/**
* Updates an existing comment in the database.
*
* Filters the comment and makes sure certain fields are valid before updating.
*
* @since 0.0.1
*
* @global hqdb $hqdb HiveQueen database abstraction object.
*
* @param array $commentarr Contains information on the comment.
* @return int Comment was updated if value is 1, or was not updated if value is 0.
*/
function hq_update_comment($commentarr)
{
global $hqdb;
// First, get all of the original fields
$comment = get_comment($commentarr['comment_ID'], ARRAY_A);
if (empty($comment)) {
return 0;
}
// Make sure that the comment post ID is valid (if specified).
if (isset($commentarr['comment_post_ID']) && !get_post($commentarr['comment_post_ID'])) {
return 0;
}
// Escape data pulled from DB.
$comment = hq_slash($comment);
$old_status = $comment['comment_approved'];
// Merge old and new fields with new fields overwriting old ones.
$commentarr = array_merge($comment, $commentarr);
$commentarr = hq_filter_comment($commentarr);
// Now extract the merged array.
$data = hq_unslash($commentarr);
/**
* Filter the comment content before it is updated in the database.
*
* @since 0.0.1
*
* @param string $comment_content The comment data.
*/
$data['comment_content'] = apply_filters('comment_save_pre', $data['comment_content']);
$data['comment_date_gmt'] = get_gmt_from_date($data['comment_date']);
if (!isset($data['comment_approved'])) {
$data['comment_approved'] = 1;
} elseif ('hold' == $data['comment_approved']) {
$data['comment_approved'] = 0;
} elseif ('approve' == $data['comment_approved']) {
$data['comment_approved'] = 1;
}
$comment_ID = $data['comment_ID'];
$comment_post_ID = $data['comment_post_ID'];
$keys = array('comment_post_ID', 'comment_content', 'comment_author', 'comment_author_email', 'comment_approved', 'comment_karma', 'comment_author_url', 'comment_date', 'comment_date_gmt', 'comment_type', 'comment_parent', 'user_id');
$data = hq_array_slice_assoc($data, $keys);
$rval = $hqdb->update($hqdb->comments, $data, compact('comment_ID'));
clean_comment_cache($comment_ID);
hq_update_comment_count($comment_post_ID);
/**
* Fires immediately after a comment is updated in the database.
*
* The hook also fires immediately before comment status transition hooks are fired.
*
* @since 0.0.1
*
* @param int $comment_ID The comment ID.
*/
do_action('edit_comment', $comment_ID);
$comment = get_comment($comment_ID);
hq_transition_comment_status($comment->comment_approved, $old_status, $comment);
return $rval;
}
/**
* A simpler way of inserting a user into the database.
*
* Creates a new user with just the username, password, and email. For more
* complex user creation use {@see hq_insert_user()} to specify more information.
*
* @since 0.0.1
* @see hq_insert_user() More complete way to create a new user
*
* @param string $username The user's username.
* @param string $password The user's password.
* @param string $email Optional. The user's email. Default empty.
* @return int|HQ_Error The new user's ID.
*/
function hq_create_user($username, $password, $email = '')
{
$user_login = hq_slash($username);
$user_email = hq_slash($email);
$user_pass = $password;
$userdata = compact('user_login', 'user_email', 'user_pass');
return hq_insert_user($userdata);
}
} elseif ($admin_password != $admin_password_check) {
// TODO: poka-yoke
display_setup_form(__('Your passwords do not match. Please try again.'));
$error = true;
} elseif (empty($admin_email)) {
// TODO: poka-yoke
display_setup_form(__('You must provide an email address.'));
$error = true;
} elseif (!is_email($admin_email)) {
// TODO: poka-yoke
display_setup_form(__('Sorry, that isn’t a valid email address. Email addresses look like <code>username@example.com</code>.'));
$error = true;
}
if ($error === false) {
$hqdb->show_errors();
$result = hq_install($weblog_title, $user_name, $admin_email, $public, '', hq_slash($admin_password), $loaded_language);
?>
<h1><?php
_e('Success!');
?>
</h1>
<p><?php
_e('HiveQueen has been installed. Were you expecting more steps? Sorry to disappoint.');
?>
</p>
<table class="form-table install-success">
<tr>
<th><?php
/**
* Execute changes made in HiveQueen 0.0.1
*
* @since 0.0.1
*
* @global hqdb $hqdb
* @global int $hq_current_db_version
*/
function upgrade_230()
{
global $hq_current_db_version, $hqdb;
if ($hq_current_db_version < 5200) {
populate_roles_230();
}
// Convert categories to terms.
$tt_ids = array();
$have_tags = false;
$categories = $hqdb->get_results("SELECT * FROM {$hqdb->categories} ORDER BY cat_ID");
foreach ($categories as $category) {
$term_id = (int) $category->cat_ID;
$name = $category->cat_name;
$description = $category->category_description;
$slug = $category->category_nicename;
$parent = $category->category_parent;
$term_group = 0;
// Associate terms with the same slug in a term group and make slugs unique.
if ($exists = $hqdb->get_results($hqdb->prepare("SELECT term_id, term_group FROM {$hqdb->terms} WHERE slug = %s", $slug))) {
$term_group = $exists[0]->term_group;
$id = $exists[0]->term_id;
$num = 2;
do {
$alt_slug = $slug . "-{$num}";
$num++;
$slug_check = $hqdb->get_var($hqdb->prepare("SELECT slug FROM {$hqdb->terms} WHERE slug = %s", $alt_slug));
} while ($slug_check);
$slug = $alt_slug;
if (empty($term_group)) {
$term_group = $hqdb->get_var("SELECT MAX(term_group) FROM {$hqdb->terms} GROUP BY term_group") + 1;
$hqdb->query($hqdb->prepare("UPDATE {$hqdb->terms} SET term_group = %d WHERE term_id = %d", $term_group, $id));
}
}
$hqdb->query($hqdb->prepare("INSERT INTO {$hqdb->terms} (term_id, name, slug, term_group) VALUES\n\t\t(%d, %s, %s, %d)", $term_id, $name, $slug, $term_group));
$count = 0;
if (!empty($category->category_count)) {
$count = (int) $category->category_count;
$taxonomy = 'category';
$hqdb->query($hqdb->prepare("INSERT INTO {$hqdb->term_taxonomy} (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count));
$tt_ids[$term_id][$taxonomy] = (int) $hqdb->insert_id;
}
if (!empty($category->link_count)) {
$count = (int) $category->link_count;
$taxonomy = 'link_category';
$hqdb->query($hqdb->prepare("INSERT INTO {$hqdb->term_taxonomy} (term_id, taxonomy, description, parent, count) VALUES ( %d, %s, %s, %d, %d)", $term_id, $taxonomy, $description, $parent, $count));
$tt_ids[$term_id][$taxonomy] = (int) $hqdb->insert_id;
}
if (!empty($category->tag_count)) {
$have_tags = true;
$count = (int) $category->tag_count;
$taxonomy = 'post_tag';
$hqdb->insert($hqdb->term_taxonomy, compact('term_id', 'taxonomy', 'description', 'parent', 'count'));
$tt_ids[$term_id][$taxonomy] = (int) $hqdb->insert_id;
}
if (empty($count)) {
$count = 0;
$taxonomy = 'category';
$hqdb->insert($hqdb->term_taxonomy, compact('term_id', 'taxonomy', 'description', 'parent', 'count'));
$tt_ids[$term_id][$taxonomy] = (int) $hqdb->insert_id;
}
}
$select = 'post_id, category_id';
if ($have_tags) {
$select .= ', rel_type';
}
$posts = $hqdb->get_results("SELECT {$select} FROM {$hqdb->post2cat} GROUP BY post_id, category_id");
foreach ($posts as $post) {
$post_id = (int) $post->post_id;
$term_id = (int) $post->category_id;
$taxonomy = 'category';
if (!empty($post->rel_type) && 'tag' == $post->rel_type) {
$taxonomy = 'tag';
}
$tt_id = $tt_ids[$term_id][$taxonomy];
if (empty($tt_id)) {
continue;
}
$hqdb->insert($hqdb->term_relationships, array('object_id' => $post_id, 'term_taxonomy_id' => $tt_id));
}
// < 3570 we used linkcategories. >= 3570 we used categories and link2cat.
if ($hq_current_db_version < 3570) {
/*
* Create link_category terms for link categories. Create a map of link
* cat IDs to link_category terms.
*/
$link_cat_id_map = array();
$default_link_cat = 0;
$tt_ids = array();
$link_cats = $hqdb->get_results("SELECT cat_id, cat_name FROM " . $hqdb->prefix . 'linkcategories');
foreach ($link_cats as $category) {
$cat_id = (int) $category->cat_id;
$term_id = 0;
$name = hq_slash($category->cat_name);
$slug = sanitize_title($name);
$term_group = 0;
// Associate terms with the same slug in a term group and make slugs unique.
if ($exists = $hqdb->get_results($hqdb->prepare("SELECT term_id, term_group FROM {$hqdb->terms} WHERE slug = %s", $slug))) {
$term_group = $exists[0]->term_group;
$term_id = $exists[0]->term_id;
}
if (empty($term_id)) {
$hqdb->insert($hqdb->terms, compact('name', 'slug', 'term_group'));
$term_id = (int) $hqdb->insert_id;
}
$link_cat_id_map[$cat_id] = $term_id;
$default_link_cat = $term_id;
$hqdb->insert($hqdb->term_taxonomy, array('term_id' => $term_id, 'taxonomy' => 'link_category', 'description' => '', 'parent' => 0, 'count' => 0));
$tt_ids[$term_id] = (int) $hqdb->insert_id;
}
// Associate links to cats.
$links = $hqdb->get_results("SELECT link_id, link_category FROM {$hqdb->links}");
if (!empty($links)) {
foreach ($links as $link) {
if (0 == $link->link_category) {
continue;
}
if (!isset($link_cat_id_map[$link->link_category])) {
continue;
}
$term_id = $link_cat_id_map[$link->link_category];
$tt_id = $tt_ids[$term_id];
if (empty($tt_id)) {
continue;
}
$hqdb->insert($hqdb->term_relationships, array('object_id' => $link->link_id, 'term_taxonomy_id' => $tt_id));
}
}
// Set default to the last category we grabbed during the upgrade loop.
update_option('default_link_category', $default_link_cat);
} else {
$links = $hqdb->get_results("SELECT link_id, category_id FROM {$hqdb->link2cat} GROUP BY link_id, category_id");
foreach ($links as $link) {
$link_id = (int) $link->link_id;
$term_id = (int) $link->category_id;
$taxonomy = 'link_category';
$tt_id = $tt_ids[$term_id][$taxonomy];
if (empty($tt_id)) {
continue;
}
$hqdb->insert($hqdb->term_relationships, array('object_id' => $link_id, 'term_taxonomy_id' => $tt_id));
}
}
if ($hq_current_db_version < 4772) {
// Obsolete linkcategories table
$hqdb->query('DROP TABLE IF EXISTS ' . $hqdb->prefix . 'linkcategories');
}
// Recalculate all counts
$terms = $hqdb->get_results("SELECT term_taxonomy_id, taxonomy FROM {$hqdb->term_taxonomy}");
foreach ((array) $terms as $term) {
if ('post_tag' == $term->taxonomy || 'category' == $term->taxonomy) {
$count = $hqdb->get_var($hqdb->prepare("SELECT COUNT(*) FROM {$hqdb->term_relationships}, {$hqdb->posts} WHERE {$hqdb->posts}.ID = {$hqdb->term_relationships}.object_id AND post_status = 'publish' AND post_type = 'post' AND term_taxonomy_id = %d", $term->term_taxonomy_id));
} else {
$count = $hqdb->get_var($hqdb->prepare("SELECT COUNT(*) FROM {$hqdb->term_relationships} WHERE term_taxonomy_id = %d", $term->term_taxonomy_id));
}
$hqdb->update($hqdb->term_taxonomy, array('count' => $count), array('term_taxonomy_id' => $term->term_taxonomy_id));
}
}
/**
* Add slashes to a string or array of strings.
*
* This should be used when preparing data for core API that expects slashed data.
* This should not be used to escape data going directly into an SQL query.
*
* @since 0.0.1
*
* @param string|array $value String or array of strings to slash.
* @return string|array Slashed $value
*/
function hq_slash($value)
{
if (is_array($value)) {
foreach ($value as $k => $v) {
if (is_array($v)) {
$value[$k] = hq_slash($v);
} else {
$value[$k] = addslashes($v);
}
}
} else {
$value = addslashes($value);
}
return $value;
}
/**
* Update a post with new post data.
*
* The date does not have to be set for drafts. You can set the date and it will
* not be overridden.
*
* @since 0.0.1
*
* @param array|object $postarr Optional. Post data. Arrays are expected to be escaped,
* objects are not. Default array.
* @param bool $hq_error Optional. Allow return of HQ_Error on failure. Default false.
* @return int|HQ_Error The value 0 or HQ_Error on failure. The post ID on success.
*/
function hq_update_post($postarr = array(), $hq_error = false)
{
if (is_object($postarr)) {
// Non-escaped post was passed.
$postarr = get_object_vars($postarr);
$postarr = hq_slash($postarr);
}
// First, get all of the original fields.
$post = get_post($postarr['ID'], ARRAY_A);
if (is_null($post)) {
if ($hq_error) {
return new HQ_Error('invalid_post', __('Invalid post ID.'));
}
return 0;
}
// Escape data pulled from DB.
$post = hq_slash($post);
// Passed post category list overwrites existing category list if not empty.
if (isset($postarr['post_category']) && is_array($postarr['post_category']) && 0 != count($postarr['post_category'])) {
$post_cats = $postarr['post_category'];
} else {
$post_cats = $post['post_category'];
}
// Drafts shouldn't be assigned a date unless explicitly done so by the user.
if (isset($post['post_status']) && in_array($post['post_status'], array('draft', 'pending', 'auto-draft')) && empty($postarr['edit_date']) && '0000-00-00 00:00:00' == $post['post_date_gmt']) {
$clear_date = true;
} else {
$clear_date = false;
}
// Merge old and new fields with new fields overwriting old ones.
$postarr = array_merge($post, $postarr);
$postarr['post_category'] = $post_cats;
if ($clear_date) {
$postarr['post_date'] = current_time('mysql');
$postarr['post_date_gmt'] = '';
}
if ($postarr['post_type'] == 'attachment') {
return hq_insert_attachment($postarr);
}
return hq_insert_post($postarr, $hq_error);
}
/**
* Edit user settings based on contents of $_POST
*
* Used on user-edit.php and profile.php to manage and process user options, passwords etc.
*
* @since 0.0.1
*
* @param int $user_id Optional. User ID.
* @return int|HQ_Error user id of the updated user
*/
function edit_user($user_id = 0)
{
$hq_roles = hq_roles();
$user = new stdClass();
if ($user_id) {
$update = true;
$user->ID = (int) $user_id;
$userdata = get_userdata($user_id);
$user->user_login = hq_slash($userdata->user_login);
} else {
$update = false;
}
if (!$update && isset($_POST['user_login'])) {
$user->user_login = sanitize_user($_POST['user_login'], true);
}
$pass1 = $pass2 = '';
if (isset($_POST['pass1'])) {
$pass1 = $_POST['pass1'];
}
if (isset($_POST['pass2'])) {
$pass2 = $_POST['pass2'];
}
if (isset($_POST['role']) && current_user_can('edit_users')) {
$new_role = sanitize_text_field($_POST['role']);
$potential_role = isset($hq_roles->role_objects[$new_role]) ? $hq_roles->role_objects[$new_role] : false;
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
// Multisite super admins can freely edit their blog roles -- they possess all caps.
if (is_multisite() && current_user_can('manage_sites') || $user_id != get_current_user_id() || $potential_role && $potential_role->has_cap('edit_users')) {
$user->role = $new_role;
}
// If the new role isn't editable by the logged-in user die with error
$editable_roles = get_editable_roles();
if (!empty($new_role) && empty($editable_roles[$new_role])) {
hq_die(__('You can’t give users that role.'));
}
}
if (isset($_POST['email'])) {
$user->user_email = sanitize_text_field(hq_unslash($_POST['email']));
}
if (isset($_POST['url'])) {
if (empty($_POST['url']) || $_POST['url'] == 'http://') {
$user->user_url = '';
} else {
$user->user_url = esc_url_raw($_POST['url']);
$protocols = implode('|', array_map('preg_quote', hq_allowed_protocols()));
$user->user_url = preg_match('/^(' . $protocols . '):/is', $user->user_url) ? $user->user_url : 'http://' . $user->user_url;
}
}
if (isset($_POST['first_name'])) {
$user->first_name = sanitize_text_field($_POST['first_name']);
}
if (isset($_POST['last_name'])) {
$user->last_name = sanitize_text_field($_POST['last_name']);
}
if (isset($_POST['nickname'])) {
$user->nickname = sanitize_text_field($_POST['nickname']);
}
if (isset($_POST['display_name'])) {
$user->display_name = sanitize_text_field($_POST['display_name']);
}
if (isset($_POST['description'])) {
$user->description = trim($_POST['description']);
}
foreach (hq_get_user_contact_methods($user) as $method => $name) {
if (isset($_POST[$method])) {
$user->{$method} = sanitize_text_field($_POST[$method]);
}
}
if ($update) {
$user->rich_editing = isset($_POST['rich_editing']) && 'false' == $_POST['rich_editing'] ? 'false' : 'true';
$user->admin_color = isset($_POST['admin_color']) ? sanitize_text_field($_POST['admin_color']) : 'fresh';
$user->show_admin_bar_front = isset($_POST['admin_bar_front']) ? 'true' : 'false';
}
$user->comment_shortcuts = isset($_POST['comment_shortcuts']) && 'true' == $_POST['comment_shortcuts'] ? 'true' : '';
$user->use_ssl = 0;
if (!empty($_POST['use_ssl'])) {
$user->use_ssl = 1;
}
$errors = new HQ_Error();
/* checking that username has been typed */
if ($user->user_login == '') {
$errors->add('user_login', __('<strong>ERROR</strong>: Please enter a username.'));
}
/* checking the password has been typed twice */
/**
* Fires before the password and confirm password fields are checked for congruity.
*
* @since 0.0.1
*
* @param string $user_login The username.
* @param string &$pass1 The password, passed by reference.
* @param string &$pass2 The confirmed password, passed by reference.
*/
do_action_ref_array('check_passwords', array($user->user_login, &$pass1, &$pass2));
if ($update) {
if (empty($pass1) && !empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass1'));
} elseif (!empty($pass1) && empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: You entered your new password only once.'), array('form-field' => 'pass2'));
}
} else {
if (empty($pass1)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password.'), array('form-field' => 'pass1'));
} elseif (empty($pass2)) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter your password twice.'), array('form-field' => 'pass2'));
}
}
/* Check for "\" in password */
if (false !== strpos(hq_unslash($pass1), "\\")) {
$errors->add('pass', __('<strong>ERROR</strong>: Passwords may not contain the character "\\".'), array('form-field' => 'pass1'));
}
/* checking the password has been typed twice the same */
if ($pass1 != $pass2) {
$errors->add('pass', __('<strong>ERROR</strong>: Please enter the same password in the two password fields.'), array('form-field' => 'pass1'));
}
if (!empty($pass1)) {
$user->user_pass = $pass1;
}
if (!$update && isset($_POST['user_login']) && !validate_username($_POST['user_login'])) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is invalid because it uses illegal characters. Please enter a valid username.'));
}
if (!$update && username_exists($user->user_login)) {
$errors->add('user_login', __('<strong>ERROR</strong>: This username is already registered. Please choose another one.'));
}
/* checking e-mail address */
if (empty($user->user_email)) {
$errors->add('empty_email', __('<strong>ERROR</strong>: Please enter an e-mail address.'), array('form-field' => 'email'));
} elseif (!is_email($user->user_email)) {
$errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn’t correct.'), array('form-field' => 'email'));
} elseif (($owner_id = email_exists($user->user_email)) && (!$update || $owner_id != $user->ID)) {
$errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'), array('form-field' => 'email'));
}
/**
* Fires before user profile update errors are returned.
*
* @since 0.0.1
*
* @param array &$errors An array of user profile update errors, passed by reference.
* @param bool $update Whether this is a user update.
* @param HQ_User &$user HQ_User object, passed by reference.
*/
do_action_ref_array('user_profile_update_errors', array(&$errors, $update, &$user));
if ($errors->get_error_codes()) {
return $errors;
}
if ($update) {
$user_id = hq_update_user($user);
} else {
$user_id = hq_insert_user($user);
hq_new_user_notification($user_id, null, 'both');
}
return $user_id;
}
/**
* Update a link in the database.
*
* @since 0.0.1
*
* @param array $linkdata Link data to update.
* @return int|HQ_Error Value 0 or HQ_Error on failure. The updated link ID on success.
*/
function hq_update_link($linkdata)
{
$link_id = (int) $linkdata['link_id'];
$link = get_bookmark($link_id, ARRAY_A);
// Escape data pulled from DB.
$link = hq_slash($link);
// Passed link category list overwrites existing category list if not empty.
if (isset($linkdata['link_category']) && is_array($linkdata['link_category']) && 0 != count($linkdata['link_category'])) {
$link_cats = $linkdata['link_category'];
} else {
$link_cats = $link['link_category'];
}
// Merge old and new fields with new fields overwriting old ones.
$linkdata = array_merge($link, $linkdata);
$linkdata['link_category'] = $link_cats;
return hq_insert_link($linkdata);
}
