/
ViewAccessor.php
95 lines (79 loc) · 3.15 KB
/
ViewAccessor.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
/**
* Pimcore
*
* This source file is available under two different licenses:
* - GNU General Public License version 3 (GPLv3)
* - Pimcore Commercial License (PCL)
* Full copyright and license information is available in
* LICENSE.md which is distributed with this source code.
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GPLv3 and PCL
*/
namespace Pimcore\Bundle\PerspectiveEditorBundle\Services;
class ViewAccessor extends AbstractAccessor
{
protected $filename = 'customviews.php';
public function getAvailableViews()
{
$configuration = $this->getConfiguration();
$availableViews = [];
if ($configuration) {
foreach ($configuration['views'] as $view) {
$availableViews[] = ['id' => $view['id'], 'name' => $view['name'] . ' (Type: '. $view['treetype'] .', Root: '. $view['rootfolder'] .')'];
}
}
return $availableViews;
}
protected function convertTreeStoreToConfiguration($treeStore)
{
$configuration = [];
if (isset($treeStore['children'])) {
foreach ($treeStore['children'] as $child) {
if (array_key_exists('name', $child['config'])) {
$child['config']['name'] = htmlspecialchars($child['config']['name']);
}
if (!empty($child['config']['treeContextMenu'])) {
foreach (array_keys($child['config']['treeContextMenu']) as $contextMenuEntry) {
if (substr($child['config']['treetype'], 0, strlen($contextMenuEntry)) != $contextMenuEntry) {
unset($child['config']['treeContextMenu'][$contextMenuEntry]);
}
}
}
$configuration[$child['id']] = $child['config'];
}
}
return $configuration;
}
public function getConfiguration(): array
{
$views = \Pimcore\CustomView\Config::get();
if ($views) {
foreach ($views as $key => $view) {
if (isset($views[$key]['classes'])) {
$views[$key]['classes'] = array_keys($view['classes']);
}
}
return ['views' => $views];
}
return [];
}
protected function verifySql(array $configuration)
{
foreach ($configuration as $viewConfiguration) {
foreach ([$viewConfiguration['having'] ?? '', $viewConfiguration['where'] ?? ''] as $sql) {
if (preg_match('/(ALTER|CREATE|DROP|RENAME|TRUNCATE|UPDATE|DELETE|SET) /i', $sql, $matches)) {
throw new \InvalidArgumentException('Invalid SQL definition, possible SQL injection?');
}
}
}
}
public function writeConfiguration($treeStore, ?array $deletedRecords)
{
$configuration = $this->convertTreeStoreToConfiguration($treeStore);
$this->verifySql($configuration);
$this->validateConfig('custom_views', $configuration);
\Pimcore\CustomView\Config::save($configuration, $deletedRecords);
}
}