Ejemplo n.º 1
0
 $type = '';
 if (isset($_POST['type'])) {
     $type = COM_applyFilter($_POST['type']);
 }
 if (!isset($sid) || empty($sid)) {
     COM_errorLog('Attempted to delete story sid=' . $sid);
     echo COM_refresh($_CONF['site_admin_url'] . '/story.php');
 } else {
     if ($type == 'submission') {
         if (TOPIC_hasMultiTopicAccess('article', $sid) < 3) {
             COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid}.");
             echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
         } else {
             if (SEC_checkToken()) {
                 // Delete Topic Assignments for this submission
                 TOPIC_deleteTopicAssignments('article', $sid);
                 DB_delete($_TABLES['storysubmission'], 'sid', $sid, $_CONF['site_admin_url'] . '/moderation.php');
             } else {
                 COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid} and failed CSRF checks.");
                 echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
             }
         }
     } else {
         if (SEC_checkToken()) {
             echo STORY_deleteStory($sid);
         } else {
             COM_accessLog("User {$_USER['username']} tried to delete story and failed CSRF checks {$sid}.");
             echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
         }
     }
 }
Ejemplo n.º 2
0
/**
 * Performs story exclusive work for items deleted by moderation
 * While moderation.php handles the actual removal from the submission
 * table, within this function we handle all other deletion related tasks
 *
 * @param    string $sid Identifying string, i.e. the story id
 * @return   string          Any wanted HTML output
 */
function plugin_moderationdelete_story($sid)
{
    global $_TABLES;
    TOPIC_deleteTopicAssignments('article', $sid);
    DB_delete($_TABLES['storysubmission'], 'sid', $sid);
    return '';
}
Ejemplo n.º 3
0
/**
 * Delete an existing static page
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_delete_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC;
    $output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php?msg=20');
    if (empty($args['sp_id']) && !empty($args['id'])) {
        $args['sp_id'] = $args['id'];
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
        $args['mode'] = COM_applyBasicFilter($args['mode']);
    }
    $sp_id = $args['sp_id'];
    if (!SEC_hasRights('staticpages.delete')) {
        $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']);
        $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied']));
        if ($_USER['uid'] > 1) {
            return PLG_RET_PERMISSION_DENIED;
        } else {
            return PLG_RET_AUTH_FAILED;
        }
    }
    // If a staticpage template, remove any use of the file
    if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_id}'") == 1) {
        $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_id}'";
        $result = DB_query($sql);
    }
    DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id);
    DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages'));
    TOPIC_deleteTopicAssignments('staticpages', $sp_id);
    PLG_itemDeleted($sp_id, 'staticpages');
    // Clear Cache
    $cacheInstance = 'staticpage__' . $sp_id . '__';
    CACHE_remove_instance($cacheInstance);
    return PLG_RET_OK;
}
Ejemplo n.º 4
0
/**
* Delete a block
*
* @param    string  $bid    id of block to delete
* @return   string          HTML redirect or error message
*
*/
function deleteBlock($bid)
{
    global $_CONF, $_TABLES, $_USER;
    $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'");
    $A = DB_fetchArray($result);
    $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) {
        COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}.");
        return COM_refresh($_CONF['site_admin_url'] . '/block.php');
    }
    TOPIC_deleteTopicAssignments('block', $bid);
    DB_delete($_TABLES['blocks'], 'bid', $bid);
    $cacheInstance = 'block__' . $bid . '__';
    // remove any of this blocks instances if exists
    CACHE_remove_instance($cacheInstance);
    return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12');
}
Ejemplo n.º 5
0
 /**
  * Saves the story in it's final state to the database.
  * Handles all the SID magic etc.
  *
  * @return int status result from a constant list.
  */
 public function saveToDatabase()
 {
     global $_TABLES, $_DB_dbms;
     $tids = TOPIC_getTopicIdsForObject('topic');
     $archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag=1');
     if (!empty($tids) && !empty($archive_tid)) {
         if (in_array($archive_tid, $tids)) {
             $this->_featured = 0;
             $this->_frontpage = 0;
             $this->_statuscode = STORY_ARCHIVE_ON_EXPIRE;
         }
     }
     /* if a featured, non-draft, that goes live straight away, unfeature
      * other stories in same topic:
      */
     if ($this->_featured == '1') {
         // there can only be one non-draft featured story
         if ($this->_draft_flag == 0 and $this->_date <= time()) {
             if ($this->_frontpage == 1) {
                 // un-feature any featured frontpage story
                 DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND frontpage = 1 AND date <= NOW()");
             }
             // un-feature any featured story in the same topic
             //DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND tid = '{$this->_tid}' AND date <= NOW()");
             $tids = TOPIC_getTopicIdsForObject('topic');
             if (!empty($tids)) {
                 DB_query("UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta SET s.featured = 0 WHERE s.featured = 1 AND s.draft_flag = 0 AND (ta.tid IN ('" . implode("','", $tids) . "')) AND ta.type = 'article' AND ta.id = s.sid AND s.date <= NOW()");
             }
         }
     }
     $oldArticleExists = false;
     $currentSidExists = false;
     // Fix up old sid => new sid stuff
     $checkSid = DB_escapeString($this->_originalSid);
     // needed below
     if ($this->_sid != $this->_originalSid) {
         /* The sid has changed. Load from request will have
          * ensured that if the new sid exists an error has
          * been thrown, but we need to know if the old sid
          * actually existed (as opposed to being a generated
          * sid that was then thrown away) to reduce the sheer
          * number of SQL queries we do.
          */
         $newSid = DB_escapeString($this->_sid);
         $sql = "SELECT 1 FROM {$_TABLES['stories']} WHERE sid='{$checkSid}'";
         $result = DB_query($sql);
         if ($result && DB_numRows($result) > 0) {
             $oldArticleExists = true;
         }
         if ($oldArticleExists) {
             // Move Comments
             $sql = "UPDATE {$_TABLES['comments']} SET sid='{$newSid}' WHERE type='article' AND sid='{$checkSid}'";
             DB_query($sql);
             // Move Images
             $sql = "UPDATE {$_TABLES['article_images']} SET ai_sid = '{$newSid}' WHERE ai_sid = '{$checkSid}'";
             DB_query($sql);
             // Move trackbacks
             $sql = "UPDATE {$_TABLES['trackback']} SET sid='{$newSid}' WHERE sid='{$checkSid}' AND type='article'";
             DB_query($sql);
         }
     }
     // Acquire Comment Count
     $sql = "SELECT COUNT(1) FROM {$_TABLES['comments']} WHERE type='article' AND sid='{$this->_sid}'";
     $result = DB_query($sql);
     if ($result && DB_numRows($result) == 1) {
         $array = DB_fetchArray($result);
         $this->_comments = $array[0];
     } else {
         $this->_comments = 0;
     }
     /* Format dates for storage: */
     /*
      * Doing this here would use the webserver's timezone, but we need
      * to use the DB server's timezone so that ye olde timezone hack
      * still works. See use of FROM_UNIXTIME in the SQL below.
      *
      * $this->_date = date('Y-m-d H:i:s', $this->_date);
      * $this->_expire = date('Y-m-d H:i:s', $this->_expire);
      *
      */
     // Get the related URLs
     $this->_related = implode("\n", STORY_extractLinks($this->DisplayElements('introtext') . ' ' . $this->DisplayElements('bodytext')));
     $fields = '';
     $values = '';
     reset($this->_dbFields);
     $this->_text_version = GLTEXT_LATEST_VERSION;
     // Apply HTML filter to the text just before save
     // with the permissions of current editor
     $this->_introtext = GLText::applyHTMLFilter($this->_introtext, $this->_postmode, 'story.edit', $this->_text_version);
     $this->_bodytext = GLText::applyHTMLFilter($this->_bodytext, $this->_postmode, 'story.edit', $this->_text_version);
     /* This uses the database field array to generate a SQL Statement. This
      * means that when adding new fields to save and load, all we need to do
      * is add the field name to the array, and the code will magically cope.
      */
     while (list($fieldName, $save) = each($this->_dbFields)) {
         if ($save === 1) {
             $varName = '_' . $fieldName;
             $fields .= $fieldName . ', ';
             if ($fieldName === 'date' || $fieldName === 'expire' || $fieldName === 'comment_expire') {
                 // let the DB server do this conversion (cf. timezone hack)
                 $values .= 'FROM_UNIXTIME(' . $this->{$varName} . '), ';
             } else {
                 if ($this->{$varName} === '') {
                     $values .= "'', ";
                 } else {
                     if (is_numeric($this->{$varName})) {
                         $values .= DB_escapeString($this->{$varName}) . ', ';
                     } else {
                         $values .= '\'' . DB_escapeString($this->{$varName}) . '\', ';
                     }
                 }
             }
         }
     }
     $fields = substr($fields, 0, strlen($fields) - 2);
     $values = substr($values, 0, strlen($values) - 2);
     DB_save($_TABLES['stories'], $fields, $values);
     // Save Topics selected
     TOPIC_saveTopicSelectionControl('article', $this->_sid);
     if ($oldArticleExists) {
         // Clean up the old story
         DB_delete($_TABLES['stories'], 'sid', $checkSid);
         // Delete Topic Assignments for this old article id since we just created new ones
         TOPIC_deleteTopicAssignments('article', $checkSid);
     }
     if ($this->type === 'submission') {
         // there might be a submission, clean it up
         DB_delete($_TABLES['storysubmission'], 'sid', $checkSid);
     }
     return STORY_SAVED;
 }