/** * Set a property's value. * * @param string $var Name of property to set. * @param mixed $value New value for property. */ public function __set($var, $value = '') { switch ($var) { case 'ev_id': $this->properties[$var] = COM_sanitizeId($value, false); break; case 'rp_id': case 'det_id': case 'uid': $this->properties[$var] = (int) $value; break; case 'date_start': case 'date_end': // String values $this->properties[$var] = trim(COM_checkHTML($value)); break; case 'time_start1': case 'time_end1': case 'time_start2': case 'time_end2': $this->properties[$var] = empty($value) ? '00:00:00' : trim($value); break; default: // Undefined values (do nothing) break; } }
function ppPrepareForDB($var) { // Need to call addslashes again as COM_checkHTML stips it out $var = COM_checkHTML($var); $var = addslashes($var); return $var; }
function loadTextFromArgs($arg, $postmode = '') { if (!empty($postmode)) { $this->setPostmode($postmode); } if ($this->_postmode == 'html' || $this->_postmode == 'wikitext') { $this->_text = COM_checkHTML(COM_checkWords($arg), 'story.edit'); } else { $this->_text = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($arg))); } return $this->_text; }
/** * Set a property's value. * Emulates the __set() magic function in PHP 5. * * @param string $var Name of property to set. * @param mixed $value New value for property. */ public function __set($var, $value = '') { switch ($var) { case 'id': $this->properties[$var] = COM_SanitizeID($value, false); break; case 'hits': case 'owner_id': case 'group_id': case 'perm_owner': case 'perm_group': case 'perm_members': case 'perm_anon': case 'startyear1': case 'startyear2': case 'startmonth1': case 'startmonth2': case 'startday1': case 'startday2': case 'endyear1': case 'endyear2': case 'endmonth1': case 'endmonth2': case 'endday1': case 'endday2': case 'cal_id': // Integer values if ($value == '') { $value = 0; } $this->properties[$var] = (int) $value; break; case 'date_start1': case 'date_end1': case 'postmode': // String values $this->properties[$var] = trim(COM_checkHTML($value)); break; case 'time_start1': case 'time_start2': case 'time_end1': case 'time_end2': $this->properties[$var] = empty($value) ? '00:00:00' : trim($value); break; case 'status': case 'recurring': case 'allday': case 'split': case 'enable_reminders': case 'show_upcoming': // Boolean values $this->properties[$var] = $value == 1 ? 1 : 0; break; case 'categories': if (is_array($value)) { $this->{$var} = $value; } else { $this->{$var} = explode(',', $value); } break; default: // Undefined values (do nothing) break; } }
public function testCheckHTMLMissingLastRawTagCONFSkip_html_filter_for_rootEquals0() { // Line 2923 global $_CONF, $_GROUPS; $_CONF['skip_html_filter_for_root'] = 1; $_GROUPS['Root'] = 'Root'; $this->assertEquals('<!-- string -->[raw2]<!-- string -->&#36;var&#092;n&#092;[/raw2]', COM_checkHTML('<!-- string -->[RAw]<!-- string -->$var\\\\n\\\\')); }
/** * Saves an event to the database * * @param array $_POST fields * @return string HTML redirect or error message * */ function CALENDAR_save($eid, $C) { global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF; $allday = isset($C['allday']) ? COM_applyFilter($C['allday']) : ''; $hour_mode = isset($C['hour_mode']) && $C['hour_mode'] == 24 ? 24 : 12; if ($hour_mode == 24) { // these aren't set in 24 hour mode $C['start_ampm'] = ''; $C['end_ampm'] = ''; } $status = $C['status']; $title = $C['title']; $event_type = $C['event_type']; $url = $C['url']; $start_month = COM_applyFilter($C['start_month'], true); $start_day = COM_applyFilter($C['start_day'], true); $start_year = COM_applyFilter($C['start_year'], true); $start_hour = COM_applyFilter($C['start_hour'], true); $start_minute = COM_applyFilter($C['start_minute'], true); $start_ampm = $C['start_ampm']; $end_month = COM_applyFilter($C['end_month'], true); $end_day = COM_applyFilter($C['end_day'], true); $end_year = COM_applyFilter($C['end_year'], true); $end_hour = COM_applyFilter($C['end_hour'], true); $end_minute = COM_applyFilter($C['end_minute'], true); $end_ampm = $C['end_ampm']; $location = $C['location']; $address1 = $C['address1']; $address2 = $C['address2']; $city = $C['city']; $state = $C['state']; $zipcode = $C['zipcode']; $description = $C['description']; $postmode = $C['postmode']; $owner_id = COM_applyFilter($C['owner_id'], true); $group_id = COM_applyFilter($C['group_id'], true); $perm_owner = $C['perm_owner']; $perm_group = $C['perm_group']; $perm_members = isset($C['perm_members']) ? $C['perm_members'] : ''; $perm_anon = isset($C['perm_anon']) ? $C['perm_anon'] : ''; $type = isset($C['type']) ? COM_applyFilter($C['type']) : ''; $C['datestart'] = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $C['timestart'] = $start_hour . ':' . $start_minute . ':00'; $C['dateend'] = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $C['timeend'] = $end_hour . ':' . $end_minute . ':00'; $C['allday'] = $allday; $C['hits'] = 0; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if (DB_count($_TABLES['events'], 'eid', $eid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]); $retval .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true); $retval .= COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}."); return $retval; } if ($hour_mode == 24) { // to avoid having to mess with the tried and tested code below, map // the 24-hour values onto their 12-hour counterparts and use those if ($start_hour >= 12) { $start_ampm = 'pm'; $start_hour = $start_hour - 12; } else { $start_ampm = 'am'; $start_hour = $start_hour; } if ($start_hour == 0) { $start_hour = 12; } if ($end_hour >= 12) { $end_ampm = 'pm'; $end_hour = $end_hour - 12; } else { $end_ampm = 'am'; $end_hour = $end_hour; } if ($end_hour == 0) { $end_hour = 12; } } if ($allday == 'on') { $allday = 1; } else { $allday = 0; } // Make sure start date is before end date if (checkdate($start_month, $start_day, $start_year)) { $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $timestart = $start_hour . ':' . $start_minute . ':00'; } else { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } if (checkdate($end_month, $end_day, $end_year)) { $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $timeend = $end_hour . ':' . $end_minute . ':00'; } else { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } if ($allday == 0) { if ($dateend < $datestart) { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } } else { if ($dateend < $datestart) { // Force end date to be same as start date $dateend = $datestart; } } // clean 'em up if ($postmode == 'html') { $description = COM_checkHTML(COM_checkWords($description)); } else { $postmode = 'plaintext'; $description = @htmlspecialchars(COM_checkWords($description)); } $description = DB_escapeString($description); $title = DB_escapeString(COM_checkHTML(COM_checkWords($title))); $location = DB_escapeString(COM_checkHTML(COM_checkWords($location))); $address1 = DB_escapeString(COM_checkHTML(COM_checkWords($address1))); $address2 = DB_escapeString(COM_checkHTML(COM_checkWords($address2))); $city = DB_escapeString(COM_checkHTML(COM_checkWords($city))); $state = DB_escapeString(COM_checkHTML(COM_checkWords($state))); $zipcode = DB_escapeString(COM_checkHTML(COM_checkWords($zipcode))); $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type))); $url = DB_escapeString(strip_tags($url)); if ($allday == 0) { // Add 12 to make time on 24 hour clock if needed if ($start_ampm == 'pm' and $start_hour != 12) { $start_hour = $start_hour + 12; } // If 12AM set hour to 00 if ($start_ampm == 'am' and $start_hour == 12) { $start_hour = '00'; } // Add 12 to make time on 24 hour clock if needed if ($end_ampm == 'pm' and $end_hour != 12) { $end_hour = $end_hour + 12; } // If 12AM set hour to 00 if ($end_ampm == 'am' and $end_hour == 12) { $end_hour = '00'; } $timestart = $start_hour . ':' . $start_minute . ':00'; $timeend = $end_hour . ':' . $end_minute . ':00'; } if (!empty($eid) and !empty($description) and !empty($title)) { DB_delete($_TABLES['eventsubmission'], 'eid', $eid); DB_save($_TABLES['events'], 'eid,status,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon', "'{$eid}',{$status},'{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) { $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'"); $numrows = DB_numRows($result); for ($i = 1; $i <= $numrows; $i++) { $P = DB_fetchArray($result); DB_save($_TABLES['personal_events'], 'eid,status,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}',{$status},'{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'"); } } PLG_itemSaved($eid, 'calendar'); COM_rdfUpToDateCheck('calendar', $event_type, $eid); // if we just saved a submission, then return to the submissions page if ($type == 'submission') { return COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17); } } else { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } }
function prepareStringForDB($message, $postmode = "html", $censor = TRUE, $htmlfilter = TRUE) { global $_FF_CONF; if ($censor) { $message = COM_checkWords($message); } if ($postmode == 'html') { if ($htmlfilter) { // Need to call addslahes again as COM_checkHTML stips it out $message = DB_escapeString(COM_checkHTML($message)); } else { $message = DB_escapeString($message); } } else { $message = DB_escapeString(@htmlspecialchars($message, ENT_QUOTES, COM_getEncodingt())); } return $message; }
/** * Displays the Static Page Editor * * @sp_id string ID of static page to edit * @action string action (edit, clone or null) * @editor string editor to use * */ function PAGE_edit($sp_id, $action = '', $editor = '') { global $_CONF, $_SP_CONF, $_TABLES, $_USER, $LANG_STATIC; if (!empty($sp_id) && $action == 'edit') { $result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3)); $A = DB_fetchArray($result); $A['sp_old_id'] = $A['sp_id']; // // sp_old_id is not null, this is an existing page } elseif ($action == 'edit') { // we're creating a new staticpage, set default values $A['sp_id'] = COM_makesid(); // make a default new/unique staticpage ID based upon the datetime $A['sp_status'] = $_SP_CONF['status_flag']; $A['sp_uid'] = $_USER['uid']; // created by current user $A['unixdate'] = time(); // date/time created $A['sp_help'] = ''; // no help URL $A['sp_old_id'] = ''; // sp_old_id is null, this is a new page $A['commentcode'] = $_SP_CONF['comment_code']; $A['sp_where'] = 1; // top of page $A['sp_search'] = $_SP_CONF['include_search']; } elseif (!empty($sp_id) && $action == 'clone') { // we're creating a new staticpage based upon an old one. get the page to be cloned $result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 2)); $A = DB_fetchArray($result); // override old page values with values unique to this page $A['sp_id'] = COM_makesid(); // make a default new/unique staticpage ID based upon the datetime $sp_id = $A['sp_id']; // to ensure value displayed in field reflects updated value $sp_title = $A['sp_title'] . ' (' . $LANG_STATIC['copy'] . ')'; $A['sp_title'] = $sp_title; // indicate in title that this is a cloned page $A['sp_uid'] = $_USER['uid']; // created by current user $A['unixdate'] = time(); // date/time created $A['sp_hits'] = 0; // reset page hits $A['sp_old_id'] = ''; // sp_old_id is null, this is a new page } else { $A = $_POST; if (empty($A['unixdate'])) { $A['unixdate'] = time(); // update date and time } $A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content'])); } if (isset($A['sp_title'])) { $A['sp_title'] = strip_tags($A['sp_title']); } $A['editor'] = $editor; return PAGE_form($A); }
/** * Displays the Static Page Editor * * @param string $sp_id ID of static page to edit * @param string $mode Mode * @param string $editor Editor mode? (unused?) * @return string HTML for static pages editor * */ function staticpageeditor($sp_id, $mode = '', $editor = '') { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG_STATIC; $retval = ''; if (!empty($sp_id) && $mode == 'edit') { $result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3)); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $A['sp_old_id'] = $A['sp_id']; } } elseif ($mode == 'edit') { $A['sp_id'] = COM_makesid(); $A['sp_uid'] = $_USER['uid']; $A['unixdate'] = time(); $A['sp_help'] = ''; $A['sp_old_id'] = ''; $A['commentcode'] = $_CONF['comment_code']; $A['sp_where'] = 1; // default new pages to "top of page" } elseif (!empty($sp_id) && $mode == 'clone') { $result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3)); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $A['sp_id'] = COM_makesid(); $A['sp_uid'] = $_USER['uid']; $A['unixdate'] = time(); $A['sp_hits'] = 0; $A['sp_old_id'] = ''; $A['commentcode'] = $_CONF['comment_code']; } } else { $A = $_POST; if (empty($A['unixdate'])) { $A['unixdate'] = time(); } $A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']), 'staticpages.edit'); } if (isset($A)) { if (isset($A['sp_title'])) { $A['sp_title'] = strip_tags($A['sp_title']); } if (isset($A['meta_description'])) { $A['meta_description'] = strip_tags($A['meta_description']); } if (isset($A['meta_keywords'])) { $A['meta_keywords'] = strip_tags($A['meta_keywords']); } $A['editor'] = $editor; $retval = staticpageeditor_form($A); } else { $retval = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG_STATIC['deny_msg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); } return $retval; }
private function _filterText($var) { // Need to call addslashes again as COM_checkHTML strips it out if ($this->_checkhtml) { $var = COM_checkHTML($var); } if ($this->_checkwords) { $var = COM_checkWords($var); } $var = COM_killJS($var); if ($this->_maxlength > 0) { $var = substr($var, 0, $this->_maxlength); } if ($this->_prepfordb) { $var = addslashes($var); } elseif ($this->_prepforweb) { $var = stripslashes($var); } return $var; }
function MG_getRemote($URL, $mimeType, $albumId, $caption, $description, $keywords, $category, $attachedThumbnail, $thumbnail, $resolution_x, $resolution_y) { global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id; if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Entering MG_getRemote()"); COM_errorLog("MG Upload: URL to process: " . htmlentities($URL)); } $resolution_x = 0; $resolution_y = 0; $urlArray = array(); $urlArray = parse_url($URL); // make sure we have the proper permissions to upload to this album.... $sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($albumId); $aResult = DB_query($sql); $aRows = DB_numRows($aResult); if ($aRows != 1) { $errMsg = $LANG_MG02['album_nonexist']; // "Album does not exist, unable to process uploads"; return array(false, $errMsg); } $albumInfo = DB_fetchArray($aResult); $access = SEC_hasAccess($albumInfo['owner_id'], $albumInfo['group_id'], $albumInfo['perm_owner'], $albumInfo['perm_group'], $albumInfo['perm_members'], $albumInfo['perm_anon']); if ($access != 3 && !$MG_albums[0]->owner_id && $albumInfo['member_uploads'] == 0) { COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1); return array(false, $LANG_MG00['access_denied_msg']); } $errors = 0; $errMsg = ''; sleep(1); // We do this to make sure we don't get dupe sid's $new_media_id = COM_makesid(); $media_time = time(); $media_upload_time = time(); $media_user_id = $_USER['uid']; // we expect the mime type (player type) to be passed to this function // - Image // - Video - Windows Media // - Video - QuickTime // - Video - Flash Video // - Audio - Windows Media // - Audio - QuickTime // - Audio - MP3 // - Embed - YouTube/Google/etc... switch ($mimeType) { case 'embed': $format_type = MG_EMB; $mimeExt = 'flv'; $mediaType = 5; break; case 'image/gif': $format_type = MG_GIF; $mimeExt = 'gif'; $mediaType = 0; break; case 'image/jpg': $format_type = MG_JPG; $mimeExt = 'jpg'; $mediaType = 0; break; case 'image/png': $format_type = MG_PNG; $mimeExt = 'png'; $mediaType = 0; break; case 'image/bmp': $format_type = MG_BMP; $mimeExt = 'bmp'; $mediaType = 0; break; case 'application/x-shockwave-flash': $format_type = MG_SWF; $mimeExt = 'swf'; $mediaType = 1; break; case 'video/quicktime': $format_type = MG_MOV; $mimeExt = 'mov'; $mediaType = 1; break; case 'video/x-flv': $format_type = MG_RFLV; $mimeExt = 'flv'; $mediaType = 1; break; case 'video/x-ms-asf': $format_type = MG_ASF; $mimeExt = 'asf'; $mediaType = 1; break; case 'audio/mpeg': $format_type = MG_MP3; $mimeExt = 'mp3'; $mediaType = 2; break; case 'audio/x-ms-wma': $format_type = MG_ASF; $mimeExt = 'wma'; $mediaType = 2; break; } if (!($MG_albums[$albumId]->valid_formats & $format_type)) { return array(false, $LANG_MG02['format_not_allowed']); } // create the unique filename to store this under do { clearstatcache(); $media_filename = md5(uniqid(rand())); } while (MG_file_exists($media_filename)); $disp_media_filename = $media_filename . '.' . $mimeExt; // for remote files this will be a 0 byte file if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename); } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Mime Type: " . $mimeType); } // now we pretent to process the file $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $media_time = time(); // create a 0 byte file in the orig directory... touch($media_orig); if ($errors) { COM_errorLog("MG Upload: Problem uploading a media object"); return array(false, $errMsg); } // Now we need to process an uploaded thumbnail if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: attachedThumbnail: " . $attachedThumbnail); COM_errorLog("MG Upload: thumbnail: " . $thumbnail); } if ($attachedThumbnail == 1 && $thumbnail != '') { // see if it is remote, if yes go get it... if (preg_match("/http/i", $thumbnail)) { $tmp_thumbnail = $_MG_CONF['tmp_path'] . '/' . $media_filename . '.jpg'; $rc = MG_getRemoteThumbnail($thumbnail, $tmp_thumbnail); $tmp_image_size = @getimagesize($tmp_thumbnail); if ($tmp_image_size != false) { $resolution_x = $tmp_image_size[0]; $resolution_y = $tmp_image_size[1]; } $thumbnail = $tmp_thumbnail; } else { $rc = true; } if ($rc == true) { $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($albumId, $thumbnail, $saveThumbnailName); } } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Building SQL and preparing to enter database"); } if ($_MG_CONF['htmlallowed'] != 1) { $media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description))))); $media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption))))); $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords))))); } else { $media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description))); $media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption))); $media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords))); } // Check and see if moderation is on. If yes, place in mediasubmission if ($albumInfo['moderate'] == 1 && !$MG_albums[0]->owner_id) { // && !SEC_hasRights('mediagallery.create')) { $tableMedia = $_TABLES['mg_mediaqueue']; $tableMediaAlbum = $_TABLES['mg_media_album_queue']; $queue = 1; } else { $tableMedia = $_TABLES['mg_media']; $tableMediaAlbum = $_TABLES['mg_media_albums']; $queue = 0; } $pathParts = array(); $pathParts = explode('/', $urlArray['path']); $ppCount = count($pathParts); $pPath = ''; for ($i = 1; $i < $ppCount - 1; $i++) { $pPath .= '/' . $pathParts[$i]; } $videoFile = $pathParts[$ppCount - 1]; if ($mediaType != 5) { $original_filename = $videoFile; } else { $original_filename = ''; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Inserting media record into mg_media"); } if (($resolution_x == 0 || $resolution_y == 0) && $mediaType != 0) { $resolution_x = 320; $resolution_y = 240; } $remoteURL = DB_escapeString($URL); $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url)\n VALUES ('" . DB_escapeString($new_media_id) . "','" . DB_escapeString($media_filename) . "','" . DB_escapeString($original_filename) . "','" . DB_escapeString($mimeExt) . "','1','" . DB_escapeString($mimeType) . "','{$media_caption}','{$media_desc}','{$media_keywords}','" . DB_escapeString($media_time) . "','0','0','0','0.00','" . DB_escapeString($attachedThumbnail) . "','','1','" . intval($media_user_id) . "','','0','" . DB_escapeString($mediaType) . "','" . DB_escapeString($media_upload_time) . "','" . DB_escapeString($category) . "','0','0','0',{$resolution_x},{$resolution_y},1,'{$remoteURL}');"; DB_query($sql); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Updating Album information"); } $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . intval($albumId); $result = DB_query($sql); $row = DB_fetchArray($result); $media_seq = $row['media_seq']; if ($media_seq < 10) { $media_seq = 10; } $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('" . DB_escapeString($new_media_id) . "', " . intval($albumId) . ", {$media_seq} )"; DB_query($sql); if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0) { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'"); } // update the media count for the album, only if no moderation... if ($queue == 0) { $media_count = $albumInfo['media_count'] + 1; DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $albumInfo['album_id'] . "'"); if ($albumInfo['album_cover'] == -1 && ($mediaType == 0 || $attachedThumbnail == 1)) { if ($attachedThumbnail == 1) { $covername = 'tn_' . $media_filename; } else { $covername = $media_filename; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Setting album cover filename to " . $covername); } DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $albumInfo['album_id'] . "'"); } } if ($queue) { $errMsg .= $LANG_MG01['successful_upload_queue']; // ' successfully placed in Moderation queue'; } else { $errMsg .= $LANG_MG01['successful_upload']; // ' successfully uploaded to album'; } if ($queue == 0) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_buildAlbumRSS($albumId); } COM_errorLog("MG Upload: Successfully uploaded a media object"); return array(true, $errMsg); }
/** * This is the importantest bit. This function must load the title, intro * and body of the article from the post array, providing all appropriate * conversions of HTML mode content into the nice safe form that geeklog * can then (simply) spit back out into the page on render. After doing a * magic tags replacement. * * This DOES NOT ADDSLASHES! We do that on DB store, because we want to * keep our internal variables in "display mode", not in db mode or anything. * * @param $title string posttitle, only had stripslashes if necessary * @param $intro string introtext, only had stripslashes if necessary * @param $body string bodytext, only had stripslashes if necessary * @return nothing * @access private */ function _htmlLoadStory($title, $intro, $body) { global $_CONF; // fix for bug in advanced editor if ($_CONF['advanced_editor'] && $body == '<br' . XHTML . '>') { $body = ''; } $this->_title = htmlspecialchars(strip_tags(COM_checkWords($title))); $this->_introtext = COM_checkHTML(COM_checkWords($intro), 'story.edit'); $this->_bodytext = COM_checkHTML(COM_checkWords($body), 'story.edit'); }
/** * Saves a poll * * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainpage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param string $meta_description * @param string $meta_keywords * @param int $statuscode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideresults Checkbox: hide results until closed * @param int $commentcode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_grup Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @return string HTML redirect or error message * */ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $topic = COM_checkHTML($topic); $topic_description = strip_tags(COM_stripslashes($topic_description)); $meta_description = strip_tags(COM_stripslashes($meta_description)); $meta_keywords = strip_tags(COM_stripslashes($meta_keywords)); $pid = COM_sanitizeID($pid); $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) { $retval .= COM_showMessageText($LANG25[2], $LANG21[32]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5])); return $retval; } if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } $access = 0; if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); COM_output($display); exit; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } // Retrieve Created Date before delete $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'"); if ($created_date == '') { $created_date = date('Y-m-d H:i:s'); } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = DB_escapeString($topic); $topic_description = DB_escapeString($topic_description); $meta_description = DB_escapeString($meta_description); $meta_keywords = DB_escapeString($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's // first dimension of array are the questions $num_questions = count($Q); $num_total_votes = 0; $num_questions_exist = 0; for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); $Q[$i] = COM_checkHTML($Q[$i]); $allow_multipleanswers[$i] = COM_stripslashes($allow_multipleanswers[$i]); $description[$i] = COM_checkHTML(COM_stripslashes($description[$i])); if ($allow_multipleanswers[$i] == 'on') { $allow_multipleanswers[$i] = 1; } else { $allow_multipleanswers[$i] = 0; } if (strlen($Q[$i]) > 0) { // only insert questions that exist $num_questions_exist++; $Q[$i] = DB_escapeString($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); $A[$i][$j] = COM_checkHTML($A[$i][$j]); $R[$i][$j] = COM_stripslashes($R[$i][$j]); $R[$i][$j] = COM_checkHTML($R[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = DB_escapeString($A[$i][$j]); $R[$i][$j] = DB_escapeString($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $num_total_votes = $num_total_votes + $V[$i][$j]; } } $k++; } } // determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime']) if ($num_questions_exist > 0) { $numvoters = $num_total_votes / $num_questions_exist; } else { // This shouldn't happen $numvoters = $num_total_votes; } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numvoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s'); if ($mainpage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideresults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls')); DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid)); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); }
/** * Saves an event to the database * * (parameters should be obvious - old list was incomplete anyway) * @return string HTML redirect or error message * */ function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode) { global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if (DB_count($_TABLES['events'], 'eid', $eid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}."); return $retval; } if ($hour_mode == 24) { // to avoid having to mess with the tried and tested code below, map // the 24-hour values onto their 12-hour counterparts and use those if ($start_hour >= 12) { $start_ampm = 'pm'; $start_hour = $start_hour - 12; } else { $start_ampm = 'am'; $start_hour = $start_hour; } if ($start_hour == 0) { $start_hour = 12; } if ($end_hour >= 12) { $end_ampm = 'pm'; $end_hour = $end_hour - 12; } else { $end_ampm = 'am'; $end_hour = $end_hour; } if ($end_hour == 0) { $end_hour = 12; } } if ($allday == 'on') { $allday = 1; } else { $allday = 0; } // Make sure start date is before end date if (checkdate($start_month, $start_day, $start_year)) { $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $timestart = $start_hour . ':' . $start_minute . ':00'; } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } if (checkdate($end_month, $end_day, $end_year)) { $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $timeend = $end_hour . ':' . $end_minute . ':00'; } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } if ($allday == 0) { if ($dateend < $datestart) { $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } } else { if ($dateend < $datestart) { // Force end date to be same as start date $dateend = $datestart; } } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up if ($postmode == 'html') { $description = COM_checkHTML(COM_checkWords($description), 'calendar.edit'); } else { $postmode = 'plaintext'; $description = htmlspecialchars(COM_checkWords($description)); } $description = DB_escapeString($description); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit')); $address1 = DB_escapeString(strip_tags(COM_checkWords($address1))); $address2 = DB_escapeString(strip_tags(COM_checkWords($address2))); $city = DB_escapeString(strip_tags(COM_checkWords($city))); $zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode))); $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type))); $url = DB_escapeString(strip_tags($url)); if ($allday == 0) { // Add 12 to make time on 24 hour clock if needed if ($start_ampm == 'pm' and $start_hour != 12) { $start_hour = $start_hour + 12; } // If 12AM set hour to 00 if ($start_ampm == 'am' and $start_hour == 12) { $start_hour = '00'; } // Add 12 to make time on 24 hour clock if needed if ($end_ampm == 'pm' and $end_hour != 12) { $end_hour = $end_hour + 12; } // If 12AM set hour to 00 if ($end_ampm == 'am' and $end_hour == 12) { $end_hour = '00'; } $timestart = $start_hour . ':' . $start_minute . ':00'; $timeend = $end_hour . ':' . $end_minute . ':00'; } if (!empty($eid) and !empty($description) and !empty($title)) { if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php'); } $hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'"); if (empty($hits)) { $hits = 0; } DB_delete($_TABLES['eventsubmission'], 'eid', $eid); DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}"); if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) { $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'"); $numrows = DB_numRows($result); for ($i = 1; $i <= $numrows; $i++) { $P = DB_fetchArray($result); DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'"); } } PLG_itemSaved($eid, 'calendar'); COM_rdfUpToDateCheck('calendar', $event_type, $eid); return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17); } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } }
/** * saves the specified album information * * @param int album_id album_id to edit * @return string HTML * */ function MG_saveAlbum($album_id, $actionURL = '') { global $_DB_dbms, $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST; $update = 0; if (isset($_POST['album_id'])) { $aid = COM_applyFilter($_POST['album_id'], true); } else { $aid = 0; } if (isset($_POST['force_child_update'])) { $forceChildPermUpdate = COM_applyFilter($_POST['force_child_update'], true); } else { $forceChildPermUpdate = 0; } $thumb = $_FILES['thumbnail']; $thumbnail = $thumb['tmp_name']; if (isset($_POST['attach_tn'])) { $att = COM_applyFilter($_POST['attach_tn']); } else { $att = 0; } if ($aid > 0) { // should be 0 or negative 1 for create $album = $MG_albums[$aid]; $oldparent = $album->parent; $old_tn_attached = $album->tn_attached; $old_featured = $album->featured; $update = 1; } else { $album = new mgAlbum(); $album->id = $aid; $update = 0; $old_tn_attached = 0; } if ($_MG_CONF['htmlallowed'] == 1) { $album->title = COM_checkHTML(COM_killJS($_POST['album_name'])); $album->description = COM_checkHTML(COM_killJS($_POST['album_desc'])); } else { $album->title = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_name'])))); $album->description = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_desc'])))); } if ($album->title == "") { return MG_errorHandler("You must enter an Album Name"); } $album->parent = COM_applyFilter($_POST['parentaid'], true); // we should not need this if (isset($_POST['hidden'])) { $album->hidden = COM_applyFilter($_POST['hidden'], true); } else { $album->hidden = 0; } $album->cover = COM_applyFilter($_POST['cover']); $album->cover_filename = COM_applyFilter($_POST['album_cover_filename']); if (isset($_POST['enable_album_views'])) { $album->enable_album_views = COM_applyFilter($_POST['enable_album_views'], true); } else { $album->enable_album_views = 0; } $album->image_skin = COM_applyFilter($_POST['skin']); $album->album_skin = COM_applyFilter($_POST['askin']); $album->display_skin = COM_applyFilter($_POST['dskin']); if (isset($_POST['display_album_desc'])) { $album->display_album_desc = COM_applyFilter($_POST['display_album_desc'], true); } else { $album->display_album_desc = 0; } if (isset($_POST['enable_comments'])) { $album->enable_comments = COM_applyFilter($_POST['enable_comments'], true); } else { $album->enable_comments = 0; } $album->exif_display = COM_applyFilter($_POST['enable_exif'], true); if (isset($_POST['enable_rating'])) { $album->enable_rating = COM_applyFilter($_POST['enable_rating'], true); } else { $album->enable_rating = 0; } $album->playback_type = COM_applyFilter($_POST['playback_type'], true); $album->tn_attached = isset($_POST['attach_tn']) ? COM_applyFilter($_POST['attach_tn'], true) : 0; $album->enable_slideshow = COM_applyFilter($_POST['enable_slideshow'], true); if (isset($_POST['enable_random'])) { $album->enable_random = COM_applyFilter($_POST['enable_random'], true); } else { $album->enable_random = 0; } if (isset($_POST['enable_shutterfly'])) { $album->enable_shutterfly = COM_applyFilter($_POST['enable_shutterfly'], true); } else { $album->enable_shutterfly = 0; } if (isset($_POST['enable_views'])) { $album->enable_views = COM_applyFilter($_POST['enable_views'], true); } else { $album->enable_views = 0; } if (isset($_POST['enable_keywords'])) { $album->enable_keywords = COM_applyFilter($_POST['enable_keywords'], true); } else { $album->enable_keywords = 0; } if (isset($_POST['enable_sort'])) { $album->enable_sort = COM_applyFilter($_POST['enable_sort'], true); } else { $album->enable_sort = 0; } if (isset($_POST['enable_rss'])) { $album->enable_rss = COM_applyFilter($_POST['enable_rss'], true); } else { $album->enable_rss = 0; } $album->enable_postcard = COM_applyFilter($_POST['enable_postcard'], true); if (isset($_POST['albums_first'])) { $album->albums_first = COM_applyFilter($_POST['albums_first'], true); } else { $album->albums_first = 0; } if (isset($_POST['allow_download'])) { $album->allow_download = COM_applyFilter($_POST['allow_download'], true); } else { $album->allow_download = 0; } if (isset($_POST['usealternate'])) { $album->useAlternate = COM_applyFilter($_POST['usealternate'], true); } else { $album->useAlternate = 0; } $album->full = COM_applyFilter($_POST['full_display'], true); $album->tn_size = COM_applyFilter($_POST['tn_size'], true); $album->max_image_height = COM_applyFilter($_POST['max_image_height'], true); $album->max_image_width = COM_applyFilter($_POST['max_image_width'], true); $album->max_filesize = COM_applyFilter($_POST['max_filesize'], true); if ($album->max_filesize != 0) { $album->max_filesize = $album->max_filesize * 1024; } $album->display_image_size = COM_applyFilter($_POST['display_image_size'], true); $album->display_rows = COM_applyFilter($_POST['display_rows'], true); $album->display_columns = COM_applyFilter($_POST['display_columns'], true); $album->skin = COM_applyFilter($_POST['album_theme']); if (isset($_POST['filename_title'])) { $album->filename_title = COM_applyFilter($_POST['filename_title'], true); } else { $album->filename_title = 0; } $album->shopping_cart = 0; if (isset($_POST['wm_auto'])) { $album->wm_auto = COM_applyFilter($_POST['wm_auto'], true); } else { $album->wm_auto = 0; } $album->wm_id = COM_applyFilter($_POST['wm_id']); $album->wm_opacity = COM_applyFilter($_POST['wm_opacity'], true); $album->wm_location = COM_applyFilter($_POST['wm_location'], true); $album->album_sort_order = COM_applyFilter($_POST['album_sort_order'], true); if (isset($_POST['uploads'])) { $album->member_uploads = COM_applyFilter($_POST['uploads'], true); } else { $album->member_uploads = 0; } if (isset($_POST['moderate'])) { $album->moderate = COM_applyFilter($_POST['moderate'], true); } else { $album->moderate = 0; } if (isset($_POST['email_mod'])) { $album->email_mod = COM_applyFilter($_POST['email_mod'], true); } else { $album->email_mod = 0; } if (isset($_POST['podcast'])) { $album->podcast = COM_applyFilter($_POST['podcast'], true); } else { $album->podcast = 0; } if (isset($_POST['mp3ribbon'])) { $album->mp3ribbon = COM_applyFilter($_POST['mp3ribbon'], true); } else { $album->mp3ribbon = 0; } if (isset($_POST['rsschildren'])) { $album->rssChildren = COM_applyFilter($_POST['rsschildren'], true); } else { $album->rssChildren = 0; } if (isset($_POST['tnheight'])) { $album->tnHeight = COM_applyFilter($_POST['tnheight'], true); if ($album->tnHeight == 0) { $album->tnHeight = 200; } } else { $album->tnHeight = 200; } if (isset($_POST['tnwidth'])) { $album->tnWidth = COM_applyFilter($_POST['tnwidth'], true); if ($album->tnWidth == 0) { $album->tnWidth = 200; } } else { $album->tnWidth = 200; } if (SEC_hasRights('mediagallery.admin')) { $format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0; $format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0; $format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0; $format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0; $format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0; $format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0; $format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0; $format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0; $format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0; $format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0; $format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0; $format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0; $format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0; $format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0; $format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0; $format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0; $format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0; $format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0; $format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0; $album->valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb; if (isset($_POST['featured'])) { $album->featured = COM_applyFilter($_POST['featured'], true); // admin only } else { $album->featured = 0; } $album->cbposition = COM_applyFilter($_POST['featureposition'], true); // admin only $album->cbpage = COM_applyFilter($_POST['featurepage']); // admin only $album->group_id = isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id']) : 0; // admin only $album->mod_group_id = isset($_POST['mod_id']) ? COM_applyFilter($_POST['mod_id'], true) : 0; // admin only $perm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0; // admin only $perm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0; // admin only $perm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0; $perm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0; list($album->perm_owner, $album->perm_group, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } else { $perm_owner = $album->perm_owner; // already set by existing album? $perm_group = $album->perm_group; // already set by existing album? if ($update == 0) { if (isset($MG_albums[$album->parent]->group_id)) { $grp_id = $MG_albums[$album->parent]->group_id; $album->group_id = $grp_id; } else { $gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'"); $grow = DB_fetchArray($gresult); $grp_id = $grow['grp_id']; $album->group_id = $grp_id; // only do these two if create.... } $album->mod_group_id = $_MG_CONF['member_mod_group_id']; if ($album->mod_group_id == '' || $album->mod_group_id < 1) { $album->mod_group_id = $grp_id; } } $perm_members = $_POST['perm_members']; $perm_anon = $_POST['perm_anon']; list($junk1, $junk2, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } if (isset($_POST['owner_id'])) { $album->owner_id = COM_applyFilter($_POST['owner_id']); } else { $album->owner_id = 2; } // simple check to see if we can create off the album root... if (!SEC_hasRights('mediagallery.admin')) { if ($album->parent == $_MG_CONF['member_album_root'] && $update == 0) { if ($_MG_CONF['member_create_new'] == 0) { return MG_errorHandler("Cannot create a new album off the member root, please select a new parent album"); } } } // final permission check to make sure we have the proper rights to create here.... if ($album->parent == 0 && $update == 0 && !$_MG_CONF['member_albums'] == 1 && !$_MG_CONF['member_album_root'] == 0) { // see if we are mediagallery.admin if (!SEC_hasRights('mediagallery.admin')) { COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album in Root. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } } elseif ($album->parent != 0) { if (!isset($MG_albums[$album->parent]->id)) { // does not exist... COM_errorLog("MediaGallery: Someone has tried to save a album to non-existent parent album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } else { if ($MG_albums[$album->parent]->access != 3 && !SEC_hasRights('mediagallery.admin') && !$_MG_CONF['member_albums'] && !($_MG_CONF['member_album_root'] == $MG_album[$album->parent]->id)) { COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } } } if ($old_tn_attached == 0 && $album->tn_attached == 1 && $thumb['tmp_name'] == '') { $album->tn_attached = 0; } if ($old_tn_attached == 1 && $album->tn_attached == 0) { $remove_old_tn = 1; } else { $remove_old_tn = 0; } if ($thumb['tmp_name'] != '' && $album->tn_attached == 1) { $thumbnail = $thumb['tmp_name']; $attachtn = 1; } else { $attachtn = 0; } // pull the watermark id associated with the filename... if ($album->wm_id == 'blank.png') { $wm_id = 0; } else { $wm_id = DB_getItem($_TABLES['mg_watermarks'], 'wm_id', 'filename="' . DB_escapeString($album->wm_id) . '"'); } if ($wm_id == '') { $wm_id = 0; } if ($wm_id == 0) { $album->wm_auto = 0; } $album->wm_id = $wm_id; // handle new featured albums if (SEC_hasRights('mediagallery.admin')) { if ($album->featured) { // check for other featured albums, we can only have one $sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE featured=1 AND cbpage='" . DB_escapeString($album->cbpage) . "'"; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows > 0) { $row = DB_fetchArray($result); $sql = "UPDATE {$_TABLES['mg_albums']} SET featured=0 WHERE album_id=" . $row['album_id']; DB_query($sql); } } } else { // if a new album, set the member album defaults since we are a non-admin if ($album->isMemberAlbum() && update == 0) { $album->perm_owner = $_MG_CONF['member_perm_owner']; $album->perm_group = $_MG_CONF['member_perm_group']; $album->enable_random = $_MG_CONF['member_enable_random']; $album->max_image_height = $_MG_CONF['member_max_height']; $album->max_image_width = $_MG_CONF['member_max_width']; $album->max_filesize = $_MG_CONF['member_max_filesize']; $album->member_uploads = $_MG_CONF['member_uploads']; $album->moderate = $_MG_CONF['member_moderate']; $album->email_mod = $_MG_CONF['member_email_mod']; $album->valid_formats = $_MG_CONF['member_valid_formats']; } } $album->title = substr($album->title, 0, 254); if ($_DB_dbms == "mssql") { $album->description = substr($album->description, 0, 1500); } if ($album->last_update == '') { $album->last_update = 0; } $album->last_update = intval($album->last_update); if ($album->id < 1) { $album->id = $album->createAlbumID(); $aid = $album->id; $album->order = $album->getNextSortOrder(); } if ($album->id == 0) { COM_errorLog("MediaGallery: Internal Error - album_id = 0 - Contact mark@glfusion.org "); return MG_genericError($LANG_MG00['access_denied_msg']); } $album->saveAlbum(); $album->updateChildPermissions($forceChildPermUpdate); // now handle the attached cover... if ($attachtn == 1) { if (!function_exists('MG_getFile')) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; } $media_filename = $_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id; MG_attachThumbnail($album->id, $thumbnail, $media_filename); } if ($remove_old_tn == 1) { foreach ($_MG_CONF['validExtensions'] as $ext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext)) { @unlink($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext); break; } } } MG_initAlbums(1); // do any album sorting here... if (isset($MG_albums[$aid]) && $MG_albums[$aid]->parent == 0) { switch ($MG_albums[$aid]->album_sort_order) { case 0: break; case 3: // upload, asc MG_staticSortAlbum($aid, 2, 1, 0); break; case 4: // upload, desc MG_staticSortAlbum($aid, 2, 0, 0); break; case 5: // title, asc MG_staticSortAlbum($aid, 0, 1, 0); break; case 6: // title, desc MG_staticSortAlbum($aid, 0, 0, 0); break; case 7: // rating, desc MG_staticSortAlbum($aid, 3, 0, 0); break; case 8: // rating, desc MG_staticSortAlbum($aid, 3, 1, 0); break; default: // skip it... break; } } else { // not a root album... switch ($MG_albums[$MG_albums[$aid]->parent]->album_sort_order) { case 0: break; case 3: // upload, asc MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 1, 0); break; case 4: // upload, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 0, 0); break; case 5: // title, asc MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 1, 0); break; case 6: // title, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 0, 0); break; case 7: // rating, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 0, 0); break; case 8: // rating, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 1, 0); break; default: // skip it... break; } // now call it for myself to sort my subs switch ($MG_albums[$aid]->album_sort_order) { case 0: break; case 3: // upload, asc MG_staticSortAlbum($aid, 2, 1, 0); break; case 4: // upload, desc MG_staticSortAlbum($aid, 2, 0, 0); break; case 5: // title, asc MG_staticSortAlbum($aid, 0, 1, 0); break; case 6: // title, desc MG_staticSortAlbum($aid, 0, 0, 0); break; case 7: // rating, desc MG_staticSortAlbum($aid, 3, 0, 0); break; case 8: // rating, desc MG_staticSortAlbum($aid, 3, 1, 0); break; default: // skip it... break; } } if (!function_exists('MG_buildFullRSS')) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; } MG_buildFullRSS(); MG_buildAlbumRSS($album->id); $actionURL = $_MG_CONF['site_url'] . '/album.php?aid=' . $album->id; echo COM_refresh($actionURL); exit; }
function ppFilterText($parameter) { // Need to call addslashes again as COM_checkHTML stips it out $var = COM_checkHTML($parameter); $var = COM_checkWords($var); $var = COM_killJS($var); $var = addslashes($var); return $var; }
/** * Displays the Static Page Editor * * @param string $sp_id ID of static page to edit * @param string $mode Mode * @param string $editor Editor mode? (unused?) * @return string HTML for static pages editor * */ function staticpageeditor($sp_id, $mode = '', $editor = '') { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG_STATIC, $_SP_CONF; $retval = ''; if (!empty($sp_id) && $mode == 'edit') { $result = DB_query("SELECT *,UNIX_TIMESTAMP(modified) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3)); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $A['sp_old_id'] = $A['sp_id']; } } elseif ($mode == 'edit') { // check if a new sp_id has been suggested $sp_new_id = ''; if (isset($_GET['sp_new_id'])) { $sp_new_id = COM_applyFilter($_GET['sp_new_id']); } if (empty($sp_new_id)) { $A['sp_id'] = COM_makesid(); } else { $A['sp_id'] = $sp_new_id; } $A['owner_id'] = $_USER['uid']; $A['unixdate'] = time(); $A['sp_help'] = ''; $A['sp_old_id'] = ''; $A['commentcode'] = $_SP_CONF['comment_code']; $A['sp_where'] = 1; // default new pages to "top of page" $A['draft_flag'] = $_SP_CONF['draft_flag']; $A['cache_time'] = $_SP_CONF['default_cache_time']; $A['template_flag'] = ''; // Defaults to not a template $A['template_id'] = ''; // Defaults to None if ($_USER['advanced_editor'] == 1) { $A['postmode'] = 'adveditor'; } } elseif (!empty($sp_id) && $mode == 'clone') { $result = DB_query("SELECT *,UNIX_TIMESTAMP(modified) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3)); if (DB_numRows($result) == 1) { $A = DB_fetchArray($result); $A['sp_id'] = COM_makesid(); $A['clone_sp_id'] = $sp_id; // need this so we can load the correct topics $A['owner_id'] = $_USER['uid']; $A['unixdate'] = time(); $A['sp_hits'] = 0; $A['sp_old_id'] = ''; $A['commentcode'] = $_SP_CONF['comment_code']; } } else { $A = $_POST; if (empty($A['unixdate'])) { $A['unixdate'] = time(); } $A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']), 'staticpages.edit'); } if (isset($A)) { if (isset($A['sp_title'])) { $A['sp_title'] = strip_tags($A['sp_title']); } if (isset($A['sp_page_title'])) { $A['sp_page_title'] = strip_tags($A['sp_page_title']); } if (isset($A['meta_description'])) { $A['meta_description'] = strip_tags($A['meta_description']); } if (isset($A['meta_keywords'])) { $A['meta_keywords'] = strip_tags($A['meta_keywords']); } $A['editor'] = $editor; $retval = staticpageeditor_form($A); } else { $retval = COM_showMessageText($LANG_STATIC['deny_msg'], $LANG_ACCESS['accessdenied']); } return $retval; }
function MG_watermarkUploadSave() { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03; // ok, we just check the type, we will accept png,jpg for now... $retval = '<h2>' . $LANG_MG03['upload_results'] . '</h2>'; $T = COM_newTemplate(MG_getTemplatePath(0)); $T->set_file('mupload', 'useruploadstatus.thtml'); $statusMsg = ''; $errors = 0; $file = array(); $file = $_FILES['newmedia']; $public = isset($_POST['wm_public']) ? COM_applyFilter($_POST['wm_public'], true) : 0; foreach ($file['name'] as $key => $name) { $filename = $file['name'][$key]; $filetype = $file['type'][$key]; $filesize = $file['size'][$key]; $filetmp = $file['tmp_name'][$key]; $error = $file['error'][$key]; $description = $_POST['description'][$key]; if ($filesize > 65536) { // right now we hard coded 64kb COM_errorLog("MG Upload: File " . $filename . " exceeds maximum allowed filesize for this album"); $tmpmsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'], $filename); $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; continue; } if ($error != UPLOAD_ERR_OK) { switch ($error) { case 1: $tmpmsg = sprintf($LANG_MG02['upload_too_big'], $filename); $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; COM_errorLog('Media Gallery Error - ' . $tmpmsg); break; case 2: $tmpmsg = sprintf($LANG_MG02['upload_too_big_html'], $filename); $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; COM_errorLog('Media Gallery Error - ' . $tmpmsg); break; case 3: $tmpmsg = sprintf($LANG_MG02['partial_upload'], $filename); $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; COM_errorLog('Media Gallery Error - ' . $tmpmsg); break; case 4: $tmpmsg = $LANG_MG02['no_file_uploaded']; $statusMsg .= $tmpmsg . '<br' . XHTML . '>'; COM_errorLog('Media Gallery Error - ' . $tmpmsg); break; case 6: $statusMsg .= $LANG_MG02['missing_tmp'] . '<br' . XHTML . '>'; break; case 7: $statusMsg .= $LANG_MG02['disk_fail'] . '<br' . XHTML . '>'; break; default: $statusMsg .= $LANG_MG02['unknown_err'] . '<br' . XHTML . '>'; break; } continue; } $uid = $_USER['uid']; if ($public == 1) { $uid = 0; } //This will set the Content-Type to the appropriate setting for the file $file_extension = strtolower(substr(strrchr($filename, "."), 1)); switch ($file_extension) { case "png": $filetype = "image/png"; break; case "jpg": $filetype = "image/jpeg"; break; case "gif": $filetype = "image/gif"; break; default: $statusMsg .= $filename . $LANG_MG02['unsupported_wm_type']; continue; break; } $sql = "SELECT MAX(wm_id) + 1 AS nextwm_id FROM " . $_TABLES['mg_watermarks']; $result = DB_query($sql); $row = DB_fetchArray($result); $wm_id = $row['nextwm_id']; if ($wm_id < 1) { $wm_id = 1; } if ($wm_id == 0) { COM_errorLog("Media Gallery Error - Returned 0 as wm_id"); $wm_id = 1; } $wm_filename = $_MG_CONF['path_html'] . 'watermarks/' . $uid . '_' . $filename; if (file_exists($wm_filename)) { $statusMsg .= sprintf($LANG_MG02['wm_already_exists'], $filename); } else { $rc = move_uploaded_file($filetmp, $wm_filename); if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file....rc = " . $rc); $statusMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { chmod($wm_filename, 0644); $media_title_safe = substr($description, 0, 254); if ($_MG_CONF['htmlallowed'] != 1) { $media_title = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($media_title_safe))))); } else { $media_title = addslashes(htmlspecialchars(COM_checkHTML(COM_checkWords(COM_killJS($media_title_safe))))); } $saveFileName = addslashes($uid . '_' . $filename); $sql = "INSERT INTO {$_TABLES['mg_watermarks']} (wm_id,owner_id,filename,description)\n VALUES ({$wm_id},'{$uid}','{$saveFileName}','{$media_title}')"; DB_query($sql); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Updating Album information"); } if (DB_error()) { COM_errorLog("MediaGallery: Error inserting watermark data into database"); @unlink($wm_filename); $statusMsg .= $filename . " - " . DB_error(); } else { $statusMsg .= $filename . $LANG_MG02['wm_success']; } } } } $T->set_var('status_message', $statusMsg); $tmp = $_MG_CONF['site_url'] . '/admin.php?album_id=0&mode=wmmanage'; $redirect = sprintf($LANG_MG01['watermark_redirect'], $tmp); $T->set_var('redirect', $redirect); $retval .= $T->finish($T->parse('output', 'mupload')); return $retval; }
/** * Display an ad's detail * @param string $ad_id ID of ad to display */ function adDetail($ad_id = '') { global $_USER, $_TABLES, $_CONF, $LANG_ADVT, $_CONF_ADVT; USES_lib_comments(); // Determind if this is an administrator $admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin'); $ad_id = COM_sanitizeID($ad_id); if ($ad_id == '') { // An ad id is required for this function return CLASSIFIEDS_errorMsg($LANG_ADVT['missing_id'], 'alert'); } $srchval = isset($_GET['query']) ? trim($_GET['query']) : ''; // We use this in a few places here, so might as well just // figure it out once and save it. $perm_sql = COM_getPermSQL('AND', 0, 2, 'ad') . ' ' . COM_getPermSQL('AND', 0, 2, 'cat'); // get the ad information. $sql = "SELECT ad.*\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id='{$ad_id}'"; if (!$admin) { $sql .= $perm_sql; } $result = DB_query($sql); if (!$result || DB_numRows($result) < 1) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_ad_found'], 'note', 'Oops...'); } $ad = DB_fetchArray($result, false); // Check access to the ad. If granted, check that access isn't // blocked by any category. $my_access = CLASSIFIEDS_checkAccess($ad['ad_id'], $ad); if ($my_access >= 2) { $my_cat_access = CLASSIFIEDS_checkCatAccess($ad['cat_id'], false); if ($my_cat_access < $my_access) { $my_access = $my_cat_access; } } if ($my_access < 2) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']); } $cat = (int) $ad['cat_id']; // Increment the views counter $sql = "UPDATE {$_TABLES['ad_ads']} \n SET views = views + 1 \n WHERE ad_id='{$ad_id}'"; DB_query($sql); // Get the previous and next ads $condition = " AND ad.cat_id={$cat}"; if (!$admin) { $condition .= $perm_sql; } $sql = "SELECT ad_id\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id < '{$ad_id}' \n {$condition}\n ORDER BY ad_id DESC\n LIMIT 1"; $r = DB_query($sql); list($preAd_id) = DB_fetchArray($r, false); $sql = "SELECT ad_id\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad_id > '{$ad_id}' \n {$condition}\n ORDER BY ad_id ASC\n LIMIT 1"; $r = DB_query($sql); list($nextAd_id) = DB_fetchArray($r, false); // Get the user contact info. If none, just show the email link $sql = "SELECT * \n FROM {$_TABLES['ad_uinfo']} \n WHERE uid='{$ad['uid']}'"; //echo $sql; $result = DB_query($sql); $uinfo = array(); if ($result && DB_numRows($result) > 0) { $uinfo = DB_fetchArray($result); } else { $uinfo['uid'] = ''; $uinfo['address'] = ''; $uinfo['city'] = ''; $uinfo['state'] = ''; $uinfo['postal'] = ''; $uinfo['tel'] = ''; $uinfo['fax'] = ''; } // Get the hot results (most viewed ads) $time = time(); $sql = "SELECT ad.ad_id, ad.cat_id, ad.subject,\n cat.cat_id, cat.fgcolor, cat.bgcolor\n FROM {$_TABLES['ad_ads']} ad\n LEFT JOIN {$_TABLES['ad_category']} cat\n ON ad.cat_id = cat.cat_id\n WHERE ad.exp_date > {$time} \n {$perm_sql}\n ORDER BY views DESC \n LIMIT 4"; //echo $sql;die; $hotresult = DB_query($sql); // convert line breaks & others to html $patterns = array('/\\n/'); $replacements = array('<br />'); $ad['descript'] = PLG_replaceTags(COM_checkHTML($ad['descript'])); $ad['descript'] = preg_replace($patterns, $replacements, $ad['descript']); $ad['subject'] = strip_tags($ad['subject']); $ad['price'] = strip_tags($ad['price']); $ad['url'] = COM_sanitizeUrl($ad['url']); $ad['keywords'] = strip_tags($ad['keywords']); // Highlight search terms, if any if ($srchval != '') { $ad['subject'] = COM_highlightQuery($ad['subject'], $srchval); $ad['descript'] = COM_highlightQuery($ad['descript'], $srchval); } $detail = new Template(CLASSIFIEDS_PI_PATH . '/templates'); $detail->set_file('detail', 'detail.thtml'); if ($admin) { $base_url = CLASSIFIEDS_ADMIN_URL . '/index.php'; $del_link = $base_url . '?delete=ad&ad_id=' . $ad_id; $edit_link = $base_url . '?edit=ad&ad_id=' . $ad_id; } else { $base_url = CLASSIFIEDS_URL . '/index.php'; $del_link = $base_url . '?mode=Delete&id=' . $ad_id; $edit_link = $base_url . '?mode=editad&id=' . $ad_id; } // Set up the "add days" form if this user is the owner // or an admin if ($my_access == 3) { // How many days has the ad run? $max_add_days = CLASSIFIEDS_calcMaxAddDays(($ad['exp_date'] - $ad['add_date']) / 86400); if ($max_add_days > 0) { $detail->set_var('max_add_days', $max_add_days); } } if ($ad['exp_date'] < $time) { $detail->set_var('is_expired', 'true'); } USES_classifieds_class_category(); $detail->set_var(array('base_url' => $base_url, 'edit_link' => $edit_link, 'del_link' => $del_link, 'curr_loc' => adCategory::BreadCrumbs($cat, true), 'subject' => $ad['subject'], 'add_date' => date($_CONF['shortdate'], $ad['add_date']), 'exp_date' => date($_CONF['shortdate'], $ad['exp_date']), 'views_no' => $ad['views'], 'descript' => $ad['descript'], 'ad_type' => CLASSIFIEDS_getAdTypeString($ad['ad_type']), 'uinfo_address' => $uinfo['address'], 'uinfo_city' => $uinfo['city'], 'uinfo_state' => $uinfo['state'], 'uinfo_postcode' => $uinfo['postcode'], 'uinfo_tel' => $uinfo['tel'], 'uinfo_fax' => $uinfo['fax'], 'price' => $ad['price'], 'ad_id' => $ad_id, 'ad_url' => $ad['url'], 'username' => $_CONF_ADVT['disp_fullname'] == 1 ? COM_getDisplayName($ad['uid']) : DB_getItem($_TABLES['users'], 'username', "uid={$ad['uid']}"), 'fgcolor' => $ad['fgcolor'], 'bgcolor' => $ad['bgcolor'], 'cat_id' => $ad['cat_id'])); // Display a link to email the poster, or other message as needed $emailfromuser = DB_getItem($_TABLES['userprefs'], 'emailfromuser', "uid={$ad['uid']}"); if ($_CONF['emailuserloginrequired'] == 1 && COM_isAnonUser() || $emailfromuser < 1) { $detail->set_var('ad_uid', ''); } else { $detail->set_var('ad_uid', $ad['uid']); } if ($my_access == 3) { $detail->set_var('have_userlinks', 'true'); if ($admin || $_CONF_ADVT['usercanedit'] == 1) { $detail->set_var('have_editlink', 'true'); } else { $detail->set_var('have_editlink', ''); } } else { $detail->set_var('have_userlinks', ''); } // Retrieve the photos and put into the template $sql = "SELECT photo_id, filename\n FROM {$_TABLES['ad_photo']} \n WHERE ad_id='{$ad_id}'"; $photo = DB_query($sql); $photo_detail = ''; $detail->set_var('have_photo', ''); // assume no photo available if ($photo && DB_numRows($photo) >= 1) { while ($prow = DB_fetchArray($photo)) { $img_small = LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['detail_img_width']); $img_disp = CLASSIFIEDS_dispUrl($prow['filename']); if (!empty($img_small)) { $detail->set_block('detail', 'PhotoBlock', 'PBlock'); $detail->set_var(array('tn_width' => $_CONF_ADVT['detail_img_width'], 'small_url' => $img_small, 'disp_url' => $img_disp)); $detail->parse('PBlock', 'PhotoBlock', true); $detail->set_var('have_photo', 'true'); } } } if (DB_count($_TABLES['ad_ads'], 'owner_id', (int) $ad['owner_id']) > 1) { $detail->set_var('byposter_url', CLASSIFIEDS_URL . '/index.php?' . "page=byposter&uid={$ad['owner_id']}"); } // Show previous and next ads if ($preAd_id != '') { $detail->set_var('previous', '<a href="' . CLASSIFIEDS_makeURL('detail', $preAd_id) . "\"><<</a>"); } if ($nextAd_id != '') { $detail->set_var('next', '<a href="' . CLASSIFIEDS_makeURL('detail', $nextAd_id) . "\"> >></a>"); } // Show the "hot results" $hot_data = ''; if ($hotresult) { $detail->set_block('detail', 'HotBlock', 'HBlock'); while ($hotrow = DB_fetchArray($hotresult)) { $detail->set_var(array('hot_title' => $hotrow['subject'], 'hot_url' => CLASSIFIEDS_makeURL('detail', $hotrow['ad_id']), 'hot_cat' => displayCat($hotrow['cat_id']))); /*$hot_data .= "<tr><td class=\"hottitle\"><a href=\"" . CLASSIFIEDS_makeURL('detail', $hotrow['ad_id']) . "\">{$hotrow['subject']}</a></small></td>\n"; $hot_data .= "<td class=\"hotcat\">( " . displayCat($hotrow['cat_id']) . " )</td></tr>\n";*/ } $detail->parse('HBlock', 'HotBlock', true); } $detail->set_var('whats_hot_row', $hot_data); // Show the user comments if (plugin_commentsupport_classifieds() && $ad['comments_enabled'] < 2) { $detail->set_var('usercomments', CMT_userComments($ad_id, $ad['subject'], 'classifieds', '', '', 0, 1, false, false, $ad['comments_enabled'])); //$detail->set_var('usercomments', CMT_userComments($ad_id, $subject, // 'classifieds')); } $detail->parse('output', 'detail'); $display = $detail->finish($detail->get_var('output')); return $display; }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG_STATIC['access_denied_msg']; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 3) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') { $args['draft_flag'] = 'on'; } if (empty($args['template_flag'])) { $args['template_flag'] = ''; } if (empty($args['template_id'])) { $args['template_id'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_title = $args['sp_title']; $sp_page_title = $args['sp_page_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $meta_description = $args['meta_description']; $meta_keywords = $args['meta_keywords']; $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $draft_flag = $args['draft_flag']; $template_flag = $args['template_flag']; $template_id = $args['template_id']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } if ($draft_flag == 'on') { $draft_flag = 1; } else { $draft_flag = 0; } if ($template_flag == 'on') { $template_flag = 1; } else { $template_flag = 0; } // Remove any autotags the user doesn't have permission to use $sp_content = PLG_replaceTags($sp_content, '', true); // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_page_title = strip_tags($sp_page_title); $sp_label = strip_tags($sp_label); $meta_description = strip_tags($meta_description); $meta_keywords = strip_tags($meta_keywords); $sp_content = addslashes($sp_content); $sp_title = addslashes($sp_title); $sp_page_title = addslashes($sp_page_title); $sp_label = addslashes($sp_label); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // If marked as a template then set id to nothing and other default settings if ($template_flag == 1) { $template_id = ''; $sp_onmenu = 0; $sp_label = ""; $sp_centerblock = 0; $sp_php = 0; $sp_inblock = 0; $sp_nf = 0; $sp_hits = 0; $meta_description = ""; $meta_keywords = ""; } else { // See if it was a template before, if so and option changed, remove use from other pages if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } if ($template_id != '') { // If using a template, make sure php disabled $sp_php = 0; // Double check template id exists and is still a template $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) { $template_id = ''; } } } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)"; // if we're in a multi-language setup, we need to allow one "entire // page" centerblock for 'all' or 'none' per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_{$lang_id}'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Retrieve created date $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'"); if ($datecreated == '') { $datecreated = date('Y-m-d H:i:s'); } DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'"); if ($delete_old_page && !empty($sp_old_id)) { // If a template and the id changed, update any staticpages that use it if ($template_flag == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); } if (empty($sp_old_id) || $sp_id == $sp_old_id) { if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages'); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } else { DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages')); if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages', $sp_old_id); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
function prepareStringForDB($message, $postmode = "html", $censor = TRUE, $htmlfilter = TRUE) { global $CONF_FORUM; if ($censor) { $message = COM_checkWords($message); } if ($postmode == 'html') { if ($htmlfilter) { // Need to call addslahes again as COM_checkHTML stips it out $message = addslashes(COM_checkHTML($message)); } elseif (!get_magic_quotes_gpc()) { $message = addslashes($message); } } else { if (get_magic_quotes_gpc()) { $message = @htmlspecialchars($message, ENT_QUOTES, $CONF_FORUM['charset']); } else { $message = addslashes(@htmlspecialchars($message, ENT_QUOTES, $CONF_FORUM['charset'])); } } return $message; }
/** * Returns sanitized string. * * @param string $config Configuration variable * @param string $group Configuration group * @return sanitized string * @access public */ function _sanitize_string($config, $group, $input_val) { global $_CONF_VALIDATE; if (isset($_CONF_VALIDATE[$group][$config]) && !empty($_CONF_VALIDATE[$group][$config])) { $default_strip_tags = true; foreach ($_CONF_VALIDATE[$group][$config] as $index => $validator) { if ($index == 'sanitize') { if (is_array($validator)) { $rule_type = $validator[0]; } else { $rule_type = $validator; } switch ($rule_type) { case 'none': $default_strip_tags = false; break; case 'noTags': $input_val = strip_tags($input_val); $default_strip_tags = false; break; case 'approvedTags': $input_val = COM_checkHTML($input_val); $default_strip_tags = false; break; case 'allTags': $default_strip_tags = false; break; default: break; } } } if ($default_strip_tags) { $input_val = strip_tags($input_val); } } return $input_val; }
function _loadFromArgs(&$array) { $corder = trim($array['corder']); $this->_owner_id = COM_applyFilter($array['owner_id'], true); $this->_group_id = COM_applyFilter($array['group_id'], true); $this->_cid = COM_applyFilter(trim($array['cid'])); $this->_old_cid = COM_applyFilter(trim($array['old_cid'])); $this->_pid = COM_applyFilter(trim($array['pid'])); $this->_corder = empty($corder) ? 0 : COM_applyFilter($corder, true); $this->_imgurl = COM_applyFilter($array['imgurl']); $this->_imgurlold = COM_applyFilter($array['imgurlold']); $this->_title = COM_checkHTML(COM_checkWords(trim($array['title']))); $this->_is_enabled = $array['is_enabled'] == 'on' ? 1 : 0; $this->_deleteimg = $array['deleteimg'] == 'on' ? 1 : 0; // Convert array values to numeric permission values list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']); $this->_editor_mode = COM_applyFilter($array['editor_mode']); }
function fncSave($edt_flg, $navbarMenu, $menuno) { $pi_name = "userbox"; global $_CONF; global $_TABLES; global $_USER; global $_USERBOX_CONF; global $LANG_USERBOX_ADMIN; global $_FILES; $addition_def = DATABOX_getadditiondef($pi_name); $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); $fieldset_id = COM_applyFilter($_POST['fieldset'], true); //@@@@@ username fullname $username = COM_applyFilter($_POST['username']); $username = addslashes(COM_checkHTML(COM_checkWords($username))); $fullname = COM_applyFilter($_POST['fullname']); $fullname = addslashes(COM_checkHTML(COM_checkWords($fullname))); $page_title = COM_applyFilter($_POST['page_title']); $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title))); $description = $_POST['description']; //COM_applyFilter($_POST['description']); $description = addslashes(COM_checkHTML(COM_checkWords($description))); $defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']); $defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory))); $draft_flag = COM_applyFilter($_POST['draft_flag'], true); // $hits =0; // $comments=0; $comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true); if ($comment_expire_flag) { $comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true); $comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true); $comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true); $comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true); $comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true); if ($comment_expire_ampm == 'pm') { if ($comment_expire_hour < 12) { $comment_expire_hour = $comment_expire_hour + 12; } } if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) { $comment_expire_hour = '00'; } } else { $comment_expire_month = 0; $comment_expire_day = 0; $comment_expire_year = 0; $comment_expire_hour = 0; $comment_expire_minute = 0; } $commentcode = COM_applyFilter($_POST['commentcode'], true); $trackbackcode = COM_applyFilter($_POST['trackbackcode'], true); $cache_time = COM_applyFilter($_POST['cache_time'], true); $meta_description = $_POST['meta_description']; $meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description))); $meta_keywords = $_POST['meta_keywords']; $meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords))); $language_id = COM_applyFilter($_POST['language_id']); $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id))); $category = $_POST['category']; //@@@@@ $additionfields = $_POST['afield']; $additionfields_old = $_POST['afield']; $additionfields_fnm = $_POST['afield_fnm']; $additionfields_del = $_POST['afield_del']; $additionfields_alt = $_POST['afield_alt']; $additionfields_date = array(); $dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt); // $owner_id = COM_applyFilter($_POST['owner_id'], true); $group_id = COM_applyFilter($_POST['group_id'], true); // $array['perm_owner'] = $_POST['perm_owner']; $array['perm_group'] = $_POST['perm_group']; $array['perm_members'] = $_POST['perm_members']; $array['perm_anon'] = $_POST['perm_anon']; if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']); } else { $perm_owner = COM_applyBasicFilter($array['perm_owner'], true); $perm_group = COM_applyBasicFilter($array['perm_group'], true); $perm_members = COM_applyBasicFilter($array['perm_members'], true); $perm_anon = COM_applyBasicFilter($array['perm_anon'], true); } //編集日付 $modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true); if ($modified_autoupdate == 1) { //$udate = date('Ymd'); $modified_month = date('m'); $modified_day = date('d'); $modified_year = date('Y'); $modified_hour = date('H'); $modified_minute = date('i'); } else { $modified_month = COM_applyFilter($_POST['modified_month'], true); $modified_day = COM_applyFilter($_POST['modified_day'], true); $modified_year = COM_applyFilter($_POST['modified_year'], true); $modified_hour = COM_applyFilter($_POST['modified_hour'], true); $modified_minute = COM_applyFilter($_POST['modified_minute'], true); $modified_ampm = COM_applyFilter($_POST['modified_ampm']); if ($modified_ampm == 'pm') { if ($modified_hour < 12) { $modified_hour = $modified_hour + 12; } } if ($modified_ampm == 'am' and $modified_hour == 12) { $modified_hour = '00'; } } //公開日 $released_month = COM_applyFilter($_POST['released_month'], true); $released_day = COM_applyFilter($_POST['released_day'], true); $released_year = COM_applyFilter($_POST['released_year'], true); $released_hour = COM_applyFilter($_POST['released_hour'], true); $released_minute = COM_applyFilter($_POST['released_minute'], true); if ($released_ampm == 'pm') { if ($released_hour < 12) { $released_hour = $released_hour + 12; } } if ($released_ampm == 'am' and $released_hour == 12) { $released_hour = '00'; } //公開終了日 $expired_flag = COM_applyFilter($_POST['expired_flag'], true); if ($expired_flag) { $expired_month = COM_applyFilter($_POST['expired_month'], true); $expired_day = COM_applyFilter($_POST['expired_day'], true); $expired_year = COM_applyFilter($_POST['expired_year'], true); $expired_hour = COM_applyFilter($_POST['expired_hour'], true); $expired_minute = COM_applyFilter($_POST['expired_minute'], true); if ($expired_ampm == 'pm') { if ($expired_hour < 12) { $expired_hour = $expired_hour + 12; } } if ($expired_ampm == 'am' and $expired_hour == 12) { $expired_hour = '00'; } } else { $expired_month = 0; $expired_day = 0; $expired_year = 0; $expired_hour = 0; $expired_minute = 0; } $created = COM_applyFilter($_POST['created_un']); $orderno = mb_convert_kana($_POST['orderno'], "a"); //全角英数字を半角英数字に変換する $orderno = COM_applyFilter($orderno, true); //$name = mb_convert_kana($name,"AKV"); //A:半角英数字を全角英数字に変換する //K:半角カタカナを全角カタカナに変換する //V:濁点つきの文字を1文字に変換する (K、H と共に利用する) //$name = str_replace ("'", "’",$name); //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する //----- $type = 1; $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //id if ($id == 0) { //$err.=$LANG_USERBOX_ADMIN['err_uid']."<br {XHTML}>".LB; } else { if (!is_numeric($id)) { $err .= $LANG_USERBOX_ADMIN['err_id'] . "<br {XHTML}>" . LB; } } //文字数制限チェック if (mb_strlen($description, 'UTF-8') > $_USERBOX_CONF['maxlength_description']) { $err .= $LANG_USERBOX_ADMIN['description'] . $_USERBOX_CONF['maxlength_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } if (mb_strlen($meta_description, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_description']) { $err .= $LANG_USERBOX_ADMIN['meta_description'] . $_USERBOX_CONF['maxlength_meta_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } if (mb_strlen($meta_keywords, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_keywords']) { $err .= $LANG_USERBOX_ADMIN['meta_keywords'] . $_USERBOX_CONF['maxlength_meta_keywords'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } //----追加項目チェック $err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt); //編集日付 $modified = $modified_year . "-" . $modified_month . "-" . $modified_day; if (checkdate($modified_month, $modified_day, $modified_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_modified'] . "<br {XHTML}>" . LB; } $modified = COM_convertDate2Timestamp($modified_year . "-" . $modified_month . "-" . $modified_day, $modified_hour . ":" . $modified_minute . "::00"); //公開日 $released = $released_year . "-" . $released_month . "-" . $released_day; if (checkdate($released_month, $released_day, $released_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_released'] . "<br {XHTML}>" . LB; } $released = COM_convertDate2Timestamp($released_year . "-" . $released_month . "-" . $released_day, $released_hour . ":" . $released_minute . "::00"); //コメント受付終了日時 if ($comment_expire_flag) { if (checkdate($comment_expire_month, $comment_expire_day, $comment_expire_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_comment_expire'] . "<br {XHTML}>" . LB; } $comment_expire = COM_convertDate2Timestamp($comment_expire_year . "-" . $comment_expire_month . "-" . $comment_expire_day, $comment_expire_hour . ":" . $comment_expire_minute . "::00"); } else { $comment_expire = '0000-00-00 00:00:00'; //$comment_expire=""; } //公開終了日 if ($expired_flag) { if (checkdate($expired_month, $expired_day, $expired_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB; } $expired = COM_convertDate2Timestamp($expired_year . "-" . $expired_month . "-" . $expired_day, $expired_hour . ":" . $expired_minute . "::00"); if ($expired < $released) { $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB; } } else { $expired = '0000-00-00 00:00:00'; //$expired=""; } //errorのあるとき if ($err != "") { $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit']; $retval['display'] = fncEdit($id, $edt_flg, 3, $err); return $retval; } // CHECK おわり if ($id == 0) { $w = DB_getItem($_TABLES['USERBOX_base'], "max(id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; $created_month = date('m'); $created_day = date('d'); $created_year = date('Y'); $created_hour = date('H'); $created_minute = date('i'); $created = COM_convertDate2Timestamp($created_year . "-" . $created_month . "-" . $created_day, $created_hour . ":" . $created_minute . "::00"); } $hits = 0; $comments = 0; $fields = "id"; $values = "{$id}"; $fields .= ",page_title"; // $values .= ",'{$page_title}'"; $fields .= ",description"; // $values .= ",'{$description}'"; $fields .= ",defaulttemplatesdirectory"; // $values .= ",'{$defaulttemplatesdirectory}'"; //$fields.=",hits";// //$values.=",$hits"; $fields .= ",comments"; // $values .= ",{$comments}"; $fields .= ",meta_description"; // $values .= ",'{$meta_description}'"; $fields .= ",meta_keywords"; // $values .= ",'{$meta_keywords}'"; $fields .= ",commentcode"; // $values .= ",{$commentcode}"; $fields .= ",trackbackcode"; // $values .= ",{$trackbackcode}"; $fields .= ",cache_time"; // $values .= ",{$cache_time}"; $fields .= ",comment_expire"; // if ($comment_expire == '0000-00-00 00:00:00') { $values .= ",'{$comment_expire}'"; } else { $values .= ",FROM_UNIXTIME('{$comment_expire}')"; } $fields .= ",language_id"; // $values .= ",'{$language_id}'"; $fields .= ",owner_id"; $values .= ",{$owner_id}"; $fields .= ",group_id"; $values .= ",{$group_id}"; $fields .= ",perm_owner"; $values .= ",{$perm_owner}"; $fields .= ",perm_group"; $values .= ",{$perm_group}"; $fields .= ",perm_members"; $values .= ",{$perm_members}"; $fields .= ",perm_anon"; $values .= ",{$perm_anon}"; $fields .= ",modified"; $values .= ",FROM_UNIXTIME('{$modified}')"; if ($created != "") { $fields .= ",created"; $values .= ",FROM_UNIXTIME('{$created}')"; } $fields .= ",expired"; if ($expired == '0000-00-00 00:00:00') { $values .= ",'{$expired}'"; } else { $values .= ",FROM_UNIXTIME('{$expired}')"; } $fields .= ",released"; $values .= ",FROM_UNIXTIME('{$released}')"; $fields .= ",orderno"; // $values .= ",{$orderno}"; $fields .= ",fieldset_id"; // $values .= ",{$fieldset_id}"; $fields .= ",uuid"; $values .= ",{$uuid}"; $fields .= ",draft_flag"; $values .= ",{$draft_flag}"; DB_save($_TABLES['USERBOX_base'], $fields, $values); //カテゴリ $rt = DATABOX_savecategorydatas($id, $category, $pi_name); //追加項目 DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt); $rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name); //user (コアのテーブル) //kokoka $sql = "UPDATE " . $_TABLES['users'] . " SET "; $sql .= " fullname ='" . $fullname . "'"; $sql .= " WHERE uid=" . $id; DB_query($sql); $rt = fncsendmail('data', $id); $cacheInstance = 'userbox__' . $id . '__'; CACHE_remove_instance($cacheInstance); //exit;// debug 用 // if ($edt_flg){ // $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT; // $return_page.="?id=".$id; // }else{ // $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1'; // } // return COM_refresh ($return_page); if ($_USERBOX_CONF['aftersave_admin'] === 'no') { $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit']; $retval['display'] .= fncEdit($id, $edt_flg, 1, ""); return $retval; } else { if ($_USERBOX_CONF['aftersave_admin'] === 'list') { $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/profile.php"; $item_url = COM_buildURL($url); $target = 'item'; } else { $url = $_CONF['site_url'] . "/userbox/profile.php"; $url .= "?"; //コード使用の時 if ($_USERBOX_CONF['datacode']) { $url .= "code=" . $username; $url .= "&m=code"; } else { $url .= "id=" . $id; $url .= "&m=id"; } $item_url = COM_buildUrl($url); $target = $_USERBOX_CONF['aftersave_admin']; } } $return_page = PLG_afterSaveSwitch($target, $item_url, 'userbox', 1); echo $return_page; exit; }
function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // clean 'em up $description = addslashes(COM_checkHTML(COM_checkWords($description), 'links.edit')); $category = addslashes(COM_checkHTML(COM_checkWords($category), 'links.edit')); $pid = addslashes(strip_tags($pid)); $cid = addslashes(strip_tags($cid)); $old_cid = addslashes(strip_tags($old_cid)); if (empty($category) || empty($description)) { return 7; } // Check cid to make sure not illegal if ($cid == addslashes($_LI_CONF['root']) || $cid == 'user') { return 11; } if (!empty($cid) && $cid != $old_cid) { // this is either a new category or an attempt to change the cid // - check that cid doesn't exist yet $ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'"); if (!empty($ctrl)) { if (isset($PLG_links_MESSAGE17)) { return 17; } else { return 11; } } } // Check that they didn't delete the cid. If so, get the hidden one if (empty($cid) && !empty($old_cid)) { $cid = $old_cid; } // Make sure they aren't making a parent category child of one of it's own // children. This would create orphans if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) { return 12; } $access = 0; if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) { // update existing item, but new cid so get access from database with old cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); // set flag $update = "existing"; } else { if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // update existing item, same cid, so get access from database with existing cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); // set flag $update = "same"; } else { // new item, so use passed values $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); // set flag $update = 'new'; } } if ($access < 3) { // no access rights: user should not be here COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid)); return 6; } else { // save item if ($update == 'existing') { // update an existing item but new cid $sql = "UPDATE {$_TABLES['linkcategories']}\n SET cid='{$cid}',\n pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$old_cid}'"; $result = DB_query($sql); // Also need to update links for this category $sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'"; $result = DB_query($sql); } else { if ($update == 'same') { // update an existing item $sql = "UPDATE {$_TABLES['linkcategories']}\n SET pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$cid}'"; $result = DB_query($sql); } else { // insert a new item if (empty($cid)) { $cid = COM_makeSid(); } $sql = "INSERT INTO {$_TABLES['linkcategories']}\n (cid, pid, category, description, tid,\n created,modified,\n owner_id, group_id, perm_owner, perm_group,\n perm_members, perm_anon)\n VALUES\n ('{$cid}','{$pid}','{$category}',\n '{$description}','{$tid}',\n NOW(),NOW(),\n '{$owner_id}','{$group_id}','{$perm_owner}',\n '{$perm_group}','{$perm_members}','{$perm_anon}')"; $result = DB_query($sql); } } if ($update == 'existing' && $cid != $old_cid) { PLG_itemSaved($cid, 'links.category', $old_cid); } else { PLG_itemSaved($cid, 'links.category'); } } return 10; // success message }
/** * Saves link to the database * * @param string $lid ID for link * @param string $old_lid old ID for link * @param string $cid cid of category link belongs to * @param string $categorydd Category links belong to * @param string $url URL of link to save * @param string $description Description of link * @param string $title Title of link * @param int $hits Number of hits for link * @param int $owner_id ID of owner * @param int $group_id ID of group link belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array links plugin lang admin vars * */ function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit')); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $cid = DB_escapeString($cid); if (empty($owner_id)) { // this is new link from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } $lid = COM_sanitizeID($lid); $old_lid = COM_sanitizeID($old_lid); if (empty($lid)) { if (empty($old_lid)) { $lid = COM_makeSid(); } else { $lid = $old_lid; } } // check for link id change if (!empty($old_lid) && $lid != $old_lid) { // check if new lid is already in use if (DB_count($_TABLES['links'], 'lid', $lid) > 0) { // TBD: abort, display editor with all content intact again $lid = $old_lid; // for now ... } } $access = 0; $old_lid = DB_escapeString($old_lid); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { $cid = DB_escapeString($categorydd); } else { if ($categorydd != $LANG_LINKS_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } } DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); DB_delete($_TABLES['links'], 'lid', $old_lid); DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (empty($old_lid) || $old_lid == $lid) { PLG_itemSaved($lid, 'links'); } else { PLG_itemSaved($lid, 'links', $old_lid); } // Get category for rdf check $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('links', $category, $lid); return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2); } else { // missing fields $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $retval .= editlink('edit', $old_lid); } else { $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); return $retval; } }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF; $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } if (defined('DEMO_MODE')) { $output = COM_siteHeader('menu'); $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true); $output .= COM_siteFooter(); return PLG_REG_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_uid'])) { $args['sp_uid'] = $_USER['uid']; } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if ($args['sp_status'] != 1) { $args['sp_status'] = 0; } if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 4) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['sp_search'] != 1) { $args['sp_search'] = 0; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } else { if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_status = $args['sp_status']; $sp_uid = $args['sp_uid']; $sp_title = $args['sp_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; $sp_search = $args['sp_search']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_label = strip_tags($sp_label); $sp_content = DB_escapeString($sp_content); $sp_title = DB_escapeString($sp_title); $sp_label = DB_escapeString($sp_label); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'"; // multi-language configuration - allow one entire page // centerblock for all or none per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}"); if ($delete_old_page && !empty($sp_old_id)) { DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages')); PLG_itemDeleted($sp_old_id, 'staticpages'); } PLG_itemSaved($sp_id, 'staticpages'); $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages'); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
/** * Filters comment text and appends necessary tags (sig and/or edit) * * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $comment comment text * @param string $postmode ('html', 'plaintext', ...) * @param string $type Type of item (article, poll, etc.) * @param bool $edit if true append edit tag * @param int $cid commentid if editing comment (for proper sig) * @return string of comment text */ function CMT_prepareText($comment, $postmode, $type, $edit = false, $cid = null) { global $_USER, $_TABLES, $LANG03, $_CONF; if ($postmode == 'html') { $html_perm = $type == 'article' ? 'story.edit' : "{$type}.edit"; $comment = COM_checkWords(COM_checkHTML(COM_stripslashes($comment), $html_perm)); } else { // plaintext $comment = htmlspecialchars(COM_checkWords(COM_stripslashes($comment))); $newcomment = COM_makeClickableLinks($comment); if (strcmp($comment, $newcomment) != 0) { $comment = nl2br($newcomment); } } if ($edit) { $comment .= '<div class="comment-edit">' . $LANG03[30] . ' ' . strftime($_CONF['date'], time()) . ' ' . $LANG03[31] . ' ' . $_USER['username'] . '</div><!-- /COMMENTEDIT -->'; $text = $comment; } if (empty($_USER['uid'])) { $uid = 1; } elseif ($edit && is_numeric($cid)) { //if comment moderator $uid = DB_getItem($_TABLES['comments'], 'uid', "cid = '{$cid}'"); } else { $uid = $_USER['uid']; } $sig = ''; if ($uid > 1) { $sig = DB_getItem($_TABLES['users'], 'sig', "uid = '{$uid}'"); if (!empty($sig)) { $comment .= '<!-- COMMENTSIG --><div class="comment-sig">'; if ($postmode == 'html') { $comment .= '---<br' . XHTML . '>' . nl2br($sig); } else { $comment .= '---' . LB . $sig; } $comment .= '</div><!-- /COMMENTSIG -->'; } } return $comment; }
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno) { global $_CONF; global $_TABLES; global $_USER; $box_conf = "_" . strtoupper($pi_name) . "_CONF"; global ${$box_conf}; $box_conf = ${$box_conf}; $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN"; global ${$lang_box_admin}; $lang_box_admin = ${$lang_box_admin}; $lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu"; global ${$lang_box_admin_menu}; $lang_box_admin_menu = ${$lang_box_admin_menu}; $lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE"; global ${$lang_box_inputtype}; $lang_box_inputtype = ${$lang_box_inputtype}; $table = $_TABLES[strtoupper($pi_name) . '_def_group']; $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); $code = COM_applyFilter($_POST['code']); $code = addslashes(COM_checkHTML(COM_checkWords($code))); $name = COM_applyFilter($_POST['name']); $name = addslashes(COM_checkHTML(COM_checkWords($name))); $description = $_POST['description']; //COM_applyFilter($_POST['description']); $description = addslashes(COM_checkHTML(COM_checkWords($description))); $parent_flg = COM_applyFilter($_POST['parent_flg'], true); $input_type = COM_applyFilter($_POST['input_type'], true); $orderno = mb_convert_kana($_POST['orderno'], "a"); //全角英数字を半角英数字に変換する $orderno = COM_applyFilter($orderno, true); //$name = mb_convert_kana($name,"AKV"); //A:半角英数字を全角英数字に変換する //K:半角カタカナを全角カタカナに変換する //V:濁点つきの文字を1文字に変換する (K、H と共に利用する) //$name = str_replace ("'", "’",$name); //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する //----- $type = 1; $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //ID コード if ($id == 0) { //$err.=$lang_box_admin['err_uid']."<br/>".LB; } else { if (!is_numeric($id)) { $err .= $lang_box_admin['err_id'] . "<br/>" . LB; } } //コード if ($code != "") { $cntsql = "SELECT code FROM {$table} "; $cntsql .= " WHERE "; $cntsql .= " code='{$code}' "; $cntsql .= " AND group_id<>{$id}"; $result = DB_query($cntsql); $numrows = DB_numRows($result); if ($numrows != 0) { $err .= $lang_box_admin['err_code_w'] . "<br/>" . LB; } } //タイトル必須 if (empty($name)) { $err .= $lang_box_admin['err_name'] . "<br/>" . LB; } //errorのあるとき if ($err != "") { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err); return $retval; } // CHECK おわり if ($id == 0) { $w = DB_getItem($table, "max(group_id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; } $fields = "group_id"; $values = "{$id}"; $fields .= ",code"; $values .= ",'{$code}'"; $fields .= ",name"; $values .= ",'{$name}'"; $fields .= ",description"; $values .= ",'{$description}'"; $fields .= ",orderno"; // $values .= ",{$orderno}"; $fields .= ",parent_flg"; // $values .= ",{$parent_flg}"; $fields .= ",input_type"; // $values .= ",{$input_type}"; $fields .= ",uuid"; $values .= ",{$uuid}"; $fields .= ",udatetime"; $values .= ",NOW( )"; // // if ($edt_flg){ // $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT; // $return_page.="?id=".$id; // }else{ // $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1'; // } DB_save($table, $fields, $values, $return_page); // $rt=fncsendmail ($id); $message = ""; if ($box_conf['aftersave_admin'] === 'no') { $retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit']; $retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, ""); return $retval; } else { if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') { $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/group.php"; $item_url = COM_buildURL($url); $target = 'item'; $message = 1; } else { if ($box_conf['aftersave_admin'] === 'admin') { $target = $box_conf['aftersave_admin']; $message = 1; } else { $item_url = $_CONF['site_url'] . $box_conf['top']; $target = $box_conf['aftersave_admin']; } } } $return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message); echo $return_page; exit; }
function MG_getFile($filename, $file, $album_id, $opt = array()) { global $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $_SPECIAL_IMAGES_MIMETYPE, $new_media_id; $caption = isset($opt['caption']) ? $opt['caption'] : ''; $description = isset($opt['description']) ? $opt['description'] : ''; $upload = isset($opt['upload']) ? $opt['upload'] : 1; $purgefiles = isset($opt['purgefiles']) ? $opt['purgefiles'] : 0; $filetype = isset($opt['filetype']) ? $opt['filetype'] : ''; $atttn = isset($opt['atttn']) ? $opt['atttn'] : 0; $thumbnail = isset($opt['thumbnail']) ? $opt['thumbnail'] : ''; $keywords = isset($opt['keywords']) ? $opt['keywords'] : ''; $category = isset($opt['category']) ? $opt['category'] : 0; $dnc = isset($opt['dnc']) ? $opt['dnc'] : 0; $replace = isset($opt['replace']) ? $opt['replace'] : 0; $artist = ''; $musicAlbum = ''; $genre = ''; $video_attached_thumbnail = 0; $successfulWatermark = 0; $dnc = 1; // What is this? $errors = 0; $errMsg = ''; require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php'; $album = new mgAlbum($album_id); $root_album = new mgAlbum(0); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: *********** Beginning media upload process..."); COM_errorLog("Filename to process: " . $filename); COM_errorLog("UID=" . $_USER['uid']); COM_errorLog("album access=" . $album->access); COM_errorLog("album owner_id=" . $album->owner_id); COM_errorLog("member_uploads=" . $album->member_uploads); } clearstatcache(); if (!file_exists($filename)) { $errMsg = $LANG_MG02['upload_not_found']; return array(false, $errMsg); } if (!is_readable($filename)) { $errMsg = $LANG_MG02['upload_not_readable']; return array(false, $errMsg); } // make sure we have the proper permissions to upload to this album.... if (!isset($album->id)) { $errMsg = $LANG_MG02['album_nonexist']; // "Album does not exist, unable to process uploads"; return array(false, $errMsg); } if ($album->access != 3 && !$root_album->owner_id && $album->member_uploads == 0) { COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1); return array(false, $LANG_MG00['access_denied_msg']); } sleep(0.1); // We do this to make sure we don't get dupe sid's /* * The following section of code will generate a unique name for a temporary * file and copy the uploaded file to the Media Gallery temp directory. * We do this to prevent any SAFE MODE issues when we later open the * file to determine the mime type. */ if (empty($_USER['username'])) { $_USER['username'] = '******'; } $tmpPath = $_MG_CONF['tmp_path'] . $_USER['username'] . COM_makesid() . '.tmp'; if ($upload) { $rc = @move_uploaded_file($filename, $tmpPath); } else { $rc = @copy($filename, $tmpPath); $importSource = $filename; } if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file in generic processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $tmpPath); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); @unlink($tmpPath); COM_errorLog("MG Upload: Problem uploading a media object"); return array(false, $errMsg); } $filename = $tmpPath; $new_media_id = $replace > 0 ? $replace : COM_makesid(); $media_time = time(); $media_upload_time = $media_time; if (!isset($_USER['uid']) || $_USER['uid'] < 1) { $media_user_id = 1; } else { $media_user_id = $_USER['uid']; } $mimeInfo = MG_getMediaMetaData($filename); $mimeExt = strtolower(substr(strrchr($file, '.'), 1)); $mimeInfo['type'] = $mimeExt; // override the determination for some filetypes $filetype = MG_getFileTypeFromExt($mimeExt, $filetype); if (empty($mimeInfo['mime_type'])) { COM_errorLog("MG Upload: getID3 was unable to detect mime type - using PHP detection"); $mimeInfo['mime_type'] = $filetype; } $gotTN = 0; if ($mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') { $mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data']; $gotTN = 1; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: found mime type of " . $mimeInfo['type']); } if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') { // assume format based on file upload info... switch ($filetype) { case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'image/tga': $mimeInfo['type'] = 'tga'; $mimeInfo['mime_type'] = 'image/tga'; $mimeExt = 'tga'; break; case 'image/psd': $mimeInfo['type'] = 'psd'; $mimeInfo['mime_type'] = 'image/psd'; $mimeExt = 'psd'; break; case 'image/gif': $mimeInfo['type'] = 'gif'; $mimeInfo['mime_type'] = 'image/gif'; $mimeExt = 'gif'; break; case 'image/jpeg': case 'image/jpg': $mimeInfo['type'] = 'jpg'; $mimeInfo['mime_type'] = 'image/jpeg'; $mimeExt = 'jpg'; break; case 'image/png': $mimeInfo['type'] = 'png'; $mimeInfo['mime_type'] = 'image/png'; $mimeExt = 'png'; break; case 'image/bmp': $mimeInfo['type'] = 'bmp'; $mimeInfo['mime_type'] = 'image/bmp'; $mimeExt = 'bmp'; break; case 'application/x-shockwave-flash': $mimeInfo['type'] = 'swf'; $mimeInfo['mime_type'] = 'application/x-shockwave-flash'; $mimeExt = 'swf'; break; case 'application/zip': $mimeInfo['type'] = 'zip'; $mimeInfo['mime_type'] = 'application/zip'; $mimeExt = 'zip'; break; case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'video/quicktime': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/quicktime'; $mimeExt = 'mov'; break; case 'video/x-m4v': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/x-m4v'; $mimeExt = 'mov'; break; case 'video/x-flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; $mimeExt = 'flv'; break; case 'audio/x-ms-wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; $mimeExt = 'wma'; break; default: switch ($mimeExt) { case 'flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; break; case 'wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; break; default: $mimeInfo['type'] = 'file'; $mimeInfo['mime_type'] = 'application/octet-stream'; if ($filetype != '') { $mimeInfo['mime_type'] = $filetype; } break; } break; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: override mime type to: " . $mimeInfo['type'] . ' based upon file extension of: ' . $filetype); } } switch ($mimeInfo['mime_type']) { case 'audio/mpeg': $format_type = MG_MP3; break; case 'image/gif': $format_type = MG_GIF; break; case 'image/jpeg': case 'image/jpg': $format_type = MG_JPG; break; case 'image/png': $format_type = MG_PNG; break; case 'image/bmp': $format_type = MG_BMP; break; case 'application/x-shockwave-flash': $format_type = MG_SWF; break; case 'application/zip': $format_type = MG_ZIP; break; case 'video/mpeg': case 'video/x-motion-jpeg': case 'video/quicktime': case 'video/mpeg': case 'video/x-mpeg': case 'video/x-mpeq2a': case 'video/x-qtc': case 'video/x-m4v': $format_type = MG_MOV; break; case 'video/x-flv': $format_type = MG_FLV; break; case 'image/tiff': $format_type = MG_TIF; break; case 'image/x-targa': case 'image/tga': $format_type = MG_TGA; break; case 'image/psd': $format_type = MG_PSD; break; case 'application/ogg': $format_type = MG_OGG; break; case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-ms-wmz': case 'application/x-ms-wmd': $format_type = MG_ASF; break; case 'application/pdf': $format_type = MG_OTHER; break; default: $format_type = MG_OTHER; break; } if (!($album->valid_formats & $format_type)) { return array(false, $LANG_MG02['format_not_allowed']); } $mimeType = $mimeInfo['mime_type']; if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: PHP detected mime type is : " . $filetype); } if ($filetype == 'video/x-m4v') { $mimeType = 'video/x-m4v'; $mimeInfo['mime_type'] = 'video/x-m4v'; } if ($replace > 0) { $sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($replace) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); $media_filename = $row['media_filename']; } else { if ($_MG_CONF['preserve_filename'] == 1) { $loopCounter = 0; $digitCounter = 1; $file_name = stripslashes($file); $file_name = MG_replace_accents($file_name); $file_name = preg_replace("#[ ]#", "_", $file_name); // change spaces to underscore $file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name); //only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore $file_name = preg_replace('#(_)+#', '_', $file_name); //eliminate duplicate underscore $pos = strrpos($file_name, '.'); if ($pos === false) { $basefilename = $file_name; } else { $basefilename = strtolower(substr($file_name, 0, $pos)); } do { clearstatcache(); $media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename; $loopCounter++; if ($loopCounter > 16) { $digitCounter++; $loopCounter = 0; } } while (MG_file_exists($media_filename)); } else { do { clearstatcache(); $media_filename = md5(uniqid(rand())); } while (MG_file_exists($media_filename)); } } // replace a few mime extentions here... // if ($mimeExt == 'php') { $mimeExt = 'phps'; } if (in_array($mimeExt, array('pl', 'cgi', 'py', 'sh', 'rb'))) { $mimeExt = 'txt'; } $disp_media_filename = $media_filename . '.' . $mimeExt; if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename); COM_errorLog("MG Upload: Mime Type: " . $mimeType); } switch ($mimeType) { case 'image/psd': case 'image/x-targa': case 'image/tga': case 'image/photoshop': case 'image/x-photoshop': case 'image/psd': case 'application/photoshop': case 'application/psd': case 'image/tiff': case 'image/gif': case 'image/jpeg': case 'image/jpg': case 'image/png': case 'image/bmp': $dispExt = $mimeExt; if (in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) { $dispExt = 'jpg'; } $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $media_disp = MG_getFilePath('disp', $media_filename, $dispExt); $media_tn = MG_getFilePath('tn', $media_filename, $dispExt); $mimeType = $mimeInfo['mime_type']; // process image file $media_time = getOriginationTimestamp($filename); if ($media_time == null || $media_time < 0) { $media_time = time(); } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: About to move/copy file"); } $rc = @copy($filename, $media_orig); if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $album_id, $media_filename, $dnc); if ($rc == false) { $errors++; $errMsg .= $msg; // sprintf($LANG_MG02['convert_error'],$filename); } else { $mediaType = 0; if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) { if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) { $rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp); } @unlink($media_orig); } if ($album->wm_auto) { if ($_MG_CONF['discard_original'] == 1) { $rc = MG_watermark($media_disp, $album_id, 1); if ($rc == true) { $successfulWatermark = 1; } } else { $rc1 = MG_watermark($media_orig, $album_id, 1); $rc2 = MG_watermark($media_disp, $album_id, 0); if ($rc1 == ture && $rc2 == true) { $successfulWatermark = 1; } } } if ($dnc != 1) { if (!in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) { $mimeExt = 'jpg'; $mimeType = 'image/jpeg'; } } } } break; case 'video/quicktime': case 'video/mpeg': case 'video/x-flv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-shockwave-flash': case 'video/mp4': case 'video/x-m4v': $mimeType = $mimeInfo['mime_type']; if ($filetype == 'video/mp4') { $mimeExt = 'mp4'; } // process video format $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $rc = @copy($filename, $media_orig); if ($rc != 1) { COM_errorLog("MG Upload: Error moving uploaded file in video processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); $mediaType = 1; } $video_attached_thumbnail = MG_videoThumbnail($album_id, $media_orig, $media_filename); break; case 'application/ogg': case 'audio/mpeg': case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': $mimeType = $mimeInfo['mime_type']; // process audio format $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $rc = @copy($filename, $media_orig); COM_errorLog("MG Upload: Extracting audio meta data"); if (isset($mimeInfo['tags']['id3v1']['title'][0])) { if ($caption == '') { $caption = $mimeInfo['tags']['id3v1']['title'][0]; } } if (isset($mimeInfo['tags']['id3v1']['artist'][0])) { $artist = addslashes($mimeInfo['tags']['id3v1']['artist'][0]); } if (isset($mimeInfo['tags']['id3v2']['genre'][0])) { $genre = addslashes($mimeInfo['tags']['id3v2']['genre'][0]); } if (isset($mimeInfo['tags']['id3v1']['album'][0])) { $musicAlbum = addslashes($mimeInfo['tags']['id3v1']['album'][0]); } if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file in audio processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 2; } break; case 'zip': case 'application/zip': if ($_MG_CONF['zip_enabled']) { $errMsg .= MG_processZip($filename, $album_id, $purgefiles, $media_filename); break; } // NO BREAK HERE, fall through if enable zip isn't allowed // NO BREAK HERE, fall through if enable zip isn't allowed default: $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt); $mimeType = $mimeInfo['mime_type']; $rc = @copy($filename, $media_orig); if ($rc != 1) { COM_errorLog("Media Upload - Error moving uploaded file in generic processing...."); COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig); $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 4; } $mediaType = 4; break; } // update quota $quota = $album->album_disk_usage; $quota += @filesize(MG_getFilePath('orig', $media_filename, $mimeExt)); if ($_MG_CONF['discard_original'] == 1) { $quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg')); } DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id)); if ($errors) { @unlink($tmpPath); COM_errorLog("MG Upload: Problem uploading a media object"); return array(false, $errMsg); } if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) { // Now we need to process an uploaded thumbnail if ($gotTN == 1) { $mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg'; $fn = fopen($mp3TNFilename, "w"); fwrite($fn, $mp3AttachdedThumbnail); fclose($fn); $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName); @unlink($mp3TNFilename); $atttn = 1; } else { if ($atttn == 1) { $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName); } } if ($video_attached_thumbnail) { $atttn = 1; } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Building SQL and preparing to enter database"); } if ($_MG_CONF['htmlallowed'] != 1) { $media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description))))); $media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption))))); $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords))))); } else { $media_desc = addslashes(COM_checkHTML(COM_killJS($description))); $media_caption = addslashes(COM_checkHTML(COM_killJS($caption))); $media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords))); } // Check and see if moderation is on. If yes, place in mediasubmission if ($album->moderate == 1 && !$root_album->owner_id) { $tableMedia = $_TABLES['mg_mediaqueue']; $tableMediaAlbum = $_TABLES['mg_media_album_queue']; $queue = 1; } else { $tableMedia = $_TABLES['mg_media']; $tableMediaAlbum = $_TABLES['mg_media_albums']; $queue = 0; } $original_filename = addslashes($file); if ($album->filename_title) { if ($media_caption == '') { $pos = strrpos($original_filename, '.'); if ($pos === false) { $media_caption = $original_filename; } else { $media_caption = substr($original_filename, 0, $pos); } } } if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Inserting media record into mg_media"); } $resolution_x = 0; $resolution_y = 0; // try to find a resolution if video... if ($mediaType == 1) { switch ($mimeType) { case 'application/x-shockwave-flash': case 'video/quicktime': case 'video/mpeg': case 'video/x-m4v': $resolution_x = -1; $resolution_y = -1; if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } break; case 'video/x-flv': if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) { $resolution_x = -1; $resolution_y = -1; if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) { $resolution_x = $mimeInfo['meta']['onMetaData']['width']; $resolution_y = $mimeInfo['meta']['onMetaData']['height']; } } else { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } break; case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': $resolution_x = -1; $resolution_y = -1; if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) { $resolution_x = $mimeInfo['video']['streams']['2']['resolution_x']; $resolution_y = $mimeInfo['video']['streams']['2']['resolution_y']; } break; } } if ($replace > 0) { $sql = "UPDATE " . $tableMedia . " SET " . "media_filename='" . addslashes($media_filename) . "'," . "media_original_filename='" . $original_filename . "'," . "media_mime_ext='" . addslashes($mimeExt) . "'," . "mime_type='" . addslashes($mimeType) . "'," . "media_time='" . addslashes($media_time) . "'," . "media_user_id='" . addslashes($media_user_id) . "'," . "media_type='" . addslashes($mediaType) . "'," . "media_upload_time='" . addslashes($media_upload_time) . "'," . "media_watermarked='" . addslashes($successfulWatermark) . "'," . "media_resolution_x='" . intval($resolution_x) . "'," . "media_resolution_y='" . intval($resolution_y) . "' " . "WHERE media_id='" . addslashes($replace) . "'"; DB_query($sql); } else { $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext," . "media_exif,mime_type,media_title,media_desc,media_keywords,media_time," . "media_views,media_comments,media_votes,media_rating,media_tn_attached," . "media_tn_image,include_ss,media_user_id,media_user_ip,media_approval," . "media_type,media_upload_time,media_category,media_watermarked,v100," . "maint,media_resolution_x,media_resolution_y,remote_media,remote_url," . "artist,album,genre) " . "VALUES ('" . addslashes($new_media_id) . "','" . addslashes($media_filename) . "','" . $original_filename . "','" . addslashes($mimeExt) . "','1','" . addslashes($mimeType) . "','" . addslashes($media_caption) . "','" . addslashes($media_desc) . "','" . addslashes($media_keywords) . "','" . addslashes($media_time) . "','0','0','0','0.00','" . addslashes($atttn) . "','','1','" . addslashes($media_user_id) . "','','0','" . addslashes($mediaType) . "','" . addslashes($media_upload_time) . "','" . addslashes($category) . "','" . addslashes($successfulWatermark) . "','0','0'," . intval($resolution_x) . "," . intval($resolution_y) . ",0,'','" . addslashes($artist) . "','" . addslashes($musicAlbum) . "','" . addslashes($genre) . "');"; DB_query($sql); if ($_MG_CONF['verbose']) { COM_errorLog("MG Upload: Updating Album information"); } $x = 0; $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM {$_TABLES['mg_media_albums']} WHERE album_id = " . intval($album_id); $result = DB_query($sql); $row = DB_fetchArray($result); $media_seq = $row['media_seq']; if ($media_seq < 10) { $media_seq = 10; } $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) " . "VALUES ('" . addslashes($new_media_id) . "', " . intval($album_id) . ", " . intval($media_seq) . ")"; DB_query($sql); if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height','{$resolution_y}'"); } PLG_itemSaved($new_media_id, 'mediagallery'); // update the media count for the album, only if no moderation... if ($queue == 0) { $album->media_count++; DB_change($_TABLES['mg_albums'], 'media_count', $album->media_count, 'album_id', $album->id); MG_updateAlbumLastUpdate($album->id); if ($album->cover == -1 && ($mediaType == 0 || $atttn == 1)) { if ($atttn == 1) { $covername = 'tn_' . $media_filename; } else { $covername = $media_filename; } DB_change($_TABLES['mg_albums'], 'album_cover_filename', $covername, 'album_id', $album->id); } // MG_resetAlbumCover($album->id); } $x++; } } if ($queue) { $errMsg .= $LANG_MG01['successful_upload_queue']; // ' successfully placed in Moderation queue'; } else { $errMsg .= $LANG_MG01['successful_upload']; // ' successfully uploaded to album'; } if ($queue == 0) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_buildAlbumRSS($album_id); } COM_errorLog("MG Upload: Successfully uploaded a media object"); @unlink($tmpPath); return array(true, $errMsg); }