function discuss_save()
{
$varray = array_map('assert_string', gpsa(array('email', 'name', 'web', 'message', 'ip')));
$varray = $varray + array_map('assert_int', gpsa(array('discussid', 'visible', 'parentid')));
extract(doSlash($varray));
$message = $varray['message'] = preg_replace('#<(/?txp:.+?)>#', '<$1>', $message);
$constraints = array('status' => new ChoiceConstraint($visible, array('choices' => array(SPAM, MODERATE, VISIBLE), 'message' => 'invalid_status')));
callback_event_ref('discuss_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
if ($validator->validate() && safe_update('txp_discuss', "email = '{$email}',\n name = '{$name}',\n web = '{$web}',\n message = '{$message}',\n visible = {$visible}", "discussid = {$discussid}")) {
update_comments_count($parentid);
update_lastmod('discuss_saved', compact('discussid', 'email', 'name', 'web', 'message', 'ip', 'visible', 'parentid'));
$message = gTxt('comment_updated', array('{id}' => $discussid));
} else {
$message = array(gTxt('comment_save_failed'), E_ERROR);
}
discuss_list($message);
}
/**
* The main panel listing all articles.
*
* @param string|array $message The activity message
* @param string $post Not used
*/
function list_list($message = '', $post = '')
{
global $statuses, $use_comments, $comments_disabled_after, $step, $txp_user, $article_list_pageby, $event;
pagetop(gTxt('tab_list'), $message);
extract(gpsa(array('page', 'sort', 'dir', 'crit', 'search_method')));
if ($sort === '') {
$sort = get_pref('article_sort_column', 'posted');
} else {
if (!in_array($sort, array('id', 'title', 'expires', 'section', 'category1', 'category2', 'status', 'author', 'comments', 'lastmod'))) {
$sort = 'posted';
}
set_pref('article_sort_column', $sort, 'list', 2, '', 0, PREF_PRIVATE);
}
if ($dir === '') {
$dir = get_pref('article_sort_dir', 'desc');
} else {
$dir = $dir == 'asc' ? "asc" : "desc";
set_pref('article_sort_dir', $dir, 'list', 2, '', 0, PREF_PRIVATE);
}
$sesutats = array_flip($statuses);
switch ($sort) {
case 'id':
$sort_sql = "textpattern.ID {$dir}";
break;
case 'title':
$sort_sql = "textpattern.Title {$dir}, textpattern.Posted DESC";
break;
case 'expires':
$sort_sql = "textpattern.Expires {$dir}";
break;
case 'section':
$sort_sql = "section.title {$dir}, textpattern.Posted DESC";
break;
case 'category1':
$sort_sql = "category1.title {$dir}, textpattern.Posted DESC";
break;
case 'category2':
$sort_sql = "category2.title {$dir}, textpattern.Posted DESC";
break;
case 'status':
$sort_sql = "textpattern.Status {$dir}, textpattern.Posted DESC";
break;
case 'author':
$sort_sql = "user.RealName {$dir}, textpattern.Posted DESC";
break;
case 'comments':
$sort_sql = "textpattern.comments_count {$dir}, textpattern.Posted DESC";
break;
case 'lastmod':
$sort_sql = "textpattern.LastMod {$dir}, textpattern.Posted DESC";
break;
default:
$sort = 'posted';
$sort_sql = "textpattern.Posted {$dir}";
break;
}
$switch_dir = $dir == 'desc' ? 'asc' : 'desc';
$search = new Filter($event, array('id' => array('column' => 'textpattern.ID', 'label' => gTxt('ID'), 'type' => 'integer'), 'title_body_excerpt' => array('column' => array('textpattern.Title', 'textpattern.Body', 'textpattern.Excerpt'), 'label' => gTxt('title_body_excerpt')), 'section' => array('column' => array('textpattern.Section', 'section.title'), 'label' => gTxt('section')), 'keywords' => array('column' => 'textpattern.Keywords', 'label' => gTxt('keywords'), 'type' => 'find_in_set'), 'categories' => array('column' => array('textpattern.Category1', 'textpattern.Category2', 'category1.title', 'category2.title'), 'label' => gTxt('categories')), 'status' => array('column' => array('textpattern.Status'), 'label' => gTxt('status'), 'type' => 'boolean'), 'author' => array('column' => array('textpattern.AuthorID', 'user.RealName'), 'label' => gTxt('author')), 'article_image' => array('column' => array('textpattern.Image'), 'label' => gTxt('article_image'), 'type' => 'integer'), 'posted' => array('column' => array('textpattern.Posted'), 'label' => gTxt('posted')), 'lastmod' => array('column' => array('textpattern.LastMod'), 'label' => gTxt('article_modified'))));
$search->setAliases('status', $statuses);
list($criteria, $crit, $search_method) = $search->getFilter(array('id' => array('can_list' => true), 'article_image' => array('can_list' => true), 'title_body_excerpt' => array('always_like' => true)));
$search_render_options = array('placeholder' => 'search_articles');
$sql_from = safe_pfx('textpattern') . " textpattern\n LEFT JOIN " . safe_pfx('txp_category') . " category1 ON category1.name = textpattern.Category1 AND category1.type = 'article'\n LEFT JOIN " . safe_pfx('txp_category') . " category2 ON category2.name = textpattern.Category2 AND category2.type = 'article'\n LEFT JOIN " . safe_pfx('txp_section') . " section ON section.name = textpattern.Section\n LEFT JOIN " . safe_pfx('txp_users') . " user ON user.name = textpattern.AuthorID";
if ($criteria === 1) {
$total = safe_count('textpattern', $criteria);
} else {
$total = getThing("SELECT COUNT(*) FROM {$sql_from} WHERE {$criteria}");
}
echo n . tag(hed(gTxt('tab_list'), 1, array('class' => 'txp-heading')), 'div', array('class' => 'txp-layout-2col-cell-1'));
$searchBlock = n . tag($search->renderForm('list', $search_render_options), 'div', array('class' => 'txp-layout-2col-cell-2', 'id' => $event . '_control'));
$createBlock = array();
if (has_privs('article.edit')) {
$createBlock[] = n . tag(sLink('article', '', gTxt('add_new_article'), 'txp-button'), 'div', array('class' => 'txp-control-panel'));
}
$contentBlockStart = n . tag_start('div', array('class' => 'txp-layout-1col', 'id' => $event . '_container'));
$createBlock = implode(n, $createBlock);
if ($total < 1) {
if ($criteria != 1) {
echo $searchBlock . $contentBlockStart . $createBlock . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_results_found'), array('class' => 'alert-block information'));
} else {
echo $contentBlockStart . $createBlock . graf(span(null, array('class' => 'ui-icon ui-icon-info')) . ' ' . gTxt('no_articles_recorded'), array('class' => 'alert-block information'));
}
echo n . tag_end('div');
return;
}
$limit = max($article_list_pageby, 15);
list($page, $offset, $numPages) = pager($total, $limit, $page);
echo $searchBlock . $contentBlockStart . $createBlock;
$rs = safe_query("SELECT\n textpattern.ID, textpattern.Title, textpattern.url_title, textpattern.Section,\n textpattern.Category1, textpattern.Category2,\n textpattern.Status, textpattern.Annotate, textpattern.AuthorID,\n UNIX_TIMESTAMP(textpattern.Posted) AS posted,\n UNIX_TIMESTAMP(textpattern.LastMod) AS lastmod,\n UNIX_TIMESTAMP(textpattern.Expires) AS expires,\n category1.title AS category1_title,\n category2.title AS category2_title,\n section.title AS section_title,\n user.RealName AS RealName,\n (SELECT COUNT(*) FROM " . safe_pfx('txp_discuss') . " WHERE parentid = textpattern.ID) AS total_comments\n FROM {$sql_from} WHERE {$criteria} ORDER BY {$sort_sql} LIMIT {$offset}, {$limit}");
if ($rs) {
$show_authors = !has_single_author('textpattern', 'AuthorID');
echo n . tag(toggle_box('articles_detail'), 'div', array('class' => 'txp-list-options')) . n . tag_start('form', array('class' => 'multi_edit_form', 'id' => 'articles_form', 'name' => 'longform', 'method' => 'post', 'action' => 'index.php')) . n . tag_start('div', array('class' => 'txp-listtables')) . n . tag_start('table', array('class' => 'txp-list')) . n . tag_start('thead') . tr(hCell(fInput('checkbox', 'select_all', 0, '', '', '', '', '', 'select_all'), '', ' class="txp-list-col-multi-edit" scope="col" title="' . gTxt('toggle_all_selected') . '"') . column_head('ID', 'id', 'list', true, $switch_dir, $crit, $search_method, ('id' == $sort ? "{$dir} " : '') . 'txp-list-col-id') . column_head('title', 'title', 'list', true, $switch_dir, $crit, $search_method, ('title' == $sort ? "{$dir} " : '') . 'txp-list-col-title') . column_head('posted', 'posted', 'list', true, $switch_dir, $crit, $search_method, ('posted' == $sort ? "{$dir} " : '') . 'txp-list-col-created date') . column_head('article_modified', 'lastmod', 'list', true, $switch_dir, $crit, $search_method, ('lastmod' == $sort ? "{$dir} " : '') . 'txp-list-col-lastmod date articles_detail') . column_head('expires', 'expires', 'list', true, $switch_dir, $crit, $search_method, ('expires' == $sort ? "{$dir} " : '') . 'txp-list-col-expires date articles_detail') . column_head('section', 'section', 'list', true, $switch_dir, $crit, $search_method, ('section' == $sort ? "{$dir} " : '') . 'txp-list-col-section') . column_head('category1', 'category1', 'list', true, $switch_dir, $crit, $search_method, ('category1' == $sort ? "{$dir} " : '') . 'txp-list-col-category1 category articles_detail') . column_head('category2', 'category2', 'list', true, $switch_dir, $crit, $search_method, ('category2' == $sort ? "{$dir} " : '') . 'txp-list-col-category2 category articles_detail') . column_head('status', 'status', 'list', true, $switch_dir, $crit, $search_method, ('status' == $sort ? "{$dir} " : '') . 'txp-list-col-status') . ($show_authors ? column_head('author', 'author', 'list', true, $switch_dir, $crit, $search_method, ('author' == $sort ? "{$dir} " : '') . 'txp-list-col-author name') : '') . ($use_comments == 1 ? column_head('comments', 'comments', 'list', true, $switch_dir, $crit, $search_method, ('comments' == $sort ? "{$dir} " : '') . 'txp-list-col-comments articles_detail') : '')) . n . tag_end('thead');
include_once txpath . '/publish/taghandlers.php';
echo n . tag_start('tbody');
$validator = new Validator();
while ($a = nextRow($rs)) {
extract($a);
if ($Title === '') {
$Title = '<em>' . eLink('article', 'edit', 'ID', $ID, gTxt('untitled')) . '</em>';
} else {
$Title = eLink('article', 'edit', 'ID', $ID, $Title);
}
// Valid section and categories?
$validator->setConstraints(array(new SectionConstraint($Section)));
$vs = $validator->validate() ? '' : ' error';
$validator->setConstraints(array(new CategoryConstraint($Category1, array('type' => 'article'))));
$vc[1] = $validator->validate() ? '' : ' error';
$validator->setConstraints(array(new CategoryConstraint($Category2, array('type' => 'article'))));
$vc[2] = $validator->validate() ? '' : ' error';
$Category1 = $Category1 ? span(txpspecialchars($category1_title), array('title' => $Category1)) : '';
$Category2 = $Category2 ? span(txpspecialchars($category2_title), array('title' => $Category2)) : '';
if ($Status != STATUS_LIVE and $Status != STATUS_STICKY) {
$view_url = '?txpreview=' . intval($ID) . '.' . time();
} else {
$view_url = permlinkurl($a);
}
if (isset($statuses[$Status])) {
$Status = $statuses[$Status];
}
$comments = '(' . $total_comments . ')';
if ($total_comments) {
$comments = href($comments, array('event' => 'discuss', 'step' => 'list', 'search_method' => 'parent', 'crit' => $ID), array('title' => gTxt('manage')));
}
$comment_status = $Annotate ? gTxt('on') : gTxt('off');
if ($comments_disabled_after) {
$lifespan = $comments_disabled_after * 86400;
$time_since = time() - $posted;
if ($time_since > $lifespan) {
$comment_status = gTxt('expired');
}
}
$comments = tag($comment_status, 'span', array('class' => 'comments-status')) . ' ' . tag($comments, 'span', array('class' => 'comments-manage'));
echo tr(td(($a['Status'] >= STATUS_LIVE and has_privs('article.edit.published') or $a['Status'] >= STATUS_LIVE and $AuthorID === $txp_user and has_privs('article.edit.own.published') or $a['Status'] < STATUS_LIVE and has_privs('article.edit') or $a['Status'] < STATUS_LIVE and $AuthorID === $txp_user and has_privs('article.edit.own')) ? fInput('checkbox', 'selected[]', $ID, 'checkbox') : '', '', 'txp-list-col-multi-edit') . hCell(eLink('article', 'edit', 'ID', $ID, $ID) . sp . span(span('[', array('aria-hidden' => 'true')) . href(gTxt('view'), $view_url) . span(']', array('aria-hidden' => 'true')), array('class' => 'txp-option-link articles_detail')), '', ' class="txp-list-col-id" scope="row"') . td($Title, '', 'txp-list-col-title') . td(gTime($posted), '', 'txp-list-col-created date' . ($posted < time() ? '' : ' unpublished')) . td(gTime($lastmod), '', 'txp-list-col-lastmod date articles_detail' . ($posted === $lastmod ? ' not-modified' : '')) . td($expires ? gTime($expires) : '', '', 'txp-list-col-expires date articles_detail') . td(span(txpspecialchars($section_title), array('title' => $Section)), '', 'txp-list-col-section' . $vs) . td($Category1, '', 'txp-list-col-category1 category articles_detail' . $vc[1]) . td($Category2, '', 'txp-list-col-category2 category articles_detail' . $vc[2]) . td(href($Status, $view_url, join_atts(array('title' => gTxt('view')))), '', 'txp-list-col-status') . ($show_authors ? td(span(txpspecialchars($RealName), array('title' => $AuthorID)), '', 'txp-list-col-author name') : '') . ($use_comments ? td($comments, '', 'txp-list-col-comments articles_detail') : ''));
}
echo n . tag_end('tbody') . n . tag_end('table') . n . tag_end('div') . list_multiedit_form($page, $sort, $dir, $crit, $search_method) . tInput() . n . tag_end('form') . n . tag_start('div', array('class' => 'txp-navigation', 'id' => $event . '_navigation')) . pageby_form('list', $article_list_pageby) . nav_form('list', $page, $numPages, $sort, $dir, $crit, $search_method, $total, $limit) . n . tag_end('div');
}
echo n . tag_end('div');
}
/**
* Validates article data.
*
* @param array $rs Article data
* @param string|array $msg Initial message
* @return string HTML
*/
function article_validate($rs, &$msg)
{
global $prefs, $step, $statuses;
if (!empty($msg)) {
return false;
}
$constraints = array('Status' => new ChoiceConstraint($rs['Status'], array('choices' => array_keys($statuses), 'message' => 'invalid_status')), 'Section' => new SectionConstraint($rs['Section']), 'Category1' => new CategoryConstraint($rs['Category1'], array('type' => 'article')), 'Category2' => new CategoryConstraint($rs['Category2'], array('type' => 'article')), 'textile_body' => new \Textpattern\Textfilter\Constraint($rs['textile_body'], array('message' => 'invalid_textfilter_body')), 'textile_excerpt' => new \Textpattern\Textfilter\Constraint($rs['textile_excerpt'], array('message' => 'invalid_textfilter_excerpt')));
if (!$prefs['articles_use_excerpts']) {
$constraints['excerpt_blank'] = new BlankConstraint($rs['Excerpt'], array('message' => 'excerpt_not_blank'));
}
if (!$prefs['use_comments']) {
$constraints['annotate_invite_blank'] = new BlankConstraint($rs['AnnotateInvite'], array('message' => 'invite_not_blank'));
$constraints['annotate_false'] = new FalseConstraint($rs['Annotate'], array('message' => 'comments_are_on'));
}
if ($prefs['allow_form_override']) {
$constraints['override_form'] = new FormConstraint($rs['override_form'], array('type' => 'article'));
} else {
$constraints['override_form'] = new BlankConstraint($rs['override_form'], array('message' => 'override_form_not_blank'));
}
callback_event_ref('article_ui', "validate_{$step}", 0, $rs, $constraints);
$validator = new Validator($constraints);
if ($validator->validate()) {
$msg = '';
return true;
} else {
$msg = doArray($validator->getMessages(), 'gTxt');
$msg = array(join(', ', $msg), E_ERROR);
return false;
}
}
function file_save()
{
global $file_base_path, $file_statuses, $txp_user;
$varray = array_map('assert_string', gpsa(array('id', 'category', 'title', 'description', 'status', 'publish_now', 'year', 'month', 'day', 'hour', 'minute', 'second')));
extract(doSlash($varray));
$filename = $varray['filename'] = sanitizeForFile(gps('filename'));
if ($filename == '') {
file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR));
return;
}
$id = $varray['id'] = assert_int($id);
$permissions = gps('perms');
if (is_array($permissions)) {
asort($permissions);
$permissions = implode(",", $permissions);
}
$varray['permissions'] = $permissions;
$perms = doSlash($permissions);
$rs = safe_row("filename, author", 'txp_file', "id = {$id}");
if (!has_privs('file.edit') && !($rs['author'] === $txp_user && has_privs('file.edit.own'))) {
require_privs();
}
$old_filename = $varray['old_filename'] = sanitizeForFile($rs['filename']);
if ($old_filename != false && strcmp($old_filename, $filename) != 0) {
$old_path = build_file_path($file_base_path, $old_filename);
$new_path = build_file_path($file_base_path, $filename);
if (file_exists($old_path) && shift_uploaded_file($old_path, $new_path) === false) {
file_list(array(gTxt('file_cannot_rename', array('{name}' => $filename)), E_ERROR));
return;
} else {
file_set_perm($new_path);
}
}
$created_ts = @safe_strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second);
if ($publish_now) {
$created = "NOW()";
} elseif ($created_ts > 0) {
$created = "FROM_UNIXTIME('" . $created_ts . "')";
} else {
$created = '';
}
$size = filesize(build_file_path($file_base_path, $filename));
$constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'file')), 'status' => new ChoiceConstraint(gps('status'), array('choices' => array_keys($file_statuses), 'message' => 'invalid_status')));
callback_event_ref('file_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
$rs = $validator->validate() && safe_update('txp_file', "\n filename = '" . doSlash($filename) . "',\n title = '{$title}',\n category = '{$category}',\n permissions = '{$perms}',\n description = '{$description}',\n status = '{$status}',\n size = '{$size}',\n modified = NOW()" . ($created ? ", created = {$created}" : ''), "id = {$id}");
if (!$rs) {
// Update failed, rollback name.
if (isset($old_path) && shift_uploaded_file($new_path, $old_path) === false) {
file_list(array(gTxt('file_unsynchronized', array('{name}' => $filename)), E_ERROR));
return;
} else {
file_list(array(gTxt('file_not_updated', array('{name}' => $filename)), E_ERROR));
return;
}
}
update_lastmod('file_saved', compact('id', 'filename', 'title', 'category', 'description', 'status', 'size'));
now('created', true);
file_list(gTxt('file_updated', array('{name}' => $filename)));
}
function image_save()
{
global $txp_user;
$varray = array_map('assert_string', gpsa(array('id', 'name', 'category', 'caption', 'alt')));
extract(doSlash($varray));
$id = $varray['id'] = assert_int($id);
$author = fetch('author', 'txp_image', 'id', $id);
if (!has_privs('image.edit') && !($author === $txp_user && has_privs('image.edit.own'))) {
image_list(gTxt('restricted_area'));
return;
}
$constraints = array('category' => new CategoryConstraint(gps('category'), array('type' => 'image')));
callback_event_ref('image_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
if ($validator->validate() && safe_update('txp_image', "name = '{$name}',\n category = '{$category}',\n alt = '{$alt}',\n caption = '{$caption}'", "id = {$id}")) {
$message = gTxt('image_updated', array('{name}' => doStrip($name)));
update_lastmod('image_saved', compact('id', 'name', 'category', 'alt', 'caption'));
} else {
$message = array(gTxt('image_save_failed'), E_ERROR);
}
image_list($message);
}
function link_save()
{
global $vars, $txp_user;
$varray = array_map('assert_string', gpsa($vars));
extract(doSlash($varray));
if ($id) {
$id = $varray['id'] = assert_int($id);
}
if ($linkname === '' && $url === '' && $description === '') {
link_list(array(gTxt('link_empty'), E_ERROR));
return;
}
$author = fetch('author', 'txp_link', 'id', $id);
if (!has_privs('link.edit') && !($author === $txp_user && has_privs('link.edit.own'))) {
link_list(gTxt('restricted_area'));
return;
}
if (!$linksort) {
$linksort = $linkname;
}
$constraints = array('category' => new CategoryConstraint($varray['category'], array('type' => 'link')));
callback_event_ref('link_ui', 'validate_save', 0, $varray, $constraints);
$validator = new Validator($constraints);
if ($validator->validate()) {
if ($id) {
$ok = safe_update('txp_link', "category = '{$category}',\n url = '" . trim($url) . "',\n linkname = '{$linkname}',\n linksort = '{$linksort}',\n description = '{$description}',\n author = '" . doSlash($txp_user) . "'", "id = {$id}");
} else {
$ok = safe_insert('txp_link', "category = '{$category}',\n date = NOW(),\n url = '" . trim($url) . "',\n linkname = '{$linkname}',\n linksort = '{$linksort}',\n description = '{$description}',\n author = '" . doSlash($txp_user) . "'");
if ($ok) {
$GLOBALS['ID'] = $_POST['id'] = $ok;
}
}
if ($ok) {
// update lastmod due to link feeds
update_lastmod('link_saved', compact('id', 'linkname', 'linksort', 'url', 'category', 'description'));
$message = gTxt($id ? 'link_updated' : 'link_created', array('{name}' => doStrip($linkname)));
} else {
$message = array(gTxt('link_save_failed'), E_ERROR);
}
} else {
$message = array(gTxt('link_save_failed'), E_ERROR);
}
link_list($message);
}
