$type = ''; if (isset($_POST['type'])) { $type = COM_applyFilter($_POST['type']); } if (!isset($sid) || empty($sid)) { COM_errorLog('Attempted to delete story sid=' . $sid); echo COM_refresh($_CONF['site_admin_url'] . '/story.php'); } else { if ($type == 'submission') { if (TOPIC_hasMultiTopicAccess('article', $sid) < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } else { if (SEC_checkToken()) { // Delete Topic Assignments for this submission TOPIC_deleteTopicAssignments('article', $sid); DB_delete($_TABLES['storysubmission'], 'sid', $sid, $_CONF['site_admin_url'] . '/moderation.php'); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } } } else { if (SEC_checkToken()) { echo STORY_deleteStory($sid); } else { COM_accessLog("User {$_USER['username']} tried to delete story and failed CSRF checks {$sid}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } } }
/** * Performs story exclusive work for items deleted by moderation * While moderation.php handles the actual removal from the submission * table, within this function we handle all other deletion related tasks * * @param string $sid Identifying string, i.e. the story id * @return string Any wanted HTML output */ function plugin_moderationdelete_story($sid) { global $_TABLES; TOPIC_deleteTopicAssignments('article', $sid); DB_delete($_TABLES['storysubmission'], 'sid', $sid); return ''; }
/** * Delete an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_delete_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC; $output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php?msg=20'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); $args['mode'] = COM_applyBasicFilter($args['mode']); } $sp_id = $args['sp_id']; if (!SEC_hasRights('staticpages.delete')) { $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied'])); if ($_USER['uid'] > 1) { return PLG_RET_PERMISSION_DENIED; } else { return PLG_RET_AUTH_FAILED; } } // If a staticpage template, remove any use of the file if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_id}'") == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); } DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id); DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages')); TOPIC_deleteTopicAssignments('staticpages', $sp_id); PLG_itemDeleted($sp_id, 'staticpages'); // Clear Cache $cacheInstance = 'staticpage__' . $sp_id . '__'; CACHE_remove_instance($cacheInstance); return PLG_RET_OK; }
/** * Delete a block * * @param string $bid id of block to delete * @return string HTML redirect or error message * */ function deleteBlock($bid) { global $_CONF, $_TABLES, $_USER; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}."); return COM_refresh($_CONF['site_admin_url'] . '/block.php'); } TOPIC_deleteTopicAssignments('block', $bid); DB_delete($_TABLES['blocks'], 'bid', $bid); $cacheInstance = 'block__' . $bid . '__'; // remove any of this blocks instances if exists CACHE_remove_instance($cacheInstance); return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12'); }
/** * Saves the story in it's final state to the database. * Handles all the SID magic etc. * * @return int status result from a constant list. */ public function saveToDatabase() { global $_TABLES, $_DB_dbms; $tids = TOPIC_getTopicIdsForObject('topic'); $archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag=1'); if (!empty($tids) && !empty($archive_tid)) { if (in_array($archive_tid, $tids)) { $this->_featured = 0; $this->_frontpage = 0; $this->_statuscode = STORY_ARCHIVE_ON_EXPIRE; } } /* if a featured, non-draft, that goes live straight away, unfeature * other stories in same topic: */ if ($this->_featured == '1') { // there can only be one non-draft featured story if ($this->_draft_flag == 0 and $this->_date <= time()) { if ($this->_frontpage == 1) { // un-feature any featured frontpage story DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND frontpage = 1 AND date <= NOW()"); } // un-feature any featured story in the same topic //DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND tid = '{$this->_tid}' AND date <= NOW()"); $tids = TOPIC_getTopicIdsForObject('topic'); if (!empty($tids)) { DB_query("UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta SET s.featured = 0 WHERE s.featured = 1 AND s.draft_flag = 0 AND (ta.tid IN ('" . implode("','", $tids) . "')) AND ta.type = 'article' AND ta.id = s.sid AND s.date <= NOW()"); } } } $oldArticleExists = false; $currentSidExists = false; // Fix up old sid => new sid stuff $checkSid = DB_escapeString($this->_originalSid); // needed below if ($this->_sid != $this->_originalSid) { /* The sid has changed. Load from request will have * ensured that if the new sid exists an error has * been thrown, but we need to know if the old sid * actually existed (as opposed to being a generated * sid that was then thrown away) to reduce the sheer * number of SQL queries we do. */ $newSid = DB_escapeString($this->_sid); $sql = "SELECT 1 FROM {$_TABLES['stories']} WHERE sid='{$checkSid}'"; $result = DB_query($sql); if ($result && DB_numRows($result) > 0) { $oldArticleExists = true; } if ($oldArticleExists) { // Move Comments $sql = "UPDATE {$_TABLES['comments']} SET sid='{$newSid}' WHERE type='article' AND sid='{$checkSid}'"; DB_query($sql); // Move Images $sql = "UPDATE {$_TABLES['article_images']} SET ai_sid = '{$newSid}' WHERE ai_sid = '{$checkSid}'"; DB_query($sql); // Move trackbacks $sql = "UPDATE {$_TABLES['trackback']} SET sid='{$newSid}' WHERE sid='{$checkSid}' AND type='article'"; DB_query($sql); } } // Acquire Comment Count $sql = "SELECT COUNT(1) FROM {$_TABLES['comments']} WHERE type='article' AND sid='{$this->_sid}'"; $result = DB_query($sql); if ($result && DB_numRows($result) == 1) { $array = DB_fetchArray($result); $this->_comments = $array[0]; } else { $this->_comments = 0; } /* Format dates for storage: */ /* * Doing this here would use the webserver's timezone, but we need * to use the DB server's timezone so that ye olde timezone hack * still works. See use of FROM_UNIXTIME in the SQL below. * * $this->_date = date('Y-m-d H:i:s', $this->_date); * $this->_expire = date('Y-m-d H:i:s', $this->_expire); * */ // Get the related URLs $this->_related = implode("\n", STORY_extractLinks($this->DisplayElements('introtext') . ' ' . $this->DisplayElements('bodytext'))); $fields = ''; $values = ''; reset($this->_dbFields); $this->_text_version = GLTEXT_LATEST_VERSION; // Apply HTML filter to the text just before save // with the permissions of current editor $this->_introtext = GLText::applyHTMLFilter($this->_introtext, $this->_postmode, 'story.edit', $this->_text_version); $this->_bodytext = GLText::applyHTMLFilter($this->_bodytext, $this->_postmode, 'story.edit', $this->_text_version); /* This uses the database field array to generate a SQL Statement. This * means that when adding new fields to save and load, all we need to do * is add the field name to the array, and the code will magically cope. */ while (list($fieldName, $save) = each($this->_dbFields)) { if ($save === 1) { $varName = '_' . $fieldName; $fields .= $fieldName . ', '; if ($fieldName === 'date' || $fieldName === 'expire' || $fieldName === 'comment_expire') { // let the DB server do this conversion (cf. timezone hack) $values .= 'FROM_UNIXTIME(' . $this->{$varName} . '), '; } else { if ($this->{$varName} === '') { $values .= "'', "; } else { if (is_numeric($this->{$varName})) { $values .= DB_escapeString($this->{$varName}) . ', '; } else { $values .= '\'' . DB_escapeString($this->{$varName}) . '\', '; } } } } } $fields = substr($fields, 0, strlen($fields) - 2); $values = substr($values, 0, strlen($values) - 2); DB_save($_TABLES['stories'], $fields, $values); // Save Topics selected TOPIC_saveTopicSelectionControl('article', $this->_sid); if ($oldArticleExists) { // Clean up the old story DB_delete($_TABLES['stories'], 'sid', $checkSid); // Delete Topic Assignments for this old article id since we just created new ones TOPIC_deleteTopicAssignments('article', $checkSid); } if ($this->type === 'submission') { // there might be a submission, clean it up DB_delete($_TABLES['storysubmission'], 'sid', $checkSid); } return STORY_SAVED; }