function discuss_save() { extract(doSlash(gpsa(array('email', 'name', 'web', 'message', 'discussid', 'ip', 'visible', 'parentid')))); safe_update("txp_discuss", "email = '{$email}',\n\t\t\t name = '{$name}',\n\t\t\t web = '{$web}',\n\t\t\t message = '{$message}',\n\t\t\t visible = '{$visible}'", "discussid = {$discussid}"); update_comments_count($parentid); discuss_list(messenger('message', $discussid, 'updated')); }
function tree_rebuild($table, $parent, $left, $where = '1=1', $sortby = 'name') { $right = $left + 1; $result = safe_column("id", $table, "parent='" . doSlash($parent) . "' and {$where} order by {$sortby}"); foreach ($result as $row) { $right = tree_rebuild($table, $row, $right, $where, $sortby); } safe_update($table, "lft={$left}, rgt={$right}", "id='{$parent}' and {$where}"); return $right + 1; }
function mentionInsert($array) { extract(doSlash($array)); $chk = fetch('article_id', 'txp_log_mention', 'refpage', $refpage); if (!$chk) { safe_insert("txp_log_mention", "article_id = '{$id}', \n\t\t\t\trefpage = '{$refpage}', \n\t\t\t\treftitle = '{$reftitle}', \n\t\t\t\texcerpt = '{$excerpt}', \n\t\t\t\tcount = 1"); } else { safe_update("textpattern", "count=count+1", "refpage='{$refpage}'"); } }
function section_save() { $in = psa(array('name', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name')); extract(doSlash($in)); if ($is_default) { safe_update("txp_section", "is_default=0", "name!='{$old_name}'"); } safe_update("txp_section", "name = '{$name}',\n\t\t\tpage = '{$page}',\n\t\t\tcss = '{$css}',\n\t\t\tis_default = '{$is_default}',\n\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\tin_rss = '{$in_rss}',\n\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'"); safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'"); section_list(messenger('section', $name, 'updated')); }
function txp_validate($user, $password) { $safe_user = strtr(addslashes($user), array('_' => '\\_', '%' => '\\%')); $r = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\t\t\t\t\tand pass = password(lower('{$password}')) and privs > 0"); if ($r) { // update the last access time safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'"); return true; } return false; }
function doTxpValidate() { global $logout, $txpcfg, $txp_user; $p_userid = ps('p_userid'); $p_password = ps('p_password'); $logout = gps('logout'); $stay = ps('stay'); if ($logout) { setcookie('txp_login', '', time() - 3600); } if (!empty($_COOKIE['txp_login']) and !$logout) { @(list($c_userid, $cookie_hash) = split(',', cs('txp_login'))); $nonce = safe_field('nonce', 'txp_users', "name='" . doSlash($c_userid) . "'"); if ($nonce && $nonce === md5($c_userid . pack('H*', $cookie_hash))) { // cookie is good, create $txp_user $txp_user = $c_userid; return ''; } else { // something's gone wrong $txp_user = ''; setcookie('txp_login', '', time() - 3600); return gTxt('bad_cookie'); } } elseif ($p_userid and $p_password) { sleep(3); // should grind dictionary attacks to a halt if (txp_validate($p_userid, $p_password)) { $cookie_hash = md5(uniqid(rand())); safe_update('txp_users', "nonce = '" . doSlash(md5($p_userid . pack('H*', $cookie_hash))) . "'", "name = '" . doSlash($p_userid) . "'"); if ($stay) { setcookie('txp_login', $p_userid . ',' . $cookie_hash, time() + 3600 * 24 * 365); // expires in 1 year if (cs('txp_nostay')) { setcookie('txp_nostay', '', time() - 3600); } } else { setcookie('txp_login', $p_userid . ',' . $cookie_hash); setcookie('txp_nostay', '1', time() + 3600 * 24 * 365); // remember nostay for 1 year } $txp_user = $p_userid; // login is good, create $txp_user return ''; } else { $txp_user = ''; return gTxt('could_not_log_in'); } } else { $txp_user = ''; return gTxt('login_to_textpattern'); } }
function jmd_sitemap($event, $step) { global $prefs; $sitemap = new JMD_Sitemap(); // Generate sitemap if ($step == ('create' || 'edit' || 'update')) { $excluded = gps('exclude'); if ($excluded) { $excluded = serialize($excluded); $prefs['jmd_sitemap_exclude'] = $excluded; safe_update("txp_prefs", "val = '{$excluded}'", "name = 'jmd_sitemap_exclude'"); } $sitemap->writeSitemap(); } // Extensions tab if ($event == 'jmd_sitemap') { pageTop('jmd_sitemap', $step ? _jmd_sitemap_gtxt('sitemap_updated') : ''); echo '<div id="jmd_sitemap" style="width: 350px; margin: 0 auto">'; // File errors if (file_exists($sitemap->filename)) { if (!is_writable($sitemap->filename)) { $fileError = _jmd_sitemap_gtxt('error_not_writable'); } } else { $fileError = _jmd_sitemap_gtxt('error_doesnt_exist'); } if (isset($fileError)) { echo tag($sitemap->filename . ' ' . $fileError, 'p', ' class="not-ok"'); } $out = '<label for="exclude">' . _jmd_sitemap_gtxt('exclude_sections') . ':</label><br/> <select id="exclude" name="exclude[]" multiple="multiple" size="5" style="width: 150px; margin: 3px 0 10px">'; // Exclude sections $exclude = $prefs['jmd_sitemap_exclude']; $exclude = unserialize($exclude); $sections = safe_column("name", "txp_section", "name != 'default'"); foreach ($sections as $section) { $out .= '<option name="' . $section . '"'; // Select excluded if (in_array($section, $exclude)) { $out .= ' selected="selected"'; } $out .= ">{$section}</option>"; } $out .= '</select><br/>'; echo form($out . tag(_jmd_sitemap_gtxt('update_sitemap'), 'button') . eInput('jmd_sitemap') . sInput('update')); echo '</div><!--//jmd_sitemap-->'; } }
function reset_author_pass($name) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); $new_pass = doSlash(generate_password(6)); $rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'"); if ($rs) { if (send_new_password($new_pass, $email, $name)) { return gTxt('password_sent_to') . ' ' . $email; } else { return gTxt('could_not_mail') . ' ' . $email; } } else { return gTxt('could_not_update_author') . ' ' . htmlspecialchars($name); } }
function reset_author_pass($name) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); $new_pass = generate_password(PASSWORD_LENGTH); $hash = doSlash(txp_hash_password($new_pass)); $rs = safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'"); if ($rs) { if (send_new_password($new_pass, $email, $name)) { return gTxt('password_sent_to') . ' ' . $email; } else { return gTxt('could_not_mail') . ' ' . $email; } } else { return gTxt('could_not_update_author') . ' ' . txpspecialchars($name); } }
function txp_validate($user, $password) { $safe_user = addslashes($user); $r = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\tand (pass = password(lower('" . doSlash($password) . "')) or pass = password('" . doSlash($password) . "')) and privs > 0"); if ($r) { // update the last access time safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'"); return true; } else { // try old_password mysql hash $r_old = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\t\tand (pass = old_password(lower('" . doSlash($password) . "')) or pass = old_password('" . doSlash($password) . "')) and privs > 0"); if ($r_old) { safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'"); return true; } } return false; }
function section_del($id) { $s = safe_row('*', 'txp_section', "id='" . doSlash($id) . "'"); // can't delete the default section if (!$s or empty($s['parent'])) { return false; } # FIXME: move articles to the parent section first? # what if the parent is 'default'? $res = safe_delete('txp_section', "id='" . doSlash($id) . "'"); if ($res and $s['rgt'] - $s['lft'] > 1) { // section has children, so reconnect them to the parent safe_update('txp_section', "parent='" . $s['parent'] . "'", "parent='" . $s['id'] . "'"); // children might have to inherit from the new parent section_resolve_inheritance($s['parent']); } return $res; }
function txp_validate($user, $password) { $safe_user = doSlash($user); $passwords = array(); $passwords[] = "password(lower('" . doSlash($password) . "'))"; $passwords[] = "password('" . doSlash($password) . "')"; if (version_compare(mysql_get_server_info(), '4.1.0', '>=')) { $passwords[] = "old_password(lower('" . doSlash($password) . "'))"; $passwords[] = "old_password('" . doSlash($password) . "')"; } $r = safe_field("name", "txp_users", "name = '{$safe_user}' and (pass = "******") and privs > 0"); if ($r) { // update the last access time safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'"); return true; } return false; }
function change_pass() { global $txp_user; $message = ''; $themail = fetch('email', 'txp_users', 'name', $txp_user); if (!empty($_POST["new_pass"])) { $NewPass = $_POST["new_pass"]; $rs = safe_update("txp_users", "pass = password(lower('{$NewPass}'))", "name='{$txp_user}'"); if ($rs) { $message .= gTxt('password_changed'); if ($_POST['mailpassword'] == 1) { send_new_password($NewPass, $themail); $message .= sp . gTxt('and_mailed_to') . sp . $themail; } $message .= "."; } else { echo comment(mysql_error()); } admin($message); } }
function change_pass() { global $txp_user; extract(doSlash(psa(array('new_pass', 'mail_password')))); if (empty($new_pass)) { admin(gTxt('password_required')); return; } $rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($txp_user) . "'"); if ($rs) { $message = gTxt('password_changed'); if ($mail_password) { $email = fetch('email', 'txp_users', 'name', $txp_user); send_new_password($new_pass, $email, $txp_user); $message .= sp . gTxt('and_mailed_to') . sp . $email; } else { echo comment(mysql_error()); } $message .= '.'; admin($message); } }
function rss_admin_editlink($event, $step) { global $rss_ae_cookie; include txpath . '/include/txp_prefs.php'; if (!isset($rss_ae_cookie)) { $rss_ae_cookie = "rss_article_edit"; $rs = safe_insert('txp_prefs', "name='rss_ae_cookie', val='{$rss_ae_cookie}', prefs_id='1'"); } if (gps("add")) { safe_update("txp_prefs", "val = '" . addslashes(ps('rss_ae_cookie')) . "'", "name = 'rss_ae_cookie' and prefs_id ='1'"); setcookie($rss_ae_cookie, $rss_ae_cookie, time() + 31536000, "/"); header("Location: index.php?event=editlink"); } else { if (gps("rem")) { safe_update("txp_prefs", "val = '" . addslashes(ps('rss_ae_cookie')) . "'", "name = 'rss_ae_cookie' and prefs_id ='1'"); setcookie($rss_ae_cookie, $rss_ae_cookie, time() - 3600, "/"); header("Location: index.php?event=editlink"); } } pagetop("Edit Link"); $aeset = isset($_COOKIE[$rss_ae_cookie]) ? "" : " not"; $tdaStyle = ' style="text-align:right;vertical-align:middle"'; echo form(startTable("list") . tr(tdcs(hed("Add/Remove Public Site Article Edit Link", 1), 2)) . tr(tda(graf('Cookie ' . $rss_ae_cookie . ' is' . $aeset . ' set.', ' align="center"'), ' colspan="2"')) . tr(tda(gTxt('Cookie Name:'), ' style="text-align:right;vertical-align:middle"') . tda(text_input("rss_ae_cookie", $rss_ae_cookie, '20'), ' ')) . tr(tda(graf(fInput("submit", "add", gTxt("Add Edit Link"), "publish") . fInput("submit", "rem", gTxt("Remove Edit Link"), "publish") . eInput("editlink"), ' align="center"'), ' colspan="2"')) . endTable()); }
/** * Processes the selected import tool action. * * Basically does the importing. */ function start_import() { global $event, $vars; extract(psa($vars)); $insert_into_section = $import_section; $insert_with_status = $import_status; $default_comment_invite = $import_comments_invite; include_once txpath . '/include/import/import_' . $import_tool . '.php'; $ini_time = ini_get('max_execution_time'); @ini_set('max_execution_time', 300 + intval($ini_time)); switch ($import_tool) { case 'mtdb': $out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $import_blog_id, $insert_into_section, $insert_with_status, $default_comment_invite); rebuild_tree('root', 1, 'article'); break; case 'mt': $file = check_import_file(); if (!empty($file)) { $out = doImportMT($file, $insert_into_section, $insert_with_status, $import_comments_invite); // Rebuilding category tree. rebuild_tree('root', 1, 'article'); } else { $out = 'Import file not found'; } break; case 'b2': $out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite); break; case 'wp': $out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite, $wpdbcharset); rebuild_tree('root', 1, 'article'); break; case 'blogger': $file = check_import_file(); if (!empty($file)) { $out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $import_comments_invite); } else { $out = gTxt('import_file_not_found'); } break; } $out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' class="highlight"') . $out; pagetop(gTxt('txp_import')); $content = '<div id="' . $event . '_container" class="txp-container">'; $content .= startTable('', '', 'txp-list'); $content .= tr(tdcs(hed(gTxt('txp_import'), 2), 2)); $content .= tr(td($out)); $content .= endTable(); $content .= '</div>'; echo $content; $rs = safe_rows_start('parentid, count(*) as thecount', 'txp_discuss', 'visible=1 group by parentid'); if (numRows($rs) > 0) { while ($a = nextRow($rs)) { safe_update('textpattern', "comments_count=" . $a['thecount'], "ID=" . $a['parentid']); } } }
function customer_update($event, $step) { global $txp_user, $vars, $txpcfg, $prefs; extract($prefs); extract(doSlash($_REQUEST)); $RealName = $billing_firstname . " " . $billing_lastname; $user_id = assert_int($user_id); if (!isset($shipping_same_as_billing)) { $shipping_same_as_billing = 0; } else { $shipping_same_as_billing = 1; } if (!function_exists("generate_password")) { require_once txpath . '/include/txp_admin.php'; } if (!function_exists("is_valid_email")) { require_once txpath . '/lib/txplib_misc.php'; } if ($name && is_valid_email($email)) { $password = doSlash(generate_password(6)); $nonce = doSlash(md5(uniqid(rand(), true))); $rs = safe_update('txp_users', "\r\n\t\t\t\tprivs\t\t = 0,\r\n\t\t\t\tname\t\t = '{$name}',\r\n\t\t\t\temail\t\t = '{$email}',\r\n\t\t\t\tRealName = '{$RealName}',\r\n\t\t\t\tbilling_company = '{$billing_company}',\r\n\t\t\t\tbilling_address1 = '{$billing_address1}',\r\n\t\t\t\tbilling_address2 = '{$billing_address2}',\r\n\t\t\t\tbilling_city = '{$billing_city}',\r\n\t\t\t\tbilling_state = '{$billing_state}',\r\n\t\t\t\tbilling_zip = '{$billing_zip}',\r\n\t\t\t\tbilling_country = '{$billing_country}',\r\n\t\t\t\tbilling_fax = '{$billing_fax}',\r\n\t\t\t\tbilling_phone = '{$billing_phone}',\r\n\t\t\t\tshipping_same_as_billing = {$shipping_same_as_billing},\r\n\t\t\t\tshipping_company = '{$shipping_company}',\r\n\t\t\t\tshipping_address1 = '{$shipping_address1}',\r\n\t\t\t\tshipping_address2 = '{$shipping_address2}',\r\n\t\t\t\tshipping_city = '{$shipping_city}',\r\n\t\t\t\tshipping_state = '{$shipping_state}',\r\n\t\t\t\tshipping_zip = '{$shipping_zip}',\r\n\t\t\t\tshipping_country = '{$shipping_country}',\r\n\t\t\t\tshipping_fax = '{$shipping_fax}',\r\n\t\t\t\tshipping_phone = '{$shipping_phone}',\r\n\t\t\t\tshipping_firstname = '{$shipping_firstname}',\r\n\t\t\t\tshipping_lastname = '{$shipping_lastname}',\r\n\t\t\t\tbilling_firstname = '{$billing_firstname}',\r\n\t\t\t\tbilling_lastname = '{$billing_lastname}'", "user_id = {$user_id}"); if ($rs) { customers_list('', '', "customer updated"); } else { customers_list("There was an error trying to update customer"); } } }
/** * Removes a thumbnail. * * @return bool TRUE on success */ public function delete() { if (!isset($this->m_ext)) { return false; } if (unlink(IMPATH . $this->m_id . 't' . $this->m_ext)) { safe_update('txp_image', "thumbnail = 0", "id = " . $this->m_id); return true; } return false; }
<?php /* $HeadURL: https://textpattern.googlecode.com/svn/releases/4.4.0/source/textpattern/update/_to_4.0.6.php $ $LastChangedRevision: 3047 $ */ if (!defined('TXP_UPDATE')) { exit("Nothing here. You can't access this file directly."); } # replace deprecated tags with functionally equivalent, valid tags $tags = array('sitename' => 'site_name', 'request_uri' => 'page_url', 'id' => 'page_url type="id"', 's' => 'page_url type="s"', 'c' => 'page_url type="c"', 'q' => 'page_url type="q"', 'pg' => 'page_url type="pg"'); foreach ($tags as $search => $replace) { foreach (array(' ', '/') as $end) { safe_update('txp_page', "user_html = REPLACE(user_html, '<txp:" . $search . $end . "', '<txp:" . $replace . ' ' . trim($end) . "')", '1=1'); safe_update('txp_form', "Form = REPLACE(Form, '<txp:" . $search . $end . "', '<txp:" . $replace . ' ' . trim($end) . "')", '1=1'); } }
function rebuild_tree($parent, $left, $type) { $right = $left + 1; $parent = doSlash($parent); $result = safe_column("name", "txp_category", "parent='{$parent}' and type='{$type}' order by name"); foreach ($result as $row) { $right = rebuild_tree($row, $right, $type); } safe_update("txp_category", "lft={$left}, rgt={$right}", "name='{$parent}' and type='{$type}'"); return $right + 1; }
function install_textpack($textpack, $add_new_langs = false) { global $prefs; $textpack = explode(n, $textpack); if (empty($textpack)) { return 0; } // presume site language equals textpack language $language = get_pref('language', 'en-gb'); $installed_langs = safe_column('lang', 'txp_lang', "1 = 1 group by lang"); $doit = true; $done = 0; foreach ($textpack as $line) { $line = trim($line); // A line starting with #, not followed by @ is a simple comment if (preg_match('/^#[^@]/', $line, $m)) { continue; } // A line matching "#@language xx-xx" establishes the designated language for all subsequent lines if (preg_match('/^#@language\\s+(.+)$/', $line, $m)) { $language = doSlash($m[1]); // May this Textpack introduce texts for this language? $doit = $add_new_langs || in_array($language, $installed_langs); continue; } // A line matching "#@event_name" establishes the event value for all subsequent lines if (preg_match('/^#@([a-zA-Z0-9_-]+)$/', $line, $m)) { $event = doSlash($m[1]); continue; } // Data lines match a "name => value" pattern. Some white space allowed. if ($doit && preg_match('/^(\\w+)\\s*=>\\s*(.+)$/', $line, $m)) { if (!empty($m[1]) && !empty($m[2])) { $name = doSlash($m[1]); $value = doSlash($m[2]); $where = "lang='{$language}' AND name='{$name}'"; // Store text; do *not* tamper with last modification date from RPC but use a well-known date in the past if (safe_count('txp_lang', $where)) { safe_update('txp_lang', "lastmod='2005-08-14', data='{$value}', event='{$event}'", $where); } else { safe_insert('txp_lang', "lastmod='2005-08-14', data='{$value}', event='{$event}', lang='{$language}', name='{$name}'"); } ++$done; } } } return $done; }
function delete_declaration($css) { $thedec = gps('declaration'); $name = gps('name'); $i = 0; foreach ($css as $a => $b) { $cursel = $i++; $ii = 0; foreach ($b as $c => $d) { $curdec = $ii++; if ($cursel . '-' . $curdec != $thedec) { $out[$a][$c] = $d; } } } $css = base64_encode(css_format($out)); safe_update("txp_css", "css='" . doSlash($css) . "'", "name='" . doSlash($name) . "'"); // update site last mod time update_lastmod(); return parseCSS(base64_decode(fetch('css', 'txp_css', 'name', $name))); }
/** * Writes a new language string to the database. * * The language is taken from a 'lang_code' HTTP POST or GET parameter. * * The '$value' argument takes a string as an array. This array consists of keys * 'name', 'event', 'data', 'uLastmod'. * * @param array $value The string * @param int $key Not used */ function install_lang_key(&$value, $key) { extract(gpsa(array('lang_code', 'updating'))); $exists = safe_field("name", 'txp_lang', "name = '" . doSlash($value['name']) . "' AND lang = '" . doSlash($lang_code) . "'"); $q = "name = '" . doSlash($value['name']) . "',\n event = '" . doSlash($value['event']) . "',\n data = '" . doSlash($value['data']) . "',\n lastmod = '" . doSlash(strftime('%Y%m%d%H%M%S', $value['uLastmod'])) . "'"; if ($exists !== false) { $value['ok'] = safe_update('txp_lang', $q, "owner = '" . doSlash(TEXTPATTERN_LANG_OWNER_SYSTEM) . "' AND lang = '" . doSlash($lang_code) . "' AND name = '" . doSlash($value['name']) . "'"); } else { $value['ok'] = safe_insert('txp_lang', "{$q}, lang = '" . doSlash($lang_code) . "'"); } }
function article_save() { global $txp_user, $vars, $txpcfg, $prefs; extract($prefs); $incoming = psa($vars); $oldArticle = safe_row('Status, url_title, Title, unix_timestamp(LastMod) as sLastMod, LastModID', 'textpattern', 'ID = ' . (int) $incoming['ID']); if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) { // Not allowed, you silly rabbit, you shouldn't even be here. // Show default editing screen. article_edit(); return; } if ($oldArticle['sLastMod'] != $incoming['sLastMod']) { article_edit(gTxt('concurrent_edit_by', array('{author}' => htmlspecialchars($oldArticle['LastModID']))), TRUE); return; } $incoming = textile_main_fields($incoming, $use_textile); extract(doSlash($incoming)); extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt')))); $Annotate = (int) $Annotate; if (!has_privs('article.publish') && $Status >= 4) { $Status = 3; } if ($reset_time) { $whenposted = "Posted=now()"; $when_ts = time(); } else { $when = $when_ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset(); $whenposted = "Posted=from_unixtime({$when})"; } if (empty($exp_year)) { $expires = 0; $whenexpires = "Expires=" . NULLDATETIME; } else { if (empty($exp_month)) { $exp_month = 1; } if (empty($exp_day)) { $exp_day = 1; } if (empty($exp_hour)) { $exp_hour = 0; } if (empty($exp_minute)) { $exp_minute = 0; } if (empty($exp_second)) { $exp_second = 0; } $expires = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second) - tz_offset(); $whenexpires = "Expires=from_unixtime({$expires})"; } if ($expires) { if ($expires <= $when_ts) { article_edit(gTxt('article_expires_before_postdate')); return; } } //Auto-Update custom-titles according to Title, as long as unpublished and NOT customized if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) { $url_title = stripSpace($Title_plain, 1); } $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', ')); safe_update("textpattern", "Title = '{$Title}',\n\t\t\tBody = '{$Body}',\n\t\t\tBody_html = '{$Body_html}',\n\t\t\tExcerpt = '{$Excerpt}',\n\t\t\tExcerpt_html = '{$Excerpt_html}',\n\t\t\tKeywords = '{$Keywords}',\n\t\t\tImage = '{$Image}',\n\t\t\tStatus = {$Status},\n\t\t\tLastMod = now(),\n\t\t\tLastModID = '{$txp_user}',\n\t\t\tSection = '{$Section}',\n\t\t\tCategory1 = '{$Category1}',\n\t\t\tCategory2 = '{$Category2}',\n\t\t\tAnnotate = {$Annotate},\n\t\t\ttextile_body = {$textile_body},\n\t\t\ttextile_excerpt = {$textile_excerpt},\n\t\t\toverride_form = '{$override_form}',\n\t\t\turl_title = '{$url_title}',\n\t\t\tAnnotateInvite = '{$AnnotateInvite}',\n\t\t\tcustom_1 = '{$custom_1}',\n\t\t\tcustom_2 = '{$custom_2}',\n\t\t\tcustom_3 = '{$custom_3}',\n\t\t\tcustom_4 = '{$custom_4}',\n\t\t\tcustom_5 = '{$custom_5}',\n\t\t\tcustom_6 = '{$custom_6}',\n\t\t\tcustom_7 = '{$custom_7}',\n\t\t\tcustom_8 = '{$custom_8}',\n\t\t\tcustom_9 = '{$custom_9}',\n\t\t\tcustom_10 = '{$custom_10}',\n\t\t\t{$whenposted},\n\t\t\t{$whenexpires}", "ID = {$ID}"); if ($Status >= 4) { if ($oldArticle['Status'] < 4) { do_pings(); } update_lastmod(); } article_edit(get_status_message($Status) . check_url_title($url_title)); }
function form_save() { global $vars, $step, $essential_forms; extract(doSlash(gpsa($vars))); $name = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('name')))); if (!$name) { $step = 'form_create'; $message = gTxt('form_name_invalid'); return form_edit(array($message, E_ERROR)); } if (!in_array($type, array('article', 'category', 'comment', 'file', 'link', 'misc', 'section'))) { $step = 'form_create'; $message = gTxt('form_type_missing'); return form_edit(array($message, E_ERROR)); } if ($savenew) { $exists = safe_field('name', 'txp_form', "name = '{$name}'"); if ($exists) { $step = 'form_create'; $message = gTxt('form_already_exists', array('{name}' => $name)); return form_edit(array($message, E_ERROR)); } safe_insert('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'"); update_lastmod(); $message = gTxt('form_created', array('{name}' => $name)); return form_edit($message); } safe_update('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'", "name = '{$oldname}'"); update_lastmod(); $message = gTxt('form_updated', array('{name}' => $name)); form_edit($message); }
function plugin_multi_edit() { $selected = ps('selected'); $method = ps('edit_method'); if (!$selected or !is_array($selected)) { return plugin_list(); } $where = "name IN ('" . join("','", doSlash($selected)) . "')"; switch ($method) { case 'delete': foreach ($selected as $name) { if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) { load_plugin($name, true); callback_event("plugin_lifecycle.{$name}", 'disabled'); callback_event("plugin_lifecycle.{$name}", 'deleted'); } } safe_delete('txp_plugin', $where); break; case 'changestatus': foreach ($selected as $name) { if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) { $status = safe_field('status', 'txp_plugin', "name ='" . doSlash($name) . "'"); load_plugin($name, true); // NB: won't show returned messages anywhere due to potentially overwhelming verbiage. callback_event("plugin_lifecycle.{$name}", $status ? 'disabled' : 'enabled'); } } safe_update('txp_plugin', 'status = (1-status)', $where); break; case 'changeorder': $order = min(max(intval(ps('order')), 1), 9); safe_update('txp_plugin', 'load_order = ' . $order, $where); break; } $message = gTxt('plugin_' . ($method == 'delete' ? 'deleted' : 'updated'), array('{name}' => join(', ', $selected))); plugin_list($message); }
if (!in_array('flags', $cols)) { safe_alter('txp_plugin', "ADD flags SMALLINT UNSIGNED NOT NULL DEFAULT 0"); } // Default theme. if (!safe_field('name', 'txp_prefs', "name = 'theme_name'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'theme_name', val = 'classic', type = '1', event = 'admin', html = 'themename', position = '160'"); } safe_alter('txp_plugin', 'CHANGE code code MEDIUMTEXT NOT NULL, CHANGE code_restore code_restore MEDIUMTEXT NOT NULL'); safe_alter('txp_prefs', 'CHANGE val val TEXT NOT NULL'); // Add author column to files and links, // Boldy assuming that the publisher in charge of updating this site is the author of any existing content items. foreach (array('txp_file', 'txp_link') as $table) { $cols = getThings('describe `' . PFX . $table . '`'); if (!in_array('author', $cols)) { safe_alter($table, "ADD author varchar(255) NOT NULL default '', ADD INDEX author_idx (author)"); safe_update($table, "author='" . doSlash($txp_user) . "'", '1=1'); } } // Add indices on author columns. foreach (array('textpattern' => 'AuthorID', 'txp_image' => 'author') as $table => $col) { $has_idx = 0; $rs = getRows('show index from `' . PFX . $table . '`'); foreach ($rs as $row) { if ($row['Key_name'] == 'author_idx') { $has_idx = 1; } } if (!$has_idx) { safe_query('ALTER IGNORE TABLE `' . PFX . $table . '` ADD INDEX author_idx(' . $col . ')'); } }
safe_query("alter ignore table " . safe_pfx('txp_category') . " modify parent INT not null"); $types = safe_column('distinct type', 'txp_category', '1=1'); foreach ($types as $type) { $root = safe_field('id', 'txp_category', "type='" . doSlash($type) . "' and name='root' and parent=0"); if (!$root) { $root = safe_insert('txp_category', "name='root', type='" . doSlash($type) . "', parent=0"); } safe_update('txp_category', "parent='" . $root . "'", "type='" . doSlash($type) . "' and parent=0 and id != '" . $root . "'"); tree_rebuild_full('txp_category', "type='" . doSlash($type) . "'"); } // index on form type safe_upgrade_index('txp_form', 'type_idx', '', 'type'); // dropdown ui for certain prefs safe_upgrade_table('txp_prefs', array('choices' => 'varchar(64)')); safe_update('txp_prefs', "html='checkbox'", "html='yesnoradio'"); safe_update('txp_prefs', "html='text'", "html='text_input'"); safe_update('txp_prefs', "choices='commentmode', html='select'", "html='commentmode'"); safe_update('txp_prefs', "choices='logging', html='select'", "html='logging'"); safe_update('txp_prefs', "choices='production_stati', html='radio'", "html='prod_levels'"); safe_update('txp_prefs', "choices='gmtoffsets', html='select'", "html='gmtoffset_select'"); safe_update('txp_prefs', "choices='weeks', html='select'", "html='weeks'"); safe_update('txp_prefs', "choices='languages', html='select'", "html='languages'"); safe_update('txp_prefs', "choices='permlinkmodes', html='radio'", "html='permlinkmodes'"); safe_update('txp_prefs', "choices='dateformats', html='select'", "html='dateformats'"); // change previous Textile prefs into matching markup class names from classMarkup.php $use_textile = safe_field('val', 'txp_prefs', "name='use_textile'"); $markups = array('txprawxhtml', 'txptextile', 'txpnl2br'); if (!empty($markups[$use_textile])) { safe_insert('txp_prefs', "prefs_id = 1, event='publish', name = 'markup_default', val = '{$markups[$use_textile]}', type = '0', html='select', choices='markups'"); safe_delete('txp_prefs', "name='use_textile'"); }
private function setEntry($update = NULL) { $html = file_get_contents($this->uri); $eventsStart = strpos($html, '<h2>Events</h2>'); $firstPos = strpos($html, '<li>', $eventsStart); $lastPos = strpos($html, '</ul>', $firstPos); $events = substr($html, $firstPos, $lastPos - $firstPos); // Fix relative links $events = str_replace("/wiki/", $this->rootUri, $events); if ($update === NULL) { safe_insert("jmd_wiki_events", "title='{$this->day}', last_mod='{$this->currentDate}', contents='" . doSlash($events) . "'"); } else { safe_update("jmd_wiki_events", "last_mod='{$this->currentDate}', contents='" . doSlash($events) . "'", "title='{$this->day}'"); } return $events; }
$backup_obj->database = $pixieconfig['db']; $backup_obj->tables = array(); $backup_obj->drop_tables = true; $backup_obj->struct_only = false; $backup_obj->comments = true; $backup_obj->backup_dir = '../files/sqlbackups/'; $backup_obj->fname_format = 'd_m_Y-H-i-s'; $filename = date("d_m_Y-H-i-s") . ".sql.gz"; $task = MSB_SAVE; $use_gzip = true; if (!$backup_obj->Execute($task, '', $use_gzip)) { $message = $backup_obj->error; } else { $messageok = $lang['backup_ok']; logme($lang['backup_ok'], "no", "save"); safe_update("pixie_settings", "last_backup = '{$filename}'", "settings_id = '1'"); $prefs = get_prefs(); extract($prefs); } } if (isset($del)) { if (file_exists("../files/sqlbackups/" . $del)) { $current = safe_field('last_backup', 'pixie_settings', "settings_id='1'"); if ($current != $del) { $delk = file_delete("../files/sqlbackups/" . $del); } else { $unable = "yes"; } } if ($delk) { $messageok = $lang['backup_delete_ok'] . " {$del}.";