$oldumask = umask(0); if (@mkdir($useruploadpath, 0777)) { if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) { $file_error["upload"] = $BL['be_fprivup_err3'] . ' (2)'; } } else { $file_error["upload"] = $BL['be_fprivup_err4']; } umask($oldumask); } if (is_file($usernewfile)) { @chmod($usernewfile, 0666); } if (empty($file_error["upload"])) { // store tags _dbSaveCategories($file_tags, 'file', $new_fileId, ','); //after successful upload go back to clear post (form) var headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=files&f=0&uploaded=1'); } else { echo $file_error["upload"] . "<br />"; $file_error["upload"] = str_replace('{VAL}', $phpwcms["admin_email"], $BL['be_fprivup_err6']); mysql_query("DELETE FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $new_fileId . " AND f_uid=" . $_SESSION["wcs_user_id"] . ";", $db); } } } if (!ini_get('safe_mode') && function_exists('set_time_limit')) { set_time_limit(30); } } ?> <form action="phpwcms.php?do=files&f=0" method="post" enctype="multipart/form-data" name="uploadfile" id="uploadfile">
$result = _dbQuery($sql, 'INSERT'); if (isset($result['INSERT_ID'])) { $new_fileId = $result['INSERT_ID']; //Festlegen der aktuellen File-ID $_file_extension = $file_ext ? '.' . $file_ext : ''; $wcs_newfilename = $file_hash . $_file_extension; // changed for using hashed file names $userftppath = PHPWCMS_ROOT . $phpwcms["ftp_path"]; $useruploadpath = PHPWCMS_ROOT . $phpwcms["file_path"]; $usernewfile = $useruploadpath . $wcs_newfilename; $oldumask = umask(0); if ($dir = @opendir($useruploadpath)) { if (@copy($userftppath . $file, $usernewfile)) { @unlink($userftppath . $file); // store tags _dbSaveCategories($ftp["tags"], 'file', $new_fileId, ','); } else { $file_error["upload"] = "Error while writing file to storage (1)."; } } } elseif (mysql_error()) { $file_error["upload"] = 'MySQL Error while insert to DB: ' . mysql_error(); } if (empty($file_error["upload"])) { // now try to find 1st file having same named and replace it if related mark is set if ($ftp["replace"]) { $rsql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE "; $rsql .= "f_name=" . _dbEscape($file_name) . " AND f_kid=1 "; $rsql .= "AND f_pid=" . $ftp["dir"] . " AND f_trash=0 AND f_id != " . $new_fileId . " LIMIT 1"; $rrow = _dbQuery($rsql); if (isset($rrow[0]['f_id'])) {
$file_error["name"] = 1; } else { //Wenn Dateiname keine Erweiterung hat, dann Extension anhängen if (trim(strtolower(FileExtension($file_name))) != trim($file_ext)) { $file_name .= "." . $file_ext; } } //Eintragen der aktualisierten Verzeichnisinfos if (!isset($file_error)) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET " . "f_name='" . aporeplace($file_name) . "', " . "f_pid=" . $file_pid . ", " . "f_aktiv=" . $file_aktiv . ", " . "f_public=" . $file_public . ", " . "f_shortinfo='" . aporeplace($file_shortinfo) . "', " . "f_longinfo='" . aporeplace($file_longinfo) . "', " . "f_keywords='" . $file_keys . "', " . "f_created='" . time() . "', " . "f_copyright='" . aporeplace($file_copyright) . "', " . "f_tags='" . aporeplace($file_tags) . "', " . "f_granted=" . $file_granted . ", " . "f_gallerystatus=" . $file_gallerydownload . ", " . (isset($file_vars) ? 'f_vars=' . _dbEscape(serialize($file_vars)) . ',' : '') . "f_sort=" . $file_sort . " " . "WHERE f_kid=1 AND f_id=" . $file_id; if (empty($_SESSION["wcs_user_admin"])) { $sql .= " AND f_uid=" . intval($_SESSION["wcs_user_id"]); } if ($result = mysql_query($sql, $db)) { // store tags _dbSaveCategories($file_tags, 'file', $file_id, ','); //headerRedirect(PHPWCMS_URL."phpwcms.php?do=files&f=0"); } else { $file_error["save_failed"] = 1; } } } //Ende Auswerten Formular //Wenn ID angegeben, dann -> oder aber Root Verzeichnis if ($file_id) { $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $file_id; if (empty($_SESSION["wcs_user_admin"])) { $sql .= " AND f_uid=" . intval($_SESSION["wcs_user_id"]); } $sql .= " AND f_trash=0 AND f_kid=1 LIMIT 1"; if ($result = mysql_query($sql, $db) or die("error while reading file information")) {
} else { $result = false; } } else { // Update article summary data $sql = "UPDATE " . DB_PREPEND . "phpwcms_article SET " . "article_cid=" . $article["article_catid"] . "," . "article_title=" . _dbEscape($article["article_title"]) . ", " . "article_alias=" . _dbEscape($article["article_alias"]) . ", " . "article_keyword=" . _dbEscape($article["article_keyword"]) . ", " . "article_aktiv=" . $article["article_aktiv"] . ", " . "article_begin=" . _dbEscape($article["article_begin"]) . ", " . "article_end=" . _dbEscape($article["article_end"]) . ", " . "article_subtitle=" . _dbEscape($article["article_subtitle"]) . ", " . "article_summary=" . _dbEscape($article["article_summary"]) . ", " . "article_redirect=" . _dbEscape($article["article_redirect"]) . ", " . "article_sort=" . _dbEscape($article["article_sort"]) . ", " . "article_username="******"article_username"]) . ", " . "article_notitle=" . $article["article_notitle"] . ", " . "article_hidesummary=" . $article["article_hidesummary"] . ", " . "article_image=" . _dbEscape(serialize($article['image'])) . ", " . "article_cache=" . _dbEscape($article["article_timeout"]) . ", " . "article_nosearch=" . _dbEscape($article['article_nosearch']) . ", " . "article_nositemap=" . $article['article_nositemap'] . ", " . "article_aliasid=" . $article['article_aliasid'] . ", " . "article_headerdata=" . $article['article_headerdata'] . ", " . "article_morelink=" . $article['article_morelink'] . ", " . "article_noteaser=" . $article['article_noteaser'] . ", " . "article_pagetitle=" . _dbEscape($article['article_pagetitle']) . ", " . "article_paginate=" . $article['article_paginate'] . ", " . "article_priorize=" . $article['article_priorize'] . ", " . "article_norss=" . $article['article_norss'] . ", " . "article_archive_status=" . $article['article_archive_status'] . ", " . "article_menutitle=" . _dbEscape($article["article_menutitle"]) . "," . "article_description=" . _dbEscape($article["article_description"]) . ", " . "article_lang=" . _dbEscape($article["article_lang"]) . ", " . "article_lang_type=" . _dbEscape($article["article_lang_type"]) . ", " . "article_lang_id=" . _dbEscape($article["article_lang_id"]) . ", " . "article_opengraph=" . $article["article_opengraph"] . ', ' . "article_canonical=" . _dbEscape($article["article_canonical"]); if ($_SESSION["wcs_user_admin"]) { $sql .= ", article_uid=" . $article["article_uid"]; } $sql .= " WHERE article_id=" . $article["article_id"]; $result = _dbQuery($sql, 'UPDATE'); } if ($result) { update_cache(); // set cache timeout = 0 _dbSaveCategories($article["article_keyword"], 'article', $article["article_id"], ','); $update = isset($_POST['updatesubmit']) ? '&aktion=1' : ''; headerRedirect(PHPWCMS_URL . 'phpwcms.php?do=articles&p=2&s=1' . $update . '&id=' . $article["article_id"]); } } else { set_status_message($BL['be_admin_usr_err'] . ': ' . implode(', ', $article_err), 'warning'); } } // check if it is recommend to overwrite template defaults if (!isset($article["acat_overwrite"])) { if ($article['article_catid']) { $article["acat_overwrite"] = _dbGet('phpwcms_articlecat', 'acat_overwrite', 'acat_trash != 9 AND acat_id = ' . $article['article_catid'], '', '', 1); $article["acat_overwrite"] = empty($article["acat_overwrite"][0]['acat_overwrite']) ? '' : $article["acat_overwrite"][0]['acat_overwrite']; } elseif ($article['article_catid'] === 0 && !empty($indexpage['acat_overwrite'])) { $article["acat_overwrite"] = $indexpage['acat_overwrite']; } else {
$sql .= $plugin['data']['calendar_allday'] . ", "; $sql .= $plugin['data']['calendar_range'] . ", "; $sql .= "'" . aporeplace($plugin['data']['calendar_range_start']) . "', "; $sql .= "'" . aporeplace($plugin['data']['calendar_range_end']) . "', "; $sql .= "'" . aporeplace($plugin['data']['calendar_title']) . "', "; $sql .= "'" . aporeplace($plugin['data']['calendar_where']) . "', "; $sql .= "'" . aporeplace($plugin['data']['calendar_teaser']) . "', "; $sql .= "'" . aporeplace($plugin['data']['calendar_text']) . "', "; $sql .= "'" . aporeplace($plugin['data']['calendar_tag']) . "', "; $sql .= "'" . aporeplace(serialize($plugin['data']['calendar_object'])) . "', "; $sql .= "'" . aporeplace($plugin['data']['calendar_refid']) . "', "; $sql .= "'" . aporeplace($plugin['data']['calendar_lang']) . "'"; $sql .= ')'; if ($sql = @_dbQuery($sql, 'INSERT')) { $plugin['data']['calendar_id'] = $sql['INSERT_ID']; _dbSaveCategories($plugin['data']['calendar_tag'], 'calendar', $plugin['data']['calendar_id'], ','); if (isset($_POST['save'])) { headerRedirect(decode_entities(MODULE_HREF)); } else { headerRedirect(decode_entities(MODULE_HREF) . '&edit=' . $plugin['data']['calendar_id']); } } else { $plugin['error']['update'] = mysql_error(); } } } } // try to read entry from database if ($plugin['id'] && !isset($plugin['error'])) { $sql = 'SELECT *, '; $sql .= "DATE_FORMAT(calendar_start, '%d" . $BLM['date_delimiter'] . "%m" . $BLM['date_delimiter'] . "%Y') AS calendar_start_date, ";
function edit() { $this->newsId = intval($_GET['cntid']); $this->data = array(); if (isset($_GET['status'])) { $status = intval($_GET['status']); switch ($status) { case 0: case 1: case 9: _dbUpdate('phpwcms_content', array('cnt_status' => $status), 'cnt_id=' . $this->newsId); set_status_message($status == 9 ? $this->BL['be_action_deleted'] : $this->BL['be_action_status'], 'success', array('ID' => $this->newsId)); break; default: set_status_message($this->BL['be_action_notvalid'], 'warning'); } headerRedirect($this->base_url_decoded); } $start_date = 0; $end_date = 0; $this->data = array('cnt_id' => 0, 'cnt_pid' => 0, 'cnt_status' => intval($this->phpwcms['set_news_active']), 'cnt_livedate' => '0000-00-00 00:00:00', 'cnt_killdate' => '0000-00-00 00:00:00', 'cnt_archive_status' => 1, 'cnt_alias' => '', 'cnt_name' => '', 'cnt_title' => '', 'cnt_subtitle' => '', 'cnt_editor' => '', 'cnt_place' => '', 'cnt_teasertext' => '', 'cnt_text' => '', 'cnt_duplicate' => 0, 'cnt_lang' => '', 'cnt_prio' => 0, 'cnt_readmore' => 1, 'cnt_image' => array('id' => 0, 'name' => '', 'zoom' => 0, 'lightbox' => 0, 'caption' => '', 'link' => ''), 'cnt_files' => array('id' => array(), 'caption' => '', 'gallery' => 0, 'gallery_download' => 0), 'cnt_link' => '', 'cnt_linktext' => '', 'cnt_category' => '', 'cnt_livedate' => '', 'cnt_killdate' => '', 'cnt_sort' => 0, 'cnt_opengraph' => empty($this->phpwcms['set_sociallink']['news']) ? 0 : 1, 'cnt_textformat' => 'plain', 'cnt_searchoff' => 0); // check form post if (isset($_POST['cnt_name'])) { $post = $this->getPostData(); $post_error = false; if (!empty($_POST['cnt_duplicate'])) { $this->newsId = 0; $duplicate = 1; $post['cnt_created'] = now(); } else { $duplicate = 0; } // 1st check if we have a name because it's mandatory if ($post['cnt_name'] == '') { $post_error = true; set_status_message($this->BL['be_news_name_mandatory'], 'warning'); $post['cnt_duplicate'] = $duplicate; } // do db work if ($post_error === false) { $values = $post; $values['cnt_object'] = serialize($values['cnt_object']); $success = false; // store new dataset if ($this->newsId == 0) { $result = _dbInsert('phpwcms_content', $values); if (isset($result['INSERT_ID'])) { $this->newsId = $result['INSERT_ID']; $success = true; set_status_message($this->BL['be_successfully_saved'] . LF . $post['cnt_name'], 'success'); } // update existing dataset } else { $result = _dbUpdate('phpwcms_content', $values, 'cnt_id=' . $this->newsId); if ($result != false) { $success = true; set_status_message($this->BL['be_successfully_updated'] . LF . $post['cnt_name'], 'success'); } } // if success if ($success) { // save categories if ($this->newsId) { _dbSaveCategories($post['cnt_object']['cnt_category'], 'news', $this->newsId, ','); } // redirect to form again if ($this->newsId && isset($_POST['submit'])) { headerRedirect($this->base_url_decoded . '&cntid=' . $this->newsId . '&action=edit'); // back to listing } else { headerRedirect($this->base_url_decoded); } // error while storing data } else { set_status_message($BL['be_error_while_save'] . trim(html(' ' . mysql_errno() . ': ' . mysql_error())), 'warning'); } } $this->data = array_merge($this->data, $post); } elseif ($this->newsId > 0) { $result = _dbGet('phpwcms_content', '*', 'cnt_status!=9 AND cnt_id=' . $this->newsId, '', '', '1'); if (isset($result[0])) { $result[0]['cnt_object'] = @unserialize($result[0]['cnt_object']); if (is_array($result[0]['cnt_object']['cnt_image'])) { $result[0]['cnt_image'] = array_merge($this->data['cnt_image'], $result[0]['cnt_object']['cnt_image']); } if (is_array($result[0]['cnt_object']['cnt_files'])) { $result[0]['cnt_files'] = array_merge($this->data['cnt_files'], $result[0]['cnt_object']['cnt_files']); } if (isset($result[0]['cnt_object']['cnt_link'])) { $result[0]['cnt_link'] = $result[0]['cnt_object']['cnt_link']; } if (isset($result[0]['cnt_object']['cnt_linktext'])) { $result[0]['cnt_linktext'] = $result[0]['cnt_object']['cnt_linktext']; } if (isset($result[0]['cnt_object']['cnt_category'])) { $result[0]['cnt_category'] = $result[0]['cnt_object']['cnt_category']; } if (isset($result[0]['cnt_object']['cnt_readmore'])) { $result[0]['cnt_readmore'] = $result[0]['cnt_object']['cnt_readmore']; } if (isset($result[0]['cnt_object']['cnt_textformat'])) { $result[0]['cnt_textformat'] = $result[0]['cnt_object']['cnt_textformat']; } if (isset($result[0]['cnt_object']['cnt_searchoff'])) { $result[0]['cnt_searchoff'] = $result[0]['cnt_object']['cnt_searchoff']; } $this->data = array_merge($this->data, $result[0]); } else { set_status_message($this->BL['be_data_select_failed'], 'warning'); headerRedirect($this->base_url_decoded); } } $start_date = strtotime($this->data['cnt_livedate']); $end_date = strtotime($this->data['cnt_killdate']); $sort_date = intval($this->data['cnt_sort']); if ($start_date <= 0) { $this->data['cnt_livedate'] = '0000-00-00 00:00:00'; $this->data['cnt_date_start'] = ''; $this->data['cnt_time_start'] = ''; } else { $this->data['cnt_date_start'] = date($this->BL['default_date'], $start_date); $this->data['cnt_time_start'] = date($this->BL['default_time'], $start_date); } if ($end_date <= 0) { $this->data['cnt_killdate'] = '0000-00-00 00:00:00'; $this->data['cnt_date_end'] = ''; $this->data['cnt_time_end'] = ''; } else { $this->data['cnt_date_end'] = date($this->BL['default_date'], $end_date); $this->data['cnt_time_end'] = date($this->BL['default_time'], $end_date); } // sort date if ($sort_date <= 0) { $this->data['cnt_sort'] = 0; $this->data['cnt_sort_date'] = ''; $this->data['cnt_sort_time'] = ''; } else { $this->data['cnt_sort_date'] = date($this->BL['default_date'], $sort_date); $this->data['cnt_sort_time'] = date($this->BL['default_time'], $sort_date); } }