diff --git a/admin-dev/ajax.php b/admin-dev/ajax.php index f5b72d226..16178c5f0 100644 --- a/admin-dev/ajax.php +++ b/admin-dev/ajax.php @@ -136,16 +136,6 @@ if (Tools::isSubmit('ajaxStates') AND Tools::isSubmit('id_country')) die($list); } -if (Tools::isSubmit('submitCustomerNote') AND $id_customer = (int)Tools::getValue('id_customer')) -{ - $note = html_entity_decode(Tools::getValue('note')); - if (!empty($note) AND !Validate::isCleanHtml($note)) - die ('error:validation'); - if (!Db::getInstance()->execute('UPDATE '._DB_PREFIX_.'customer SET `note` = "'.pSQL($note, true).'" WHERE id_customer = '.(int)$id_customer.' LIMIT 1')) - die ('error:update'); - die('ok'); -} - if (Tools::getValue('form_language_id')) { if (!($context->cookie->employee_form_lang = (int)(Tools::getValue('form_language_id')))) @@ -153,74 +143,6 @@ if (Tools::getValue('form_language_id')) die ('Form language updated.'); } -if (Tools::getValue('submitPublishProduct')) -{ - if (Tools::getIsset('id_product')) - { - $id_product = (int)(Tools::getValue('id_product')); - $id_tab_catalog = (int)(Tab::getIdFromClassName('AdminProducts')); - $token = Tools::getAdminToken('AdminProducts'.(int)($id_tab_catalog).(int)$context->employee->id); - $bo_product_url = dirname($_SERVER['PHP_SELF']).'/index.php?tab=AdminProducts&id_product='.$id_product.'&updateproduct&token='.$token; - - if (Tools::getValue('redirect')) - die($bo_product_url); - - $profileAccess = Profile::getProfileAccess($context->employee->id_profile, $id_tab_catalog); - if($profileAccess['edit']) - { - $product = new Product((int)(Tools::getValue('id_product'))); - if (!Validate::isLoadedObject($product)) - die('error: invalid id'); - - $product->active = 1; - - if ($product->save()) - die($bo_product_url); - else - die('error: saving'); - - } else { - die('error: permissions'); - } - } - else - die ('error: parameters'); -} - -if (Tools::getValue('submitPublishCMS')) -{ - if (Tools::getIsset('id_cms')) - { - $id_cms = (int)(Tools::getValue('id_cms')); - $id_tab_cms = (int)(Tab::getIdFromClassName('AdminCmsContent')); - $token = Tools::getAdminToken('AdminCmsContent'.(int)($id_tab_cms).(int)$context->employee->id); - $bo_cms_url = dirname($_SERVER['PHP_SELF']).'/index.php?tab=AdminCmsContent&id_cms='.(int)$id_cms.'&updatecms&token='.$token; - - if (Tools::getValue('redirect')) - die($bo_cms_url); - - $profileAccess = Profile::getProfileAccess($context->employee->id_profile, $id_tab_cms); - if($profileAccess['edit']) - { - $cms = new CMS((int)(Tools::getValue('id_cms'))); - if (!Validate::isLoadedObject($cms)) - die('error: invalid id'); - - $cms->active = 1; - - if ($cms->save()) - die($bo_cms_url); - else - die('error: saving'); - - } else { - die('error: permissions'); - } - } - else - die ('error: parameters'); -} - if (Tools::isSubmit('submitTrackClickOnHelp')) { $label = Tools::getValue('label'); @@ -269,117 +191,6 @@ if (Tools::isSubmit('toggleScreencast')) } } -if (Tools::isSubmit('getHookableList')) -{ - /* PrestaShop demo mode */ - if (_PS_MODE_DEMO_) - die('{"hasError" : true, "errors" : ["Live Edit : This functionnality has been disabled"]}'); - /* PrestaShop demo mode*/ - - if (!count(Tools::getValue('hooks_list'))) - die('{"hasError" : true, "errors" : ["Live Edit : no module on this page"]}'); - - $modules_list = Tools::getValue('modules_list'); - $hooks_list = Tools::getValue('hooks_list'); - $hookableList = array(); - - foreach ($modules_list as $module) - { - $module = trim($module); - if (!$module) - continue; - - $moduleInstance = Module::getInstanceByName($module); - foreach ($hooks_list as $hook_name) - { - $hook_name = trim($hook_name); - if (!$hook_name) - continue; - if (!array_key_exists($hook_name, $hookableList)) - $hookableList[$hook_name] = array(); - if ($moduleInstance->isHookableOn($hook_name)) - array_push($hookableList[$hook_name], str_replace('_', '-', $module)); - } - - } - $hookableList['hasError'] = false; - die(Tools::jsonEncode($hookableList)); -} - -if (Tools::isSubmit('getHookableModuleList')) -{ - /* PrestaShop demo mode */ - if (_PS_MODE_DEMO_) - die('{"hasError" : true, "errors" : ["Live Edit : This functionnality has been disabled"]}'); - /* PrestaShop demo mode*/ - - include('../init.php'); - $hook_name = Tools::getValue('hook'); - $hookableModulesList = array(); - $modules = Db::getInstance()->executeS('SELECT id_module, name FROM `'._DB_PREFIX_.'module` '); - foreach ($modules as $module) - { - if (file_exists(_PS_MODULE_DIR_.$module['name'].'/'.$module['name'].'.php')) - { - include_once(_PS_MODULE_DIR_.$module['name'].'/'.$module['name'].'.php'); - $mod = new $module['name'](); - if ($mod->isHookableOn($hook_name)) - $hookableModulesList[] = array('id' => (int)$mod->id, 'name' => $mod->displayName, 'display' => Hook::exec($hook_name, array(), (int)$mod->id)); - } - } - die(Tools::jsonEncode($hookableModulesList)); -} - -if (Tools::isSubmit('saveHook')) -{ - /* PrestaShop demo mode */ - if (_PS_MODE_DEMO_) - die('{"hasError" : true, "errors" : ["Live Edit : This functionnality has been disabled"]}'); - - $hooks_list = explode(',', Tools::getValue('hooks_list')); - $id_shop = (int)Tools::getValue('id_shop'); - if (!$id_shop) - $id_shop = Context::getContext()->shop->id; - - $res = true; - $hookableList = array(); - // $_POST['hook'] is an array of id_module - $hooks_list = Tools::getValue('hook'); - foreach ($hooks_list as $id_hook => $modules) - { - // 1st, drop all previous hooked modules - $sql = 'DELETE FROM `'._DB_PREFIX_.'hook_module` - WHERE `id_hook` = '.(int)$id_hook.' - AND id_shop = '.$id_shop; - $res &= Db::getInstance()->execute($sql); - - $i = 1; - $value = ''; - $ids = array(); - // then prepare sql query to rehook all chosen modules(id_module, id_shop, id_hook, position) - // position is i (autoincremented) - foreach ($modules as $id_module) - { - if (!in_array($id_module, $ids)) - { - $ids[] = $id_module; - $value .= '('.(int)$id_module.', '.$id_shop.', '.(int)$id_hook.', '.$i.'),'; - } - $i++; - } - $value = rtrim($value, ','); - $res &= Db::getInstance()->execute('INSERT INTO `'._DB_PREFIX_.'hook_module` - (id_module, id_shop, id_hook, position) - VALUES '.$value); - - } - if ($res) - $hasError = true; - else - $hasError = false; - die('{"hasError" : false, "errors" : ""}'); -} - if (Tools::isSubmit('getAdminHomeElement')) { $result = array(); diff --git a/admin-dev/themes/default/template/controllers/customers/helpers/view/view.tpl b/admin-dev/themes/default/template/controllers/customers/helpers/view/view.tpl index 02f5d7deb..eca9665b6 100644 --- a/admin-dev/themes/default/template/controllers/customers/helpers/view/view.tpl +++ b/admin-dev/themes/default/template/controllers/customers/helpers/view/view.tpl @@ -35,8 +35,8 @@ $.ajax({ type: "POST", - url: "ajax.php", - data: "submitCustomerNote=1&id_customer={$customer->id}¬e="+noteContent, + url: "index.php", + data: "token={getAdminToken tab='AdminCustomers'}&tab=AdminCustomers&ajax=1&action=updateCustomerNote&id_customer={$customer->id}¬e="+noteContent, async : true, success: function(r) { $('#note_feedback').html('').hide(); diff --git a/classes/Customer.php b/classes/Customer.php index b3fbfd189..7c72ac3f1 100644 --- a/classes/Customer.php +++ b/classes/Customer.php @@ -177,7 +177,7 @@ class CustomerCore extends ObjectModel 'max_payment_days' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedInt', 'copy_post' => false), 'active' => array('type' => self::TYPE_BOOL, 'validate' => 'isBool', 'copy_post' => false), 'deleted' => array('type' => self::TYPE_BOOL, 'validate' => 'isBool', 'copy_post' => false), - 'note' => array('type' => self::TYPE_STRING, 'validate' => 'isCleanHtml', 'size' => 65000, 'copy_post' => false), + 'note' => array('type' => self::TYPE_HTML, 'validate' => 'isCleanHtml', 'size' => 65000, 'copy_post' => false), 'is_guest' => array('type' => self::TYPE_BOOL, 'validate' => 'isBool', 'copy_post' => false), 'id_shop' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'copy_post' => false), 'id_shop_group' => array('type' => self::TYPE_INT, 'validate' => 'isUnsignedId', 'copy_post' => false), diff --git a/classes/Hook.php b/classes/Hook.php index c7bf088b4..256c88cb1 100644 --- a/classes/Hook.php +++ b/classes/Hook.php @@ -392,7 +392,7 @@ class HookCore extends ObjectModel else if ($hook_retro_callable) $display = $moduleInstance->{'hook'.$retro_hook_name}($hook_args); // Live edit - if ($array['live_edit'] && ((Tools::isSubmit('live_edit') && Tools::getValue('ad') && (Tools::getValue('liveToken') == sha1(Tools::getValue('ad')._COOKIE_KEY_))))) + if ($array['live_edit'] && Tools::isSubmit('live_edit') && Tools::getValue('ad') && Tools::getValue('liveToken') == Tools::getAdminToken('AdminModulesPositions'.(int)Tab::getIdFromClassName('AdminModulesPositions').(int)Tools::getValue('id_employee'))) { $live_edit = true; $output .= self::wrapLiveEdit($display, $moduleInstance, $array['id_hook']); diff --git a/classes/Link.php b/classes/Link.php index 8e597ae34..fefb51eb1 100644 --- a/classes/Link.php +++ b/classes/Link.php @@ -225,15 +225,15 @@ class LinkCore // Set available keywords $params = array(); $params['id'] = $cms->id; - $params['rewrite'] = (!$alias) ? $cms->link_rewrite : $alias; + $params['rewrite'] = (!$alias) ? (is_array($cms->link_rewrite) ? $cms->link_rewrite[(int)$id_lang] : $cms->link_rewrite) : $alias; if (isset($cms->meta_keywords) && !empty($cms->meta_keywords)) - $params['meta_keywords'] = Tools::str2url($cms->meta_keywords); + $params['meta_keywords'] = is_array($cms->meta_keywords) ? Tools::str2url($cms->meta_keywords[(int)$id_lang]) : Tools::str2url($cms->meta_keywords); else $params['meta_keywords'] = ''; if (isset($cms->meta_title) && !empty($cms->meta_title)) - $params['meta_title'] = Tools::str2url($cms->meta_title); + $params['meta_title'] = is_array($cms->meta_title) ? Tools::str2url($cms->meta_title[(int)$id_lang]) : Tools::str2url($cms->meta_title); else $params['meta_title'] = ''; diff --git a/classes/controller/AdminController.php b/classes/controller/AdminController.php index ea49b5ba0..6e5cca4d8 100644 --- a/classes/controller/AdminController.php +++ b/classes/controller/AdminController.php @@ -1349,6 +1349,7 @@ class AdminControllerCore extends Controller */ public function initContent() { + $this->getLanguages(); // toolbar (save, cancel, new, ..) $this->initToolbar(); if ($this->display == 'edit' || $this->display == 'add') @@ -1458,6 +1459,9 @@ class AdminControllerCore extends Controller */ public function renderForm() { + if (!$this->default_form_language) + $this->getLanguages(); + if (Tools::getValue('submitFormAjax')) $this->content .= $this->context->smarty->fetch('form_submit_ajax.tpl'); if ($this->fields_form && is_array($this->fields_form)) @@ -1469,7 +1473,6 @@ class AdminControllerCore extends Controller if (is_array($this->fields_form_override) && !empty($this->fields_form_override)) $this->fields_form[0]['form']['input'][] = $this->fields_form_override; - $this->getlanguages(); $helper = new HelperForm($this); $this->setHelperDisplay($helper); $helper->fields_value = $this->getFieldsValue($this->object); diff --git a/classes/controller/FrontController.php b/classes/controller/FrontController.php index 17f5fb7f6..c418a6730 100755 --- a/classes/controller/FrontController.php +++ b/classes/controller/FrontController.php @@ -386,7 +386,7 @@ class FrontControllerCore extends Controller $this->displayRestrictedCountryPage(); //live edit - if (Tools::isSubmit('live_edit') && ($ad = Tools::getValue('ad')) && (Tools::getValue('liveToken') == sha1(Tools::getValue('ad')._COOKIE_KEY_))) + if (Tools::isSubmit('live_edit') && ($ad = Tools::getValue('ad')) && Tools::getValue('liveToken') == Tools::getAdminToken('AdminModulesPositions'.(int)Tab::getIdFromClassName('AdminModulesPositions').(int)Tools::getValue('id_employee'))) if (!is_dir(_PS_ROOT_DIR_.DIRECTORY_SEPARATOR.$ad)) die(Tools::displayError()); @@ -556,7 +556,7 @@ class FrontControllerCore extends Controller $this->context->smarty->display(_PS_THEME_DIR_.'footer.tpl'); // live edit - if (Tools::isSubmit('live_edit') && ($ad = Tools::getValue('ad')) && (Tools::getValue('liveToken') == sha1(Tools::getValue('ad')._COOKIE_KEY_))) + if (Tools::isSubmit('live_edit') && ($ad = Tools::getValue('ad')) && Tools::getAdminToken('AdminModulesPositions'.(int)Tab::getIdFromClassName('AdminModulesPositions').(int)Tools::getValue('id_employee'))) { $this->context->smarty->assign(array('ad' => $ad, 'live_edit' => true)); $this->context->smarty->display(_PS_ALL_THEMES_DIR_.'live_edit.tpl'); @@ -686,7 +686,7 @@ class FrontControllerCore extends Controller $this->addjqueryPlugin('easing'); $this->addJS(_PS_JS_DIR_.'tools.js'); - if (Tools::isSubmit('live_edit') && Tools::getValue('ad') && (Tools::getValue('liveToken') == sha1(Tools::getValue('ad')._COOKIE_KEY_))) + if (Tools::isSubmit('live_edit') && Tools::getValue('ad') && Tools::getAdminToken('AdminModulesPositions'.(int)Tab::getIdFromClassName('AdminModulesPositions').(int)Tools::getValue('id_employee'))) { $this->addJqueryUI('ui.sortable'); $this->addjqueryPlugin('fancybox'); @@ -732,7 +732,7 @@ class FrontControllerCore extends Controller { if (Tools::isSubmit('live_edit') && ($ad = Tools::getValue('ad')) - && (Tools::getValue('liveToken') == sha1(Tools::getValue('ad')._COOKIE_KEY_))) + && Tools::getAdminToken('AdminModulesPositions'.(int)Tab::getIdFromClassName('AdminModulesPositions').(int)Tools::getValue('id_employee'))) { $data = $this->context->smarty->createData(); $data->assign(array( diff --git a/controllers/admin/AdminCmsContentController.php b/controllers/admin/AdminCmsContentController.php index 0027face7..3523a0255 100644 --- a/controllers/admin/AdminCmsContentController.php +++ b/controllers/admin/AdminCmsContentController.php @@ -157,57 +157,90 @@ class AdminCmsContentControllerCore extends AdminController public function ajaxProcessUpdateCmsPositions() { - $id_cms = (int)Tools::getValue('id_cms'); - $id_category = (int)Tools::getValue('id_cms_category'); - $way = (int)Tools::getValue('way'); - $positions = Tools::getValue('cms'); - if (is_array($positions)) - foreach ($positions as $key => $value) - { - $pos = explode('_', $value); - if ((isset($pos[1]) && isset($pos[2])) && ($pos[1] == $id_category && $pos[2] == $id_cms)) - { - $position = $key; - break; - } - } - $cms = new CMS($id_cms); - if (Validate::isLoadedObject($cms)) + if ($this->tabAccess['edit'] === '1') { - if (isset($position) && $cms->updatePosition($way, $position)) - die(true); + $id_cms = (int)Tools::getValue('id_cms'); + $id_category = (int)Tools::getValue('id_cms_category'); + $way = (int)Tools::getValue('way'); + $positions = Tools::getValue('cms'); + if (is_array($positions)) + foreach ($positions as $key => $value) + { + $pos = explode('_', $value); + if ((isset($pos[1]) && isset($pos[2])) && ($pos[1] == $id_category && $pos[2] == $id_cms)) + { + $position = $key; + break; + } + } + $cms = new CMS($id_cms); + if (Validate::isLoadedObject($cms)) + { + if (isset($position) && $cms->updatePosition($way, $position)) + die(true); + else + die('{"hasError" : true, "errors" : "Can not update cms position"}'); + } else - die('{"hasError" : true, "errors" : "Can not update cms position"}'); + die('{"hasError" : true, "errors" : "This cms can not be loaded"}'); } - else - die('{"hasError" : true, "errors" : "This cms can not be loaded"}'); } public function ajaxProcessUpdateCmsCategoriesPositions() { - $id_cms_category_to_move = (int)Tools::getValue('id_cms_category_to_move'); - $id_cms_category_parent = (int)Tools::getValue('id_cms_category_parent'); - $way = (int)Tools::getValue('way'); - $positions = Tools::getValue('cms_category'); - if (is_array($positions)) - foreach ($positions as $key => $value) - { - $pos = explode('_', $value); - if ((isset($pos[1]) && isset($pos[2])) && ($pos[1] == $id_cms_category_parent && $pos[2] == $id_cms_category_to_move)) - { - $position = $key; - break; - } - } - $cms_category = new CMSCategory($id_cms_category_to_move); - if (Validate::isLoadedObject($cms_category)) + if ($this->tabAccess['edit'] === '1') { - if (isset($position) && $cms_category->updatePosition($way, $position)) - die(true); + $id_cms_category_to_move = (int)Tools::getValue('id_cms_category_to_move'); + $id_cms_category_parent = (int)Tools::getValue('id_cms_category_parent'); + $way = (int)Tools::getValue('way'); + $positions = Tools::getValue('cms_category'); + if (is_array($positions)) + foreach ($positions as $key => $value) + { + $pos = explode('_', $value); + if ((isset($pos[1]) && isset($pos[2])) && ($pos[1] == $id_cms_category_parent && $pos[2] == $id_cms_category_to_move)) + { + $position = $key; + break; + } + } + $cms_category = new CMSCategory($id_cms_category_to_move); + if (Validate::isLoadedObject($cms_category)) + { + if (isset($position) && $cms_category->updatePosition($way, $position)) + die(true); + else + die('{"hasError" : true, "errors" : "Can not update cms categories position"}'); + } else - die('{"hasError" : true, "errors" : "Can not update cms categories position"}'); + die('{"hasError" : true, "errors" : "This cms category can not be loaded"}'); } - else - die('{"hasError" : true, "errors" : "This cms category can not be loaded"}'); } + + public function ajaxProcessPublishCMS() + { + if ($this->tabAccess['edit'] === '1') + { + if ($id_cms = (int)Tools::getValue('id_cms')) + { + $bo_cms_url = dirname($_SERVER['PHP_SELF']).'/index.php?tab=AdminCmsContent&id_cms='.(int)$id_cms.'&updatecms&token='.$this->token; + + if (Tools::getValue('redirect')) + die($bo_cms_url); + + $cms = new CMS((int)(Tools::getValue('id_cms'))); + if (!Validate::isLoadedObject($cms)) + die('error: invalid id'); + + $cms->active = 1; + if ($cms->save()) + die($bo_cms_url); + else + die('error: saving'); + } + else + die ('error: parameters'); + } + } + } diff --git a/controllers/admin/AdminCmsController.php b/controllers/admin/AdminCmsController.php index 8718e71d7..fd63c6410 100644 --- a/controllers/admin/AdminCmsController.php +++ b/controllers/admin/AdminCmsController.php @@ -234,7 +234,7 @@ class AdminCmsControllerCore extends AdminController { $admin_dir = dirname($_SERVER['PHP_SELF']); $admin_dir = substr($admin_dir, strrpos($admin_dir, '/') + 1); - $redir .= '?adtoken='.Tools::encrypt('PreviewCMS'.$cms->id).'&ad='.$admin_dir; + $redir .= '?adtoken='.Tools::getAdminTokenLite('AdminCmsContent').'&ad='.$admin_dir.'&id_employee='.(int)$this->context->employee->id; } Tools::redirectAdmin($redir); } @@ -312,9 +312,7 @@ class AdminCmsControllerCore extends AdminController { $admin_dir = dirname($_SERVER['PHP_SELF']); $admin_dir = substr($admin_dir, strrpos($admin_dir, '/') + 1); - $token = Tools::encrypt('PreviewCMS'.$cms->id); - - $preview_url .= $cms->active ? '' : '&adtoken='.$token.'&ad='.$admin_dir; + $preview_url .= $cms->active ? '' : '&adtoken='.Tools::getAdminTokenLite('AdminCmsContent').'&ad='.$admin_dir.'&id_employee='.(int)$this->context->employee->id; } Tools::redirectAdmin($preview_url); } diff --git a/controllers/admin/AdminCustomersController.php b/controllers/admin/AdminCustomersController.php index 3b9d3bba1..37d5ce0a6 100644 --- a/controllers/admin/AdminCustomersController.php +++ b/controllers/admin/AdminCustomersController.php @@ -882,6 +882,28 @@ class AdminCustomersControllerCore extends AdminController $this->content = Tools::jsonEncode($to_return); } + + /** + * Uodate the customer note + * + * @return void + */ + public function ajaxProcessUpdateCustomerNote() + { + if ($this->tabAccess['edit'] === '1') + { + $note = Tools::htmlentitiesDecodeUTF8(Tools::getValue('note')); + $customer = new Customer((int)Tools::getValue('id_customer')); + if (!Validate::isLoadedObject($customer)) + die ('error:update'); + if (!empty($note) && !Validate::isCleanHtml($note)) + die ('error:validation'); + $customer->note = $note; + if (!$customer->update()) + die ('error:update'); + die('ok'); + } + } } diff --git a/controllers/admin/AdminModulesPositionsController.php b/controllers/admin/AdminModulesPositionsController.php index 1c3f0e84d..c9da797a6 100644 --- a/controllers/admin/AdminModulesPositionsController.php +++ b/controllers/admin/AdminModulesPositionsController.php @@ -270,7 +270,12 @@ class AdminModulesPositionsControllerCore extends AdminController 'desc' => $this->l('Transplant a module') ); - $live_edit_params = array('live_edit' => true, 'ad' => $admin_dir, 'liveToken' => sha1($admin_dir._COOKIE_KEY_)); + $live_edit_params = array( + 'live_edit' => true, + 'ad' => $admin_dir, + 'liveToken' => $this->token, + 'id_employee' => (int)$this->context->employee->id + ); $this->context->smarty->assign(array( 'show_toolbar' => true, @@ -398,18 +403,143 @@ class AdminModulesPositionsControllerCore extends AdminController public function ajaxProcessUpdatePositions() { - $id_module = (int)(Tools::getValue('id_module')); - $id_hook = (int)(Tools::getValue('id_hook')); - $way = (int)(Tools::getValue('way')); - $positions = Tools::getValue(strval($id_hook)); - $position = (is_array($positions)) ? array_search($id_hook.'_'.$id_module, $positions) : null; - $module = Module::getInstanceById($id_module); - if (Validate::isLoadedObject($module)) - if ($module->updatePosition($id_hook, $way, $position)) - die(true); + if ($this->tabAccess['edit'] === '1') + { + $id_module = (int)(Tools::getValue('id_module')); + $id_hook = (int)(Tools::getValue('id_hook')); + $way = (int)(Tools::getValue('way')); + $positions = Tools::getValue(strval($id_hook)); + $position = (is_array($positions)) ? array_search($id_hook.'_'.$id_module, $positions) : null; + $module = Module::getInstanceById($id_module); + if (Validate::isLoadedObject($module)) + if ($module->updatePosition($id_hook, $way, $position)) + die(true); + else + die('{"hasError" : true, "errors" : "Can not update module position"}'); else - die('{"hasError" : true, "errors" : "Can not update module position"}'); - else - die('{"hasError" : true, "errors" : "This module can not be loaded"}'); + die('{"hasError" : true, "errors" : "This module can not be loaded"}'); + } + } + + public function ajaxProcessGetHookableList() + { + if ($this->tabAccess['view'] === '1') + { + /* PrestaShop demo mode */ + if (_PS_MODE_DEMO_) + die('{"hasError" : true, "errors" : ["Live Edit : This functionnality has been disabled"]}'); + + if (!count(Tools::getValue('hooks_list'))) + die('{"hasError" : true, "errors" : ["Live Edit : no module on this page"]}'); + + $modules_list = Tools::getValue('modules_list'); + $hooks_list = Tools::getValue('hooks_list'); + $hookableList = array(); + + foreach ($modules_list as $module) + { + $module = trim($module); + if (!$module) + continue; + + if (!Validate::isModuleName($module)) + die('{"hasError" : true, "errors" : ["Live Edit : module is invalid"]}'); + + $moduleInstance = Module::getInstanceByName($module); + foreach ($hooks_list as $hook_name) + { + $hook_name = trim($hook_name); + if (!$hook_name) + continue; + if (!array_key_exists($hook_name, $hookableList)) + $hookableList[$hook_name] = array(); + if ($moduleInstance->isHookableOn($hook_name)) + array_push($hookableList[$hook_name], str_replace('_', '-', $module)); + } + + } + $hookableList['hasError'] = false; + die(Tools::jsonEncode($hookableList)); + } + } + + public function ajaxProcessGetHookableModuleList() + { + if ($this->tabAccess['view'] === '1') + { + /* PrestaShop demo mode */ + if (_PS_MODE_DEMO_) + die('{"hasError" : true, "errors" : ["Live Edit : This functionnality has been disabled"]}'); + /* PrestaShop demo mode*/ + + $hook_name = Tools::getValue('hook'); + $hookableModulesList = array(); + $modules = Db::getInstance()->executeS('SELECT id_module, name FROM `'._DB_PREFIX_.'module` '); + foreach ($modules as $module) + { + if (!Validate::isModuleName($module['name'])) + continue; + if (file_exists(_PS_MODULE_DIR_.$module['name'].'/'.$module['name'].'.php')) + { + include_once(_PS_MODULE_DIR_.$module['name'].'/'.$module['name'].'.php'); + $mod = new $module['name'](); + if ($mod->isHookableOn($hook_name)) + $hookableModulesList[] = array('id' => (int)$mod->id, 'name' => $mod->displayName, 'display' => Hook::exec($hook_name, array(), (int)$mod->id)); + } + } + die(Tools::jsonEncode($hookableModulesList)); + } + } + public function ajaxProcessSaveHook() + { + if ($this->tabAccess['edit'] === '1') + { + /* PrestaShop demo mode */ + if (_PS_MODE_DEMO_) + die('{"hasError" : true, "errors" : ["Live Edit : This functionnality has been disabled"]}'); + + $hooks_list = explode(',', Tools::getValue('hooks_list')); + $id_shop = (int)Tools::getValue('id_shop'); + if (!$id_shop) + $id_shop = Context::getContext()->shop->id; + + $res = true; + $hookableList = array(); + // $_POST['hook'] is an array of id_module + $hooks_list = Tools::getValue('hook'); + foreach ($hooks_list as $id_hook => $modules) + { + // 1st, drop all previous hooked modules + $sql = 'DELETE FROM `'._DB_PREFIX_.'hook_module` + WHERE `id_hook` = '.(int)$id_hook.' + AND id_shop = '.(int)$id_shop; + $res &= Db::getInstance()->execute($sql); + + $i = 1; + $value = ''; + $ids = array(); + // then prepare sql query to rehook all chosen modules(id_module, id_shop, id_hook, position) + // position is i (autoincremented) + foreach ($modules as $id_module) + { + if (!in_array($id_module, $ids)) + { + $ids[] = (int)$id_module; + $value .= '('.(int)$id_module.', '.(int)$id_shop.', '.(int)$id_hook.', '.(int)$i.'),'; + } + $i++; + } + $value = rtrim($value, ','); + $res &= Db::getInstance()->execute('INSERT INTO `'._DB_PREFIX_.'hook_module` + (id_module, id_shop, id_hook, position) + VALUES '.$value); + + } + if ($res) + $hasError = true; + else + $hasError = false; + die('{"hasError" : false, "errors" : ""}'); + } } } diff --git a/controllers/admin/AdminProductsController.php b/controllers/admin/AdminProductsController.php index 37758b427..26b0bd77e 100644 --- a/controllers/admin/AdminProductsController.php +++ b/controllers/admin/AdminProductsController.php @@ -1504,15 +1504,14 @@ class AdminProductsControllerCore extends AdminController null, Context::getContext()->shop->id, 0, - true + (bool)Configuration::get('PS_REWRITING_SETTINGS') ); if (!$this->object->active) { $admin_dir = dirname($_SERVER['PHP_SELF']); $admin_dir = substr($admin_dir, strrpos($admin_dir, '/') + 1); - $token = Tools::encrypt('PreviewProduct'.$this->object->id); - $preview_url .= '&adtoken='.$token.'&ad='.$admin_dir; + $preview_url .= '&adtoken='.$this->token.'&ad='.$admin_dir.'&id_employee='.(int)$this->context->employee->id; } $this->redirect_after = $preview_url; @@ -1625,19 +1624,18 @@ class AdminProductsControllerCore extends AdminController null, Context::getContext()->shop->id, 0, - true + (bool)Configuration::get('PS_REWRITING_SETTINGS') ); if (!$object->active) { $admin_dir = dirname($_SERVER['PHP_SELF']); $admin_dir = substr($admin_dir, strrpos($admin_dir, '/') + 1); - $token = Tools::encrypt('PreviewProduct'.$object->id); if (strpos($preview_url, '?') === false) $preview_url .= '?'; else $preview_url .= '&'; - $preview_url .= 'adtoken='.$token.'&ad='.$admin_dir; + $preview_url .= 'adtoken='.$this->token.'&ad='.$admin_dir.'&id_employee='.(int)$this->context->employee->id; } $this->redirect_after = $preview_url; } @@ -2331,16 +2329,15 @@ class AdminProductsControllerCore extends AdminController null, Context::getContext()->shop->id, 0, - true + $is_rewrite_active ); if (!$product->active) { $admin_dir = dirname($_SERVER['PHP_SELF']); $admin_dir = substr($admin_dir, strrpos($admin_dir, '/') + 1); - $token = Tools::encrypt('PreviewProduct'.$product->id); - $preview_url .= $product->active ? '' : '&adtoken='.$token.'&ad='.$admin_dir; + $preview_url .= $product->active ? '' : '&adtoken='.$this->token.'&ad='.$admin_dir.'&id_employee='.(int)$this->context->employee->id; } } return $preview_url; @@ -3976,44 +3973,76 @@ class AdminProductsControllerCore extends AdminController public function ajaxProcessCheckProductName() { - $search = Tools::getValue('q'); - $id_lang = Tools::getValue('id_lang'); - $limit = Tools::getValue('limit'); - $result = Db::getInstance()->executeS(' - SELECT DISTINCT pl.`name`, p.`id_product`, pl.`id_shop` - FROM `'._DB_PREFIX_.'product` p - LEFT JOIN `'._DB_PREFIX_.'product_lang` pl - ON (pl.`id_product` = p.`id_product` AND pl.`id_lang` = '.(int)$id_lang.') - WHERE pl.`name` LIKE "%'.pSQL($search).'%" - GROUP BY pl.`id_product` - LIMIT '.(int)$limit); - die(Tools::jsonEncode($result)); + if ($this->tabAccess['view'] === '1') + { + $search = Tools::getValue('q'); + $id_lang = Tools::getValue('id_lang'); + $limit = Tools::getValue('limit'); + $result = Db::getInstance()->executeS(' + SELECT DISTINCT pl.`name`, p.`id_product`, pl.`id_shop` + FROM `'._DB_PREFIX_.'product` p + LEFT JOIN `'._DB_PREFIX_.'product_lang` pl + ON (pl.`id_product` = p.`id_product` AND pl.`id_lang` = '.(int)$id_lang.') + WHERE pl.`name` LIKE "%'.pSQL($search).'%" + GROUP BY pl.`id_product` + LIMIT '.(int)$limit); + die(Tools::jsonEncode($result)); + } } public function ajaxProcessUpdatePositions() { - $way = (int)(Tools::getValue('way')); - $id_product = (int)(Tools::getValue('id_product')); - $id_category = (int)(Tools::getValue('id_category')); - $positions = Tools::getValue('product'); + if ($this->tabAccess['edit'] === '1') + { + $way = (int)(Tools::getValue('way')); + $id_product = (int)(Tools::getValue('id_product')); + $id_category = (int)(Tools::getValue('id_category')); + $positions = Tools::getValue('product'); - if (is_array($positions)) - foreach ($positions as $position => $value) - { - $pos = explode('_', $value); - - if ((isset($pos[1]) && isset($pos[2])) && ($pos[1] == $id_category && (int)$pos[2] === $id_product)) + if (is_array($positions)) + foreach ($positions as $position => $value) { - if ($product = new Product((int)$pos[2])) - if (isset($position) && $product->updatePosition($way, $position)) - echo 'ok position '.(int)$position.' for product '.(int)$pos[2].'\r\n'; - else - echo '{"hasError" : true, "errors" : "Can not update product '.(int)$id_product.' to position '.(int)$position.' "}'; - else - echo '{"hasError" : true, "errors" : "This product ('.(int)$id_product.') can t be loaded"}'; + $pos = explode('_', $value); - break; + if ((isset($pos[1]) && isset($pos[2])) && ($pos[1] == $id_category && (int)$pos[2] === $id_product)) + { + if ($product = new Product((int)$pos[2])) + if (isset($position) && $product->updatePosition($way, $position)) + echo 'ok position '.(int)$position.' for product '.(int)$pos[2].'\r\n'; + else + echo '{"hasError" : true, "errors" : "Can not update product '.(int)$id_product.' to position '.(int)$position.' "}'; + else + echo '{"hasError" : true, "errors" : "This product ('.(int)$id_product.') can t be loaded"}'; + + break; + } } + } + } + + public function ajaxProcessPublishProduct() + { + if ($this->tabAccess['edit'] === '1') + { + if ($id_product = (int)Tools::getValue('id_product')) + { + $id_tab_catalog = (int)(Tab::getIdFromClassName('AdminProducts')); + $bo_product_url = dirname($_SERVER['PHP_SELF']).'/index.php?tab=AdminProducts&id_product='.$id_product.'&updateproduct&token='.$this->token; + + if (Tools::getValue('redirect')) + die($bo_product_url); + + $product = new Product((int)$id_product); + if (!Validate::isLoadedObject($product)) + die('error: invalid id'); + + $product->active = 1; + + if ($product->save()) + die($bo_product_url); + else + die('error: saving'); } + } } } diff --git a/controllers/front/CmsController.php b/controllers/front/CmsController.php index 2862ce9d4..04e8549d0 100644 --- a/controllers/front/CmsController.php +++ b/controllers/front/CmsController.php @@ -56,7 +56,7 @@ class CmsControllerCore extends FrontController /* assignCase (1 = CMS page, 2 = CMS category) */ if (Validate::isLoadedObject($this->cms) - && ($this->cms->isAssociatedToShop() && $this->cms->active || (Tools::getValue('adtoken') == Tools::encrypt('PreviewCMS'.$this->cms->id)))) + && ($this->cms->isAssociatedToShop() && $this->cms->active || (Tools::getValue('adtoken') == Tools::getAdminToken('AdminCmsContent'.(int)Tab::getIdFromClassName('AdminCmsContent').(int)Tools::getValue('id_employee'))))) $this->assignCase = 1; else if (Validate::isLoadedObject($this->cms_category)) $this->assignCase = 2; diff --git a/controllers/front/ProductController.php b/controllers/front/ProductController.php index 7699c219a..511b3b104 100644 --- a/controllers/front/ProductController.php +++ b/controllers/front/ProductController.php @@ -94,8 +94,8 @@ class ProductControllerCore extends FrontController * In all the others cases => 404 "Product is no longer available" */ if (!$this->product->isAssociatedToShop() - || ((!$this->product->active && ((Tools::getValue('adtoken') != Tools::encrypt('PreviewProduct'.$this->product->id)) - || !file_exists(_PS_ROOT_DIR_.'/'.Tools::getValue('ad').'/ajax.php'))))) + || ((!$this->product->active && ((Tools::getValue('adtoken') != Tools::getAdminToken('AdminProducts'.(int)Tab::getIdFromClassName('AdminProducts').(int)Tools::getValue('id_employee'))) + || !file_exists(_PS_ROOT_DIR_.'/'.Tools::getValue('ad').'/index.php'))))) { header('HTTP/1.1 404 page not found'); $this->errors[] = Tools::displayError('Product is no longer available.'); diff --git a/js/hookLiveEdit.js b/js/hookLiveEdit.js index 5d249070b..f526ea415 100644 --- a/js/hookLiveEdit.js +++ b/js/hookLiveEdit.js @@ -143,23 +143,26 @@ function getHookableList() { }); $.ajax({ - type: 'POST', - url: baseDir + ad + '/ajax.php', - async: true, - dataType: 'json', - data: {ajax:"true", - 'getHookableList':1, - 'hooks_list' : hooks_list, - modules_list : modules_list, - id_shop : get('id_shop') - }, - success: function(jsonData) { + type: 'POST', + url: baseDir + ad + '/index.php', + async: true, + dataType: 'json', + data: { + action: 'getHookableList', + tab: 'AdminModulesPositions', + ajax:1, + hooks_list: hooks_list, + modules_list: modules_list, + id_shop: get('id_shop'), + token: get('liveToken') + }, + success: function(jsonData) { if (jsonData.hasError) { var errors = ''; for (error in jsonData.errors) //IE6 bug fix if (error != 'indexOf') errors += jsonData.errors[error] + "\n"; - alert(errors); + alert(errors); } else hookable_list = jsonData;// create and fill input array @@ -174,10 +177,17 @@ function getHookableList() { function getHookableModuleList(hook) { $.ajax({ type: 'GET', - url: baseDir + ad + '/ajax.php', + url: baseDir + ad + '/index.php', async: true, dataType: 'json', - data: 'ajax=true&getHookableModuleList&hook=' + hook + '&id_shop=' + get('id_shop'), + data: { + ajax:1, + tab: 'AdminModulesPositions', + action:'getHookableModuleList', + hook: hook, + id_shop: get('id_shop'), + token: get('liveToken') + }, success: function(jsonData) { var select = ' - - + +

diff --git a/themes/default/js/cms.js b/themes/default/js/cms.js index 890938df8..23f365678 100644 --- a/themes/default/js/cms.js +++ b/themes/default/js/cms.js @@ -24,12 +24,20 @@ * International Registered Trademark & Property of PrestaShop SA */ -function submitPublishCMS(url, redirect) +function submitPublishCMS(url, redirect, token) { var id_cms = $('#admin-action-cms-id').val(); $.ajaxSetup({async: false}); - $.post(url+'/ajax.php', { submitPublishCMS: '1', id_cms: id_cms, status: 1, redirect: redirect }, + $.post(url+'/index.php', { + action: 'PublishCMS', + id_cms: id_cms, + status: 1, + redirect: redirect, + ajax: 1, + tab: 'AdminCmsContent', + token: token + }, function(data) { if (data.indexOf('error') === -1) diff --git a/themes/default/js/product.js b/themes/default/js/product.js index 193abb495..30c202859 100644 --- a/themes/default/js/product.js +++ b/themes/default/js/product.js @@ -588,16 +588,24 @@ function saveCustomization() $('#customizationForm').submit(); } -function submitPublishProduct(url, redirect) +function submitPublishProduct(url, redirect, token) { var id_product = $('#admin-action-product-id').val(); $.ajaxSetup({async: false}); - $.post(url+'/ajax.php', { submitPublishProduct: '1', id_product: id_product, status: 1, redirect: redirect }, + $.post(url+'/index.php', { + action:'publishProduct', + id_product: id_product, + status: 1, + redirect: redirect, + ajax: 1, + tab: 'AdminProducts', + token: token + }, function(data) { if (data.indexOf('error') === -1) - document.location.href = data; + document.location.href = data; } ); diff --git a/themes/default/product.tpl b/themes/default/product.tpl index e309aea4f..28e8ab337 100644 --- a/themes/default/product.tpl +++ b/themes/default/product.tpl @@ -153,8 +153,8 @@ var fieldRequired = '{l s='Please fill in all required fields, then save the cus

{l s='This product is not visible to your customers.'} - - + +

diff --git a/themes/live_edit.tpl b/themes/live_edit.tpl index bb9f16c14..173db710b 100644 --- a/themes/live_edit.tpl +++ b/themes/live_edit.tpl @@ -40,9 +40,12 @@
-
- + + + + + {foreach from=$hook_list key=hook_id item=hook_name}