/**
* create or edit a page
*
* @return array status of the edit
*/
function Core_adminPageEdit()
{
/**
* function for recursively updating a page (and its children) template
*
* @param int $id the page id
* @param string $template the template name
*
* @return null
*/
function recursivelyUpdatePageTemplates($id, $template)
{
$pages = Pages::getInstancesByParent($id, false);
$ids = array();
foreach ($pages->pages as $page) {
$ids[] = $page->id;
recursivelyUpdatePageTemplates($page->id, $template);
}
if (!count($ids)) {
return;
}
dbQuery('update pages set template="' . addslashes($template) . '" where id in (' . join(',', $ids) . ')');
}
$id = (int) @$_REQUEST['id'];
$pid = $id ? dbOne('select parent from pages where id=' . $id, 'parent') : (int) $_REQUEST['parent'];
$special = 0;
if (isset($_REQUEST['special'])) {
$specials = $_REQUEST['special'];
if (is_array($specials)) {
foreach ($specials as $a => $b) {
$special += pow(2, $a);
}
}
$homes = dbOne("select count(id) as ids from pages where (special&1)" . ($id ? " AND id!={$id}" : ""), 'ids');
if ($special & 1) {
// there can be only one homepage
if ($homes != 0) {
dbQuery("update pages set special=special-1 where special&1");
}
} else {
if ($homes == 0) {
$special += 1;
}
}
}
$keywords = @$_REQUEST['keywords'];
$title = @$_REQUEST['title'];
$description = @$_REQUEST['description'];
$date_publish = isset($_REQUEST['date_publish']) ? $_REQUEST['date_publish'] : '0000-00-00 00:00:00';
$date_unpublish = isset($_REQUEST['date_unpublish']) ? $_REQUEST['date_unpublish'] : '0000-00-00 00:00:00';
$importance = (double) @$_REQUEST['importance'];
if (!isset($_REQUEST['body'])) {
$_REQUEST['body'] = '';
}
if ($importance < 0.1) {
$importance = 0.5;
}
if ($importance > 1) {
$importance = 1;
}
// { name, alias
$name = trim($_REQUEST['name']);
if (!$name) {
$name = __('No page name provided');
} else {
// check to see if name is already in use
$sql = 'select id from pages where name="' . addslashes($name) . '" and parent=' . $pid . ' and id!=' . $id;
if (dbOne($sql, 'id')) {
$i = 2;
while (dbOne('select id from pages where name="' . addslashes($name . $i) . '" and parent=' . $pid . ' and id!="' . $id . '"', 'id')) {
$i++;
}
$msgs .= '<em>' . __('A page named "%1" already exists. Page name amended to "%2"', $name, $name . $i) . '</em>';
$name .= $i;
}
}
$alias = transcribe(__FromJson($name, true));
// }
// { body
if (@$_REQUEST['page_vars']['_body']) {
$_REQUEST['body'] = $_REQUEST['page_vars']['_body'];
unset($_REQUEST['page_vars']['_body']);
}
if (!$id) {
$original_body = '<h1>' . htmlspecialchars($name) . '</h1><p> </p>';
} else {
$lim = (int) @$GLOBALS['DBVARS']['site_page_length_limit'];
if (is_array($_REQUEST['body'])) {
if ($lim) {
foreach ($_REQUEST['body'] as $k => $v) {
if (strlen($v) > $lim) {
$_REQUEST['body'][$k] = preg_replace('/<[^>]*$/', '', substr($v, 0, $lim));
}
}
}
$original_body = json_encode($_REQUEST['body']);
} else {
$original_body = $_REQUEST['body'];
if ($lim && strlen($original_body) > $lim) {
$original_body = preg_replace('/<[^>]*$/', '', substr($original_body, 0, $lim));
}
}
}
foreach ($GLOBALS['PLUGINS'] as $plugin) {
if (isset($plugin['admin']['body_override'])) {
$original_body = $plugin['admin']['body_override'](false);
}
}
$body = $original_body;
$body = Core_sanitiseHtml($body);
// }
// { template
$template = @$_REQUEST['template'];
if ($template == '' && $pid) {
$template = dbOne('select template from pages where id=' . $pid, 'template');
}
if (isset($_REQUEST['recursively_update_page_templates'])) {
recursivelyUpdatePageTemplates($id, $template);
}
// }
if ($id != 0) {
//if we don't create a page
//i.e. we edit it
$page = Page::getInstance($id);
$page->initValues();
if (isset($page->plugin)) {
//if this page it's a plugin
$type = $page->plugin;
//we find the plugin's name(plugin type)
}
if (@$GLOBALS['PLUGINS'][$type]['do-not-delete']) {
// don't modify type
$type = dbOne('select type from pages where id=' . $id, 'type');
if ($type != $_REQUEST['type']) {
echo '<script>alert("' . addslashes(__("The type of the page couldn't be changed")) . '")</script>';
}
} else {
//We can change the type
$type = $_REQUEST['type'];
}
} else {
//if we create the page
$type = $_REQUEST['type'];
}
$destType = preg_replace('/\\|.*/', '', $_REQUEST['type']);
if (@$GLOBALS['PLUGINS'][$destType]['only-one-page-instance'] == true) {
//we count how many pages of this type
//we have
$howMany = dbOne('select COUNT(type) FROM pages WHERE type="' . $_REQUEST['type'] . '"' . ' and id!=' . $id, 'COUNT(type)');
if ($howMany >= 1) {
//If we already have a page
echo "<script>alert('" . addslashes(__('You already have one page of that type')) . "');</script>";
return array('error' => __('You can have only one page of this type'));
}
}
$associated_date = isset($_REQUEST['associated_date']) ? $_REQUEST['associated_date'] : date('Y-m-d H:i:s');
$q = 'pages set importance=' . $importance . ',template="' . addslashes($template) . '",edate=now()' . ',type="' . addslashes($type) . '"' . ',date_unpublish="' . addslashes($date_unpublish) . '"' . ',date_publish="' . addslashes($date_publish) . '"' . ',associated_date="' . addslashes($associated_date) . '"' . ',keywords="' . addslashes($keywords) . '"' . ',description="' . addslashes($description) . '"' . ',name="' . addslashes($name) . '"' . ',title="' . addslashes($title) . '"' . ',original_body="' . addslashes(Core_sanitiseHtmlEssential($original_body)) . '"' . ',link="' . addslashes(__FromJson($name, true)) . '"' . ',body="' . addslashes($body) . '"' . ',alias="' . $alias . '",parent=' . $pid . ',special=' . $special;
if (!$id) {
// ord
$ord = dbOne('select ord from pages where parent=' . $pid . ' order by ord desc limit 1', 'ord') + 1;
$q .= ',ord=' . $ord . ',cdate=now()';
}
// { insert the page
if ($id) {
$q = 'update ' . $q . ' where id=' . $id;
} else {
$onlyOnePageInstance = false;
$pluginType = preg_replace('/\\|.*/', '', $_REQUEST['type']);
if (isset($GLOBALS['PLUGINS'][$pluginType]['only-one-page-instance'])) {
$onlyOnePageInstance = $GLOBALS['PLUGINS'][$pluginType]['only-one-page-instance'];
}
$alreadyAtInstancesLimit = $onlyOnePageInstance ? dbOne('select COUNT(type) FROM pages WHERE type="' . $_REQUEST['type'] . '"', 'COUNT(type)') : 0;
$q = 'INSERT into ' . $q . ',category=""';
if ($onlyOnePageInstance == true) {
if ($howMany >= 1) {
return array('error' => __('You can have only one page of this type'));
}
}
}
dbQuery($q);
if (!$id) {
$id = dbOne('select last_insert_id() as id', 'id');
}
// }
// { page_vars
dbQuery('delete from page_vars where page_id="' . $id . '"');
$pagevars = isset($_REQUEST['page_vars']) ? $_REQUEST['page_vars'] : array();
if (@$_REQUEST['short_url']) {
dbQuery('insert into short_urls set cdate=now(),page_id=' . $id . ',short_url="' . addslashes($_REQUEST['short_url']) . '"');
$pagevars['_short_url'] = 1;
} else {
dbQuery('delete from short_urls where page_id=' . $id);
unset($pagevars['_short_url']);
}
if (is_array($pagevars)) {
if (isset($pagevars['google-site-verification'])) {
$pagevars['google-site-verification'] = preg_replace('#.*content="([^"]*)".*#', '\\1', $pagevars['google-site-verification']);
}
foreach ($pagevars as $k => $v) {
if (is_array($v)) {
$v = json_encode($v);
}
dbQuery('insert into page_vars (name,value,page_id) values("' . addslashes($k) . '","' . addslashes($v) . '",' . $id . ')');
}
}
// }
if ($_POST['type'] == 4) {
$page_summary_parent = isset($_POST['page_summary_parent']) ? $_POST['page_summary_parent'] : $id;
$r2 = dbRow('select * from page_summaries where page_id="' . $id . '"');
$do = 1;
if ($r2) {
if (isset($_POST['page_summary_parent']) && $r2['parent_id'] != $page_summary_parent) {
dbQuery('delete from page_summaries where page_id="' . $id . '"');
} else {
$do = 0;
}
}
if ($do) {
dbQuery('insert into page_summaries set page_id="' . $id . '",parent_id="' . $page_summary_parent . '",rss=""');
}
require_once SCRIPTBASE . '/ww.incs/page.summaries.php';
PageSummaries_getHtml($id);
}
// { clean up and return
dbQuery('update page_summaries set rss=""');
if (@$GLOBALS['DBVARS']['cron-next']) {
unset($GLOBALS['DBVARS']['cron-next']);
}
Core_cacheClear();
Core_configRewrite();
return array('id' => $id, 'pid' => $pid, 'alias' => $alias, 'sql' => $q);
// }
}
/**
* edit a product type
*
* @return array
*/
function Products_adminTypeEdit()
{
$d = $_REQUEST['data'];
$data_fields = json_encode($d['data_fields']);
$sql = 'update products_types set name="' . addslashes($d['name']) . '"' . ', allowcomments="' . (int) $d['allowcomments'] . '"' . ', multiview_template="' . addslashes(Core_sanitiseHtmlEssential($d['multiview_template'])) . '",singleview_template="' . addslashes(Core_sanitiseHtmlEssential($d['singleview_template'])) . '",data_fields="' . addslashes($data_fields) . '"' . ', is_for_sale=' . (int) $d['is_for_sale'] . ', has_userdefined_price=' . (int) @$d['user_defined_price'] . ', is_voucher=' . (int) $d['is_voucher'] . ', stock_control=' . (int) $d['stock_control'] . ', default_category=' . (int) $d['default_category'] . ', voucher_template="' . addslashes(Core_sanitiseHtmlEssential($d['voucher_template'])) . '",' . 'prices_based_on_usergroup="' . addslashes($d['prices_based_on_usergroup']) . '",multiview_template_header="' . addslashes(Core_sanitiseHtmlEssential($d['multiview_template_header'])) . '",template_expired_notification="' . addslashes(Core_sanitiseHtmlEssential(@$d['template_expired_notification'])) . '",multiview_template_footer="' . addslashes(Core_sanitiseHtmlEssential($d['multiview_template_footer'])) . '" where id=' . (int) $d['id'];
dbQuery($sql);
Core_cacheClear();
return array('ok' => 1);
}
/**
* thoroughly clean up HTML
*
* @param string $original_html the original HTML
*
* @return string sanitised HTML
*/
function Core_sanitiseHtml($original_html)
{
$original_html = Core_sanitiseHtmlEssential($original_html);
$original_html = Core_fixImageResizes($original_html);
$original_html = str_replace("\n", '{{N}}', $original_html);
$original_html = str_replace("\r", '{{R}}', $original_html);
do {
$html = $original_html;
// { clean white-space
$html = str_replace('{{R}}{{N}}', "{{N}}", $html);
$html = str_replace('>{{N}}', '>', $html);
$html = str_replace('{{N}}{{N}}', '{{N}}', $html);
$html = preg_replace("/<p>\\s*/", '<p>', $html);
$html = preg_replace("#\\s*<br( ?/)?>\\s*#", '<br />', $html);
$html = preg_replace("#\\s*<li>\\s*#", '<li>', $html);
$html = str_replace(">\t", '>', $html);
$html = preg_replace('#<p([^>]*)>\\s*\\ \\s*</p>#', '<p\\1></p>', $html);
// }
// { remove empty elements and parameters
$html = preg_replace('/<!--[^>]*-->/', '', $html);
// }
// { combine nested elements
$html = preg_replace('#<span style="([^"]*?);?">(\\s*)<span style="([^"]*)">([^<]*|<img[^>]' . '*>)</span>(\\s*)</span>#', '\\2<span style="\\1;\\3">\\4</span>\\5', $html);
$html = preg_replace('#<a href="([^"]*)">(\\s*)<span style="([^"]*)">([^<]*|<img[^>]*>)</sp' . 'an>(\\s*)</a>#', '\\2<a href="\\1" style="\\3">\\4</a>\\5', $html);
$html = preg_replace('#<strong>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</strong>#', '<strong style="\\2">\\1\\3\\4</strong>', $html);
$html = preg_replace('#<b>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</b>#', '<b style="\\2">\\1\\3\\4</b>', $html);
$html = preg_replace('#<li>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</li>#', '<li style="\\2">\\1\\3\\4</li>', $html);
$html = preg_replace('#<p>(\\s*)<span style="([^"]*)">([^<]*)</span>(\\s*)</p>#', '<p style="\\2">\\1\\3\\4</p>', $html);
$html = preg_replace('#<span style="([^"]*)">(\\s*)<strong>([^<]*)</strong>(\\s*)</span>#', '\\2<strong style="\\1">\\3</strong>\\4', $html);
$html = preg_replace('#<span style="([^"]*?);?">(\\s*)<strong style="([^"]*)">([^<]*)</stro' . 'ng>(\\s*)</span>#', '\\2<strong style="\\1;\\3">\\4</strong>\\5', $html);
$html = preg_replace("/<p>\\s*(<img[^>]*>)\\s*<\\/p>/", '\\1', $html);
$html = preg_replace('/<span( style="font-[^:]*:[^"]*")?>\\s*(<img[^>]*>)\\s*<\\/span>/', '\\2', $html);
$html = preg_replace("/<strong>\\s*(<img[^>]*>)\\s*<\\/strong>/", '\\1', $html);
// }
// { remove unnecessary elements
$html = preg_replace('#<meta [^>]*>(.*?)</meta>#', '\\1', $html);
// }
// { strip repeated CSS inline elements (TODO: make this more efficient...)
$html = str_replace('font-size: large;font-size: large', 'font-size: large', $html);
// }
// { strip useless CSS
$sillystuff = ' style="([^"]*)(color:[^;"]*|font-size:[^;"]*|font-family:' . '[^;"]*|line-height:[^;"]*);([^"]*)"';
$html = preg_replace('#\\s*<span' . $sillystuff . '>\\s*</span>\\s*#', '<span style="\\1\\3"></span>', $html);
$html = str_replace('<span style=""></span>', '<span></span>', $html);
$html = preg_replace('#\\s*<p' . $sillystuff . '>\\s*</p>\\s*#', '<p style="\\1\\3"></p>', $html);
$html = str_replace('<p style=""></p>', '<p></p>', $html);
// }
$has_changed = $html != $original_html;
$original_html = $html;
} while ($has_changed);
// { old-style tabs
if (strpos($html, '%TABPAGE%')) {
$rand = md5(mt_rand());
$test = preg_replace('/<p>[^<]*(%TAB[^%]*%)[^<]*<\\/p>/', '\\1', $html);
$test = str_replace('%TABEND%', '</div></div><script>$(function(){$("#' . $rand . '").tabs();});</script>', $test);
$parts = preg_split('/%TAB[^%]*%/', $test);
$headings = array();
for ($i = 1; $i < count($parts); ++$i) {
$headings[] = preg_replace('/<[^>]*>/', '', preg_replace('/^[^<]*<h2[^>]*>(.*?)<\\/h2>.*/', '\\1', $parts[$i]));
$replacement = ($i > 1 ? '</div>' : '') . '<div id="' . $rand . '-' . strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $headings[$i - 1])) . '">';
$parts[$i] = preg_replace('/^[^<]*<h2[^>]*>(.*?)<\\/h2>/', $replacement, $parts[$i]);
}
$menu = '<div id="' . $rand . '" class="tabs"><ul>';
foreach ($headings as $h) {
$menu .= '<li><a href="#' . $rand . '-' . strtolower(preg_replace('/[^a-zA-Z0-9]/', '', $h)) . '">' . htmlspecialchars($h) . '</a></li>';
}
$parts[0] .= $menu . '</ul>';
$html = join('', $parts);
}
// }
$html = str_replace('{{N}}', "\n", $html);
$html = str_replace('{{R}}', "\r", $html);
return $html;
}
