array($value)) {
    686. 

  686.                 $value = $this->jsonDecode($value);
    687. 

  687.             } else {
    688. 

  688.                 $value = json_decode($value, true, 512, JSON_THROW_ON_ERROR);
    689. 

  689.             }
    690. 

  690.         }
    691. 

  691. 

  692.         return $data;
    693. 

  693.     }
    694. 

  694. 

  695.     /**
    696. 

  696.      * @param array $source
    697. 

  697.      * @return array
    698. 

  698.      * @internal Do not use directly!
    699. 

  699.      */
    700. 

  700.     protected function cleanDataKeys(array $source): array
    701. 

  701.     {
    702. 

  702.         $out = [];
    703. 

  703.         foreach ($source as $key => $value) {
    704. 

  704.             $key = str_replace(['%5B', '%5D'], ['[', ']'], $key);
    705. 

  705.             if (is_array($value)) {
    706. 

  706.                 $out[$key] = $this->cleanDataKeys($value);
    707. 

  707.             } else {
    708. 

  708.                 $out[$key] = $value;
    709. 

  709.             }
    710. 

  710.         }
    711. 

  711. 

  712.         return $out;
    713. 

  713.     }
    714. 

  714. 

  715.     /**
    716. 

  716.      * Return true if multilang is active
    717. 

  717.      *
    718. 

  718.      * @return bool True if multilang is active
    719. 

  719.      */
    720. 

  720.     protected function isMultilang()
    721. 

  721.     {
    722. 

  722.         return count($this->grav['config']->get('system.languages.supported', [])) > 1;
    723. 

  723.     }
    724. 

  724. 

  725.     /**
    726. 

  726.      * @param PageInterface|UserInterface|Data $obj
    727. 

  727.      *
    728. 

  728.      * @return PageInterface|UserInterface|Data
    729. 

  729.      */
    730. 

  730.     protected function storeFiles($obj)
    731. 

  731.     {
    732. 

  732.         // Process previously uploaded files for the current URI
    733. 

  733.         // and finally store them. Everything else will get discarded
    734. 

  734.         $queue = $this->admin->session()->getFlashObject('files-upload');
    735. 

  735.         if (is_array($queue)) {
    736. 

  736.             $queue = $queue[base64_encode($this->grav['uri']->url())];
    737. 

  737.             foreach ($queue as $key => $files) {
    738. 

  738.                 foreach ($files as $destination => $file) {
    739. 

  739.                     if (!rename($file['tmp_name'], $destination)) {
    740. 

  740.                         throw new \RuntimeException(sprintf($this->admin->translate('PLUGIN_ADMIN.FILEUPLOAD_UNABLE_TO_MOVE',
    741. 

  741.                             null), '"' . $file['tmp_name'] . '"', $destination));
    742. 

  742.                     }
    743. 

  743. 

  744.                     unset($files[$destination]['tmp_name']);
    745. 

  745.                 }
    746. 

  746. 

  747.                 if ($this->view === 'pages') {
    748. 

  748.                     $keys     = explode('.', preg_replace('/^header./', '', $key));
    749. 

  749.                     $init_key = array_shift($keys);
    750. 

  750.                     if (count($keys) > 0) {
    751. 

  751.                         $new_data = $obj->header()->{$init_key} ?? [];
    752. 

  752.                         Utils::setDotNotation($new_data, implode('.', $keys), $files, true);
    753. 

  753.                     } else {
    754. 

  754.                         $new_data = $files;
    755. 

  755.                     }
    756. 

  756.                     if (isset($obj->header()->{$init_key})) {
    757. 

  757.                         $obj->modifyHeader($init_key,
    758. 

  758.                             array_replace_recursive([], $obj->header()->{$init_key}, $new_data));
    759. 

  759.                     } else {
    760. 

  760.                         $obj->modifyHeader($init_key, $new_data);
    761. 

  761.                     }
    762. 

  762.                 } elseif ($obj instanceof UserInterface and $key === 'avatar') {
    763. 

  763.                     $obj->set($key, $files);
    764. 

  764.                 } else {
    765. 

  765.                     // TODO: [this is JS handled] if it's single file, remove existing and use set, if it's multiple, use join
    766. 

  766.                     $obj->join($key, $files); // stores
    767. 

  767.                 }
    768. 

  768. 

  769.             }
    770. 

  770.         }
    771. 

  771. 

  772.         return $obj;
    773. 

  773.     }
    774. 

  774. 

  775.     /**
    776. 

  776.      * Used by the filepicker field to get a list of files in a folder.
    777. 

  777.      *
    778. 

  778.      * @return bool
    779. 

  779.      */
    780. 

  780.     protected function taskGetFilesInFolder()
    781. 

  781.     {
    782. 

  782.         if (!$this->authorizeTask('get files', $this->dataPermissions())) {
    783. 

  783.             return false;
    784. 

  784.         }
    785. 

  785. 

  786.         $data = $this->view === 'pages' ? $this->admin->page(true) : $this->prepareData([]);
    787. 

  787. 

  788.         if (null === $data) {
    789. 

  789.             return false;
    790. 

  790.         }
    791. 

  791. 

  792.         if (method_exists($data, 'blueprints')) {
    793. 

  793.             $settings = $data->blueprints()->schema()->getProperty($this->post['name']);
    794. 

  794.         } elseif (method_exists($data, 'getBlueprint')) {
    795. 

  795.             $settings = $data->getBlueprint()->schema()->getProperty($this->post['name']);
    796. 

  796.         }
    797. 

  797. 

  798.         if (isset($settings['folder'])) {
    799. 

  799.             $folder = $settings['folder'];
    800. 

  800.         } else {
    801. 

  801.             $folder = 'self@';
    802. 

  802.         }
    803. 

  803. 

  804.         // Do not use self@ outside of pages
    805. 

  805.         if ($this->view !== 'pages' && in_array($folder, ['@self', 'self@', '@self@'])) {
    806. 

  806.             if (!$data instanceof MediaInterface) {
    807. 

  807.                 $this->admin->json_response = [
    808. 

  808.                     'status'  => 'error',
    809. 

  809.                     'message' => sprintf($this->admin::translate('PLUGIN_ADMIN.FILEUPLOAD_PREVENT_SELF', null), $folder)
    810. 

  810.                 ];
    811. 

  811. 

  812.                 return false;
    813. 

  813.             }
    814. 

  814. 

  815.             $media = $data->getMedia();
    816. 

  816.         } else {
    817. 

  817.             /** @var UniformResourceLocator $locator */
    818. 

  818.             $locator = $this->grav['locator'];
    819. 

  819.             if ($locator->isStream($folder)) {
    820. 

  820.                 $folder = $locator->findResource($folder);
    821. 

  821.             }
    822. 

  822. 

  823.             // Set destination
    824. 

  824.             $folder = Folder::getRelativePath(rtrim($folder, '/'));
    825. 

  825.             $folder = $this->admin->getPagePathFromToken($folder);
    826. 

  826. 

  827.             $media = new Media($folder);
    828. 

  828.         }
    829. 

  829. 

  830.         $available_files = [];
    831. 

  831.         $metadata = [];
    832. 

  832.         $thumbs = [];
    833. 

  833. 

  834. 

  835.         foreach ($media->all() as $name => $medium) {
    836. 

  836. 

  837.            $available_files[] = $name;
    838. 

  838. 

  839.             if (isset($settings['include_metadata'])) {
    840. 

  840.                 $img_metadata = $medium->metadata();
    841. 

  841.                 if ($img_metadata) {
    842. 

  842.                     $metadata[$name] = $img_metadata;
    843. 

  843.                 }
    844. 

  844.             }
    845. 

  845. 

  846.         }
    847. 

  847. 

  848.         // Peak in the flashObject for optimistic filepicker updates
    849. 

  849.         $pending_files = [];
    850. 

  850.         $sessionField  = base64_encode($this->grav['uri']->url());
    851. 

  851.         $flash         = $this->admin->session()->getFlashObject('files-upload');
    852. 

  852. 

  853.         if ($flash && isset($flash[$sessionField])) {
    854. 

  854.             foreach ($flash[$sessionField] as $field => $data) {
    855. 

  855.                 foreach ($data as $file) {
    856. 

  856.                     if (dirname($file['path']) === $folder) {
    857. 

  857.                         $pending_files[] = $file['name'];
    858. 

  858.                     }
    859. 

  859.                 }
    860. 

  860.             }
    861. 

  861.         }
    862. 

  862. 

  863.         $this->admin->session()->setFlashObject('files-upload', $flash);
    864. 

  864. 

  865.         // Handle Accepted file types
    866. 

  866.         // Accept can only be file extensions (.pdf|.jpg)
    867. 

  867.         if (isset($settings['accept'])) {
    868. 

  868.             $available_files = array_filter($available_files, function ($file) use ($settings) {
    869. 

  869.                 return $this->filterAcceptedFiles($file, $settings);
    870. 

  870.             });
    871. 

  871. 

  872.             $pending_files = array_filter($pending_files, function ($file) use ($settings) {
    873. 

  873.                 return $this->filterAcceptedFiles($file, $settings);
    874. 

  874.             });
    875. 

  875.         }
    876. 

  876. 

  877.         // Generate thumbs if needed
    878. 

  878.         if (isset($settings['preview_images']) && $settings['preview_images'] === true) {
    879. 

  879.             foreach ($available_files as $filename) {
    880. 

  880.                 $thumbs[$filename] = $media[$filename]->zoomCrop(100,100)->url();
    881. 

  881.             }
    882. 

  882.         }
    883. 

  883. 

  884.         $this->admin->json_response = [
    885. 

  885.             'status'  => 'success',
    886. 

  886.             'files'   => array_values($available_files),
    887. 

  887.             'pending' => array_values($pending_files),
    888. 

  888.             'folder'  => $folder,
    889. 

  889.             'metadata' => $metadata,
    890. 

  890.             'thumbs' => $thumbs
    891. 

  891.         ];
    892. 

  892. 

  893.         return true;
    894. 

  894.     }
    895. 

  895. 

  896.     /**
    897. 

  897.      * @param string $file
    898. 

  898.      * @param array $settings
    899. 

  899.      * @return false
    900. 

  900.      */
    901. 

  901.     protected function filterAcceptedFiles($file, $settings)
    902. 

  902.     {
    903. 

  903.         $valid = false;
    904. 

  904. 

  905.         foreach ((array)$settings['accept'] as $type) {
    906. 

  906.             $find = str_replace('*', '.*', $type);
    907. 

  907.             $valid |= preg_match('#' . $find . '$#i', $file);
    908. 

  908.         }
    909. 

  909. 

  910.         return $valid;
    911. 

  911.     }
    912. 

  912. 

  913.     /**
    914. 

  914.      * Handle deleting a file from a blueprint
    915. 

  915.      *
    916. 

  916.      * @return bool True if the action was performed.
    917. 

  917.      */
    918. 

  918.     protected function taskRemoveFileFromBlueprint()
    919. 

  919.     {
    920. 

  920.         if (!$this->authorizeTask('remove file', $this->dataPermissions())) {
    921. 

  921.             return false;
    922. 

  922.         }
    923. 

  923. 

  924.         /** @var Uri $uri */
    925. 

  925.         $uri       = $this->grav['uri'];
    926. 

  926.         $blueprint = base64_decode($uri->param('blueprint'));
    927. 

  927.         $path      = base64_decode($uri->param('path'));
    928. 

  928.         $route     = base64_decode($uri->param('proute'));
    929. 

  929.         $type      = $uri->param('type');
    930. 

  930.         $field     = $uri->param('field');
    931. 

  931. 

  932.         $filename  = basename($this->post['filename'] ?? '');
    933. 

  933.         if ($filename === '') {
    934. 

  934.            $this->admin->json_response = [
    935. 

  935.                 'status'  => 'error',
    936. 

  936.                 'message' => 'Filename is empty'
    937. 

  937.             ];
    938. 

  938. 

  939.             return false;
    940. 

  940.         }
    941. 

  941. 

  942.         // Get Blueprint
    943. 

  943.         if ($type === 'pages' || strpos($blueprint, 'pages/') === 0) {
    944. 

  944.             $page = $this->admin->page(true, $route);
    945. 

  945.             if (!$page) {
    946. 

  946.                 $this->admin->json_response = [
    947. 

  947.                     'status'  => 'error',
    948. 

  948.                     'message' => 'Page not found'
    949. 

  949.                 ];
    950. 

  950. 

  951.                 return false;
    952. 

  952.             }
    953. 

  953.             $blueprints = $page->blueprints();
    954. 

  954.             $path = Folder::getRelativePath($page->path());
    955. 

  955.             $settings = (object)$blueprints->schema()->getProperty($field);
    956. 

  956.         } else {
    957. 

  957.             $page = null;
    958. 

  958.             if ($type === 'themes' || $type === 'plugins') {
    959. 

  959.                 $obj = $this->grav[$type]->get(Utils::substrToString($blueprint, '/')); //here
    960. 

  960.                 $settings = (object) $obj->blueprints()->schema()->getProperty($field);
    961. 

  961.             } else {
    962. 

  962.                 $settings = (object)$this->admin->blueprints($blueprint)->schema()->getProperty($field);
    963. 

  963.             }
    964. 

  964.         }
    965. 

  965. 

  966.         // Get destination
    967. 

  967.         if ($this->grav['locator']->isStream($settings->destination)) {
    968. 

  968.             $destination = $this->grav['locator']->findResource($settings->destination, false, true);
    969. 

  969. 

  970.         } else {
    971. 

  971.             $destination = Folder::getRelativePath(rtrim($settings->destination, '/'));
    972. 

  972.             $destination = $this->admin->getPagePathFromToken($destination, $page);
    973. 

  973.         }
    974. 

  974. 

  975.         // Not in path
    976. 

  976.         if (!Utils::startsWith($path, $destination)) {
    977. 

  977.             $this->admin->json_response = [
    978. 

  978.                 'status'  => 'error',
    979. 

  979.                 'message' => 'Path not valid for this data type'
    980. 

  980.             ];
    981. 

  981. 

  982.             return false;
    983. 

  983.         }
    984. 

  984. 

  985.         // Only remove files from correct destination...
    986. 

  986.         $this->taskRemoveMedia($destination . '/' . $filename);
    987. 

  987. 

  988.         if ($page) {
    989. 

  989.             $keys = explode('.', preg_replace('/^header./', '', $field));
    990. 

  990.             $header = (array)$page->header();
    991. 

  991.             $data_path = implode('.', $keys);
    992. 

  992.             $data = Utils::getDotNotation($header, $data_path);
    993. 

  993. 

  994.             if (isset($data[$path])) {
    995. 

  995.                 unset($data[$path]);
    996. 

  996.                 Utils::setDotNotation($header, $data_path, $data);
    997. 

  997.                 $page->header($header);
    998. 

  998.             }
    999. 

  999. 

  1000.             $page->save();
    1001. 

  1001.         } elseif ($type === 'user') {
    1002. 

  1002.             $user = Grav::instance()['user'];
    1003. 

  1003.             unset($user->avatar);
    1004. 

  1004.             $user->save();
    1005. 

  1005.         } else {
    1006. 

  1006. 

  1007.             $blueprint_prefix = $type === 'config' ? '' : $type . '.';
    1008. 

  1008.             $blueprint_name   = str_replace(['config/', '/blueprints'], '', $blueprint);
    1009. 

  1009.             $blueprint_field  = $blueprint_prefix . $blueprint_name . '.' . $field;
    1010. 

  1010. 

  1011.             $files            = $this->grav['config']->get($blueprint_field);
    1012. 

  1012. 

  1013.             if ($files) {
    1014. 

  1014.                 foreach ($files as $key => $value) {
    1015. 

  1015.                     if ($key == $path) {
    1016. 

  1016.                         unset($files[$key]);
    1017. 

  1017.                     }
    1018. 

  1018.                 }
    1019. 

  1019.             }
    1020. 

  1020. 

  1021.             $this->grav['config']->set($blueprint_field, $files);
    1022. 

  1022. 

  1023.             switch ($type) {
    1024. 

  1024.                 case 'config':
    1025. 

  1025.                     $data   = $this->grav['config']->get($blueprint_name);
    1026. 

  1026.                     $config = $this->admin->data($blueprint, $data);
    1027. 

  1027.                     $config->save();
    1028. 

  1028.                     break;
    1029. 

  1029.                 case 'themes':
    1030. 

  1030.                     Theme::saveConfig($blueprint_name);
    1031. 

  1031.                     break;
    1032. 

  1032.                 case 'plugins':
    1033. 

  1033.                     Plugin::saveConfig($blueprint_name);
    1034. 

  1034.                     break;
    1035. 

  1035.             }
    1036. 

  1036.         }
    1037. 

  1037. 

  1038.         Cache::clearCache('invalidate');
    1039. 

  1039. 

  1040.         $this->admin->json_response = [
    1041. 

  1041.             'status'  => 'success',
    1042. 

  1042.             'message' => $this->admin::translate('PLUGIN_ADMIN.REMOVE_SUCCESSFUL')
    1043. 

  1043.         ];
    1044. 

  1044. 

  1045.         return true;
    1046. 

  1046.     }
    1047. 

  1047. 

  1048.     /**
    1049. 

  1049.      * Handles removing a media file
    1050. 

  1050.      *
    1051. 

  1051.      * @note This task cannot be used anymore.
    1052. 

  1052.      *
    1053. 

  1053.      * @return bool True if the action was performed
    1054. 

  1054.      */
    1055. 

  1055.     public function taskRemoveMedia($filename = null)
    1056. 

  1056.     {
    1057. 

  1057.         if (!$this->canEditMedia()) {
    1058. 

  1058.             return false;
    1059. 

  1059.         }
    1060. 

  1060. 

  1061.         if (null === $filename) {
    1062. 

  1062.             throw new \RuntimeException('Admin task RemoveMedia has been disabled.');
    1063. 

  1063.         }
    1064. 

  1064. 

  1065.         $file                  = File::instance($filename);
    1066. 

  1066.         $resultRemoveMedia     = false;
    1067. 

  1067. 

  1068.         if ($file->exists()) {
    1069. 

  1069.             $resultRemoveMedia = $file->delete();
    1070. 

  1070. 

  1071.             $fileParts = pathinfo($filename);
    1072. 

  1072. 

  1073.             foreach (scandir($fileParts['dirname']) as $file) {
    1074. 

  1074.                 $regex_pattern = '/' . preg_quote($fileParts['filename'], '/') . "@\d+x\." . $fileParts['extension'] . "(?:\.meta\.yaml)?$|" . preg_quote($fileParts['basename'], '/') . "\.meta\.yaml$/";
    1075. 

  1075.                 if (preg_match($regex_pattern, $file)) {
    1076. 

  1076.                     $path = $fileParts['dirname'] . '/' . $file;
    1077. 

  1077.                     @unlink($path);
    1078. 

  1078.                 }
    1079. 

  1079.             }
    1080. 

  1080. 

  1081.         }
    1082. 

  1082. 

  1083.         if ($resultRemoveMedia) {
    1084. 

  1084.             if ($this->grav['uri']->extension() === 'json') {
    1085. 

  1085.                 $this->admin->json_response = [
    1086. 

  1086.                     'status'  => 'success',
    1087. 

  1087.                     'message' => $this->admin::translate('PLUGIN_ADMIN.REMOVE_SUCCESSFUL')
    1088. 

  1088.                 ];
    1089. 

  1089.             } else {
    1090. 

  1090.                 $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.REMOVE_SUCCESSFUL'), 'info');
    1091. 

  1091.                 $this->clearMediaCache();
    1092. 

  1092.                 $this->setRedirect('/media-manager');
    1093. 

  1093.             }
    1094. 

  1094. 

  1095.             return true;
    1096. 

  1096.         }
    1097. 

  1097. 

  1098.         if ($this->grav['uri']->extension() === 'json') {
    1099. 

  1099.             $this->admin->json_response = [
    1100. 

  1100.                 'status'  => 'success',
    1101. 

  1101.                 'message' => $this->admin::translate('PLUGIN_ADMIN.REMOVE_FAILED')
    1102. 

  1102.             ];
    1103. 

  1103.         } else {
    1104. 

  1104.             $this->admin->setMessage($this->admin::translate('PLUGIN_ADMIN.REMOVE_FAILED'), 'error');
    1105. 

  1105.         }
    1106. 

  1106. 

  1107.         return false;
    1108. 

  1108.     }
    1109. 

  1109. 

  1110.     /**
    1111. 

  1111.      * Handles clearing the media cache
    1112. 

  1112.      *
    1113. 

  1113.      * @return bool True if the action was performed
    1114. 

  1114.      */
    1115. 

  1115.     protected function clearMediaCache()
    1116. 

  1116.     {
    1117. 

  1117.         $key   = 'media-manager-files';
    1118. 

  1118.         $cache = $this->grav['cache'];
    1119. 

  1119.         $cache->delete(md5($key));
    1120. 

  1120. 

  1121.         return true;
    1122. 

  1122.     }
    1123. 

  1123. 

  1124.     /**
    1125. 

  1125.      * Determine if the user can edit media
    1126. 

  1126.      *
    1127. 

  1127.      * @param string $type
    1128. 

  1128.      *
    1129. 

  1129.      * @return bool True if the media action is allowed
    1130. 

  1130.      */
    1131. 

  1131.     protected function canEditMedia($type = 'media')
    1132. 

  1132.     {
    1133. 

  1133.         if (!$this->authorizeTask('edit media', ['admin.' . $type, 'admin.super'])) {
    1134. 

  1134.             return false;
    1135. 

  1135.         }
    1136. 

  1136. 

  1137.         return true;
    1138. 

  1138.     }
    1139. 

  1139. 

  1140.     /**
    1141. 

  1141.      * @param string $message
    1142. 

  1142.      * @param string $type
    1143. 

  1143.      * @return $this
    1144. 

  1144.      */
    1145. 

  1145.     protected function setMessage($message, $type = 'info')
    1146. 

  1146.     {
    1147. 

  1147.         $this->admin->setMessage($message, $type);
    1148. 

  1148. 

  1149.         return $this;
    1150. 

  1150.     }
    1151. 

  1151. 

  1152.     /**
    1153. 

  1153.      * @return Config
    1154. 

  1154.      */
    1155. 

  1155.     protected function getConfig(): Config
    1156. 

  1156.     {
    1157. 

  1157.         return $this->grav['config'];
    1158. 

  1158.     }
    1159. 

  1159. 

  1160.     /**
    1161. 

  1161.      * @return ServerRequestInterface
    1162. 

  1162.      */
    1163. 

  1163.     protected function getRequest(): ServerRequestInterface
    1164. 

  1164.     {
    1165. 

  1165.         return $this->grav['request'];
    1166. 

  1166.     }
    1167. 

  1167. }
    1168.