/** * Commits prefs to the database. */ function prefs_save() { global $prefs, $gmtoffset, $is_dst, $auto_dst, $timezone_key, $txp_user; // Update custom fields count from database schema and cache it as a hidden pref. // TODO: move this when custom fields are refactored. $max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings("DESCRIBE " . safe_pfx('textpattern')))); set_pref('max_custom_fields', $max_custom_fields, 'publish', 2); $sql = array(); $sql[] = "prefs_id = 1 AND event != '' AND type IN (" . PREF_CORE . ", " . PREF_PLUGIN . ", " . PREF_HIDDEN . ")"; $sql[] = "(user_name = '' OR (user_name = '" . doSlash($txp_user) . "' AND name NOT IN (\n SELECT name FROM " . safe_pfx('txp_prefs') . " WHERE user_name = ''\n )))"; if (!get_pref('use_comments', 1, 1)) { $sql[] = "event != 'comments'"; } $prefnames = safe_rows_start("name, event, user_name, val", 'txp_prefs', join(" AND ", $sql)); $post = stripPost(); if (isset($post['tempdir']) && empty($post['tempdir'])) { $post['tempdir'] = find_temp_dir(); } if (!empty($post['file_max_upload_size'])) { $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']); } if (isset($post['auto_dst'])) { $prefs['auto_dst'] = $auto_dst = $post['auto_dst']; if (isset($post['is_dst']) && !$post['auto_dst']) { $is_dst = $post['is_dst']; } } // Forge $gmtoffset and $is_dst from $timezone_key if present. if (isset($post['timezone_key'])) { $key = $post['timezone_key']; $tzd = Txp::get('\\Textpattern\\Date\\Timezone')->getTimeZones(); if (isset($tzd[$key])) { $prefs['timezone_key'] = $timezone_key = $key; $post['gmtoffset'] = $prefs['gmtoffset'] = $gmtoffset = $tzd[$key]['offset']; $post['is_dst'] = $prefs['is_dst'] = $is_dst = Txp::get('\\Textpattern\\Date\\Timezone')->isDst(null, $key); } } if (isset($post['siteurl'])) { $post['siteurl'] = preg_replace('#^https?://#', '', rtrim($post['siteurl'], '/ ')); } while ($a = nextRow($prefnames)) { extract($a); if (!isset($post[$name]) || !has_privs('prefs.' . $event)) { continue; } if ($name === 'logging' && $post[$name] === 'none' && $post[$name] !== $val) { safe_truncate('txp_log'); } if ($name === 'expire_logs_after' && (int) $post[$name] !== (int) $val) { safe_delete('txp_log', "time < DATE_SUB(NOW(), INTERVAL " . intval($post[$name]) . " DAY)"); } update_pref($name, (string) $post[$name], null, null, null, null, (string) $user_name); } update_lastmod('preferences_saved'); prefs_list(gTxt('preferences_saved')); }
/** * Commits prefs to the database. */ function prefs_save() { global $prefs, $gmtoffset, $is_dst, $auto_dst, $timezone_key, $txp_user; // Update custom fields count from database schema and cache it as a hidden pref. // TODO: move this when custom fields are refactored. $max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings('describe ' . safe_pfx('textpattern')))); set_pref('max_custom_fields', $max_custom_fields, 'publish', 2); $sql = array(); $sql[] = 'prefs_id = 1 and event != "" and type in(' . PREF_CORE . ', ' . PREF_PLUGIN . ', ' . PREF_HIDDEN . ')'; $sql[] = "(user_name = '' or (user_name='" . doSlash($txp_user) . "' and name not in(\n select name from " . safe_pfx('txp_prefs') . " where user_name = ''\n )))"; if (!get_pref('use_comments', 1, 1)) { $sql[] = "event != 'comments'"; } $prefnames = safe_rows_start("name, event, user_name, val", 'txp_prefs', join(' and ', $sql)); $post = stripPost(); if (isset($post['tempdir']) && empty($post['tempdir'])) { $post['tempdir'] = find_temp_dir(); } if (!empty($post['file_max_upload_size'])) { $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']); } if (isset($post['auto_dst'])) { $prefs['auto_dst'] = $auto_dst = $post['auto_dst']; if (isset($post['is_dst']) && !$post['auto_dst']) { $is_dst = $post['is_dst']; } } // Forge $gmtoffset and $is_dst from $timezone_key if present. if (isset($post['timezone_key'])) { $key = $post['timezone_key']; $tzd = Txp::get('Textpattern_Date_Timezone')->getTimeZones(); if (isset($tzd[$key])) { $prefs['timezone_key'] = $timezone_key = $key; $post['gmtoffset'] = $prefs['gmtoffset'] = $gmtoffset = $tzd[$key]['offset']; $post['is_dst'] = $prefs['is_dst'] = $is_dst = Txp::get('Textpattern_Date_Timezone')->isDst(null, $key); } } if (isset($post['siteurl'])) { $post['siteurl'] = preg_replace('#^https?://#', '', rtrim($post['siteurl'], '/ ')); } while ($a = nextRow($prefnames)) { extract($a); if (!isset($post[$name]) || !has_privs('prefs.' . $event)) { continue; } if ($name === 'logging' && $post[$name] === 'none' && $post[$name] !== $val) { safe_truncate('txp_log'); } if ($name === 'expire_logs_after' && (int) $post[$name] !== (int) $val) { safe_delete('txp_log', 'time < date_sub(now(), interval ' . intval($post[$name]) . ' day)'); } update_pref($name, (string) $post[$name], null, null, null, null, (string) $user_name); } update_lastmod(); prefs_list(gTxt('preferences_saved')); }
function getComment() { // comment spam filter plugins: call this function to fetch comment contents $c = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'remember')); $n = array(); foreach (stripPost() as $k => $v) { if (preg_match('#^[A-Fa-f0-9]{32}$#', $k . $v)) { $n[] = doSlash($k . $v); } } $c['nonce'] = ''; $c['secret'] = ''; if (!empty($n)) { $rs = safe_row('nonce, secret', 'txp_discuss_nonce', "nonce in ('" . join("','", $n) . "')"); $c['nonce'] = $rs['nonce']; $c['secret'] = $rs['secret']; } $c['message'] = ps(md5('message' . $c['secret'])); return $c; }
function advanced_prefs_save() { $prefnames = safe_column("name", "txp_prefs", "prefs_id = 1 AND type = 1"); $post = doSlash(stripPost()); if (empty($post['tempdir'])) { $post['tempdir'] = doSlash(find_temp_dir()); } if (!empty($post['file_max_upload_size'])) { $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']); } foreach ($prefnames as $prefname) { if (isset($post[$prefname])) { safe_update("txp_prefs", "val = '" . $post[$prefname] . "'", "name = '" . doSlash($prefname) . "' and prefs_id = 1"); } } update_lastmod(); advanced_prefs(gTxt('preferences_saved')); }
function advanced_prefs_save() { // update custom fields count from database schema and cache it as a hidden pref $max_custom_fields = count(preg_grep('/^custom_\\d+/', getThings('describe `' . PFX . 'textpattern`'))); set_pref('max_custom_fields', $max_custom_fields, 'publish', 2); // safe all regular advanced prefs $prefnames = safe_column("name", "txp_prefs", "prefs_id = 1 AND type = 1"); $post = doSlash(stripPost()); if (empty($post['tempdir'])) { $post['tempdir'] = doSlash(find_temp_dir()); } if (!empty($post['file_max_upload_size'])) { $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']); } foreach ($prefnames as $prefname) { if (isset($post[$prefname])) { safe_update("txp_prefs", "val = '" . $post[$prefname] . "'", "name = '" . doSlash($prefname) . "' and prefs_id = 1"); } } update_lastmod(); advanced_prefs(gTxt('preferences_saved')); }
function advanced_prefs_save() { $prefnames = safe_column("name", "txp_prefs", "prefs_id='1' AND type='1'"); $post = doSlash(stripPost()); if (!empty($post['file_max_upload_size'])) { $post['file_max_upload_size'] = real_max_upload_size($post['file_max_upload_size']); } foreach ($prefnames as $prefname) { if (isset($post[$prefname])) { safe_update("txp_prefs", "val = '" . $post[$prefname] . "'", "name = '{$prefname}' and prefs_id ='1'"); } } advanced_prefs(gTxt('preferences_saved')); }
function getComment() { // comment spam filter plugins: call this function to fetch comment contents $c = psa(array('parentid', 'name', 'email', 'web', 'message', 'backpage', 'remember')); $n = array(); foreach (stripPost() as $k => $v) { if (strlen($k . $v) == 32) { $n[] = "'" . doSlash($k . $v) . "'"; } } $c['nonce'] = ''; $c['secret'] = ''; if (!empty($n)) { $rs = safe_row('nonce, secret', 'txp_discuss_nonce', "nonce in (" . join(',', $n) . ")"); $c['nonce'] = $rs['nonce']; $c['secret'] = $rs['secret']; } return $c; }
/** * Save prefs setting in admin ui * * @return string Message for pagetop() */ function yab_shop_prefs_save() { $post = doSlash(stripPost()); $prefnames = safe_column("name", "yab_shop_prefs", "prefs_id = 1 AND type = 1"); foreach ($prefnames as $prefname) { if (isset($post[$prefname])) { safe_update("yab_shop_prefs", "val = '" . $post[$prefname] . "'", "name = '" . doSlash($prefname) . "' and prefs_id = 1"); } } return yab_shop_admin_lang('prefs_updated'); }