1 <?php
   2 /**
   3  * @package    FrameworkOnFramework
   4  * @subpackage controller
   5  * @copyright   Copyright (C) 2010-2016 Nicholas K. Dionysopoulos / Akeeba Ltd. All rights reserved.
   6  * @license    GNU General Public License version 2 or later; see LICENSE.txt
   7  */
   8 
   9 // Protect from unauthorized access
  10 defined('FOF_INCLUDED') or die;
  11 
  12 /**
  13  * FrameworkOnFramework controller class. FOF is based on the thin controller
  14  * paradigm, where the controller is mainly used to set up the model state and
  15  * spawn the view.
  16  *
  17  * @package  FrameworkOnFramework
  18  * @since    1.0
  19  */
  20 class FOFController extends FOFUtilsObject
  21 {
  22     /**
  23      * @var int Bit mask to enable Routing on redirects.
  24      * 0 = never
  25      * 1 = frontend only
  26      * 2 = backend  only
  27      * 3 = always
  28      */
  29     protected $autoRouting = 0;
  30 
  31     /**
  32      * The current component's name without the com_ prefix
  33      *
  34      * @var    string
  35      */
  36     protected $bareComponent = 'foobar';
  37 
  38     /**
  39      * The base path of the controller
  40      *
  41      * @var    string
  42      */
  43     protected $basePath;
  44 
  45     /**
  46      * The tasks for which caching should be enabled by default
  47      *
  48      * @var array
  49      */
  50     protected $cacheableTasks = array('browse', 'read');
  51 
  52     /**
  53      * The current component's name; you can override it in the configuration
  54      *
  55      * @var    string
  56      */
  57     protected $component = 'com_foobar';
  58 
  59     /**
  60      * A cached copy of the class configuration parameter passed during initialisation
  61      *
  62      * @var    array
  63      */
  64     protected $config = array();
  65 
  66     /**
  67      * An instance of FOFConfigProvider to provision configuration overrides
  68      *
  69      * @var    FOFConfigProvider
  70      */
  71     protected $configProvider = null;
  72 
  73     /**
  74      * Set to true to enable CSRF protection on selected tasks. The possible
  75      * values are:
  76      * 0    Disabled; no token checks are performed
  77      * 1    Enabled; token checks are always performed
  78      * 2    Only on HTML requests and backend; token checks are always performed in the back-end and in the front-end only when format is 'html'
  79      * 3    Only on back-end; token checks are performer only in the back-end
  80      *
  81      * @var    integer
  82      */
  83     protected $csrfProtection = 2;
  84 
  85     /**
  86      * The default view for the display method.
  87      *
  88      * @var    string
  89      */
  90     protected $default_view;
  91 
  92     /**
  93      * The mapped task that was performed.
  94      *
  95      * @var    string
  96      */
  97     protected $doTask;
  98 
  99     /**
 100      * The input object for this MVC triad; you can override it in the configuration
 101      *
 102      * @var    FOFInput
 103      */
 104     protected $input = array();
 105 
 106     /**
 107      * Redirect message.
 108      *
 109      * @var    string
 110      */
 111     protected $message;
 112 
 113     /**
 114      * Redirect message type.
 115      *
 116      * @var    string
 117      */
 118     protected $messageType;
 119 
 120     /**
 121      * The current layout; you can override it in the configuration
 122      *
 123      * @var    string
 124      */
 125     protected $layout = null;
 126 
 127     /**
 128      * Array of class methods
 129      *
 130      * @var    array
 131      */
 132     protected $methods;
 133 
 134     /**
 135      * The prefix of the models
 136      *
 137      * @var    string
 138      */
 139     protected $model_prefix;
 140 
 141     /**
 142      * Overrides the name of the view's default model
 143      *
 144      * @var    string
 145      */
 146     protected $modelName = null;
 147 
 148     /**
 149      * The set of search directories for resources (views).
 150      *
 151      * @var    array
 152      */
 153     protected $paths;
 154 
 155     /**
 156      * URL for redirection.
 157      *
 158      * @var    string
 159      */
 160     protected $redirect;
 161 
 162     /**
 163      * Current or most recently performed task.
 164      *
 165      * @var    string
 166      */
 167     protected $task;
 168 
 169     /**
 170      * Array of class methods to call for a given task.
 171      *
 172      * @var    array
 173      */
 174     protected $taskMap;
 175 
 176     /**
 177      * The name of the controller
 178      *
 179      * @var    array
 180      */
 181     protected $name;
 182 
 183     /**
 184      * The current view name; you can override it in the configuration
 185      *
 186      * @var    string
 187      */
 188     protected $view = '';
 189 
 190     /**
 191      * Overrides the name of the view's default view
 192      *
 193      * @var    string
 194      */
 195     protected $viewName = null;
 196 
 197     /**
 198      * A copy of the FOFView object used in this triad
 199      *
 200      * @var    FOFView
 201      */
 202     private $_viewObject = null;
 203 
 204     /**
 205      * A cache for the view item objects created in this controller
 206      *
 207      * @var   array
 208      */
 209     protected $viewsCache = array();
 210 
 211     /**
 212      * A copy of the FOFModel object used in this triad
 213      *
 214      * @var    FOFModel
 215      */
 216     private $_modelObject = null;
 217 
 218     /**
 219      * Does this tried have a FOFForm which will be used to render it?
 220      *
 221      * @var    boolean
 222      */
 223     protected $hasForm = false;
 224 
 225     /**
 226      * Gets a static (Singleton) instance of a controller class. It loads the
 227      * relevant controller file from the component's directory or, if it doesn't
 228      * exist, creates a new controller object out of thin air.
 229      *
 230      * @param   string  $option  Component name, e.g. com_foobar
 231      * @param   string  $view    The view name, also used for the controller name
 232      * @param   array   $config  Configuration parameters
 233      *
 234      * @return  FOFController
 235      */
 236     public static function &getAnInstance($option = null, $view = null, $config = array())
 237     {
 238         static $instances = array();
 239 
 240         // Make sure $config is an array
 241         if (is_object($config))
 242         {
 243             $config = (array) $config;
 244         }
 245         elseif (!is_array($config))
 246         {
 247             $config = array();
 248         }
 249 
 250         $hash = $option . $view;
 251 
 252         if (!array_key_exists($hash, $instances))
 253         {
 254             $instances[$hash] = self::getTmpInstance($option, $view, $config);
 255         }
 256 
 257         return $instances[$hash];
 258     }
 259 
 260     /**
 261      * Gets a temporary instance of a controller object. A temporary instance is
 262      * not a Singleton and can be disposed off after use.
 263      *
 264      * @param   string  $option  The component name, e.g. com_foobar
 265      * @param   string  $view    The view name, e.g. cpanel
 266      * @param   array   $config  Configuration parameters
 267      *
 268      * @return  \FOFController  A disposable class instance
 269      */
 270     public static function &getTmpInstance($option = null, $view = null, $config = array())
 271     {
 272         // Make sure $config is an array
 273         if (is_object($config))
 274         {
 275             $config = (array) $config;
 276         }
 277         elseif (!is_array($config))
 278         {
 279             $config = array();
 280         }
 281 
 282         // Get an input object
 283         if (array_key_exists('input', $config))
 284         {
 285             $input = $config['input'];
 286         }
 287         else
 288         {
 289             $input = null;
 290         }
 291 
 292         if (array_key_exists('input_options', $config))
 293         {
 294             $input_options = $config['input_options'];
 295         }
 296         else
 297         {
 298             $input_options = array();
 299         }
 300 
 301         if (!($input instanceof FOFInput))
 302         {
 303             $input = new FOFInput($input, $input_options);
 304         }
 305 
 306         // Determine the option (component name) and view
 307         $config['option'] = !is_null($option) ? $option : $input->getCmd('option', 'com_foobar');
 308         $config['view'] = !is_null($view) ? $view : $input->getCmd('view', 'cpanel');
 309 
 310         // Get the class base name, e.g. FoobarController
 311         $classBaseName = ucfirst(str_replace('com_', '', $config['option'])) . 'Controller';
 312 
 313         // Get the class name suffixes, in the order to be searched for: plural, singular, 'default'
 314         $classSuffixes = array(
 315             FOFInflector::pluralize($config['view']),
 316             FOFInflector::singularize($config['view']),
 317             'default'
 318         );
 319 
 320         // Get the path names for the component
 321         $componentPaths = FOFPlatform::getInstance()->getComponentBaseDirs($config['option']);
 322         $filesystem     = FOFPlatform::getInstance()->getIntegrationObject('filesystem');
 323 
 324         // Look for the best classname match
 325         foreach ($classSuffixes as $suffix)
 326         {
 327             $className = $classBaseName . ucfirst($suffix);
 328 
 329             if (class_exists($className))
 330             {
 331                 // The class is already loaded. We have a match!
 332                 break;
 333             }
 334 
 335             // The class is not already loaded. Try to find and load it.
 336             $searchPaths = array(
 337                 $componentPaths['main'] . '/controllers',
 338                 $componentPaths['admin'] . '/controllers'
 339             );
 340 
 341             // If we have a searchpath in the configuration please search it first
 342 
 343             if (array_key_exists('searchpath', $config))
 344             {
 345                 array_unshift($searchPaths, $config['searchpath']);
 346             }
 347             else
 348             {
 349                 $configProvider = new FOFConfigProvider;
 350                 $searchPath = $configProvider->get($config['option'] . '.views.' . FOFInflector::singularize($config['view']) . '.config.searchpath', null);
 351 
 352                 if ($searchPath)
 353                 {
 354                     array_unshift($searchPaths, $componentPaths['admin'] . '/' . $searchPath);
 355                     array_unshift($searchPaths, $componentPaths['main'] . '/' . $searchPath);
 356                 }
 357             }
 358 
 359             /**
 360              * Try to find the path to this file. First try to find the
 361              * format-specific controller file, e.g. foobar.json.php for
 362              * format=json, then the regular one-size-fits-all controller
 363              */
 364 
 365             $format = $input->getCmd('format', 'html');
 366             $path = null;
 367 
 368             if (!empty($format))
 369             {
 370                 $path = $filesystem->pathFind(
 371                     $searchPaths, strtolower($suffix) . '.' . strtolower($format) . '.php'
 372                 );
 373             }
 374 
 375             if (!$path)
 376             {
 377                 $path = $filesystem->pathFind(
 378                         $searchPaths, strtolower($suffix) . '.php'
 379                 );
 380             }
 381 
 382             // The path is found. Load the file and make sure the expected class name exists.
 383 
 384             if ($path)
 385             {
 386                 require_once $path;
 387 
 388                 if (class_exists($className))
 389                 {
 390                     // The class was loaded successfully. We have a match!
 391                     break;
 392                 }
 393             }
 394         }
 395 
 396         if (!class_exists($className))
 397         {
 398             // If no specialised class is found, instantiate the generic FOFController
 399             $className = 'FOFController';
 400         }
 401 
 402         $instance = new $className($config);
 403 
 404         return $instance;
 405     }
 406 
 407     /**
 408      * Public constructor of the Controller class
 409      *
 410      * @param   array  $config  Optional configuration parameters
 411      */
 412     public function __construct($config = array())
 413     {
 414         // Make sure $config is an array
 415         if (is_object($config))
 416         {
 417             $config = (array) $config;
 418         }
 419         elseif (!is_array($config))
 420         {
 421             $config = array();
 422         }
 423 
 424         $this->methods = array();
 425         $this->message = null;
 426         $this->messageType = 'message';
 427         $this->paths = array();
 428         $this->redirect = null;
 429         $this->taskMap = array();
 430 
 431         // Cache the config
 432         $this->config = $config;
 433 
 434         // Get the input for this MVC triad
 435 
 436         if (array_key_exists('input', $config))
 437         {
 438             $input = $config['input'];
 439         }
 440         else
 441         {
 442             $input = null;
 443         }
 444 
 445         if (array_key_exists('input_options', $config))
 446         {
 447             $input_options = $config['input_options'];
 448         }
 449         else
 450         {
 451             $input_options = array();
 452         }
 453 
 454         if ($input instanceof FOFInput)
 455         {
 456             $this->input = $input;
 457         }
 458         else
 459         {
 460             $this->input = new FOFInput($input, $input_options);
 461         }
 462 
 463         // Load the configuration provider
 464         $this->configProvider = new FOFConfigProvider;
 465 
 466         // Determine the methods to exclude from the base class.
 467         $xMethods = get_class_methods('FOFController');
 468 
 469         // Some methods must always be considered valid tasks
 470         $iMethods = array('accesspublic', 'accessregistered', 'accessspecial',
 471             'add', 'apply', 'browse', 'cancel', 'copy', 'edit', 'orderdown',
 472             'orderup', 'publish', 'read', 'remove', 'save', 'savenew',
 473             'saveorder', 'unpublish', 'display', 'archive', 'trash', 'loadhistory');
 474 
 475         // Get the public methods in this class using reflection.
 476         $r = new ReflectionClass($this);
 477         $rMethods = $r->getMethods(ReflectionMethod::IS_PUBLIC);
 478 
 479         foreach ($rMethods as $rMethod)
 480         {
 481             $mName = $rMethod->getName();
 482 
 483             // If the developer screwed up and declared one of the helper method public do NOT make them available as
 484             // tasks.
 485             if ((substr($mName, 0, 8) == 'onBefore') || (substr($mName, 0, 7) == 'onAfter') || substr($mName, 0, 1) == '_')
 486             {
 487                 continue;
 488             }
 489 
 490             // Add default display method if not explicitly declared.
 491             if (!in_array($mName, $xMethods) || in_array($mName, $iMethods))
 492             {
 493                 $this->methods[] = strtolower($mName);
 494 
 495                 // Auto register the methods as tasks.
 496                 $this->taskMap[strtolower($mName)] = $mName;
 497             }
 498         }
 499 
 500         // Get the default values for the component and view names
 501         $classNameParts = FOFInflector::explode(get_class($this));
 502 
 503         if (count($classNameParts) == 3)
 504         {
 505             $defComponent = "com_" . $classNameParts[0];
 506             $defView = $classNameParts[2];
 507         }
 508         else
 509         {
 510             $defComponent = 'com_foobar';
 511             $defView = 'cpanel';
 512         }
 513 
 514         $this->component = $this->input->get('option', $defComponent, 'cmd');
 515         $this->view = $this->input->get('view', $defView, 'cmd');
 516         $this->layout = $this->input->get('layout', null, 'cmd');
 517 
 518         // Overrides from the config
 519         if (array_key_exists('option', $config))
 520         {
 521             $this->component = $config['option'];
 522         }
 523 
 524         if (array_key_exists('view', $config))
 525         {
 526             $this->view = $config['view'];
 527         }
 528 
 529         if (array_key_exists('layout', $config))
 530         {
 531             $this->layout = $config['layout'];
 532         }
 533 
 534         $this->layout = $this->configProvider->get($this->component . '.views.' . FOFInflector::singularize($this->view) . '.config.layout', $this->layout);
 535 
 536         $this->input->set('option', $this->component);
 537 
 538         // Set the bareComponent variable
 539         $this->bareComponent = str_replace('com_', '', strtolower($this->component));
 540 
 541         // Set the $name variable
 542         $this->name = $this->bareComponent;
 543 
 544         // Set the basePath variable
 545         $componentPaths = FOFPlatform::getInstance()->getComponentBaseDirs($this->component);
 546         $basePath = $componentPaths['main'];
 547 
 548         if (array_key_exists('base_path', $config))
 549         {
 550             $basePath = $config['base_path'];
 551         }
 552 
 553         $altBasePath = $this->configProvider->get(
 554             $this->component . '.views.' .
 555             FOFInflector::singularize($this->view) . '.config.base_path', null
 556         );
 557 
 558         if (!is_null($altBasePath))
 559         {
 560             $platformDirs = FOFPlatform::getInstance()->getPlatformBaseDirs();
 561             $basePath     = $platformDirs['public'] . '/' . $altBasePath;
 562         }
 563 
 564         $this->basePath = $basePath;
 565 
 566         // If the default task is set, register it as such
 567         $defaultTask = $this->configProvider->get(
 568             $this->component . '.views.' .
 569             FOFInflector::singularize($this->view) . '.config.default_task', 'display'
 570         );
 571 
 572         if (array_key_exists('default_task', $config))
 573         {
 574             $this->registerDefaultTask($config['default_task']);
 575         }
 576         else
 577         {
 578             $this->registerDefaultTask($defaultTask);
 579         }
 580 
 581         // Set the models prefix
 582 
 583         if (empty($this->model_prefix))
 584         {
 585             if (array_key_exists('model_prefix', $config))
 586             {
 587                 // User-defined prefix
 588                 $this->model_prefix = $config['model_prefix'];
 589             }
 590             else
 591             {
 592                 $this->model_prefix = $this->name . 'Model';
 593                 $this->model_prefix = $this->configProvider->get(
 594                     $this->component . '.views.' .
 595                     FOFInflector::singularize($this->view) . '.config.model_prefix', $this->model_prefix
 596                 );
 597             }
 598         }
 599 
 600         // Set the default model search path
 601 
 602         if (array_key_exists('model_path', $config))
 603         {
 604             // User-defined dirs
 605             $this->addModelPath($config['model_path'], $this->model_prefix);
 606         }
 607         else
 608         {
 609             $modelPath = $this->basePath . '/models';
 610             $altModelPath = $this->configProvider->get(
 611                 $this->component . '.views.' .
 612                 FOFInflector::singularize($this->view) . '.config.model_path', null
 613             );
 614 
 615             if (!is_null($altModelPath))
 616             {
 617                 $modelPath = $this->basePath . '/' . $altModelPath;
 618             }
 619 
 620             $this->addModelPath($modelPath, $this->model_prefix);
 621         }
 622 
 623         // Set the default view search path
 624         if (array_key_exists('view_path', $config))
 625         {
 626             // User-defined dirs
 627             $this->setPath('view', $config['view_path']);
 628         }
 629         else
 630         {
 631             $viewPath = $this->basePath . '/views';
 632             $altViewPath = $this->configProvider->get(
 633                 $this->component . '.views.' .
 634                 FOFInflector::singularize($this->view) . '.config.view_path', null
 635             );
 636 
 637             if (!is_null($altViewPath))
 638             {
 639                 $viewPath = $this->basePath . '/' . $altViewPath;
 640             }
 641 
 642             $this->setPath('view', $viewPath);
 643         }
 644 
 645         // Set the default view.
 646 
 647         if (array_key_exists('default_view', $config))
 648         {
 649             $this->default_view = $config['default_view'];
 650         }
 651         else
 652         {
 653             if (empty($this->default_view))
 654             {
 655                 $this->default_view = $this->getName();
 656             }
 657 
 658             $this->default_view = $this->configProvider->get(
 659                 $this->component . '.views.' .
 660                 FOFInflector::singularize($this->view) . '.config.default_view', $this->default_view
 661             );
 662         }
 663 
 664         // Set the CSRF protection
 665         if (array_key_exists('csrf_protection', $config))
 666         {
 667             $this->csrfProtection = $config['csrf_protection'];
 668         }
 669 
 670         $this->csrfProtection = $this->configProvider->get(
 671             $this->component . '.views.' .
 672             FOFInflector::singularize($this->view) . '.config.csrf_protection', $this->csrfProtection
 673         );
 674 
 675         // Set any model/view name overrides
 676         if (array_key_exists('viewName', $config))
 677         {
 678             $this->setThisViewName($config['viewName']);
 679         }
 680         else
 681         {
 682             $overrideViewName = $this->configProvider->get(
 683                 $this->component . '.views.' .
 684                 FOFInflector::singularize($this->view) . '.config.viewName', null
 685             );
 686 
 687             if ($overrideViewName)
 688             {
 689                 $this->setThisViewName($overrideViewName);
 690             }
 691         }
 692 
 693         if (array_key_exists('modelName', $config))
 694         {
 695             $this->setThisModelName($config['modelName']);
 696         }
 697         else
 698         {
 699             $overrideModelName = $this->configProvider->get(
 700                 $this->component . '.views.' .
 701                 FOFInflector::singularize($this->view) . '.config.modelName', null
 702             );
 703 
 704             if ($overrideModelName)
 705             {
 706                 $this->setThisModelName($overrideModelName);
 707             }
 708         }
 709 
 710         // Caching
 711         if (array_key_exists('cacheableTasks', $config))
 712         {
 713             if (is_array($config['cacheableTasks']))
 714             {
 715                 $this->cacheableTasks = $config['cacheableTasks'];
 716             }
 717         }
 718         else
 719         {
 720             $cacheableTasks = $this->configProvider->get(
 721                 $this->component . '.views.' .
 722                 FOFInflector::singularize($this->view) . '.config.cacheableTasks', null
 723             );
 724 
 725             if ($cacheableTasks)
 726             {
 727                 $cacheableTasks = explode(',', $cacheableTasks);
 728 
 729                 if (count($cacheableTasks))
 730                 {
 731                     $temp = array();
 732 
 733                     foreach ($cacheableTasks as $t)
 734                     {
 735                         $temp[] = trim($t);
 736                     }
 737 
 738                     $temp = array_unique($temp);
 739                     $this->cacheableTasks = $temp;
 740                 }
 741             }
 742         }
 743 
 744         // Bit mask for auto routing on setRedirect
 745         $this->autoRouting = $this->configProvider->get(
 746             $this->component . '.views.' .
 747             FOFInflector::singularize($this->view) . '.config.autoRouting', $this->autoRouting
 748         );
 749 
 750         if (array_key_exists('autoRouting', $config))
 751         {
 752             $this->autoRouting = $config['autoRouting'];
 753         }
 754 
 755         // Apply task map
 756         $taskmap = $this->configProvider->get(
 757             $this->component . '.views.' .
 758             FOFInflector::singularize($this->view) . '.taskmap'
 759         );
 760 
 761         if (is_array($taskmap) && !empty($taskmap))
 762         {
 763             foreach ($taskmap as $aliasedtask => $realmethod)
 764             {
 765                 $this->registerTask($aliasedtask, $realmethod);
 766             }
 767         }
 768     }
 769 
 770     /**
 771      * Adds to the stack of model paths in LIFO order.
 772      *
 773      * @param   mixed   $path    The directory (string) , or list of directories (array) to add.
 774      * @param   string  $prefix  A prefix for models
 775      *
 776      * @return  void
 777      */
 778     public static function addModelPath($path, $prefix = '')
 779     {
 780         FOFModel::addIncludePath($path, $prefix);
 781     }
 782 
 783     /**
 784      * Adds to the search path for templates and resources.
 785      *
 786      * @param   string  $type  The path type (e.g. 'model', 'view').
 787      * @param   mixed   $path  The directory string  or stream array to search.
 788      *
 789      * @return  FOFController  A FOFController object to support chaining.
 790      */
 791     protected function addPath($type, $path)
 792     {
 793         // Just force path to array
 794         settype($path, 'array');
 795 
 796         $filesystem = FOFPlatform::getInstance()->getIntegrationObject('filesystem');
 797 
 798         if (!isset($this->paths[$type]))
 799         {
 800             $this->paths[$type] = array();
 801         }
 802 
 803         // Loop through the path directories
 804         foreach ($path as $dir)
 805         {
 806             // No surrounding spaces allowed!
 807             $dir = rtrim($filesystem->pathCheck($dir, '/'), '/') . '/';
 808 
 809             // Add to the top of the search dirs
 810             array_unshift($this->paths[$type], $dir);
 811         }
 812 
 813         return $this;
 814     }
 815 
 816     /**
 817      * Add one or more view paths to the controller's stack, in LIFO order.
 818      *
 819      * @param   mixed  $path  The directory (string) or list of directories (array) to add.
 820      *
 821      * @return  FOFController  This object to support chaining.
 822      */
 823     public function addViewPath($path)
 824     {
 825         $this->addPath('view', $path);
 826 
 827         return $this;
 828     }
 829 
 830     /**
 831      * Authorisation check
 832      *
 833      * @param   string  $task  The ACO Section Value to check access on.
 834      *
 835      * @return  boolean  True if authorised
 836      *
 837      * @deprecated  2.0  Use JAccess instead.
 838      */
 839     public function authorise($task)
 840     {
 841         FOFPlatform::getInstance()->logDeprecated(__CLASS__ . '::' .__METHOD__ . ' is deprecated. Use checkACL() instead.');
 842 
 843         return true;
 844     }
 845 
 846     /**
 847      * Create the filename for a resource.
 848      *
 849      * @param   string  $type   The resource type to create the filename for.
 850      * @param   array   $parts  An associative array of filename information. Optional.
 851      *
 852      * @return  string  The filename.
 853      */
 854     protected static function createFileName($type, $parts = array())
 855     {
 856         $filename = '';
 857 
 858         switch ($type)
 859         {
 860             case 'controller':
 861                 if (!empty($parts['format']))
 862                 {
 863                     if ($parts['format'] == 'html')
 864                     {
 865                         $parts['format'] = '';
 866                     }
 867                     else
 868                     {
 869                         $parts['format'] = '.' . $parts['format'];
 870                     }
 871                 }
 872                 else
 873                 {
 874                     $parts['format'] = '';
 875                 }
 876 
 877                 $filename = strtolower($parts['name'] . $parts['format'] . '.php');
 878                 break;
 879 
 880             case 'view':
 881                 if (!empty($parts['type']))
 882                 {
 883                     $parts['type'] = '.' . $parts['type'];
 884                 }
 885                 else
 886                 {
 887                     $parts['type'] = '';
 888                 }
 889 
 890                 $filename = strtolower($parts['name'] . '/view' . $parts['type'] . '.php');
 891                 break;
 892         }
 893 
 894         return $filename;
 895     }
 896 
 897     /**
 898      * Executes a given controller task. The onBefore<task> and onAfter<task>
 899      * methods are called automatically if they exist.
 900      *
 901      * @param   string $task The task to execute, e.g. "browse"
 902      *
 903      * @throws  Exception   Exception thrown if the onBefore<task> returns false
 904      *
 905      * @return  null|bool  False on execution failure
 906      */
 907     public function execute($task)
 908     {
 909         $this->task = $task;
 910 
 911         $method_name = 'onBefore' . ucfirst($task);
 912 
 913         if (!method_exists($this, $method_name))
 914         {
 915             $result = $this->onBeforeGenericTask($task);
 916         }
 917         elseif (method_exists($this, $method_name))
 918         {
 919             $result = $this->$method_name();
 920         }
 921         else
 922         {
 923             $result = true;
 924         }
 925 
 926         if ($result)
 927         {
 928             $plugin_event  = FOFInflector::camelize('on before ' . $this->bareComponent . ' controller ' . $this->view . ' ' . $task);
 929             $plugin_result = FOFPlatform::getInstance()->runPlugins($plugin_event, array(&$this, &$this->input));
 930 
 931             if (in_array(false, $plugin_result, true))
 932             {
 933                 $result = false;
 934             }
 935         }
 936 
 937         if (!$result)
 938         {
 939             throw new Exception(JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 403);
 940         }
 941 
 942         // Do not allow the display task to be directly called
 943         $task = strtolower($task);
 944 
 945         if (isset($this->taskMap[$task]))
 946         {
 947             $doTask = $this->taskMap[$task];
 948         }
 949         elseif (isset($this->taskMap['__default']))
 950         {
 951             $doTask = $this->taskMap['__default'];
 952         }
 953         else
 954         {
 955             $doTask = null;
 956         }
 957 
 958         if ($doTask == 'display')
 959         {
 960             FOFPlatform::getInstance()->setHeader('Status', '400 Bad Request', true);
 961 
 962             throw new Exception('Bad Request', 400);
 963         }
 964 
 965         $this->doTask = $doTask;
 966 
 967         $ret = $this->$doTask();
 968 
 969         $method_name = 'onAfter' . ucfirst($task);
 970 
 971         if (method_exists($this, $method_name))
 972         {
 973             $result = $this->$method_name();
 974         }
 975         else
 976         {
 977             $result = true;
 978         }
 979 
 980         if ($result)
 981         {
 982             $plugin_event = FOFInflector::camelize('on after ' . $this->bareComponent . ' controller ' . $this->view . ' ' . $task);
 983             $plugin_result = FOFPlatform::getInstance()->runPlugins($plugin_event, array(&$this, &$this->input, &$ret));
 984 
 985             if (in_array(false, $plugin_result, true))
 986             {
 987                 $result = false;
 988             }
 989         }
 990 
 991         if (!$result)
 992         {
 993             throw new Exception(JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'), 403);
 994         }
 995 
 996         return $ret;
 997     }
 998 
 999     /**
1000      * Default task. Assigns a model to the view and asks the view to render
1001      * itself.
1002      *
1003      * YOU MUST NOT USETHIS TASK DIRECTLY IN A URL. It is supposed to be
1004      * used ONLY inside your code. In the URL, use task=browse instead.
1005      *
1006      * @param   bool    $cachable   Is this view cacheable?
1007      * @param   bool    $urlparams  Add your safe URL parameters (see further down in the code)
1008      * @param   string  $tpl        The name of the template file to parse
1009      *
1010      * @return  bool
1011      */
1012     public function display($cachable = false, $urlparams = false, $tpl = null)
1013     {
1014         $document = FOFPlatform::getInstance()->getDocument();
1015 
1016         if ($document instanceof JDocument)
1017         {
1018             $viewType = $document->getType();
1019         }
1020         else
1021         {
1022             $viewType = $this->input->getCmd('format', 'html');
1023         }
1024 
1025         $view = $this->getThisView();
1026 
1027         // Get/Create the model
1028 
1029         if ($model = $this->getThisModel())
1030         {
1031             // Push the model into the view (as default)
1032             $view->setModel($model, true);
1033         }
1034 
1035         // Set the layout
1036         $view->setLayout(is_null($this->layout) ? 'default' : $this->layout);
1037 
1038         // Display the view
1039         $conf = FOFPlatform::getInstance()->getConfig();
1040 
1041         if (FOFPlatform::getInstance()->isFrontend() && $cachable && ($viewType != 'feed') && $conf->get('caching') >= 1)
1042         {
1043             // Get a JCache object
1044             $option = $this->input->get('option', 'com_foobar', 'cmd');
1045             $cache = JFactory::getCache($option, 'view');
1046 
1047             // Set up a cache ID based on component, view, task and user group assignment
1048             $user = FOFPlatform::getInstance()->getUser();
1049 
1050             if ($user->guest)
1051             {
1052                 $groups = array();
1053             }
1054             else
1055             {
1056                 $groups = $user->groups;
1057             }
1058 
1059             $importantParameters = array();
1060 
1061             // Set up safe URL parameters
1062             if (!is_array($urlparams))
1063             {
1064                 $urlparams = array(
1065                     'option'        => 'CMD',
1066                     'view'          => 'CMD',
1067                     'task'          => 'CMD',
1068                     'format'        => 'CMD',
1069                     'layout'        => 'CMD',
1070                     'id'            => 'INT',
1071                 );
1072             }
1073 
1074             if (is_array($urlparams))
1075             {
1076                 $app = JFactory::getApplication();
1077 
1078                 $registeredurlparams = null;
1079 
1080                 if (version_compare(JVERSION, '3.0', 'ge'))
1081                 {
1082                     if (property_exists($app, 'registeredurlparams'))
1083                     {
1084                         $registeredurlparams = $app->registeredurlparams;
1085                     }
1086                 }
1087                 else
1088                 {
1089                     $registeredurlparams = $app->get('registeredurlparams');
1090                 }
1091 
1092                 if (empty($registeredurlparams))
1093                 {
1094                     $registeredurlparams = new stdClass;
1095                 }
1096 
1097                 foreach ($urlparams AS $key => $value)
1098                 {
1099                     // Add your safe url parameters with variable type as value {@see JFilterInput::clean()}.
1100                     $registeredurlparams->$key = $value;
1101 
1102                     // Add the URL-important parameters into the array
1103                     $importantParameters[$key] = $this->input->get($key, null, $value);
1104                 }
1105 
1106                 if (version_compare(JVERSION, '3.0', 'ge'))
1107                 {
1108                     $app->registeredurlparams = $registeredurlparams;
1109                 }
1110                 else
1111                 {
1112                     $app->set('registeredurlparams', $registeredurlparams);
1113                 }
1114             }
1115 
1116             // Create the cache ID after setting the registered URL params, as they are used to generate the ID
1117             $cacheId = md5(serialize(array(JCache::makeId(), $view->getName(), $this->doTask, $groups, $importantParameters)));
1118 
1119             // Get the cached view or cache the current view
1120             $cache->get($view, 'display', $cacheId);
1121         }
1122         else
1123         {
1124             // Display without caching
1125             $view->display($tpl);
1126         }
1127 
1128         return true;
1129     }
1130 
1131     /**
1132      * Implements a default browse task, i.e. read a bunch of records and send
1133      * them to the browser.
1134      *
1135      * @return  boolean
1136      */
1137     public function browse()
1138     {
1139         if ($this->input->get('savestate', -999, 'int') == -999)
1140         {
1141             $this->input->set('savestate', true);
1142         }
1143 
1144         // Do I have a form?
1145         $model = $this->getThisModel();
1146 
1147         if (empty($this->layout))
1148         {
1149             $formname = 'form.default';
1150         }
1151         else
1152         {
1153             $formname = 'form.' . $this->layout;
1154         }
1155 
1156         $model->setState('form_name', $formname);
1157 
1158         $form = $model->getForm();
1159 
1160         if ($form !== false)
1161         {
1162             $this->hasForm = true;
1163         }
1164 
1165         $this->display(in_array('browse', $this->cacheableTasks));
1166 
1167         return true;
1168     }
1169 
1170     /**
1171      * Single record read. The id set in the request is passed to the model and
1172      * then the item layout is used to render the result.
1173      *
1174      * @return  bool
1175      */
1176     public function read()
1177     {
1178         // Load the model
1179         $model = $this->getThisModel();
1180 
1181         if (!$model->getId())
1182         {
1183             $model->setIDsFromRequest();
1184         }
1185 
1186         // Set the layout to item, if it's not set in the URL
1187         if (is_null($this->layout))
1188         {
1189             $this->layout = 'item';
1190         }
1191 
1192         // Do I have a form?
1193         $model->setState('form_name', 'form.' . $this->layout);
1194 
1195         $item = $model->getItem();
1196 
1197         if (!($item instanceof FOFTable))
1198         {
1199             return false;
1200         }
1201 
1202         $itemKey = $item->getKeyName();
1203 
1204         if ($item->$itemKey != $model->getId())
1205         {
1206             return false;
1207         }
1208 
1209         $formData = is_object($item) ? $item->getData() : array();
1210         $form = $model->getForm($formData);
1211 
1212         if ($form !== false)
1213         {
1214             $this->hasForm = true;
1215         }
1216 
1217         // Display
1218         $this->display(in_array('read', $this->cacheableTasks));
1219 
1220         return true;
1221     }
1222 
1223     /**
1224      * Single record add. The form layout is used to present a blank page.
1225      *
1226      * @return  false|void
1227      */
1228     public function add()
1229     {
1230         // Load and reset the model
1231         $model = $this->getThisModel();
1232         $model->reset();
1233 
1234         // Set the layout to form, if it's not set in the URL
1235 
1236         if (!$this->layout)
1237         {
1238             $this->layout = 'form';
1239         }
1240 
1241         // Do I have a form?
1242         $model->setState('form_name', 'form.' . $this->layout);
1243 
1244         $item = $model->getItem();
1245 
1246         if (!($item instanceof FOFTable))
1247         {
1248             return false;
1249         }
1250 
1251         $formData = is_object($item) ? $item->getData() : array();
1252         $form = $model->getForm($formData);
1253 
1254         if ($form !== false)
1255         {
1256             $this->hasForm = true;
1257         }
1258 
1259         // Display
1260         $this->display(in_array('add', $this->cacheableTasks));
1261     }
1262 
1263     /**
1264      * Single record edit. The ID set in the request is passed to the model,
1265      * then the form layout is used to edit the result.
1266      *
1267      * @return  bool
1268      */
1269     public function edit()
1270     {
1271         // Load the model
1272         $model = $this->getThisModel();
1273 
1274         if (!$model->getId())
1275         {
1276             $model->setIDsFromRequest();
1277         }
1278 
1279         $status = $model->checkout();
1280 
1281         if (!$status)
1282         {
1283             // Redirect on error
1284 
1285             if ($customURL = $this->input->get('returnurl', '', 'string'))
1286             {
1287                 $customURL = base64_decode($customURL);
1288             }
1289 
1290             $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1291             $this->setRedirect($url, $model->getError(), 'error');
1292 
1293             return false;
1294         }
1295 
1296         // Set the layout to form, if it's not set in the URL
1297 
1298         if (is_null($this->layout))
1299         {
1300             $this->layout = 'form';
1301         }
1302 
1303         // Do I have a form?
1304         $model->setState('form_name', 'form.' . $this->layout);
1305 
1306         $item = $model->getItem();
1307 
1308         if (!($item instanceof FOFTable))
1309         {
1310             return false;
1311         }
1312 
1313         $itemKey = $item->getKeyName();
1314 
1315         if ($item->$itemKey != $model->getId())
1316         {
1317             return false;
1318         }
1319 
1320         $formData = is_object($item) ? $item->getData() : array();
1321         $form = $model->getForm($formData);
1322 
1323         if ($form !== false)
1324         {
1325             $this->hasForm = true;
1326         }
1327 
1328         // Display
1329         $this->display(in_array('edit', $this->cacheableTasks));
1330 
1331         return true;
1332     }
1333 
1334     /**
1335      * Save the incoming data and then return to the Edit task
1336      *
1337      * @return  bool
1338      */
1339     public function apply()
1340     {
1341         // CSRF prevention
1342         if ($this->csrfProtection)
1343         {
1344             $this->_csrfProtection();
1345         }
1346 
1347         $model = $this->getThisModel();
1348         $result = $this->applySave();
1349 
1350         // Redirect to the edit task
1351         if ($result)
1352         {
1353             $id = $this->input->get('id', 0, 'int');
1354             $textkey = strtoupper($this->component) . '_LBL_' . strtoupper($this->view) . '_SAVED';
1355 
1356             if ($customURL = $this->input->get('returnurl', '', 'string'))
1357             {
1358                 $customURL = base64_decode($customURL);
1359             }
1360 
1361             $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . $this->view . '&task=edit&id=' . $id . $this->getItemidURLSuffix();
1362             $this->setRedirect($url, JText::_($textkey));
1363         }
1364 
1365         return $result;
1366     }
1367 
1368     /**
1369      * Duplicates selected items
1370      *
1371      * @return  bool
1372      */
1373     public function copy()
1374     {
1375         // CSRF prevention
1376         if ($this->csrfProtection)
1377         {
1378             $this->_csrfProtection();
1379         }
1380 
1381         $model = $this->getThisModel();
1382 
1383         if (!$model->getId())
1384         {
1385             $model->setIDsFromRequest();
1386         }
1387 
1388         $status = $model->copy();
1389 
1390         // Redirect
1391         if ($customURL = $this->input->get('returnurl', '', 'string'))
1392         {
1393             $customURL = base64_decode($customURL);
1394         }
1395 
1396         $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1397 
1398         if (!$status)
1399         {
1400             $this->setRedirect($url, $model->getError(), 'error');
1401 
1402             return false;
1403         }
1404         else
1405         {
1406             if(!FOFPlatform::getInstance()->isCli())
1407             {
1408                 FOFPlatform::getInstance()->setHeader('Status', '201 Created', true);
1409             }
1410 
1411             $this->setRedirect($url);
1412 
1413             return true;
1414         }
1415     }
1416 
1417     /**
1418      * Save the incoming data and then return to the Browse task
1419      *
1420      * @return  bool
1421      */
1422     public function save()
1423     {
1424         // CSRF prevention
1425         if ($this->csrfProtection)
1426         {
1427             $this->_csrfProtection();
1428         }
1429 
1430         $result = $this->applySave();
1431 
1432         // Redirect to the display task
1433         if ($result)
1434         {
1435             $textkey = strtoupper($this->component) . '_LBL_' . strtoupper($this->view) . '_SAVED';
1436 
1437             if ($customURL = $this->input->get('returnurl', '', 'string'))
1438             {
1439                 $customURL = base64_decode($customURL);
1440             }
1441 
1442             $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1443             $this->setRedirect($url, JText::_($textkey));
1444         }
1445 
1446         return $result;
1447     }
1448 
1449     /**
1450      * Save the incoming data and then return to the Add task
1451      *
1452      * @return  bool
1453      */
1454     public function savenew()
1455     {
1456         // CSRF prevention
1457         if ($this->csrfProtection)
1458         {
1459             $this->_csrfProtection();
1460         }
1461 
1462         $result = $this->applySave();
1463 
1464         // Redirect to the display task
1465 
1466         if ($result)
1467         {
1468             $textkey = strtoupper($this->component) . '_LBL_' . strtoupper($this->view) . '_SAVED';
1469 
1470             if ($customURL = $this->input->get('returnurl', '', 'string'))
1471             {
1472                 $customURL = base64_decode($customURL);
1473             }
1474 
1475             $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . $this->view . '&task=add' . $this->getItemidURLSuffix();
1476             $this->setRedirect($url, JText::_($textkey));
1477         }
1478 
1479         return $result;
1480     }
1481 
1482     /**
1483      * Cancel the edit, check in the record and return to the Browse task
1484      *
1485      * @return  bool
1486      */
1487     public function cancel()
1488     {
1489         $model = $this->getThisModel();
1490 
1491         if (!$model->getId())
1492         {
1493             $model->setIDsFromRequest();
1494         }
1495 
1496         $model->checkin();
1497 
1498         // Remove any saved data
1499         JFactory::getSession()->set($model->getHash() . 'savedata', null);
1500 
1501         // Redirect to the display task
1502 
1503         if ($customURL = $this->input->get('returnurl', '', 'string'))
1504         {
1505             $customURL = base64_decode($customURL);
1506         }
1507 
1508         $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1509         $this->setRedirect($url);
1510 
1511         return true;
1512     }
1513 
1514     /**
1515      * Method to load a row from version history
1516      *
1517      * @return   boolean  True if the content history is reverted, false otherwise
1518      *
1519      * @since   2.2
1520      */
1521     public function loadhistory()
1522     {
1523         $app = JFactory::getApplication();
1524         $lang  = JFactory::getLanguage();
1525         $model = $this->getThisModel();
1526         $table = $model->getTable();
1527         $historyId = $app->input->get('version_id', null, 'integer');
1528         $status = $model->checkout();
1529         $alias = $this->component . '.' . $this->view;
1530 
1531         if (!$model->loadhistory($historyId, $table, $alias))
1532         {
1533             $this->setMessage($model->getError(), 'error');
1534 
1535             $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1536             $this->setRedirect($url);
1537 
1538             return false;
1539         }
1540 
1541         // Determine the name of the primary key for the data.
1542         if (empty($key))
1543         {
1544             $key = $table->getKeyName();
1545         }
1546 
1547         $recordId = $table->$key;
1548 
1549         // To avoid data collisions the urlVar may be different from the primary key.
1550         $urlVar = empty($this->urlVar) ? $key : $this->urlVar;
1551 
1552         // Access check.
1553         $privilege = $this->configProvider->get(
1554             $this->component . '.views.' .
1555             FOFInflector::singularize($this->view) . '.acl.edit', 'core.edit'
1556         );
1557 
1558         if (!$this->checkACL($privilege))
1559         {
1560             $this->setError(JText::_('JLIB_APPLICATION_ERROR_EDIT_NOT_PERMITTED'));
1561             $this->setMessage($this->getError(), 'error');
1562 
1563             $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1564             $this->setRedirect($url);
1565             $table->checkin();
1566 
1567             return false;
1568         }
1569 
1570         $table->store();
1571         $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1572         $this->setRedirect($url);
1573 
1574         $this->setMessage(JText::sprintf('JLIB_APPLICATION_SUCCESS_LOAD_HISTORY', $model->getState('save_date'), $model->getState('version_note')));
1575 
1576         return true;
1577     }
1578 
1579     /**
1580      * Sets the access to public. Joomla! 1.5 compatibility.
1581      *
1582      * @return  bool
1583      *
1584      * @deprecated since 2.0
1585      */
1586     public function accesspublic()
1587     {
1588         // CSRF prevention
1589 
1590         if ($this->csrfProtection)
1591         {
1592             $this->_csrfProtection();
1593         }
1594 
1595         return $this->setaccess(0);
1596     }
1597 
1598     /**
1599      * Sets the access to registered. Joomla! 1.5 compatibility.
1600      *
1601      * @return  bool
1602      *
1603      * @deprecated since 2.0
1604      */
1605     public function accessregistered()
1606     {
1607         // CSRF prevention
1608 
1609         if ($this->csrfProtection)
1610         {
1611             $this->_csrfProtection();
1612         }
1613 
1614         return $this->setaccess(1);
1615     }
1616 
1617     /**
1618      * Sets the access to special. Joomla! 1.5 compatibility.
1619      *
1620      * @return  bool
1621      *
1622      * @deprecated since 2.0
1623      */
1624     public function accessspecial()
1625     {
1626         // CSRF prevention
1627 
1628         if ($this->csrfProtection)
1629         {
1630             $this->_csrfProtection();
1631         }
1632 
1633         return $this->setaccess(2);
1634     }
1635 
1636     /**
1637      * Publish (set enabled = 1) an item.
1638      *
1639      * @return  bool
1640      */
1641     public function publish()
1642     {
1643         // CSRF prevention
1644         if ($this->csrfProtection)
1645         {
1646             $this->_csrfProtection();
1647         }
1648 
1649         return $this->setstate(1);
1650     }
1651 
1652     /**
1653      * Unpublish (set enabled = 0) an item.
1654      *
1655      * @return  bool
1656      */
1657     public function unpublish()
1658     {
1659         // CSRF prevention
1660         if ($this->csrfProtection)
1661         {
1662             $this->_csrfProtection();
1663         }
1664 
1665         return $this->setstate(0);
1666     }
1667 
1668     /**
1669      * Archive (set enabled = 2) an item.
1670      *
1671      * @return  bool
1672      */
1673     public function archive()
1674     {
1675         // CSRF prevention
1676         if ($this->csrfProtection)
1677         {
1678             $this->_csrfProtection();
1679         }
1680 
1681         return $this->setstate(2);
1682     }
1683 
1684     /**
1685      * Trash (set enabled = -2) an item.
1686      *
1687      * @return  bool
1688      */
1689     public function trash()
1690     {
1691         // CSRF prevention
1692         if ($this->csrfProtection)
1693         {
1694             $this->_csrfProtection();
1695         }
1696 
1697         return $this->setstate(-2);
1698     }
1699 
1700     /**
1701      * Saves the order of the items
1702      *
1703      * @return  bool
1704      */
1705     public function saveorder()
1706     {
1707         // CSRF prevention
1708         if ($this->csrfProtection)
1709         {
1710             $this->_csrfProtection();
1711         }
1712 
1713         $model = $this->getThisModel();
1714 
1715         if (!$model->getId())
1716         {
1717             $model->setIDsFromRequest();
1718         }
1719 
1720         $ordering = $model->getTable()->getColumnAlias('ordering');
1721         $ids      = $model->getIds();
1722         $orders   = $this->input->get('order', array(), 'array');
1723 
1724         if ($n = count($ids))
1725         {
1726             for ($i = 0; $i < $n; $i++)
1727             {
1728                 $model->setId($ids[$i]);
1729                 $neworder = (int) $orders[$i];
1730 
1731                 $item = $model->getItem();
1732 
1733                 if (!($item instanceof FOFTable))
1734                 {
1735                     return false;
1736                 }
1737 
1738                 $key = $item->getKeyName();
1739 
1740                 if ($item->$key == $ids[$i])
1741                 {
1742                     $item->$ordering = $neworder;
1743                     $model->save($item);
1744                 }
1745             }
1746         }
1747 
1748         $status = $model->reorder();
1749 
1750         // Redirect
1751         if ($customURL = $this->input->get('returnurl', '', 'string'))
1752         {
1753             $customURL = base64_decode($customURL);
1754         }
1755 
1756         $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1757         $this->setRedirect($url);
1758 
1759         return $status;
1760     }
1761 
1762     /**
1763      * Moves selected items one position down the ordering list
1764      *
1765      * @return  bool
1766      */
1767     public function orderdown()
1768     {
1769         // CSRF prevention
1770         if ($this->csrfProtection)
1771         {
1772             $this->_csrfProtection();
1773         }
1774 
1775         $model = $this->getThisModel();
1776 
1777         if (!$model->getId())
1778         {
1779             $model->setIDsFromRequest();
1780         }
1781 
1782         $status = $model->move(1);
1783 
1784         // Redirect
1785         if ($customURL = $this->input->get('returnurl', '', 'string'))
1786         {
1787             $customURL = base64_decode($customURL);
1788         }
1789 
1790         $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1791 
1792         if (!$status)
1793         {
1794             $this->setRedirect($url, $model->getError(), 'error');
1795         }
1796         else
1797         {
1798             $this->setRedirect($url);
1799         }
1800 
1801         return $status;
1802     }
1803 
1804     /**
1805      * Moves selected items one position up the ordering list
1806      *
1807      * @return  bool
1808      */
1809     public function orderup()
1810     {
1811         // CSRF prevention
1812         if ($this->csrfProtection)
1813         {
1814             $this->_csrfProtection();
1815         }
1816 
1817         $model = $this->getThisModel();
1818 
1819         if (!$model->getId())
1820         {
1821             $model->setIDsFromRequest();
1822         }
1823 
1824         $status = $model->move(-1);
1825 
1826         // Redirect
1827         if ($customURL = $this->input->get('returnurl', '', 'string'))
1828         {
1829             $customURL = base64_decode($customURL);
1830         }
1831 
1832         $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1833 
1834         if (!$status)
1835         {
1836             $this->setRedirect($url, $model->getError(), 'error');
1837         }
1838         else
1839         {
1840             $this->setRedirect($url);
1841         }
1842 
1843         return $status;
1844     }
1845 
1846     /**
1847      * Delete selected item(s)
1848      *
1849      * @return  bool
1850      */
1851     public function remove()
1852     {
1853         // CSRF prevention
1854         if ($this->csrfProtection)
1855         {
1856             $this->_csrfProtection();
1857         }
1858 
1859         $model = $this->getThisModel();
1860 
1861         if (!$model->getId())
1862         {
1863             $model->setIDsFromRequest();
1864         }
1865 
1866         $status = $model->delete();
1867 
1868         // Redirect
1869         if ($customURL = $this->input->get('returnurl', '', 'string'))
1870         {
1871             $customURL = base64_decode($customURL);
1872         }
1873 
1874         $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
1875 
1876         if (!$status)
1877         {
1878             $this->setRedirect($url, $model->getError(), 'error');
1879         }
1880         else
1881         {
1882             $this->setRedirect($url);
1883         }
1884 
1885         return $status;
1886     }
1887 
1888     /**
1889      * Redirects the browser or returns false if no redirect is set.
1890      *
1891      * @return  boolean  False if no redirect exists.
1892      */
1893     public function redirect()
1894     {
1895         if ($this->redirect)
1896         {
1897             $app = JFactory::getApplication();
1898             $app->enqueueMessage($this->message, $this->messageType);
1899             $app->redirect($this->redirect);
1900 
1901             return true;
1902         }
1903 
1904         return false;
1905     }
1906 
1907     /**
1908      * Returns true if there is a redirect set in the controller
1909      *
1910      * @return  boolean
1911      */
1912     public function hasRedirect()
1913     {
1914         return !empty($this->redirect);
1915     }
1916 
1917     /**
1918      * Register the default task to perform if a mapping is not found.
1919      *
1920      * @param   string  $method  The name of the method in the derived class to perform if a named task is not found.
1921      *
1922      * @return  FOFController  A FOFController object to support chaining.
1923      */
1924     public function registerDefaultTask($method)
1925     {
1926         $this->registerTask('__default', $method);
1927 
1928         return $this;
1929     }
1930 
1931     /**
1932      * Register (map) a task to a method in the class.
1933      *
1934      * @param   string  $task    The task.
1935      * @param   string  $method  The name of the method in the derived class to perform for this task.
1936      *
1937      * @return  FOFController  A FOFController object to support chaining.
1938      */
1939     public function registerTask($task, $method)
1940     {
1941         if (in_array(strtolower($method), $this->methods))
1942         {
1943             $this->taskMap[strtolower($task)] = $method;
1944         }
1945 
1946         return $this;
1947     }
1948 
1949     /**
1950      * Unregister (unmap) a task in the class.
1951      *
1952      * @param   string  $task  The task.
1953      *
1954      * @return  FOFController  This object to support chaining.
1955      */
1956     public function unregisterTask($task)
1957     {
1958         unset($this->taskMap[strtolower($task)]);
1959 
1960         return $this;
1961     }
1962 
1963     /**
1964      * Sets the internal message that is passed with a redirect
1965      *
1966      * @param   string  $text  Message to display on redirect.
1967      * @param   string  $type  Message type. Optional, defaults to 'message'.
1968      *
1969      * @return  string  Previous message
1970      */
1971     public function setMessage($text, $type = 'message')
1972     {
1973         $previous = $this->message;
1974         $this->message = $text;
1975         $this->messageType = $type;
1976 
1977         return $previous;
1978     }
1979 
1980     /**
1981      * Sets an entire array of search paths for resources.
1982      *
1983      * @param   string  $type  The type of path to set, typically 'view' or 'model'.
1984      * @param   string  $path  The new set of search paths. If null or false, resets to the current directory only.
1985      *
1986      * @return  void
1987      */
1988     protected function setPath($type, $path)
1989     {
1990         // Clear out the prior search dirs
1991         $this->paths[$type] = array();
1992 
1993         // Actually add the user-specified directories
1994         $this->addPath($type, $path);
1995     }
1996 
1997     /**
1998      * Registers a redirection with an optional message. The redirection is
1999      * carried out when you use the redirect method.
2000      *
2001      * @param   string  $url   The URL to redirect to
2002      * @param   string  $msg   The message to be pushed to the application
2003      * @param   string  $type  The message type to be pushed to the application, e.g. 'error'
2004      *
2005      * @return  FOFController  This object to support chaining
2006      */
2007     public function setRedirect($url, $msg = null, $type = null)
2008     {
2009         // Do the logic only if we're parsing a raw url (index.php?foo=bar&etc=etc)
2010         if (strpos($url, 'index.php') === 0)
2011         {
2012             $isAdmin = FOFPlatform::getInstance()->isBackend();
2013             $auto = false;
2014 
2015             if (($this->autoRouting == 2 || $this->autoRouting == 3) && $isAdmin)
2016             {
2017                 $auto = true;
2018             }
2019             elseif (($this->autoRouting == 1 || $this->autoRouting == 3) && !$isAdmin)
2020             {
2021                 $auto = true;
2022             }
2023 
2024             if ($auto)
2025             {
2026                 $url = JRoute::_($url, false);
2027             }
2028         }
2029 
2030         $this->redirect = $url;
2031 
2032         if ($msg !== null)
2033         {
2034             // Controller may have set this directly
2035             $this->message = $msg;
2036         }
2037 
2038         // Ensure the type is not overwritten by a previous call to setMessage.
2039         if (empty($type))
2040         {
2041             if (empty($this->messageType))
2042             {
2043                 $this->messageType = 'message';
2044             }
2045         }
2046         // If the type is explicitly set, set it.
2047         else
2048         {
2049             $this->messageType = $type;
2050         }
2051 
2052         return $this;
2053     }
2054 
2055     /**
2056      * Sets the published state (the enabled field) of the selected item(s)
2057      *
2058      * @param   integer  $state  The desired state. 0 is unpublished, 1 is published.
2059      *
2060      * @return  bool
2061      */
2062     protected function setstate($state = 0)
2063     {
2064         $model = $this->getThisModel();
2065 
2066         if (!$model->getId())
2067         {
2068             $model->setIDsFromRequest();
2069         }
2070 
2071         $status = $model->publish($state);
2072 
2073         // Redirect
2074         if ($customURL = $this->input->get('returnurl', '', 'string'))
2075         {
2076             $customURL = base64_decode($customURL);
2077         }
2078 
2079         $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
2080 
2081         if (!$status)
2082         {
2083             $this->setRedirect($url, $model->getError(), 'error');
2084         }
2085         else
2086         {
2087             $this->setRedirect($url);
2088         }
2089 
2090         return $status;
2091     }
2092 
2093     /**
2094      * Sets the access level of the selected item(s).
2095      *
2096      * @param   integer  $level  The desired viewing access level ID
2097      *
2098      * @return  bool
2099      */
2100     protected function setaccess($level = 0)
2101     {
2102         $model = $this->getThisModel();
2103 
2104         if (!$model->getId())
2105         {
2106             $model->setIDsFromRequest();
2107         }
2108 
2109         $id   = $model->getId();
2110         $item = $model->getItem();
2111 
2112         if (!($item instanceof FOFTable))
2113         {
2114             return false;
2115         }
2116 
2117         $accessField = $item->getColumnAlias('access');
2118         $key         = $item->getKeyName();
2119         $loadedid    = $item->$key;
2120 
2121         if ($id == $loadedid)
2122         {
2123             $item->$accessField = $level;
2124             $status = $model->save($item);
2125         }
2126         else
2127         {
2128             $status = false;
2129         }
2130 
2131         // Redirect
2132         if ($customURL = $this->input->get('returnurl', '', 'string'))
2133         {
2134             $customURL = base64_decode($customURL);
2135         }
2136 
2137         $url = !empty($customURL) ? $customURL : 'index.php?option=' . $this->component . '&view=' . FOFInflector::pluralize($this->view) . $this->getItemidURLSuffix();
2138 
2139         if (!$status)
2140         {
2141             $this->setRedirect($url, $model->getError(), 'error');
2142         }
2143         else
2144         {
2145             $this->setRedirect($url);
2146         }
2147 
2148         return $status;
2149     }
2150 
2151     /**
2152      * Common method to handle apply and save tasks
2153      *
2154      * @return  boolean  Returns true on success
2155      */
2156     final private function applySave()
2157     {
2158         // Load the model
2159         $model = $this->getThisModel();
2160 
2161         if (!$model->getId())
2162         {
2163             $model->setIDsFromRequest();
2164         }
2165 
2166         $id = $model->getId();
2167 
2168         $data = $this->input->getData();
2169 
2170         if (!$this->onBeforeApplySave($data))
2171         {
2172             return false;
2173         }
2174 
2175         // Set the layout to form, if it's not set in the URL
2176 
2177         if (is_null($this->layout))
2178         {
2179             $this->layout = 'form';
2180         }
2181 
2182         // Do I have a form?
2183         $model->setState('form_name', 'form.' . $this->layout);
2184 
2185         $status = $model->save($data);
2186 
2187         if ($status && ($id != 0))
2188         {
2189             FOFPlatform::getInstance()->setHeader('Status', '201 Created', true);
2190 
2191             // Try to check-in the record if it's not a new one
2192             $status = $model->checkin();
2193         }
2194 
2195         if ($status)
2196         {
2197             $status = $this->onAfterApplySave();
2198         }
2199 
2200         $this->input->set('id', $model->getId());
2201 
2202         if (!$status)
2203         {
2204             // Redirect on error
2205             $id = $model->getId();
2206 
2207             if ($customURL = $this->input->get('returnurl', '', 'string'))
2208             {
2209                 $customURL = base64_decode($customURL);
2210             }
2211 
2212             if (!empty($customURL))
2213             {
2214                 $url = $customURL;
2215             }
2216             elseif ($id != 0)
2217             {
2218                 $url = 'index.php?option=' . $this->component . '&view=' . $this->view . '&task=edit&id=' . $id . $this->getItemidURLSuffix();
2219             }
2220             else
2221             {
2222                 $url = 'index.php?option=' . $this->component . '&view=' . $this->view . '&task=add' . $this->getItemidURLSuffix();
2223             }
2224 
2225             $this->setRedirect($url, '<li>' . implode('</li><li>', $model->getErrors()) . '</li>', 'error');
2226 
2227             return false;
2228         }
2229         else
2230         {
2231             $session = JFactory::getSession();
2232             $session->set($model->getHash() . 'savedata', null);
2233 
2234             return true;
2235         }
2236     }
2237 
2238     /**
2239      * Returns the default model associated with the current view
2240      *
2241      * @param   array  $config  Configuration variables for the model
2242      *
2243      * @return  FOFModel  The global instance of the model (singleton)
2244      */
2245     final public function getThisModel($config = array())
2246     {
2247         if (!is_object($this->_modelObject))
2248         {
2249             // Make sure $config is an array
2250             if (is_object($config))
2251             {
2252                 $config = (array) $config;
2253             }
2254             elseif (!is_array($config))
2255             {
2256                 $config = array();
2257             }
2258 
2259             if (!empty($this->modelName))
2260             {
2261                 $parts = FOFInflector::explode($this->modelName);
2262                 $modelName = ucfirst(array_pop($parts));
2263                 $prefix = FOFInflector::implode($parts);
2264             }
2265             else
2266             {
2267                 $prefix = ucfirst($this->bareComponent) . 'Model';
2268                 $modelName = ucfirst(FOFInflector::pluralize($this->view));
2269             }
2270 
2271             if (!array_key_exists('input', $config) || !($config['input'] instanceof FOFInput))
2272             {
2273                 $config['input'] = $this->input;
2274             }
2275 
2276             $this->_modelObject = $this->getModel($modelName, $prefix, $config);
2277         }
2278 
2279         return $this->_modelObject;
2280     }
2281 
2282     /**
2283      * Method to get a model object, loading it if required.
2284      *
2285      * @param   string  $name    The model name. Optional.
2286      * @param   string  $prefix  The class prefix. Optional.
2287      * @param   array   $config  Configuration array for model. Optional.
2288      *
2289      * @return  object  The model.
2290      */
2291     public function getModel($name = '', $prefix = '', $config = array())
2292     {
2293         // Make sure $config is an array
2294         if (is_object($config))
2295         {
2296             $config = (array) $config;
2297         }
2298         elseif (!is_array($config) || empty($config))
2299         {
2300             // array_merge is required to create a copy instead of assigning by reference
2301             $config = array_merge($this->config);
2302         }
2303 
2304         if (empty($name))
2305         {
2306             $name = $this->getName();
2307         }
2308 
2309         if (empty($prefix))
2310         {
2311             $prefix = $this->model_prefix;
2312         }
2313 
2314         if ($model = $this->createModel($name, $prefix, $config))
2315         {
2316             // Task is a reserved state
2317             $model->setState('task', $this->task);
2318 
2319             // Let's get the application object and set menu information if it's available
2320             if (!FOFPlatform::getInstance()->isCli())
2321             {
2322                 $app = JFactory::getApplication();
2323                 $menu = $app->getMenu();
2324 
2325                 if (is_object($menu))
2326                 {
2327                     if ($item = $menu->getActive())
2328                     {
2329                         $params = $menu->getParams($item->id);
2330 
2331                         // Set default state data
2332                         $model->setState('parameters.menu', $params);
2333                     }
2334                 }
2335             }
2336         }
2337 
2338         return $model;
2339     }
2340 
2341     /**
2342      * Returns current view object
2343      *
2344      * @param   array  $config  Configuration variables for the model
2345      *
2346      * @return  FOFView  The global instance of the view object (singleton)
2347      */
2348     final public function getThisView($config = array())
2349     {
2350         if (!is_object($this->_viewObject))
2351         {
2352             // Make sure $config is an array
2353             if (is_object($config))
2354             {
2355                 $config = (array) $config;
2356             }
2357             elseif (!is_array($config) || empty($config))
2358             {
2359                 // array_merge is required to create a copy instead of assigning by reference
2360                 $config = array_merge($this->config);
2361             }
2362 
2363             $prefix = null;
2364             $viewName = null;
2365             $viewType = null;
2366 
2367             if (!empty($this->viewName))
2368             {
2369                 $parts = FOFInflector::explode($this->viewName);
2370                 $viewName = ucfirst(array_pop($parts));
2371                 $prefix = FOFInflector::implode($parts);
2372             }
2373             else
2374             {
2375                 $prefix = ucfirst($this->bareComponent) . 'View';
2376                 $viewName = ucfirst($this->view);
2377             }
2378 
2379             $document = FOFPlatform::getInstance()->getDocument();
2380 
2381             if ($document instanceof JDocument)
2382             {
2383                 $viewType = $document->getType();
2384             }
2385             else
2386             {
2387                 $viewType = $this->input->getCmd('format', 'html');
2388             }
2389 
2390             if (($viewType == 'html') && $this->hasForm)
2391             {
2392                 $viewType = 'form';
2393             }
2394 
2395             if (!array_key_exists('input', $config) || !($config['input'] instanceof FOFInput))
2396             {
2397                 $config['input'] = $this->input;
2398             }
2399 
2400             $config['input']->set('base_path', $this->basePath);
2401 
2402             $this->_viewObject = $this->getView($viewName, $viewType, $prefix, $config);
2403         }
2404 
2405         return $this->_viewObject;
2406     }
2407 
2408     /**
2409      * Method to get the controller name
2410      *
2411      * The dispatcher name is set by default parsed using the classname, or it can be set
2412      * by passing a $config['name'] in the class constructor
2413      *
2414      * @throws Exception
2415      *
2416      * @return  string  The name of the dispatcher
2417      */
2418     public function getName()
2419     {
2420         if (empty($this->name))
2421         {
2422             if (empty($this->bareComponent))
2423             {
2424                 $r = null;
2425 
2426                 if (!preg_match('/(.*)Controller/i', get_class($this), $r))
2427                 {
2428                     throw new Exception(JText::_('JLIB_APPLICATION_ERROR_CONTROLLER_GET_NAME'), 500);
2429                 }
2430 
2431                 $this->name = strtolower($r[1]);
2432             }
2433             else
2434             {
2435                 $this->name = $this->bareComponent;
2436             }
2437         }
2438 
2439         return $this->name;
2440     }
2441 
2442     /**
2443      * Get the last task that is being performed or was most recently performed.
2444      *
2445      * @return  string  The task that is being performed or was most recently performed.
2446      */
2447     public function getTask()
2448     {
2449         return $this->task;
2450     }
2451 
2452     /**
2453      * Gets the available tasks in the controller.
2454      *
2455      * @return  array  Array[i] of task names.
2456      */
2457     public function getTasks()
2458     {
2459         return $this->methods;
2460     }
2461 
2462     /**
2463      * Method to get a reference to the current view and load it if necessary.
2464      *
2465      * @param   string  $name   The view name. Optional, defaults to the controller name.
2466      * @param   string  $type   The view type. Optional.
2467      * @param   string  $prefix The class prefix. Optional.
2468      * @param   array   $config Configuration array for view. Optional.
2469      *
2470      * @throws Exception
2471      *
2472      * @return  FOFView  Reference to the view or an error.
2473      */
2474     public function getView($name = '', $type = '', $prefix = '', $config = array())
2475     {
2476         // Make sure $config is an array
2477         if (is_object($config))
2478         {
2479             $config = (array) $config;
2480         }
2481         elseif (!is_array($config))
2482         {
2483             $config = array();
2484         }
2485 
2486         if (empty($name))
2487         {
2488             $name = $this->getName();
2489         }
2490 
2491         if (empty($prefix))
2492         {
2493             $prefix = $this->getName() . 'View';
2494         }
2495 
2496         $signature = md5($name . $type . $prefix . serialize($config));
2497 
2498         if (empty($this->viewsCache[$signature]))
2499         {
2500             if ($view = $this->createView($name, $prefix, $type, $config))
2501             {
2502                 $this->viewsCache[$signature] = & $view;
2503             }
2504             else
2505             {
2506                 throw new Exception(JText::sprintf('JLIB_APPLICATION_ERROR_VIEW_NOT_FOUND', $name, $type, $prefix), 500);
2507             }
2508         }
2509 
2510         return $this->viewsCache[$signature];
2511     }
2512 
2513     /**
2514      * Creates a new model object
2515      *
2516      * @param   string  $name    The name of the model class, e.g. Items
2517      * @param   string  $prefix  The prefix of the model class, e.g. FoobarModel
2518      * @param   array   $config  The configuration parameters for the model class
2519      *
2520      * @return  FOFModel  The model object
2521      */
2522     protected function createModel($name, $prefix = '', $config = array())
2523     {
2524         // Make sure $config is an array
2525 
2526         if (is_object($config))
2527         {
2528             $config = (array) $config;
2529         }
2530         elseif (!is_array($config))
2531         {
2532             $config = array();
2533         }
2534 
2535         $result = null;
2536 
2537         // Clean the model name
2538         $modelName = preg_replace('/[^A-Z0-9_]/i', '', $name);
2539         $classPrefix = preg_replace('/[^A-Z0-9_]/i', '', $prefix);
2540 
2541         $result = FOFModel::getAnInstance($modelName, $classPrefix, $config);
2542 
2543         return $result;
2544     }
2545 
2546     /**
2547      * Method to load and return a model object.
2548      *
2549      * @param   string  $name    The name of the model.
2550      * @param   string  $prefix  Optional model prefix.
2551      * @param   array   $config  Configuration array for the model. Optional.
2552      *
2553      * @return  mixed   Model object on success; otherwise null
2554      */
2555     protected function &_createModel($name, $prefix = '', $config = array())
2556     {
2557         FOFPlatform::getInstance()->logDeprecated(__CLASS__ . '::' .__METHOD__ . ' is deprecated. Use createModel() instead.');
2558 
2559         return $this->createModel($name, $prefix, $config);
2560     }
2561 
2562     /**
2563      * Creates a View object instance and returns it
2564      *
2565      * @param   string  $name    The name of the view, e.g. Items
2566      * @param   string  $prefix  The prefix of the view, e.g. FoobarView
2567      * @param   string  $type    The type of the view, usually one of Html, Raw, Json or Csv
2568      * @param   array   $config  The configuration variables to use for creating the view
2569      *
2570      * @return  FOFView
2571      */
2572     protected function createView($name, $prefix = '', $type = '', $config = array())
2573     {
2574         // Make sure $config is an array
2575 
2576         if (is_object($config))
2577         {
2578             $config = (array) $config;
2579         }
2580         elseif (!is_array($config))
2581         {
2582             $config = array();
2583         }
2584 
2585         $result = null;
2586 
2587         // Clean the view name
2588         $viewName = preg_replace('/[^A-Z0-9_]/i', '', $name);
2589         $classPrefix = preg_replace('/[^A-Z0-9_]/i', '', $prefix);
2590         $viewType = preg_replace('/[^A-Z0-9_]/i', '', $type);
2591 
2592         if (!isset($config['input']))
2593         {
2594             $config['input'] = $this->input;
2595         }
2596 
2597         if (($config['input'] instanceof FOFInput))
2598         {
2599             $tmpInput = $config['input'];
2600         }
2601         else
2602         {
2603             $tmpInput = new FOFInput($config['input']);
2604         }
2605 
2606         // Guess the component name and view
2607 
2608         if (!empty($prefix))
2609         {
2610             preg_match('/(.*)View$/', $prefix, $m);
2611             $component = 'com_' . strtolower($m[1]);
2612         }
2613         else
2614         {
2615             $component = '';
2616         }
2617 
2618         if (empty($component) && array_key_exists('input', $config))
2619         {
2620             $component = $tmpInput->get('option', $component, 'cmd');
2621         }
2622 
2623         if (array_key_exists('option', $config))
2624         {
2625             if ($config['option'])
2626             {
2627                 $component = $config['option'];
2628             }
2629         }
2630 
2631         $config['option'] = $component;
2632 
2633         $view = strtolower($viewName);
2634 
2635         if (empty($view) && array_key_exists('input', $config))
2636         {
2637             $view = $tmpInput->get('view', $view, 'cmd');
2638         }
2639 
2640         if (array_key_exists('view', $config))
2641         {
2642             if ($config['view'])
2643             {
2644                 $view = $config['view'];
2645             }
2646         }
2647 
2648         $config['view'] = $view;
2649 
2650         if (array_key_exists('input', $config))
2651         {
2652             $tmpInput->set('option', $config['option']);
2653             $tmpInput->set('view', $config['view']);
2654             $config['input'] = $tmpInput;
2655         }
2656 
2657         // Get the component directories
2658         $componentPaths = FOFPlatform::getInstance()->getComponentBaseDirs($config['option']);
2659 
2660         // Get the base paths where the view class files are expected to live
2661         $basePaths = array(
2662             $componentPaths['main'],
2663             $componentPaths['alt']
2664         );
2665         $basePaths = array_merge($this->paths['view']);
2666 
2667         // Get the alternate (singular/plural) view name
2668         $altViewName = FOFInflector::isPlural($viewName) ? FOFInflector::singularize($viewName) : FOFInflector::pluralize($viewName);
2669 
2670         $suffixes = array(
2671             $viewName,
2672             $altViewName,
2673             'default'
2674         );
2675 
2676         $filesystem = FOFPlatform::getInstance()->getIntegrationObject('filesystem');
2677 
2678         foreach ($suffixes as $suffix)
2679         {
2680             // Build the view class name
2681             $viewClass = $classPrefix . ucfirst($suffix);
2682 
2683             if (class_exists($viewClass))
2684             {
2685                 // The class is already loaded
2686                 break;
2687             }
2688 
2689             // The class is not loaded. Let's load it!
2690             $viewPath = $this->createFileName('view', array('name'   => $suffix, 'type'  => $viewType));
2691             $path = $filesystem->pathFind($basePaths, $viewPath);
2692 
2693             if ($path)
2694             {
2695                 require_once $path;
2696             }
2697 
2698             if (class_exists($viewClass))
2699             {
2700                 // The class was loaded successfully
2701                 break;
2702             }
2703         }
2704 
2705         if (!class_exists($viewClass))
2706         {
2707             $viewClass = 'FOFView' . ucfirst($type);
2708         }
2709 
2710         $templateOverridePath = FOFPlatform::getInstance()->getTemplateOverridePath($config['option']);
2711 
2712         // Setup View configuration options
2713 
2714         if (!array_key_exists('template_path', $config))
2715         {
2716             $config['template_path'][] = $componentPaths['main'] . '/views/' . FOFInflector::pluralize($config['view']) . '/tmpl';
2717 
2718             if ($templateOverridePath)
2719             {
2720                 $config['template_path'][] = $templateOverridePath . '/' . FOFInflector::pluralize($config['view']);
2721             }
2722 
2723             $config['template_path'][] = $componentPaths['main'] . '/views/' . FOFInflector::singularize($config['view']) . '/tmpl';
2724 
2725             if ($templateOverridePath)
2726             {
2727                 $config['template_path'][] = $templateOverridePath . '/' . FOFInflector::singularize($config['view']);
2728             }
2729 
2730             $config['template_path'][] = $componentPaths['main'] . '/views/' . $config['view'] . '/tmpl';
2731 
2732             if ($templateOverridePath)
2733             {
2734                 $config['template_path'][] = $templateOverridePath . '/' . $config['view'];
2735             }
2736         }
2737 
2738         $extraTemplatePath = $this->configProvider->get($config['option'] . '.views.' . $config['view'] . '.config.template_path', null);
2739 
2740         if ($extraTemplatePath)
2741         {
2742             array_unshift($config['template_path'], $componentPaths['main'] . '/' . $extraTemplatePath);
2743         }
2744 
2745         if (!array_key_exists('helper_path', $config))
2746         {
2747             $config['helper_path'] = array(
2748                 $componentPaths['main'] . '/helpers',
2749                 $componentPaths['admin'] . '/helpers'
2750             );
2751         }
2752 
2753         $extraHelperPath = $this->configProvider->get($config['option'] . '.views.' . $config['view'] . '.config.helper_path', null);
2754 
2755         if ($extraHelperPath)
2756         {
2757             $config['helper_path'][] = $componentPaths['main'] . '/' . $extraHelperPath;
2758         }
2759 
2760         // Set up the page title
2761         $setFrontendPageTitle = $this->configProvider->get($config['option'] . '.views.' . $config['view'] . '.config.setFrontendPageTitle', null);
2762 
2763         if ($setFrontendPageTitle)
2764         {
2765             $setFrontendPageTitle = strtolower($setFrontendPageTitle);
2766             $config['setFrontendPageTitle'][] = in_array($setFrontendPageTitle, array('1', 'yes', 'true', 'on'));
2767         }
2768 
2769         $defaultPageTitle = $this->configProvider->get($config['option'] . '.views.' . $config['view'] . '.config.defaultPageTitle', null);
2770 
2771         if ($defaultPageTitle)
2772         {
2773             $config['defaultPageTitle'][] = in_array($defaultPageTitle, array('1', 'yes', 'true', 'on'));
2774         }
2775 
2776         // Set the use_hypermedia flag in $config if it's not already set
2777         if (!isset($config['use_hypermedia']))
2778         {
2779             $config['use_hypermedia'] = $this->configProvider->get($config['option'] . '.views.' . $config['view'] . '.config.use_hypermedia', false);
2780         }
2781 
2782         // Set also the linkbar_style
2783         if (!isset($config['linkbar_style']))
2784         {
2785             $style = $this->configProvider->get($config['option'] . '.views.' . $config['view'] . '.config.linkbar_style', false);
2786 
2787             if ($style) {
2788                 $config['linkbar_style'] = $style;
2789             }
2790         }
2791 
2792         /**
2793          * Some administrative templates force format=utf (yeah, I know, what the heck, right?) when a format
2794          * URL parameter does not exist in the URL. Of course there is no such thing as FOFViewUtf (why the heck would
2795          * it be, there is no such thing as a format=utf in Joomla! for crying out loud) which causes a Fatal Error. So
2796          * we have to detect that and force $type='html'...
2797          */
2798         if (!class_exists($viewClass) && ($type != 'html'))
2799         {
2800             $type = 'html';
2801             $result = $this->createView($name, $prefix, $type, $config);
2802         }
2803         else
2804         {
2805             $result = new $viewClass($config);
2806         }
2807 
2808         return $result;
2809     }
2810 
2811     /**
2812      * Deprecated function to create a View object instance
2813      *
2814      * @param   string  $name    The name of the view, e.g. 'Items'
2815      * @param   string  $prefix  The prefix of the view, e.g. 'FoobarView'
2816      * @param   string  $type    The view type, e.g. 'html'
2817      * @param   array   $config  The configuration array for the view
2818      *
2819      * @return  FOFView
2820      *
2821      * @see FOFController::createView
2822      *
2823      * @deprecated since version 2.0
2824      */
2825     protected function &_createView($name, $prefix = '', $type = '', $config = array())
2826     {
2827         FOFPlatform::getInstance()->logDeprecated(__CLASS__ . '::' . __METHOD__ . ' is deprecated. Use createView() instead.');
2828 
2829         return $this->createView($name, $prefix, $type, $config);
2830     }
2831 
2832     /**
2833      * Set the name of the view to be used by this Controller
2834      *
2835      * @param   string  $viewName  The name of the view
2836      *
2837      * @return  void
2838      */
2839     public function setThisViewName($viewName)
2840     {
2841         $this->viewName = $viewName;
2842     }
2843 
2844     /**
2845      * Set the name of the model to be used by this Controller
2846      *
2847      * @param   string  $modelName  The name of the model
2848      *
2849      * @return  void
2850      */
2851     public function setThisModelName($modelName)
2852     {
2853         $this->modelName = $modelName;
2854     }
2855 
2856     /**
2857      * Checks if the current user has enough privileges for the requested ACL
2858      * area.
2859      *
2860      * @param   string  $area  The ACL area, e.g. core.manage.
2861      *
2862      * @return  boolean  True if the user has the ACL privilege specified
2863      */
2864     protected function checkACL($area)
2865     {
2866         if (in_array(strtolower($area), array('false','0','no','403')))
2867         {
2868             return false;
2869         }
2870 
2871         if (in_array(strtolower($area), array('true','1','yes')))
2872         {
2873             return true;
2874         }
2875         elseif (empty($area))
2876         {
2877             return true;
2878         }
2879         else
2880         {
2881             // Check if we're dealing with ids
2882             $ids = null;
2883 
2884             // First, check if there is an asset for this record
2885             $table = $this->getThisModel()->getTable();
2886 
2887             if ($table && $table->isAssetsTracked())
2888             {
2889                 $ids = $this->getThisModel()->getId() ? $this->getThisModel()->getId() : null;
2890             }
2891 
2892             // Generic or Asset tracking
2893 
2894             if (empty($ids))
2895             {
2896                 return FOFPlatform::getInstance()->authorise($area, $this->component);
2897             }
2898             else
2899             {
2900                 if (!is_array($ids))
2901                 {
2902                     $ids = array($ids);
2903                 }
2904 
2905                 $resource = FOFInflector::singularize($this->view);
2906                 $isEditState = ($area == 'core.edit.state');
2907 
2908                 foreach ($ids as $id)
2909                 {
2910                     $asset = $this->component . '.' . $resource . '.' . $id;
2911 
2912                     // Dedicated permission found, check it!
2913 
2914                     if (FOFPlatform::getInstance()->authorise($area, $asset) )
2915                     {
2916                         return true;
2917                     }
2918 
2919                     // Fallback on edit.own, if not edit.state. First test if the permission is available.
2920 
2921                     if ((!$isEditState) && (FOFPlatform::getInstance()->authorise('core.edit.own', $asset)))
2922                     {
2923                         $table = $this->getThisModel()->getTable();
2924                         $table->load($id);
2925 
2926                         $created_by = $table->getColumnAlias('created_by');
2927 
2928                         if ($table && isset($table->$created_by))
2929                         {
2930                             // Now test the owner is the user.
2931                             $owner_id = (int) $table->$created_by;
2932 
2933                             // If the owner matches 'me' then do the test.
2934                             if ($owner_id == FOFPlatform::getInstance()->getUser()->id)
2935                             {
2936                                 return true;
2937                             }
2938                             else
2939                             {
2940                                 return false;
2941                             }
2942                         }
2943                         else
2944                         {
2945                             return false;
2946                         }
2947                     }
2948                 }
2949             }
2950         }
2951 
2952         return false;
2953     }
2954 
2955     /**
2956      * A catch-all method for all tasks without a corresponding onBefore
2957      * method. Applies the ACL preferences defined in fof.xml.
2958      *
2959      * @param   string  $task  The task being executed
2960      *
2961      * @return  boolean  True to allow execution of the task
2962      */
2963     protected function onBeforeGenericTask($task)
2964     {
2965         $privilege = $this->configProvider->get(
2966             $this->component . '.views.' .
2967             FOFInflector::singularize($this->view) . '.acl.' . $task, ''
2968         );
2969 
2970         return $this->checkACL($privilege);
2971     }
2972 
2973     /**
2974      * Execute something before applySave is called. Return false to prevent
2975      * applySave from executing.
2976      *
2977      * @param   array  &$data  The data upon which applySave will act
2978      *
2979      * @return  boolean  True to allow applySave to run
2980      */
2981     protected function onBeforeApplySave(&$data)
2982     {
2983         return true;
2984     }
2985 
2986     /**
2987      * Execute something after applySave has run.
2988      *
2989      * @return  boolean  True to allow normal return, false to cause a 403 error
2990      */
2991     protected function onAfterApplySave()
2992     {
2993         return true;
2994     }
2995 
2996     /**
2997      * ACL check before changing the access level; override to customise
2998      *
2999      * @return  boolean  True to allow accesspublic() to run
3000      */
3001     protected function onBeforeAccesspublic()
3002     {
3003         $privilege = $this->configProvider->get(
3004             $this->component . '.views.' .
3005             FOFInflector::singularize($this->view) . '.acl.accesspublic', 'core.edit.state');
3006 
3007         return $this->checkACL($privilege);
3008     }
3009 
3010     /**
3011      * ACL check before changing the access level; override to customise
3012      *
3013      * @return  boolean  True to allow the method to run
3014      */
3015     protected function onBeforeAccessregistered()
3016     {
3017         $privilege = $this->configProvider->get(
3018             $this->component . '.views.' .
3019             FOFInflector::singularize($this->view) . '.acl.accessregistered', 'core.edit.state'
3020         );
3021 
3022         return $this->checkACL($privilege);
3023     }
3024 
3025     /**
3026      * ACL check before changing the access level; override to customise
3027      *
3028      * @return  boolean  True to allow the method to run
3029      */
3030     protected function onBeforeAccessspecial()
3031     {
3032         $privilege = $this->configProvider->get(
3033             $this->component . '.views.' .
3034             FOFInflector::singularize($this->view) . '.acl.accessspecial', 'core.edit.state'
3035         );
3036 
3037         return $this->checkACL($privilege);
3038     }
3039 
3040     /**
3041      * ACL check before adding a new record; override to customise
3042      *
3043      * @return  boolean  True to allow the method to run
3044      */
3045     protected function onBeforeAdd()
3046     {
3047         $privilege = $this->configProvider->get(
3048             $this->component . '.views.' .
3049             FOFInflector::singularize($this->view) . '.acl.add', 'core.create'
3050         );
3051 
3052         return $this->checkACL($privilege);
3053     }
3054 
3055     /**
3056      * ACL check before saving a new/modified record; override to customise
3057      *
3058      * @return  boolean  True to allow the method to run
3059      */
3060     protected function onBeforeApply()
3061     {
3062         $model = $this->getThisModel();
3063 
3064         if (!$model->getId())
3065         {
3066             $model->setIDsFromRequest();
3067         }
3068 
3069         $id = $model->getId();
3070 
3071         if(!$id)
3072         {
3073             $defaultPrivilege = 'core.create';
3074         }
3075         else
3076         {
3077             $defaultPrivilege = 'core.edit';
3078         }
3079 
3080         $privilege = $this->configProvider->get(
3081             $this->component . '.views.' .
3082             FOFInflector::singularize($this->view) . '.acl.apply', $defaultPrivilege
3083         );
3084 
3085         return $this->checkACL($privilege);
3086     }
3087 
3088     /**
3089      * ACL check before allowing someone to browse
3090      *
3091      * @return  boolean  True to allow the method to run
3092      */
3093     protected function onBeforeBrowse()
3094     {
3095         $defaultPrivilege = '';
3096 
3097         $privilege = $this->configProvider->get(
3098             $this->component . '.views.' .
3099             FOFInflector::singularize($this->view) . '.acl.browse', $defaultPrivilege
3100         );
3101 
3102         return $this->checkACL($privilege);
3103     }
3104 
3105     /**
3106      * ACL check before cancelling an edit
3107      *
3108      * @return  boolean  True to allow the method to run
3109      */
3110     protected function onBeforeCancel()
3111     {
3112         $model = $this->getThisModel();
3113 
3114         if (!$model->getId())
3115         {
3116             $model->setIDsFromRequest();
3117         }
3118 
3119         $id = $model->getId();
3120 
3121         if(!$id)
3122         {
3123             $defaultPrivilege = 'core.create';
3124         }
3125         else
3126         {
3127             $defaultPrivilege = 'core.edit';
3128         }
3129 
3130         $privilege = $this->configProvider->get(
3131             $this->component . '.views.' .
3132             FOFInflector::singularize($this->view) . '.acl.cancel', $defaultPrivilege
3133         );
3134 
3135         return $this->checkACL($privilege);
3136     }
3137 
3138     /**
3139      * ACL check before editing a record; override to customise
3140      *
3141      * @return  boolean  True to allow the method to run
3142      */
3143     protected function onBeforeEdit()
3144     {
3145         $privilege = $this->configProvider->get(
3146             $this->component . '.views.' .
3147             FOFInflector::singularize($this->view) . '.acl.edit', 'core.edit'
3148         );
3149 
3150         return $this->checkACL($privilege);
3151     }
3152 
3153     /**
3154      * ACL check before changing the ordering of a record; override to customise
3155      *
3156      * @return  boolean  True to allow the method to run
3157      */
3158     protected function onBeforeOrderdown()
3159     {
3160         $privilege = $this->configProvider->get(
3161             $this->component . '.views.' .
3162             FOFInflector::singularize($this->view) . '.acl.orderdown', 'core.edit.state'
3163         );
3164 
3165         return $this->checkACL($privilege);
3166     }
3167 
3168     /**
3169      * ACL check before changing the ordering of a record; override to customise
3170      *
3171      * @return  boolean  True to allow the method to run
3172      */
3173     protected function onBeforeOrderup()
3174     {
3175         $privilege = $this->configProvider->get(
3176             $this->component . '.views.' .
3177             FOFInflector::singularize($this->view) . '.acl.orderup', 'core.edit.state'
3178         );
3179 
3180         return $this->checkACL($privilege);
3181     }
3182 
3183     /**
3184      * ACL check before changing the publish status of a record; override to customise
3185      *
3186      * @return  boolean  True to allow the method to run
3187      */
3188     protected function onBeforePublish()
3189     {
3190         $privilege = $this->configProvider->get(
3191             $this->component . '.views.' .
3192             FOFInflector::singularize($this->view) . '.acl.publish', 'core.edit.state'
3193         );
3194 
3195         return $this->checkACL($privilege);
3196     }
3197 
3198     /**
3199      * ACL check before removing a record; override to customise
3200      *
3201      * @return  boolean  True to allow the method to run
3202      */
3203     protected function onBeforeRemove()
3204     {
3205         $privilege = $this->configProvider->get(
3206             $this->component . '.views.' .
3207             FOFInflector::singularize($this->view) . '.acl.remove', 'core.delete'
3208         );
3209 
3210         return $this->checkACL($privilege);
3211     }
3212 
3213     /**
3214      * ACL check before saving a new/modified record; override to customise
3215      *
3216      * @return  boolean  True to allow the method to run
3217      */
3218     protected function onBeforeSave()
3219     {
3220         $model = $this->getThisModel();
3221 
3222         if (!$model->getId())
3223         {
3224             $model->setIDsFromRequest();
3225         }
3226 
3227         $id = $model->getId();
3228 
3229         if(!$id)
3230         {
3231             $defaultPrivilege = 'core.create';
3232         }
3233         else
3234         {
3235             $defaultPrivilege = 'core.edit';
3236         }
3237 
3238         $privilege = $this->configProvider->get(
3239             $this->component . '.views.' .
3240             FOFInflector::singularize($this->view) . '.acl.save', $defaultPrivilege
3241         );
3242 
3243         return $this->checkACL($privilege);
3244     }
3245 
3246     /**
3247      * ACL check before saving a new/modified record; override to customise
3248      *
3249      * @return  boolean  True to allow the method to run
3250      */
3251     protected function onBeforeSavenew()
3252     {
3253         $privilege = $this->configProvider->get(
3254             $this->component . '.views.' .
3255             FOFInflector::singularize($this->view) . '.acl.savenew', 'core.create'
3256         );
3257 
3258         return $this->checkACL($privilege);
3259     }
3260 
3261     /**
3262      * ACL check before changing the ordering of a record; override to customise
3263      *
3264      * @return  boolean  True to allow the method to run
3265      */
3266     protected function onBeforeSaveorder()
3267     {
3268         $privilege = $this->configProvider->get(
3269             $this->component . '.views.' .
3270             FOFInflector::singularize($this->view) . '.acl.saveorder', 'core.edit.state'
3271         );
3272 
3273         return $this->checkACL($privilege);
3274     }
3275 
3276     /**
3277      * ACL check before changing the publish status of a record; override to customise
3278      *
3279      * @return  boolean  True to allow the method to run
3280      */
3281     protected function onBeforeUnpublish()
3282     {
3283         $privilege = $this->configProvider->get(
3284             $this->component . '.views.' .
3285             FOFInflector::singularize($this->view) . '.acl.unpublish', 'core.edit.state'
3286         );
3287 
3288         return $this->checkACL($privilege);
3289     }
3290 
3291     /**
3292      * Gets a URL suffix with the Itemid parameter. If it's not the front-end of the site, or if
3293      * there is no Itemid set it returns an empty string.
3294      *
3295      * @return  string  The &Itemid=123 URL suffix, or an empty string if Itemid is not applicable
3296      */
3297     public function getItemidURLSuffix()
3298     {
3299         if (FOFPlatform::getInstance()->isFrontend() && ($this->input->getCmd('Itemid', 0) != 0))
3300         {
3301             return '&Itemid=' . $this->input->getInt('Itemid', 0);
3302         }
3303         else
3304         {
3305             return '';
3306         }
3307     }
3308 
3309     /**
3310      * Applies CSRF protection by means of a standard Joomla! token (nonce) check.
3311      * Raises a 403 Access Forbidden error through the platform if the check fails.
3312      *
3313      * TODO Move this check inside the platform
3314      *
3315      * @return  boolean  True if the CSRF check is successful
3316      *
3317      * @throws Exception
3318      */
3319     protected function _csrfProtection()
3320     {
3321         static $isCli = null, $isAdmin = null;
3322 
3323         if (is_null($isCli))
3324         {
3325             $isCli   = FOFPlatform::getInstance()->isCli();
3326             $isAdmin = FOFPlatform::getInstance()->isBackend();
3327         }
3328 
3329         switch ($this->csrfProtection)
3330         {
3331             // Never
3332             case 0:
3333                 return true;
3334                 break;
3335 
3336             // Always
3337             case 1:
3338                 break;
3339 
3340             // Only back-end and HTML format
3341             case 2:
3342                 if ($isCli)
3343                 {
3344                     return true;
3345                 }
3346                 elseif (!$isAdmin && ($this->input->get('format', 'html', 'cmd') != 'html'))
3347                 {
3348                     return true;
3349                 }
3350                 break;
3351 
3352             // Only back-end
3353             case 3:
3354                 if (!$isAdmin)
3355                 {
3356                     return true;
3357                 }
3358                 break;
3359         }
3360 
3361         $hasToken = false;
3362         $session  = JFactory::getSession();
3363 
3364         // Joomla! 1.5/1.6/1.7/2.5 (classic Joomla! API) method
3365         if (method_exists('JUtility', 'getToken'))
3366         {
3367             $token    = JUtility::getToken();
3368             $hasToken = $this->input->get($token, false, 'none') == 1;
3369 
3370             if (!$hasToken)
3371             {
3372                 $hasToken = $this->input->get('_token', null, 'none') == $token;
3373             }
3374         }
3375 
3376         // Joomla! 2.5+ (Platform 12.1+) method
3377         if (!$hasToken)
3378         {
3379             if (method_exists($session, 'getToken'))
3380             {
3381                 $token    = $session->getToken();
3382                 $hasToken = $this->input->get($token, false, 'none') == 1;
3383 
3384                 if (!$hasToken)
3385                 {
3386                     $hasToken = $this->input->get('_token', null, 'none') == $token;
3387                 }
3388             }
3389         }
3390 
3391         // Joomla! 2.5+ formToken method
3392         if (!$hasToken)
3393         {
3394             if (method_exists($session, 'getFormToken'))
3395             {
3396                 $token    = $session->getFormToken();
3397                 $hasToken = $this->input->get($token, false, 'none') == 1;
3398 
3399                 if (!$hasToken)
3400                 {
3401                     $hasToken = $this->input->get('_token', null, 'none') == $token;
3402                 }
3403             }
3404         }
3405 
3406         if (!$hasToken)
3407         {
3408             FOFPlatform::getInstance()->raiseError(403, JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN'));
3409 
3410             return false;
3411         }
3412     }
3413 }
3414