/** * Updates an existing comment in the database. * * Filters the comment and makes sure certain fields are valid before updating. * * @since 0.0.1 * * @global hqdb $hqdb HiveQueen database abstraction object. * * @param array $commentarr Contains information on the comment. * @return int Comment was updated if value is 1, or was not updated if value is 0. */ function hq_update_comment($commentarr) { global $hqdb; // First, get all of the original fields $comment = get_comment($commentarr['comment_ID'], ARRAY_A); if (empty($comment)) { return 0; } // Make sure that the comment post ID is valid (if specified). if (isset($commentarr['comment_post_ID']) && !get_post($commentarr['comment_post_ID'])) { return 0; } // Escape data pulled from DB. $comment = hq_slash($comment); $old_status = $comment['comment_approved']; // Merge old and new fields with new fields overwriting old ones. $commentarr = array_merge($comment, $commentarr); $commentarr = hq_filter_comment($commentarr); // Now extract the merged array. $data = hq_unslash($commentarr); /** * Filter the comment content before it is updated in the database. * * @since 0.0.1 * * @param string $comment_content The comment data. */ $data['comment_content'] = apply_filters('comment_save_pre', $data['comment_content']); $data['comment_date_gmt'] = get_gmt_from_date($data['comment_date']); if (!isset($data['comment_approved'])) { $data['comment_approved'] = 1; } elseif ('hold' == $data['comment_approved']) { $data['comment_approved'] = 0; } elseif ('approve' == $data['comment_approved']) { $data['comment_approved'] = 1; } $comment_ID = $data['comment_ID']; $comment_post_ID = $data['comment_post_ID']; $keys = array('comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id'); $data = hq_array_slice_assoc($data, $keys); $rval = $hqdb->update($hqdb->comments, $data, compact('comment_ID')); clean_comment_cache($comment_ID); hq_update_comment_count($comment_post_ID); /** * Fires immediately after a comment is updated in the database. * * The hook also fires immediately before comment status transition hooks are fired. * * @since 0.0.1 * * @param int $comment_ID The comment ID. */ do_action('edit_comment', $comment_ID); $comment = get_comment($comment_ID); hq_transition_comment_status($comment->comment_approved, $old_status, $comment); return $rval; }
/** * A simpler way of inserting a user into the database. * * Creates a new user with just the username, password, and email. For more * complex user creation use {@see hq_insert_user()} to specify more information. * * @since 0.0.1 * @see hq_insert_user() More complete way to create a new user * * @param string $username The user's username. * @param string $password The user's password. * @param string $email Optional. The user's email. Default empty. * @return int|HQ_Error The new user's ID. */ function hq_create_user($username, $password, $email = '') { $user_login = hq_slash($username); $user_email = hq_slash($email); $user_pass = $password; $userdata = compact('user_login', 'user_email', 'user_pass'); return hq_insert_user($userdata); }
} elseif ($admin_password != $admin_password_check) { // TODO: poka-yoke display_setup_form(__('Your passwords do not match. Please try again.')); $error = true; } elseif (empty($admin_email)) { // TODO: poka-yoke display_setup_form(__('You must provide an email address.')); $error = true; } elseif (!is_email($admin_email)) { // TODO: poka-yoke display_setup_form(__('Sorry, that isn’t a valid email address. Email addresses look like <code>username@example.com</code>.')); $error = true; } if ($error === false) { $hqdb->show_errors(); $result = hq_install($weblog_title, $user_name, $admin_email, $public, '', hq_slash($admin_password), $loaded_language); ?> <h1><?php _e('Success!'); ?> </h1> <p><?php _e('HiveQueen has been installed. Were you expecting more steps? Sorry to disappoint.'); ?> </p> <table class="form-table install-success"> <tr> <th><?php
/** * Execute changes made in HiveQueen 0.0.1 * * @since 0.0.1 * * @global hqdb $hqdb * @global int $hq_current_db_version */ function upgrade_230() { global $hq_current_db_version, $hqdb; if ($hq_current_db_version < 5200) { populate_roles_230(); } // Convert categories to terms. $tt_ids = array(); $have_tags = false; $categories = $hqdb->get_results("SELECT * FROM {$hqdb->categories} ORDER BY cat_ID"); foreach ($categories as $category) { $term_id = (int) $category->cat_ID; $name = $category->cat_name; $description = $category->category_description; $slug = $category->category_nicename; $parent = $category->category_parent; $term_group = 0; // Associate terms with the same slug in a term group and make slugs unique. if ($exists = $hqdb->get_results($hqdb->prepare("SELECT term_id, term_group FROM {$hqdb->terms} WHERE slug = %s", $slug))) { $term_group = $exists[0]->term_group; $id = $exists[0]->term_id; $num = 2; do { $alt_slug = $slug . "-{$num}"; $num++; $slug_check = $hqdb->get_var($hqdb->prepare("SELECT slug FROM {$hqdb->terms} WHERE slug = %s", $alt_slug)); } while ($slug_check); $slug = $alt_slug; if (empty($term_group)) { $term_group = $hqdb->get_var("SELECT MAX(term_group) FROM {$hqdb->terms} GROUP BY term_group") + 1; $hqdb->query($hqdb->prepare("UPDATE {$hqdb->terms} SET term_group = %d WHERE term_id = %d", $term_group, $id)); } } $hqdb->query($hqdb->prepare("INSERT INTO {$hqdb->terms} (term_id, name, slug, term_group) VALUES\n\t\t(%d, %s, %s, %d)", $term_id, $name, $slug, $term_group)); $count = 0; if (!empty($category->category_count)) { $count = (int) $category->category_count; $taxonomy = 'category'; $hqdb->query($hqdb->prepare("INSERT INTO {$hqdb->term_taxonomy} (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count)); $tt_ids[$term_id][$taxonomy] = (int) $hqdb->insert_id; } if (!empty($category->link_count)) { $count = (int) $category->link_count; $taxonomy = 'link_category'; $hqdb->query($hqdb->prepare("INSERT INTO {$hqdb->term_taxonomy} (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count)); $tt_ids[$term_id][$taxonomy] = (int) $hqdb->insert_id; } if (!empty($category->tag_count)) { $have_tags = true; $count = (int) $category->tag_count; $taxonomy = 'post_tag'; $hqdb->insert($hqdb->term_taxonomy, compact('term_id', 'taxonomy', 'description', 'parent', 'count')); $tt_ids[$term_id][$taxonomy] = (int) $hqdb->insert_id; } if (empty($count)) { $count = 0; $taxonomy = 'category'; $hqdb->insert($hqdb->term_taxonomy, compact('term_id', 'taxonomy', 'description', 'parent', 'count')); $tt_ids[$term_id][$taxonomy] = (int) $hqdb->insert_id; } } $select = 'post_id, category_id'; if ($have_tags) { $select .= ', rel_type'; } $posts = $hqdb->get_results("SELECT {$select} FROM {$hqdb->post2cat} GROUP BY post_id, category_id"); foreach ($posts as $post) { $post_id = (int) $post->post_id; $term_id = (int) $post->category_id; $taxonomy = 'category'; if (!empty($post->rel_type) && 'tag' == $post->rel_type) { $taxonomy = 'tag'; } $tt_id = $tt_ids[$term_id][$taxonomy]; if (empty($tt_id)) { continue; } $hqdb->insert($hqdb->term_relationships, array('object_id' => $post_id, 'term_taxonomy_id' => $tt_id)); } // < 3570 we used linkcategories. >= 3570 we used categories and link2cat. if ($hq_current_db_version < 3570) { /* * Create link_category terms for link categories. Create a map of link * cat IDs to link_category terms. */ $link_cat_id_map = array(); $default_link_cat = 0; $tt_ids = array(); $link_cats = $hqdb->get_results("SELECT cat_id, cat_name FROM " . $hqdb->prefix . 'linkcategories'); foreach ($link_cats as $category) { $cat_id = (int) $category->cat_id; $term_id = 0; $name = hq_slash($category->cat_name); $slug = sanitize_title($name); $term_group = 0; // Associate terms with the same slug in a term group and make slugs unique. if ($exists = $hqdb->get_results($hqdb->prepare("SELECT term_id, term_group FROM {$hqdb->terms} WHERE slug = %s", $slug))) { $term_group = $exists[0]->term_group; $term_id = $exists[0]->term_id; } if (empty($term_id)) { $hqdb->insert($hqdb->terms, compact('name', 'slug', 'term_group')); $term_id = (int) $hqdb->insert_id; } $link_cat_id_map[$cat_id] = $term_id; $default_link_cat = $term_id; $hqdb->insert($hqdb->term_taxonomy, array('term_id' => $term_id, 'taxonomy' => 'link_category', 'description' => '', 'parent' => 0, 'count' => 0)); $tt_ids[$term_id] = (int) $hqdb->insert_id; } // Associate links to cats. $links = $hqdb->get_results("SELECT link_id, link_category FROM {$hqdb->links}"); if (!empty($links)) { foreach ($links as $link) { if (0 == $link->link_category) { continue; } if (!isset($link_cat_id_map[$link->link_category])) { continue; } $term_id = $link_cat_id_map[$link->link_category]; $tt_id = $tt_ids[$term_id]; if (empty($tt_id)) { continue; } $hqdb->insert($hqdb->term_relationships, array('object_id' => $link->link_id, 'term_taxonomy_id' => $tt_id)); } } // Set default to the last category we grabbed during the upgrade loop. update_option('default_link_category', $default_link_cat); } else { $links = $hqdb->get_results("SELECT link_id, category_id FROM {$hqdb->link2cat} GROUP BY link_id, category_id"); foreach ($links as $link) { $link_id = (int) $link->link_id; $term_id = (int) $link->category_id; $taxonomy = 'link_category'; $tt_id = $tt_ids[$term_id][$taxonomy]; if (empty($tt_id)) { continue; } $hqdb->insert($hqdb->term_relationships, array('object_id' => $link_id, 'term_taxonomy_id' => $tt_id)); } } if ($hq_current_db_version < 4772) { // Obsolete linkcategories table $hqdb->query('DROP TABLE IF EXISTS ' . $hqdb->prefix . 'linkcategories'); } // Recalculate all counts $terms = $hqdb->get_results("SELECT term_taxonomy_id, taxonomy FROM {$hqdb->term_taxonomy}"); foreach ((array) $terms as $term) { if ('post_tag' == $term->taxonomy || 'category' == $term->taxonomy) { $count = $hqdb->get_var($hqdb->prepare("SELECT COUNT(*) FROM {$hqdb->term_relationships}, {$hqdb->posts} WHERE {$hqdb->posts}.ID = {$hqdb->term_relationships}.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id)); } else { $count = $hqdb->get_var($hqdb->prepare("SELECT COUNT(*) FROM {$hqdb->term_relationships} WHERE term_taxonomy_id = %d", $term->term_taxonomy_id)); } $hqdb->update($hqdb->term_taxonomy, array('count' => $count), array('term_taxonomy_id' => $term->term_taxonomy_id)); } }
/** * Add slashes to a string or array of strings. * * This should be used when preparing data for core API that expects slashed data. * This should not be used to escape data going directly into an SQL query. * * @since 0.0.1 * * @param string|array $value String or array of strings to slash. * @return string|array Slashed $value */ function hq_slash($value) { if (is_array($value)) { foreach ($value as $k => $v) { if (is_array($v)) { $value[$k] = hq_slash($v); } else { $value[$k] = addslashes($v); } } } else { $value = addslashes($value); } return $value; }
/** * Update a post with new post data. * * The date does not have to be set for drafts. You can set the date and it will * not be overridden. * * @since 0.0.1 * * @param array|object $postarr Optional. Post data. Arrays are expected to be escaped, * objects are not. Default array. * @param bool $hq_error Optional. Allow return of HQ_Error on failure. Default false. * @return int|HQ_Error The value 0 or HQ_Error on failure. The post ID on success. */ function hq_update_post($postarr = array(), $hq_error = false) { if (is_object($postarr)) { // Non-escaped post was passed. $postarr = get_object_vars($postarr); $postarr = hq_slash($postarr); } // First, get all of the original fields. $post = get_post($postarr['ID'], ARRAY_A); if (is_null($post)) { if ($hq_error) { return new HQ_Error('invalid_post', __('Invalid post ID.')); } return 0; } // Escape data pulled from DB. $post = hq_slash($post); // Passed post category list overwrites existing category list if not empty. if (isset($postarr['post_category']) && is_array($postarr['post_category']) && 0 != count($postarr['post_category'])) { $post_cats = $postarr['post_category']; } else { $post_cats = $post['post_category']; } // Drafts shouldn't be assigned a date unless explicitly done so by the user. if (isset($post['post_status']) && in_array($post['post_status'], array('draft', 'pending', 'auto-draft')) && empty($postarr['edit_date']) && '0000-00-00 00:00:00' == $post['post_date_gmt']) { $clear_date = true; } else { $clear_date = false; } // Merge old and new fields with new fields overwriting old ones. $postarr = array_merge($post, $postarr); $postarr['post_category'] = $post_cats; if ($clear_date) { $postarr['post_date'] = current_time('mysql'); $postarr['post_date_gmt'] = ''; } if ($postarr['post_type'] == 'attachment') { return hq_insert_attachment($postarr); } return hq_insert_post($postarr, $hq_error); }
/** * Edit user settings based on contents of $_POST * * Used on user-edit.php and profile.php to manage and process user options, passwords etc. * * @since 0.0.1 * * @param int $user_id Optional. User ID. * @return int|HQ_Error user id of the updated user */ function edit_user($user_id = 0) { $hq_roles = hq_roles(); $user = new stdClass(); if ($user_id) { $update = true; $user->ID = (int) $user_id; $userdata = get_userdata($user_id); $user->user_login = hq_slash($userdata->user_login); } else { $update = false; } if (!$update && isset($_POST['user_login'])) { $user->user_login = sanitize_user($_POST['user_login'], true); } $pass1 = $pass2 = ''; if (isset($_POST['pass1'])) { $pass1 = $_POST['pass1']; } if (isset($_POST['pass2'])) { $pass2 = $_POST['pass2']; } if (isset($_POST['role']) && current_user_can('edit_users')) { $new_role = sanitize_text_field($_POST['role']); $potential_role = isset($hq_roles->role_objects[$new_role]) ? $hq_roles->role_objects[$new_role] : false; // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. // Multisite super admins can freely edit their blog roles -- they possess all caps. if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) { $user->role = $new_role; } // If the new role isn't editable by the logged-in user die with error $editable_roles = get_editable_roles(); if (!empty($new_role) && empty($editable_roles[$new_role])) { hq_die(__('You can’t give users that role.')); } } if (isset($_POST['email'])) { $user->user_email = sanitize_text_field(hq_unslash($_POST['email'])); } if (isset($_POST['url'])) { if (empty($_POST['url']) || $_POST['url'] == 'http://') { $user->user_url = ''; } else { $user->user_url = esc_url_raw($_POST['url']); $protocols = implode('|', array_map('preg_quote', hq_allowed_protocols())); $user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url; } } if (isset($_POST['first_name'])) { $user->first_name = sanitize_text_field($_POST['first_name']); } if (isset($_POST['last_name'])) { $user->last_name = sanitize_text_field($_POST['last_name']); } if (isset($_POST['nickname'])) { $user->nickname = sanitize_text_field($_POST['nickname']); } if (isset($_POST['display_name'])) { $user->display_name = sanitize_text_field($_POST['display_name']); } if (isset($_POST['description'])) { $user->description = trim($_POST['description']); } foreach (hq_get_user_contact_methods($user) as $method => $name) { if (isset($_POST[$method])) { $user->{$method} = sanitize_text_field($_POST[$method]); } } if ($update) { $user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true'; $user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh'; $user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false'; } $user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : ''; $user->use_ssl = 0; if (!empty($_POST['use_ssl'])) { $user->use_ssl = 1; } $errors = new HQ_Error(); /* checking that username has been typed */ if ($user->user_login == '') { $errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.')); } /* checking the password has been typed twice */ /** * Fires before the password and confirm password fields are checked for congruity. * * @since 0.0.1 * * @param string $user_login The username. * @param string &$pass1 The password, passed by reference. * @param string &$pass2 The confirmed password, passed by reference. */ do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2)); if ($update) { if (empty($pass1) && !empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1')); } elseif (!empty($pass1) && empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2')); } } else { if (empty($pass1)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1')); } elseif (empty($pass2)) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2')); } } /* Check for "\" in password */ if (false !== strpos(hq_unslash($pass1), "\\")) { $errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1')); } /* checking the password has been typed twice the same */ if ($pass1 != $pass2) { $errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1')); } if (!empty($pass1)) { $user->user_pass = $pass1; } if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.')); } if (!$update && username_exists($user->user_login)) { $errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.')); } /* checking e-mail address */ if (empty($user->user_email)) { $errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email')); } elseif (!is_email($user->user_email)) { $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.'), array('form-field' => 'email')); } elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) { $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email')); } /** * Fires before user profile update errors are returned. * * @since 0.0.1 * * @param array &$errors An array of user profile update errors, passed by reference. * @param bool $update Whether this is a user update. * @param HQ_User &$user HQ_User object, passed by reference. */ do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user)); if ($errors->get_error_codes()) { return $errors; } if ($update) { $user_id = hq_update_user($user); } else { $user_id = hq_insert_user($user); hq_new_user_notification($user_id, null, 'both'); } return $user_id; }
/** * Update a link in the database. * * @since 0.0.1 * * @param array $linkdata Link data to update. * @return int|HQ_Error Value 0 or HQ_Error on failure. The updated link ID on success. */ function hq_update_link($linkdata) { $link_id = (int) $linkdata['link_id']; $link = get_bookmark($link_id, ARRAY_A); // Escape data pulled from DB. $link = hq_slash($link); // Passed link category list overwrites existing category list if not empty. if (isset($linkdata['link_category']) && is_array($linkdata['link_category']) && 0 != count($linkdata['link_category'])) { $link_cats = $linkdata['link_category']; } else { $link_cats = $link['link_category']; } // Merge old and new fields with new fields overwriting old ones. $linkdata = array_merge($link, $linkdata); $linkdata['link_category'] = $link_cats; return hq_insert_link($linkdata); }