/**
* cascade to children
*
* @param string referencing of the changed anchor
* @param string rights to be cascaded (e.g., 'Y', 'R' or 'N')
*/
public static function cascade($reference, $active)
{
global $context;
// only sections may have sub-sections
if (strpos($reference, 'section:') === 0) {
// cascade to sub-sections
if ($items = Sections::list_for_anchor($reference, 'raw')) {
// cascade to each section individually
foreach ($items as $id => $item) {
// limit actual rights
$item['active'] = Anchors::ceil_rights($active, $item['active_set']);
$query = "UPDATE " . SQL::table_name('sections') . " SET active='" . SQL::escape($item['active']) . "' WHERE id = " . SQL::escape($id);
SQL::query($query);
// cascade to children
Anchors::cascade('section:' . $item['id'], $item['active']);
}
}
}
// only categories may have sub-categories
if (strpos($reference, 'category:') === 0) {
// cascade to sub-categories
if ($items = Categories::list_for_anchor($reference, 'raw')) {
// cascade to each section individually
foreach ($items as $id => $item) {
// limit actual rights
$item['active'] = Anchors::ceil_rights($active, $item['active_set']);
$query = "UPDATE " . SQL::table_name('categories') . " SET active='" . SQL::escape($item['active']) . "' WHERE id = " . SQL::escape($id);
SQL::query($query);
// cascade to children
Anchors::cascade('category:' . $item['id'], $item['active']);
}
}
}
// only sections may have articles
if (strpos($reference, 'section:') === 0) {
// cascade to articles --up to 3000
if ($items =& Articles::list_for_anchor_by('edition', $reference, 0, 3000, 'raw')) {
// cascade to each section individually
foreach ($items as $id => $item) {
// limit actual rights
$item['active'] = Anchors::ceil_rights($active, $item['active_set']);
$query = "UPDATE " . SQL::table_name('articles') . " SET active='" . SQL::escape($item['active']) . "' WHERE id = " . SQL::escape($id);
SQL::query($query);
// cascade to children
Anchors::cascade('article:' . $item['id'], $item['active']);
}
}
}
// cascade to files --up to 3000
if ($items = Files::list_by_date_for_anchor($reference, 0, 3000, 'raw')) {
// cascade to each section individually
foreach ($items as $id => $item) {
// limit actual rights
$item['active'] = Anchors::ceil_rights($active, $item['active_set']);
$query = "UPDATE " . SQL::table_name('files') . " SET active='" . SQL::escape($item['active']) . "' WHERE id = " . SQL::escape($id);
SQL::query($query);
}
}
}
if (isset($_REQUEST['id'])) {
// remember the previous version
if ($item['id'] && Versions::are_different($item, $_REQUEST)) {
Versions::save($item, 'article:' . $item['id']);
}
// stop on error
if (!Articles::put_attributes($_REQUEST) || is_object($overlay) && !$overlay->remember('update', $_REQUEST, 'article:' . $_REQUEST['id'])) {
$item = $_REQUEST;
$with_form = TRUE;
// else display the updated page
} else {
// do whatever is necessary on page update
Articles::finalize_update($anchor, $_REQUEST, $overlay, isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y', isset($_REQUEST['notify_watchers']) && $_REQUEST['notify_watchers'] == 'Y', isset($_REQUEST['notify_followers']) && $_REQUEST['notify_followers'] == 'Y');
// cascade changes on access rights
if ($_REQUEST['active'] != $item['active']) {
Anchors::cascade('article:' . $item['id'], $_REQUEST['active']);
}
// the page has been modified
$context['text'] .= '<p>' . i18n::s('The page has been successfully updated.') . '</p>';
// display the updated page
if (!($recipients = Mailer::build_recipients('article:' . $item['id']))) {
Safe::redirect(Articles::get_permalink($item));
}
// list persons that have been notified
$context['text'] .= $recipients;
// follow-up commands
$follow_up = i18n::s('What do you want to do now?');
$menu = array();
$menu = array_merge($menu, array(Articles::get_permalink($_REQUEST) => i18n::s('View the page')));
if (Surfer::may_upload()) {
$menu = array_merge($menu, array('files/edit.php?anchor=' . urlencode('article:' . $item['id']) => i18n::s('Add a file')));
/**
* change only some attributes
*
* @param array an array of fields
* @return TRUE on success, or FALSE on error
**/
public static function put_attributes(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// quey components
$query = array();
// change access rights
if (isset($fields['active_set'])) {
// cascade anchor access rights
if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) {
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
} else {
$fields['active'] = $fields['active_set'];
}
// remember these in this record
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
// cascade anchor access rights
Anchors::cascade('section:' . $fields['id'], $fields['active']);
}
// other fields
if (isset($fields['anchor'])) {
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
}
if (isset($fields['articles_canvas'])) {
$query[] = "articles_canvas='" . SQL::escape($fields['articles_canvas']) . "'";
}
if (isset($fields['articles_layout'])) {
$query[] = "articles_layout='" . SQL::escape($fields['articles_layout']) . "'";
}
if (isset($fields['articles_templates'])) {
$query[] = "articles_templates='" . SQL::escape($fields['articles_templates']) . "'";
}
if (isset($fields['behaviors'])) {
$query[] = "behaviors='" . SQL::escape($fields['behaviors']) . "'";
}
if (isset($fields['content_overlay'])) {
$query[] = "content_overlay='" . SQL::escape($fields['content_overlay']) . "'";
}
if (isset($fields['content_options'])) {
$query[] = "content_options='" . SQL::escape($fields['content_options']) . "'";
}
if (isset($fields['description'])) {
$query[] = "description='" . SQL::escape($fields['description']) . "'";
}
if (isset($fields['extra'])) {
$query[] = "extra='" . SQL::escape($fields['extra']) . "'";
}
if (isset($fields['file_overlay'])) {
$query[] = "file_overlay='" . SQL::escape($fields['file_overlay']) . "'";
}
if (isset($fields['handle']) && $fields['handle']) {
$query[] = "handle='" . SQL::escape($fields['handle']) . "'";
}
if (isset($fields['icon_url'])) {
$query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'";
}
if (isset($fields['home_panel'])) {
$query[] = "home_panel='" . SQL::escape($fields['home_panel']) . "'";
}
if (isset($fields['index_map'])) {
$query[] = "index_map='" . SQL::escape($fields['index_map']) . "'";
}
if (isset($fields['introduction'])) {
$query[] = "introduction='" . SQL::escape($fields['introduction']) . "'";
}
if (isset($fields['index_title'])) {
$query[] = "index_title='" . SQL::escape($fields['index_title']) . "'";
}
if (isset($fields['language'])) {
$query[] = "language='" . SQL::escape($fields['language']) . "'";
}
if (isset($fields['locked'])) {
$query[] = "locked='" . SQL::escape($fields['locked']) . "'";
}
if (isset($fields['maximum_items'])) {
$query[] = "maximum_items='" . SQL::escape($fields['maximum_items']) . "'";
}
if (isset($fields['meta'])) {
$query[] = "meta='" . SQL::escape($fields['meta']) . "'";
}
if (isset($fields['nick_name'])) {
$query[] = "nick_name='" . SQL::escape($fields['nick_name']) . "'";
}
if (isset($fields['options'])) {
$query[] = "options='" . SQL::escape($fields['options']) . "'";
}
if (isset($fields['overlay'])) {
$query[] = "overlay='" . SQL::escape($fields['overlay']) . "'";
}
if (isset($fields['overlay_id'])) {
$query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'";
}
if (isset($fields['owner_id'])) {
$query[] = "owner_id=" . SQL::escape($fields['owner_id']);
}
if (isset($fields['prefix']) && Surfer::is_associate()) {
$query[] = "prefix='" . SQL::escape($fields['prefix']) . "'";
}
if (isset($fields['rank'])) {
$query[] = "rank='" . SQL::escape($fields['rank']) . "'";
}
if (isset($fields['sections_layout'])) {
$query[] = "sections_layout='" . SQL::escape($fields['sections_layout']) . "'";
}
if (isset($fields['suffix']) && Surfer::is_associate()) {
$query[] = "suffix='" . SQL::escape($fields['suffix']) . "'";
}
if (isset($fields['tags'])) {
$query[] = "tags='" . SQL::escape($fields['tags']) . "'";
}
if (isset($fields['thumbnail_url'])) {
$query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'";
}
if (isset($fields['title'])) {
$fields['title'] = strip_tags($fields['title'], '<br>');
$query[] = "title='" . SQL::escape($fields['title']) . "'";
}
if (isset($fields['trailer'])) {
$query[] = "trailer='" . SQL::escape($fields['trailer']) . "'";
}
// nothing to update
if (!count($query)) {
return TRUE;
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='article:update'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
$query = "UPDATE " . SQL::table_name('sections') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
if (!SQL::query($query)) {
return FALSE;
}
// clear the cache
Sections::clear($fields);
// end of job
return TRUE;
}
/**
* change only some attributes
*
* @param array an array of fields
* @return TRUE on success, or FALSE on error
**/
public static function put_attributes(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// quey components
$query = array();
// change access rights
if (isset($fields['active_set'])) {
// anchor cannot be empty
if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// determine the actual right
$fields['active'] = $anchor->ceil_rights($fields['active_set']);
// remember these in this record
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
// cascade anchor access rights
Anchors::cascade('file:' . $fields['id'], $fields['active']);
}
// anchor this page to another place
if (isset($fields['anchor'])) {
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
$query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)";
$query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)";
}
// other fields that can be modified individually
if (isset($fields['behaviors'])) {
$query[] = "behaviors='" . SQL::escape($fields['behaviors']) . "'";
}
if (isset($fields['description'])) {
$query[] = "description='" . SQL::escape($fields['description']) . "'";
}
if (isset($fields['icon_url'])) {
$query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'";
}
if (isset($fields['overlay'])) {
$query[] = "overlay='" . SQL::escape($fields['overlay']) . "'";
}
if (isset($fields['overlay_id'])) {
$query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'";
}
if (isset($fields['rank'])) {
$query[] = "rank='" . SQL::escape($fields['rank']) . "'";
}
if (isset($fields['source'])) {
$query[] = "source='" . SQL::escape($fields['source']) . "'";
}
if (isset($fields['thumbnail_url'])) {
$query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'";
}
if (isset($fields['keywords'])) {
$query[] = "keywords='" . SQL::escape($fields['keywords']) . "'";
}
if (isset($fields['title'])) {
$fields['title'] = strip_tags($fields['title'], '<br>');
$query[] = "title='" . SQL::escape($fields['title']) . "'";
}
// nothing to update
if (!count($query)) {
return TRUE;
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='article:update'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
$query = "UPDATE " . SQL::table_name('files') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
if (!SQL::query($query)) {
return FALSE;
}
// clear the cache
Files::clear($fields);
// end of job
return TRUE;
}
}
// overlay has been inserted or updated
if (isset($_REQUEST['overlay_type']) && $_REQUEST['overlay_type']) {
$action = 'insert';
} else {
$action = 'update';
}
// stop on error
if (!Sections::put($_REQUEST) || is_object($overlay) && !$overlay->remember($action, $_REQUEST, 'section:' . $_REQUEST['id'])) {
$item = $_REQUEST;
$with_form = TRUE;
// else display the updated page
} else {
// cascade changes on access rights
if ($_REQUEST['active'] != $item['active']) {
Anchors::cascade('section:' . $item['id'], $_REQUEST['active']);
}
// notification to send by e-mail
$mail = array();
$mail['subject'] = sprintf(i18n::c('%s: %s'), i18n::c('Contribution'), strip_tags($_REQUEST['title']));
$mail['notification'] = Sections::build_notification('update', $_REQUEST);
$mail['headers'] = Mailer::set_thread('section:' . $_REQUEST['id']);
// notify watchers of the updated section and of its parent
if ($handle = new Section()) {
$handle->load_by_content($_REQUEST, $anchor);
// send to watchers of this anchor and upwards
if (isset($_REQUEST['notify_watchers']) && $_REQUEST['notify_watchers'] == 'Y') {
$handle->alert_watchers($mail, 'section:update', $_REQUEST['active'] == 'N');
}
}
// send to followers of this user
// update the overlay from form content
$overlay->parse_fields($_REQUEST);
// save content of the overlay in the category itself
$_REQUEST['overlay'] = $overlay->save();
$_REQUEST['overlay_id'] = $overlay->get_id();
}
// display the form on error
if (($error = Categories::put($_REQUEST)) || is_object($overlay) && !$overlay->remember('update', $_REQUEST, 'category:' . $_REQUEST['id'])) {
Logger::error($error);
$item = $_REQUEST;
$with_form = TRUE;
// else display the updated page
} else {
// cascade changes on access rights
if ($_REQUEST['active'] != $item['active']) {
Anchors::cascade('category:' . $item['id'], $_REQUEST['active']);
}
// touch the related anchor
if (is_object($anchor)) {
$anchor->touch('category:update', $item['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y');
}
// clear cache
Categories::clear($_REQUEST);
if (!$render_overlaid) {
Safe::redirect(Categories::get_permalink($item));
}
}
// post a new category
} elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
// limit access rights based on parent heritage, if any
if (is_object($anchor)) {
/**
* change only some attributes
*
* @param array an array of fields
* @return TRUE on success, or FALSE on error
**/
public static function put_attributes(&$fields)
{
global $context;
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// quey components
$query = array();
// change access rights
if (isset($fields['active_set'])) {
// cascade anchor access rights
Anchors::cascade('category:' . $fields['id'], $fields['active']);
// remember these in this record
$query[] = "active='" . SQL::escape($fields['active']) . "'";
$query[] = "active_set='" . SQL::escape($fields['active_set']) . "'";
}
// other fields
if (isset($fields['anchor'])) {
$query[] = "anchor='" . SQL::escape($fields['anchor']) . "'";
}
if (isset($fields['articles_layout'])) {
$query[] = "articles_layout='" . SQL::escape($fields['articles_layout']) . "'";
}
if (isset($fields['description'])) {
$query[] = "description='" . SQL::escape($fields['description']) . "'";
}
if (isset($fields['extra'])) {
$query[] = "extra='" . SQL::escape($fields['extra']) . "'";
}
if (isset($fields['icon_url'])) {
$query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'";
}
if (isset($fields['introduction'])) {
$query[] = "introduction='" . SQL::escape($fields['introduction']) . "'";
}
if (isset($fields['options'])) {
$query[] = "options='" . SQL::escape($fields['options']) . "'";
}
if (isset($fields['overlay'])) {
$query[] = "overlay='" . SQL::escape($fields['overlay']) . "'";
}
if (isset($fields['overlay_id'])) {
$query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'";
}
if (isset($fields['prefix']) && Surfer::is_associate()) {
$query[] = "prefix='" . SQL::escape($fields['prefix']) . "'";
}
if (isset($fields['rank'])) {
$query[] = "rank='" . SQL::escape($fields['rank']) . "'";
}
if (isset($fields['sections_layout'])) {
$query[] = "sections_layout='" . SQL::escape($fields['sections_layout']) . "'";
}
if (isset($fields['suffix']) && Surfer::is_associate()) {
$query[] = "suffix='" . SQL::escape($fields['suffix']) . "'";
}
if (isset($fields['keywords'])) {
$query[] = "keywords='" . SQL::escape($fields['keywords']) . "'";
}
if (isset($fields['thumbnail_url'])) {
$query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'";
}
if (isset($fields['title'])) {
$fields['title'] = strip_tags($fields['title'], '<br>');
$query[] = "title='" . SQL::escape($fields['title']) . "'";
}
if (isset($fields['trailer'])) {
$query[] = "trailer='" . SQL::escape($fields['trailer']) . "'";
}
if (isset($fields['users_layout'])) {
$query[] = "users_layout='" . SQL::escape($fields['users_layout']) . "'";
}
if (isset($fields['categories_layout'])) {
$query[] = "categories_layout='" . SQL::escape($fields['categories_layout']) . "'";
}
if (isset($fields['display'])) {
$query[] = "display='" . SQL::escape($fields['display']) . "'";
}
if (isset($fields['background_color'])) {
$query[] = "background_color='" . SQL::escape($fields['background_color']) . "'";
}
if (isset($fields['categories_overlay'])) {
$query[] = "categories_overlay='" . SQL::escape($fields['categories_overlay']) . "'";
}
if (isset($fields['expiry_date'])) {
$query[] = "expiry_date='" . SQL::escape($fields['expiry_date']) . "'";
}
if (isset($fields['path'])) {
$query[] = "path='" . SQL::escape($fields['path']) . "'";
}
// nothing to update
if (!count($query)) {
return TRUE;
}
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'";
$query[] = "edit_id=" . SQL::escape($fields['edit_id']);
$query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'";
$query[] = "edit_action='category:update'";
$query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
$query = "UPDATE " . SQL::table_name('categories') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']);
if (!SQL::query($query)) {
return FALSE;
}
// clear the cache
Categories::clear($fields);
// end of job
return TRUE;
}
