Beispiel #1
0
/**
 * create or edit a page
 *
 * @return array status of the edit
 */
function Core_adminPageEdit()
{
    /**
     * function for recursively updating a page (and its children) template
     *
     * @param int    $id       the page id
     * @param string $template the template name
     *
     * @return null
     */
    function recursivelyUpdatePageTemplates($id, $template)
    {
        $pages = Pages::getInstancesByParent($id, false);
        $ids = array();
        foreach ($pages->pages as $page) {
            $ids[] = $page->id;
            recursivelyUpdatePageTemplates($page->id, $template);
        }
        if (!count($ids)) {
            return;
        }
        dbQuery('update pages set template="' . addslashes($template) . '" where id in (' . join(',', $ids) . ')');
    }
    $id = (int) @$_REQUEST['id'];
    $pid = $id ? dbOne('select parent from pages where id=' . $id, 'parent') : (int) $_REQUEST['parent'];
    $special = 0;
    if (isset($_REQUEST['special'])) {
        $specials = $_REQUEST['special'];
        if (is_array($specials)) {
            foreach ($specials as $a => $b) {
                $special += pow(2, $a);
            }
        }
        $homes = dbOne("select count(id) as ids from pages where (special&1)" . ($id ? " AND id!={$id}" : ""), 'ids');
        if ($special & 1) {
            // there can be only one homepage
            if ($homes != 0) {
                dbQuery("update pages set special=special-1 where special&1");
            }
        } else {
            if ($homes == 0) {
                $special += 1;
            }
        }
    }
    $keywords = @$_REQUEST['keywords'];
    $title = @$_REQUEST['title'];
    $description = @$_REQUEST['description'];
    $date_publish = isset($_REQUEST['date_publish']) ? $_REQUEST['date_publish'] : '0000-00-00 00:00:00';
    $date_unpublish = isset($_REQUEST['date_unpublish']) ? $_REQUEST['date_unpublish'] : '0000-00-00 00:00:00';
    $importance = (double) @$_REQUEST['importance'];
    if (!isset($_REQUEST['body'])) {
        $_REQUEST['body'] = '';
    }
    if ($importance < 0.1) {
        $importance = 0.5;
    }
    if ($importance > 1) {
        $importance = 1;
    }
    // { name, alias
    $name = trim($_REQUEST['name']);
    if (!$name) {
        $name = __('No page name provided');
    } else {
        // check to see if name is already in use
        $sql = 'select id from pages where name="' . addslashes($name) . '" and parent=' . $pid . ' and id!=' . $id;
        if (dbOne($sql, 'id')) {
            $i = 2;
            while (dbOne('select id from pages where name="' . addslashes($name . $i) . '" and parent=' . $pid . ' and id!="' . $id . '"', 'id')) {
                $i++;
            }
            $msgs .= '<em>' . __('A page named "%1" already exists. Page name amended to "%2"', $name, $name . $i) . '</em>';
            $name .= $i;
        }
    }
    $alias = transcribe(__FromJson($name, true));
    // }
    // { body
    if (@$_REQUEST['page_vars']['_body']) {
        $_REQUEST['body'] = $_REQUEST['page_vars']['_body'];
        unset($_REQUEST['page_vars']['_body']);
    }
    if (!$id) {
        $original_body = '<h1>' . htmlspecialchars($name) . '</h1><p>&nbsp;</p>';
    } else {
        $lim = (int) @$GLOBALS['DBVARS']['site_page_length_limit'];
        if (is_array($_REQUEST['body'])) {
            if ($lim) {
                foreach ($_REQUEST['body'] as $k => $v) {
                    if (strlen($v) > $lim) {
                        $_REQUEST['body'][$k] = preg_replace('/<[^>]*$/', '', substr($v, 0, $lim));
                    }
                }
            }
            $original_body = json_encode($_REQUEST['body']);
        } else {
            $original_body = $_REQUEST['body'];
            if ($lim && strlen($original_body) > $lim) {
                $original_body = preg_replace('/<[^>]*$/', '', substr($original_body, 0, $lim));
            }
        }
    }
    foreach ($GLOBALS['PLUGINS'] as $plugin) {
        if (isset($plugin['admin']['body_override'])) {
            $original_body = $plugin['admin']['body_override'](false);
        }
    }
    $body = $original_body;
    $body = Core_sanitiseHtml($body);
    // }
    // { template
    $template = @$_REQUEST['template'];
    if ($template == '' && $pid) {
        $template = dbOne('select template from pages where id=' . $pid, 'template');
    }
    if (isset($_REQUEST['recursively_update_page_templates'])) {
        recursivelyUpdatePageTemplates($id, $template);
    }
    // }
    if ($id != 0) {
        //if we don't create a page
        //i.e. we edit it
        $page = Page::getInstance($id);
        $page->initValues();
        if (isset($page->plugin)) {
            //if this page it's a plugin
            $type = $page->plugin;
            //we find the plugin's name(plugin type)
        }
        if (@$GLOBALS['PLUGINS'][$type]['do-not-delete']) {
            // don't modify type
            $type = dbOne('select type from pages where id=' . $id, 'type');
            if ($type != $_REQUEST['type']) {
                echo '<script>alert("' . addslashes(__("The type of the page couldn't be changed")) . '")</script>';
            }
        } else {
            //We can change the type
            $type = $_REQUEST['type'];
        }
    } else {
        //if we create the page
        $type = $_REQUEST['type'];
    }
    $destType = preg_replace('/\\|.*/', '', $_REQUEST['type']);
    if (@$GLOBALS['PLUGINS'][$destType]['only-one-page-instance'] == true) {
        //we count how many pages of this type
        //we have
        $howMany = dbOne('select COUNT(type) FROM pages WHERE type="' . $_REQUEST['type'] . '"' . ' and id!=' . $id, 'COUNT(type)');
        if ($howMany >= 1) {
            //If we already have a page
            echo "<script>alert('" . addslashes(__('You already have one page of that type')) . "');</script>";
            return array('error' => __('You can have only one page of this type'));
        }
    }
    $associated_date = isset($_REQUEST['associated_date']) ? $_REQUEST['associated_date'] : date('Y-m-d H:i:s');
    $q = 'pages set importance=' . $importance . ',template="' . addslashes($template) . '",edate=now()' . ',type="' . addslashes($type) . '"' . ',date_unpublish="' . addslashes($date_unpublish) . '"' . ',date_publish="' . addslashes($date_publish) . '"' . ',associated_date="' . addslashes($associated_date) . '"' . ',keywords="' . addslashes($keywords) . '"' . ',description="' . addslashes($description) . '"' . ',name="' . addslashes($name) . '"' . ',title="' . addslashes($title) . '"' . ',original_body="' . addslashes(Core_sanitiseHtmlEssential($original_body)) . '"' . ',link="' . addslashes(__FromJson($name, true)) . '"' . ',body="' . addslashes($body) . '"' . ',alias="' . $alias . '",parent=' . $pid . ',special=' . $special;
    if (!$id) {
        // ord
        $ord = dbOne('select ord from pages where parent=' . $pid . ' order by ord desc limit 1', 'ord') + 1;
        $q .= ',ord=' . $ord . ',cdate=now()';
    }
    // { insert the page
    if ($id) {
        $q = 'update ' . $q . ' where id=' . $id;
    } else {
        $onlyOnePageInstance = false;
        $pluginType = preg_replace('/\\|.*/', '', $_REQUEST['type']);
        if (isset($GLOBALS['PLUGINS'][$pluginType]['only-one-page-instance'])) {
            $onlyOnePageInstance = $GLOBALS['PLUGINS'][$pluginType]['only-one-page-instance'];
        }
        $alreadyAtInstancesLimit = $onlyOnePageInstance ? dbOne('select COUNT(type) FROM pages WHERE type="' . $_REQUEST['type'] . '"', 'COUNT(type)') : 0;
        $q = 'INSERT into ' . $q . ',category=""';
        if ($onlyOnePageInstance == true) {
            if ($howMany >= 1) {
                return array('error' => __('You can have only one page of this type'));
            }
        }
    }
    dbQuery($q);
    if (!$id) {
        $id = dbOne('select last_insert_id() as id', 'id');
    }
    // }
    // { page_vars
    dbQuery('delete from page_vars where page_id="' . $id . '"');
    $pagevars = isset($_REQUEST['page_vars']) ? $_REQUEST['page_vars'] : array();
    if (@$_REQUEST['short_url']) {
        dbQuery('insert into short_urls set cdate=now(),page_id=' . $id . ',short_url="' . addslashes($_REQUEST['short_url']) . '"');
        $pagevars['_short_url'] = 1;
    } else {
        dbQuery('delete from short_urls where page_id=' . $id);
        unset($pagevars['_short_url']);
    }
    if (is_array($pagevars)) {
        if (isset($pagevars['google-site-verification'])) {
            $pagevars['google-site-verification'] = preg_replace('#.*content="([^"]*)".*#', '\\1', $pagevars['google-site-verification']);
        }
        foreach ($pagevars as $k => $v) {
            if (is_array($v)) {
                $v = json_encode($v);
            }
            dbQuery('insert into page_vars (name,value,page_id) values("' . addslashes($k) . '","' . addslashes($v) . '",' . $id . ')');
        }
    }
    // }
    if ($_POST['type'] == 4) {
        $page_summary_parent = isset($_POST['page_summary_parent']) ? $_POST['page_summary_parent'] : $id;
        $r2 = dbRow('select * from page_summaries where page_id="' . $id . '"');
        $do = 1;
        if ($r2) {
            if (isset($_POST['page_summary_parent']) && $r2['parent_id'] != $page_summary_parent) {
                dbQuery('delete from page_summaries where page_id="' . $id . '"');
            } else {
                $do = 0;
            }
        }
        if ($do) {
            dbQuery('insert into page_summaries set page_id="' . $id . '",parent_id="' . $page_summary_parent . '",rss=""');
        }
        require_once SCRIPTBASE . '/ww.incs/page.summaries.php';
        PageSummaries_getHtml($id);
    }
    // { clean up and return
    dbQuery('update page_summaries set rss=""');
    if (@$GLOBALS['DBVARS']['cron-next']) {
        unset($GLOBALS['DBVARS']['cron-next']);
    }
    Core_cacheClear();
    Core_configRewrite();
    return array('id' => $id, 'pid' => $pid, 'alias' => $alias, 'sql' => $q);
    // }
}
Beispiel #2
0
/**
 * edit a product type
 *
 * @return array
 */
function Products_adminTypeEdit()
{
    $d = $_REQUEST['data'];
    $data_fields = json_encode($d['data_fields']);
    $sql = 'update products_types set name="' . addslashes($d['name']) . '"' . ', allowcomments="' . (int) $d['allowcomments'] . '"' . ', multiview_template="' . addslashes(Core_sanitiseHtmlEssential($d['multiview_template'])) . '",singleview_template="' . addslashes(Core_sanitiseHtmlEssential($d['singleview_template'])) . '",data_fields="' . addslashes($data_fields) . '"' . ', is_for_sale=' . (int) $d['is_for_sale'] . ', has_userdefined_price=' . (int) @$d['user_defined_price'] . ', is_voucher=' . (int) $d['is_voucher'] . ', stock_control=' . (int) $d['stock_control'] . ', default_category=' . (int) $d['default_category'] . ', voucher_template="' . addslashes(Core_sanitiseHtmlEssential($d['voucher_template'])) . '",' . 'prices_based_on_usergroup="' . addslashes($d['prices_based_on_usergroup']) . '",multiview_template_header="' . addslashes(Core_sanitiseHtmlEssential($d['multiview_template_header'])) . '",template_expired_notification="' . addslashes(Core_sanitiseHtmlEssential(@$d['template_expired_notification'])) . '",multiview_template_footer="' . addslashes(Core_sanitiseHtmlEssential($d['multiview_template_footer'])) . '" where id=' . (int) $d['id'];
    dbQuery($sql);
    Core_cacheClear();
    return array('ok' => 1);
}
Beispiel #3
0
/**
 * thoroughly clean up HTML
 *
 * @param string $original_html the original HTML
 *
 * @return string sanitised HTML
 */
function Core_sanitiseHtml($original_html)
{
    $original_html = Core_sanitiseHtmlEssential($original_html);
    $original_html = Core_fixImageResizes($original_html);
    $original_html = str_replace("\n", '{{N}}', $original_html);
    $original_html = str_replace("\r", '{{R}}', $original_html);
    do {
        $html = $original_html;
        // { clean white-space
        $html = str_replace('{{R}}{{N}}', "{{N}}", $html);
        $html = str_replace('>{{N}}', '>', $html);
        $html = str_replace('{{N}}{{N}}', '{{N}}', $html);
        $html = preg_replace("/<p>\\s*/", '<p>', $html);
        $html = preg_replace("#\\s*<br( ?/)?>\\s*#", '<br />', $html);
        $html = preg_replace("#\\s*<li>\\s*#", '<li>', $html);
        $html = str_replace(">\t", '>', $html);
        $html = preg_replace('#<p([^>]*)>\\s*\\&nbsp;\\s*</p>#', '<p\\1></p>', $html);
        // }
        // { remove empty elements and parameters
        $html = preg_replace('/<!--[^>]*-->/', '', $html);
        // }
        // { combine nested elements
        $html = preg_replace('#<span style="([^"]*?);?">(\\s*)<span style="([^"]*)">([^<]*|<img[^>]' . '*>)</span>(\\s*)</span>#', '\\2<span style="\\1;\\3">\\4</span>\\5', $html);
        $html = preg_replace('#<a href="([^"]*)">(\\s*)<span style="([^"]*)">([^<]*|<img[^>]*>)</sp' . 'an>(\\s*)</a>#', '\\2<a href="\\1" style="\\3">\\4</a>\\5', $html);
        $html = preg_replace('#<strong>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</strong>#', '<strong style="\\2">\\1\\3\\4</strong>', $html);
        $html = preg_replace('#<b>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</b>#', '<b style="\\2">\\1\\3\\4</b>', $html);
        $html = preg_replace('#<li>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</li>#', '<li style="\\2">\\1\\3\\4</li>', $html);
        $html = preg_replace('#<p>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</p>#', '<p style="\\2">\\1\\3\\4</p>', $html);
        $html = preg_replace('#<span style="([^"]*)">(\\s*)<strong>([^<]*)</strong>(\\s*)</span>#', '\\2<strong style="\\1">\\3</strong>\\4', $html);
        $html = preg_replace('#<span style="([^"]*?);?">(\\s*)<strong style="([^"]*)">([^<]*)</stro' . 'ng>(\\s*)</span>#', '\\2<strong style="\\1;\\3">\\4</strong>\\5', $html);
        $html = preg_replace("/<p>\\s*(<img[^>]*>)\\s*<\\/p>/", '\\1', $html);
        $html = preg_replace('/<span( style="font-[^:]*:[^"]*")?>\\s*(<img[^>]*>)\\s*<\\/span>/', '\\2', $html);
        $html = preg_replace("/<strong>\\s*(<img[^>]*>)\\s*<\\/strong>/", '\\1', $html);
        // }
        // { remove unnecessary elements
        $html = preg_replace('#<meta [^>]*>(.*?)</meta>#', '\\1', $html);
        // }
        // { strip repeated CSS inline elements (TODO: make this more efficient...)
        $html = str_replace('font-size: large;font-size: large', 'font-size: large', $html);
        // }
        // { strip useless CSS
        $sillystuff = ' style="([^"]*)(color:[^;"]*|font-size:[^;"]*|font-family:' . '[^;"]*|line-height:[^;"]*);([^"]*)"';
        $html = preg_replace('#\\s*<span' . $sillystuff . '>\\s*</span>\\s*#', '<span style="\\1\\3"></span>', $html);
        $html = str_replace('<span style=""></span>', '<span></span>', $html);
        $html = preg_replace('#\\s*<p' . $sillystuff . '>\\s*</p>\\s*#', '<p style="\\1\\3"></p>', $html);
        $html = str_replace('<p style=""></p>', '<p></p>', $html);
        // }
        $has_changed = $html != $original_html;
        $original_html = $html;
    } while ($has_changed);
    // { old-style tabs
    if (strpos($html, '%TABPAGE%')) {
        $rand = md5(mt_rand());
        $test = preg_replace('/<p>[^<]*(%TAB[^%]*%)[^<]*<\\/p>/', '\\1', $html);
        $test = str_replace('%TABEND%', '</div></div><script>$(function(){$("#' . $rand . '").tabs();});</script>', $test);
        $parts = preg_split('/%TAB[^%]*%/', $test);
        $headings = array();
        for ($i = 1; $i < count($parts); ++$i) {
            $headings[] = preg_replace('/<[^>]*>/', '', preg_replace('/^[^<]*<h2[^>]*>(.*?)<\\/h2>.*/', '\\1', $parts[$i]));
            $replacement = ($i > 1 ? '</div>' : '') . '<div id="' . $rand . '-' . strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $headings[$i - 1])) . '">';
            $parts[$i] = preg_replace('/^[^<]*<h2[^>]*>(.*?)<\\/h2>/', $replacement, $parts[$i]);
        }
        $menu = '<div id="' . $rand . '" class="tabs"><ul>';
        foreach ($headings as $h) {
            $menu .= '<li><a href="#' . $rand . '-' . strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $h)) . '">' . htmlspecialchars($h) . '</a></li>';
        }
        $parts[0] .= $menu . '</ul>';
        $html = join('', $parts);
    }
    // }
    $html = str_replace('{{N}}', "\n", $html);
    $html = str_replace('{{R}}', "\r", $html);
    return $html;
}