Beispiel #1
0
/**
 * Display 'Entry' page.
 */
function pageEntry()
{
    global $PIVOTX;
    // check if the user has the required userlevel to view this page.
    $PIVOTX['session']->minLevel(PIVOTX_UL_NORMAL);
    if ($_GET['uid'] == "") {
        $PIVOTX['template']->assign('title', __('New Entry'));
    } else {
        $PIVOTX['template']->assign('title', __('Edit Entry'));
    }
    $currentuser = $PIVOTX['users']->getUser($PIVOTX['session']->currentUsername());
    if (!empty($_GET['uid'])) {
        // Editing an entry.. Get it from the DB..
        $entry = $PIVOTX['db']->read_entry(intval($_GET['uid']));
        $PIVOTX['events']->add('edit_entry', intval($_GET['uid']), $entry['title']);
        if (!$PIVOTX['users']->allowEdit('entry', $entry['user'])) {
            $PIVOTX['template']->assign('heading', __("PivotX encountered an error"));
            $PIVOTX['template']->assign('html', "<p>" . __("You are not allowed to edit this entry.") . "</p>");
            renderTemplate('generic.tpl');
            return;
        }
        // Make sure we tweak the </textarea> in the intro or body text (since
        // that would break our own textarea, if we didn't)..
        $entry['introduction'] = str_replace("<textarea", "&lt;textarea", $entry['introduction']);
        $entry['introduction'] = str_replace("</textarea", "&lt;/textarea", $entry['introduction']);
        $entry['body'] = str_replace("<textarea", "&lt;textarea", $entry['body']);
        $entry['body'] = str_replace("</textarea", "&lt;/textarea", $entry['body']);
        // If the entry was written in 'convert LB', 'textile' or 'markdown', and is now
        // being edited in 'Plain XHTML' or 'WYSIWYG', we must convert it.
        if (($entry['convert_lb'] == "1" || $entry['convert_lb'] == "2" || $entry['convert_lb'] == "3") && ($currentuser['text_processing'] == "0" || $currentuser['text_processing'] == "5")) {
            $entry['introduction'] = parse_intro_or_body($entry['introduction'], false, $entry['convert_lb'], true);
            $entry['body'] = parse_intro_or_body($entry['body'], false, $entry['convert_lb'], true);
        }
        // Otherwise, if the entry was written in 'Plain XHTML' or 'WYSIWYG', and is now
        // being edited in 'convert LB', 'textile' or 'markdown', there is not much more we
        // can do than strip out the <p> and <br/> tags to replace with linebreaks.
        if (($entry['convert_lb'] == "0" || $entry['convert_lb'] == "5") && ($currentuser['text_processing'] == "1" || $currentuser['text_processing'] == "2" || $currentuser['text_processing'] == "3")) {
            $entry['introduction'] = unparse_intro_or_body($entry['introduction']);
            $entry['body'] = unparse_intro_or_body($entry['body']);
        }
        list($entry['link'], $entry['link_end']) = explode($entry['uri'], $entry['link']);
    } else {
        // Make a new entry.
        $entry = array();
        if ($PIVOTX['config']->get('default_category') != "") {
            $entry['category'] = array($PIVOTX['config']->get('default_category'));
        }
        if ($PIVOTX['config']->get('allow_comments') != "") {
            $entry['allow_comments'] = $PIVOTX['config']->get('allow_comments');
        }
        if ($PIVOTX['config']->get('default_post_status') != "") {
            $entry['status'] = $PIVOTX['config']->get('default_post_status');
        }
        $entry['user'] = $currentuser['username'];
        $entry['link'] = makeFileLink(array('uri' => 'xxx', 'date' => date("Y-m-d-H-i-s")), "", "");
        list($entry['link'], $entry['link_end']) = explode('xxx', $entry['link']);
    }
    // Make sure we only show the allowed categories.. Superadmins can always
    // see and use all categories..
    $categories = $PIVOTX['categories']->getCategories();
    if ($currentuser['userlevel'] < PIVOTX_UL_SUPERADMIN) {
        $allowedcats = $PIVOTX['categories']->allowedCategories($currentuser['username']);
        foreach ($categories as $key => $value) {
            if (!in_array($value['name'], $allowedcats)) {
                unset($categories[$key]);
            }
        }
    }
    if ($_SERVER['REQUEST_METHOD'] == "GET") {
        // Ignore URI if we aren't using mod_rewrite.
        if ($PIVOTX['config']->get('mod_rewrite') == 0) {
            unset($entry['uri']);
        }
        $PIVOTX['extensions']->executeHook('entry_edit_beforeedit', $entry);
        // Show the screen..
        $PIVOTX['template']->assign('entry', $entry);
        $PIVOTX['template']->assign('categories', $categories);
        $PIVOTX['template']->assign('pivotxsession', $PIVOTX['session']->getCSRF());
        $PIVOTX['template']->assign('users', $PIVOTX['users']->getUsers());
        $PIVOTX['template']->assign('entryuser', $PIVOTX['users']->getUser($entry['user']));
        renderTemplate('editentry.tpl');
    } else {
        if ($_POST['code'] != $_GET['uid']) {
            $PIVOTX['events']->add('fatal_error', intval($_GET['uid']), "Tried to fake editing an entry");
            echo "Code is wrong! B0rk!";
            die;
        }
        // Make sure the current user is properly logged in, and that the request is legitimate
        $PIVOTX['session']->checkCSRF($_POST['pivotxsession']);
        // Sanitize the $_POST into an entry we can store
        $entry = sanitizePostedEntry($entry);
        $PIVOTX['extensions']->executeHook('entry_edit_beforesave', $entry);
        $entry = $PIVOTX['db']->set_entry($entry);
        if ($PIVOTX['db']->save_entry(TRUE)) {
            $PIVOTX['messages']->addMessage(sprintf(__('Your entry "%s" was successfully saved.'), '<em>' . trimText($entry['title'], 25) . '</em>'));
            $PIVOTX['extensions']->executeHook('entry_edit_aftersave', $entry);
        } else {
            $PIVOTX['messages']->addMessage(sprintf(__('Your entry "%s" was NOT successfully saved.'), '<em>' . trimText($entry['title'], 25) . '</em>'));
            $PIVOTX['extensions']->executeHook('entry_edit_aftersave_failed', $entry);
        }
        // Remove the compiled/parsed pages from the cache.
        if ($PIVOTX['config']->get('smarty_cache')) {
            $PIVOTX['template']->clear_cache();
        }
        // only trigger the ping if it's a new entry..
        if ($entry['code'] == ">" && $entry['status'] == "publish") {
            $ping = TRUE;
        } else {
            $ping = FALSE;
        }
        // only notify if entry is published, and is either new or status changed to publish.
        if ($entry['status'] == "publish" && !$PIVOTX['config']->get('disable_new_entry_notifications')) {
            if ($entry['code'] == ">" || $entry['oldstatus'] != "publish") {
                $notified = sendMailNotification('entry', $PIVOTX['db']->entry);
                $notified = "<br /><br />" . $notified;
            }
        }
        // perhaps send a trackback ping.
        if ($_POST['tb_url'] != "" && $entry['status'] == "publish") {
            require_once 'includes/send_trackback.php';
            $weblogs = $PIVOTX['weblogs']->getWeblogsWithCat($PIVOTX['db']->entry['category']);
            $entry_url = $PIVOTX['paths']['host'] . makeFileLink($PIVOTX['db']->entry['code'], $weblogs[0], '');
            $weblogdata = $PIVOTX['weblogs']->getWeblog($weblogs[0]);
            $weblog_title = $weblogdata['name'];
            $excerpt = parse_intro_or_body($entry['introduction'], false, $entry['convert_lb']);
            $excerpt = trimText(strip_tags($excerpt), 255);
            $tb_urls = explode("\n", $_POST['tb_url']);
            foreach ($tb_urls as $tb_url) {
                $tb_url = trim($tb_url);
                if (isUrl($tb_url)) {
                    $PIVOTX['messages']->addMessage(sprintf(__('A trackback ping has been sent to "%s".'), $tb_url));
                    trackback_send($tb_url, $entry_url, $entry['title'], $weblog_title, $excerpt);
                }
            }
        }
        // TODO: check input for valid categories for user
        // If we use 'save and continue' on a new Entry, we need to redirect to the page
        // for editing, or we can stop displaying stuff here.. We redirect to
        // that entry, because otherwise we would end up with several double entries.
        if ($_POST['postedfrom'] == "continue") {
            if ($_POST['code'] == "") {
                // New entry..
                echo "<script type='text/javascript'>";
                echo "window.top.location.href ='index.php?page=entry&uid=" . $PIVOTX['db']->entry['uid'] . "';";
                echo "</script>";
            } else {
                // nothing..
            }
        } else {
            // Redirect to the listing page
            header('Location: ' . makeAdminPageLink('entries'));
            exit;
        }
    }
}
Beispiel #2
0
 /**
  * Function: add
  * Adds a post to the database.
  *
  * Most of the function arguments will fall back to various POST values.
  *
  * Calls the @add_post@ trigger with the inserted post and extra options.
  *
  * Note: The default parameter values are empty here so that the fallbacks work properly.
  *
  * Parameters:
  *     $values - The data to insert.
  *     $clean - The sanitized URL (or empty to default to "(feather).(new post's id)").
  *     $url - The unique URL (or empty to default to "(feather).(new post's id)").
  *     $feather - The feather to post as.
  *     $user - <User> to set as the post's author.
  *     $pinned - Pin the post?
  *     $status - Post status
  *     $created_at - New @created_at@ timestamp for the post.
  *     $updated_at - New @updated_at@ timestamp for the post, or @false@ to not updated it.
  *     $trackbacks - URLs separated by " " to send trackbacks to.
  *     $pingbacks - Send pingbacks?
  *     $options - Options for the post.
  *
  * Returns:
  *     The newly created <Post>.
  *
  * See Also:
  *     <update>
  */
 static function add($values = array(), $clean = "", $url = "", $feather = null, $user = null, $pinned = null, $status = "", $created_at = null, $updated_at = null, $trackbacks = "", $pingbacks = true, $options = array())
 {
     $user_id = $user instanceof User ? $user->id : $user;
     $sql = SQL::current();
     $visitor = Visitor::current();
     $trigger = Trigger::current();
     fallback($feather, oneof(@$_POST['feather'], ""));
     fallback($user_id, oneof(@$_POST['user_id'], Visitor::current()->id));
     fallback($pinned, !empty($_POST['pinned']));
     fallback($status, isset($_POST['draft']) ? "draft" : oneof(@$_POST['status'], "public"));
     fallback($created_at, (!empty($_POST['created_at']) and (!isset($_POST['original_time']) or $_POST['created_at'] != $_POST['original_time'])) ? datetime($_POST['created_at']) : datetime());
     fallback($updated_at, oneof(@$_POST['updated_at'], null));
     fallback($trackbacks, oneof(@$_POST['trackbacks'], ""));
     fallback($options, oneof(@$_POST['option'], array()));
     if (isset($clean) and !isset($url)) {
         $url = self::check_url($clean);
     }
     if (isset($_POST['bookmarklet'])) {
         $trigger->filter($values, "bookmarklet_submit_values");
         $trigger->filter($options, "bookmarklet_submit_options");
     }
     $new_values = array("feather" => $feather, "user_id" => $user_id, "pinned" => (int) $pinned, "status" => $status, "clean" => $clean, "url" => $url, "created_at" => $created_at, "updated_at" => $updated_at);
     $trigger->filter($new_values, "before_add_post");
     $sql->insert("posts", $new_values);
     $id = $sql->latest("posts");
     if (empty($clean) or empty($url)) {
         $sql->update("posts", array("id" => $id), array("clean" => $feather . "." . $id, "url" => $feather . "." . $id));
     }
     # Insert the post attributes.
     foreach (array_merge($values, $options) as $name => $value) {
         $sql->insert("post_attributes", array("post_id" => $id, "name" => $name, "value" => $value));
     }
     $post = new self($id, array("drafts" => true));
     if ($trackbacks !== "") {
         $trackbacks = explode(",", $trackbacks);
         $trackbacks = array_map("trim", $trackbacks);
         $trackbacks = array_map("strip_tags", $trackbacks);
         $trackbacks = array_unique($trackbacks);
         $trackbacks = array_diff($trackbacks, array(""));
         foreach ($trackbacks as $url) {
             trackback_send($post, $url);
         }
     }
     if (Config::current()->send_pingbacks and $pingbacks) {
         foreach ($values as $key => $value) {
             send_pingbacks($value, $post);
         }
     }
     $post->redirect = isset($_POST['bookmarklet']) ? url("/admin/?action=bookmarklet&done") : $post->url();
     $trigger->call("add_post", $post, $options);
     return $post;
 }
Beispiel #3
0
/**
 * The screen you'll see after submitting an entry. It stores the entry, updates the indices (pivot's
 * content indices, and the search index), rebuilds the frontpage and XML & Atom feeds, and then it
 * displays a list of the latest entries.
 *
 */
function entrysubmit_screen()
{
    global $db, $config_array, $Pivot_Vars, $entry, $Cfg, $Users, $Paths, $Weblogs, $filtered_words;
    // check against unauthorised direct access.
    check_csrf();
    $db = new db();
    $entry = get_entry_from_post();
    if (!$entry['title'] == "" || !$entry['introduction'] == "" || !$entry['user'] == "") {
        // in this part, we remove the entry from the categories in which
        // the current user is not allowed to post entries
        foreach ($entry['category'] as $my_cat) {
            $allowed = explode("|", $Cfg['cat-' . $my_cat]);
            if (in_array($Pivot_Vars['user'], $allowed)) {
                $allowed_cats[] = $my_cat;
            } else {
                $message .= '<br />';
                $message .= sprintf(lang('entries', 'entry_catnopost'), $m_cat);
                debug("not in category: " . $my_cat);
            }
        }
        $entry['category'] = $allowed_cats;
        $db->set_entry($entry);
        if ($db->save_entry(TRUE)) {
            $message = sprintf(lang('entries', 'entry_saved_ok') . $message, '<i>' . trimtext($entry['title'], 25) . '</i>');
        } else {
            $message = sprintf(lang('entries', 'entry_saved_ok'), '<i>' . trimtext($entry['title'], 25) . '</i>');
        }
        // only trigger the ping if it's a new entry..
        if ($entry['code'] == ">" && $entry['status'] == "publish") {
            $ping = TRUE;
        } else {
            $ping = FALSE;
        }
        // only notify if entry is published, and is either new or status changed to publish.
        if ($entry['status'] == "publish") {
            if ($entry['code'] == ">" || $entry['oldstatus'] != "publish") {
                $notified = notify_new('entry', $db->entry);
                $notified = "<br /><br />" . $notified;
            }
        }
        // if the global index as they are made var is set - can continue
        if ('1' == $Cfg['search_index']) {
            /*
            			2004/10/16 =*=*= JM
            			an entry should only be indexed if both are true:
            			 - 'publish'==$entry['status']
            			 - current date is at least equal to $entry['publish_date']
            			I lie, there is another case...
            			it is conceivable that this is a timed publish AND the time has come
            			I will leave this to timed publish routines - if I can find them...
            			-> pvLib ... it's flagged
            and of course, providing that there is at least one
            			category where it would be indexed...
            something else that can't be tested... if the user changes a normal
            			publish to a timed-publish, or puts on hold when it was previously
            			normal. user should reindex in this case
            */
            // check status and date
            if ('publish' == $entry['status'] || 'timed' == $entry['status'] && $entry['publish_date'] <= date('Y-m-d-H-i')) {
                // categories...
                if (can_search_cats(cfg_cat_nosearchindex(), $entry['category'])) {
                    include_once 'modules/module_search.php';
                    update_index($db->entry);
                    debug('update search index: ' . $db->entry['code']);
                }
            }
        }
        // perhaps send a trackback ping.
        if ($Pivot_Vars['tb_url'] != "" && $entry['status'] == "publish") {
            debug("tburl: " . $Pivot_Vars['tb_url']);
            require_once 'includes/send_trackback.php';
            $weblogs = find_weblogs_with_cat($db->entry['category']);
            if (isset($Weblogs[$weblogs[0]])) {
                $my_url = $Paths['host'] . make_filelink($db->entry['code'], $weblogs[0], '');
                $weblog_title = $Weblogs[$weblogs[0]]['name'];
                debug("TRACKBACK ping: {$my_url}");
                $message .= '<br />';
                $message .= sprintf(lang('entries', 'entry_ping_sent'), $Pivot_Vars['tb_url']);
                $tb_urls = explode("\n", $Pivot_Vars['tb_url']);
                // make the contents of what to send with the trackback..
                $tb_contents = parse_step4($entry['introduction']);
                if ($Pivot_Vars['convert_lb'] == 2) {
                    $tb_contents = pivot_textile($tb_contents);
                } else {
                    if ($Pivot_Vars['convert_lb'] == 3 || $Pivot_Vars['convert_lb'] == 4) {
                        $tb_contents = pivot_markdown($tb_contents, $Pivot_Vars['convert_lb']);
                    }
                }
                $tb_contents = trimtext(strip_tags($tb_contents), 255);
                foreach ($tb_urls as $tb_url) {
                    $tb_url = trim($tb_url);
                    if (isurl($tb_url)) {
                        trackback_send($Pivot_Vars['tb_url'], $my_url, $entry['title'], $weblog_title, $tb_contents);
                    }
                }
            }
        }
        // Update the tags for this entry if it's published and remove the old tags if not
        if ($db->entry['status'] == 'publish') {
            writeTags($db->entry['keywords'], $_POST['f_keywords_old'], $db->entry['code']);
        } else {
            deleteTags($_POST['f_keywords_old'], $db->entry['code']);
        }
    }
    generate_pages($db->entry['code'], TRUE, TRUE, TRUE, $ping);
    entries_screen($message . $notified);
}