/** * Set the value of all variables from an array, either DB or a form * * @param array $A Array of fields * @param boolean $fromDB True if $A is from the database, false for form */ public function SetVars($A, $fromDB = false) { if (isset($A['cal_id']) && !empty($A['cal_id'])) { $this->cal_id = $A['cal_id']; } // These fields come in the same way from DB or form $fields = array('cal_name', 'fgcolor', 'bgcolor', 'owner_id', 'group_id'); foreach ($fields as $field) { if (isset($A[$field])) { $this->{$field} = $A[$field]; } } if (isset($A['cal_status']) && $A['cal_status'] == 1) { $this->cal_status = 1; } else { $this->cal_status = 0; } if (isset($A['cal_ena_ical']) && $A['cal_ena_ical'] == 1) { $this->cal_ena_ical = 1; } else { $this->cal_ena_ical = 0; } if ($fromDB) { $this->perm_owner = $A['perm_owner']; $this->perm_group = $A['perm_group']; $this->perm_members = $A['perm_members']; $this->perm_anon = $A['perm_anon']; } else { $perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']); $this->perm_owner = $perms[0]; $this->perm_group = $perms[1]; $this->perm_members = $perms[2]; $this->perm_anon = $perms[3]; } }
function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // clean 'em up $description = addslashes(COM_checkHTML(COM_checkWords($description), 'links.edit')); $category = addslashes(COM_checkHTML(COM_checkWords($category), 'links.edit')); $pid = addslashes(strip_tags($pid)); $cid = addslashes(strip_tags($cid)); $old_cid = addslashes(strip_tags($old_cid)); if (empty($category) || empty($description)) { return 7; } // Check cid to make sure not illegal if ($cid == addslashes($_LI_CONF['root']) || $cid == 'user') { return 11; } if (!empty($cid) && $cid != $old_cid) { // this is either a new category or an attempt to change the cid // - check that cid doesn't exist yet $ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'"); if (!empty($ctrl)) { if (isset($PLG_links_MESSAGE17)) { return 17; } else { return 11; } } } // Check that they didn't delete the cid. If so, get the hidden one if (empty($cid) && !empty($old_cid)) { $cid = $old_cid; } // Make sure they aren't making a parent category child of one of it's own // children. This would create orphans if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) { return 12; } $access = 0; if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) { // update existing item, but new cid so get access from database with old cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); // set flag $update = "existing"; } else { if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // update existing item, same cid, so get access from database with existing cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); // set flag $update = "same"; } else { // new item, so use passed values $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); // set flag $update = 'new'; } } if ($access < 3) { // no access rights: user should not be here COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid)); return 6; } else { // save item if ($update == 'existing') { // update an existing item but new cid $sql = "UPDATE {$_TABLES['linkcategories']}\n SET cid='{$cid}',\n pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$old_cid}'"; $result = DB_query($sql); // Also need to update links for this category $sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'"; $result = DB_query($sql); } else { if ($update == 'same') { // update an existing item $sql = "UPDATE {$_TABLES['linkcategories']}\n SET pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$cid}'"; $result = DB_query($sql); } else { // insert a new item if (empty($cid)) { $cid = COM_makeSid(); } $sql = "INSERT INTO {$_TABLES['linkcategories']}\n (cid, pid, category, description, tid,\n created,modified,\n owner_id, group_id, perm_owner, perm_group,\n perm_members, perm_anon)\n VALUES\n ('{$cid}','{$pid}','{$category}',\n '{$description}','{$tid}',\n NOW(),NOW(),\n '{$owner_id}','{$group_id}','{$perm_owner}',\n '{$perm_group}','{$perm_members}','{$perm_anon}')"; $result = DB_query($sql); } } if ($update == 'existing' && $cid != $old_cid) { PLG_itemSaved($cid, 'links.category', $old_cid); } else { PLG_itemSaved($cid, 'links.category'); } } return 10; // success message }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF; $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } if (defined('DEMO_MODE')) { $output = COM_siteHeader('menu'); $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true); $output .= COM_siteFooter(); return PLG_REG_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_uid'])) { $args['sp_uid'] = $_USER['uid']; } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if ($args['sp_status'] != 1) { $args['sp_status'] = 0; } if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 4) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['sp_search'] != 1) { $args['sp_search'] = 0; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } else { if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_status = $args['sp_status']; $sp_uid = $args['sp_uid']; $sp_title = $args['sp_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; $sp_search = $args['sp_search']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_label = strip_tags($sp_label); $sp_content = DB_escapeString($sp_content); $sp_title = DB_escapeString($sp_title); $sp_label = DB_escapeString($sp_label); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'"; // multi-language configuration - allow one entire page // centerblock for all or none per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}"); if ($delete_old_page && !empty($sp_old_id)) { DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages')); PLG_itemDeleted($sp_old_id, 'staticpages'); } PLG_itemSaved($sp_id, 'staticpages'); $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages'); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
/** * Save topic to the database * * @param string $tid Topic ID * @param string $topic Name of topic (what the user sees) * @param string $imageurl (partial) URL to topic image * @param string $meta_description Topic meta description * @param string $meta_keywords Topic meta keywords * @param int $sortnum number for sort order in "Topics" block * @param int $limitnews number of stories per page for this topic * @param int $owner_id ID of owner * @param int $group_id ID of group topic belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_member Permissions members have * @param int $perm_anon Permissions anonymous users have * @param string $is_default 'on' if this is the default topic * @param string $is_archive 'on' if this is the archive topic * @return string HTML redirect or error message */ function savetopic($tid, $topic, $imageurl, $meta_description, $meta_keywords, $sortnum, $limitnews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive) { global $_CONF, $_TABLES, $LANG27, $MESSAGE; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $tid = COM_sanitizeID($tid); $access = 0; if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}."); } elseif (!empty($tid) && !empty($topic)) { if ($imageurl == '/images/topics/') { $imageurl = ''; } $topic = addslashes($topic); $meta_description = addslashes(strip_tags($meta_description)); $meta_keywords = addslashes(strip_tags($meta_keywords)); if ($is_default == 'on') { $is_default = 1; DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1"); } else { $is_default = 0; } $is_archive = $is_archive == 'on' ? 1 : 0; $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); if ($is_archive) { // $tid is the archive topic // - if it wasn't already, mark all its stories "archived" now if ($archivetid != $tid) { DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'"); DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"); } } else { // $tid is not the archive topic // - if it was until now, reset the "archived" status of its stories if ($archivetid == $tid) { DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'"); DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"); } } DB_save($_TABLES['topics'], 'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}', '{$meta_description}', '{$meta_keywords}','{$sortnum}','{$limitnews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article', $tid); COM_olderStuff(); $retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=13'); } else { $retval .= COM_siteHeader('menu', $LANG27[1]); $retval .= COM_errorLog($LANG27[7], 2); $retval .= COM_siteFooter(); } return $retval; }
function _loadFromArgs(&$array) { $corder = trim($array['corder']); $this->_owner_id = COM_applyFilter($array['owner_id'], true); $this->_group_id = COM_applyFilter($array['group_id'], true); $this->_cid = COM_applyFilter(trim($array['cid'])); $this->_old_cid = COM_applyFilter(trim($array['old_cid'])); $this->_pid = COM_applyFilter(trim($array['pid'])); $this->_corder = empty($corder) ? 0 : COM_applyFilter($corder, true); $this->_imgurl = COM_applyFilter($array['imgurl']); $this->_imgurlold = COM_applyFilter($array['imgurlold']); $this->_title = COM_checkHTML(COM_checkWords(trim($array['title']))); $this->_is_enabled = $array['is_enabled'] == 'on' ? 1 : 0; $this->_deleteimg = $array['deleteimg'] == 'on' ? 1 : 0; // Convert array values to numeric permission values list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']); $this->_editor_mode = COM_applyFilter($array['editor_mode']); }
/** * Saves link to the database * * @param string $lid ID for link * @param string $old_lid old ID for link * @param string $cid cid of category link belongs to * @param string $categorydd Category links belong to * @param string $url URL of link to save * @param string $description Description of link * @param string $title Title of link * @param int $hits Number of hits for link * @param int $owner_id ID of owner * @param int $group_id ID of group link belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array links plugin lang admin vars * */ function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit')); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $cid = DB_escapeString($cid); if (empty($owner_id)) { // this is new link from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } $lid = COM_sanitizeID($lid); $old_lid = COM_sanitizeID($old_lid); if (empty($lid)) { if (empty($old_lid)) { $lid = COM_makeSid(); } else { $lid = $old_lid; } } // check for link id change if (!empty($old_lid) && $lid != $old_lid) { // check if new lid is already in use if (DB_count($_TABLES['links'], 'lid', $lid) > 0) { // TBD: abort, display editor with all content intact again $lid = $old_lid; // for now ... } } $access = 0; $old_lid = DB_escapeString($old_lid); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { $cid = DB_escapeString($categorydd); } else { if ($categorydd != $LANG_LINKS_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } } DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); DB_delete($_TABLES['links'], 'lid', $old_lid); DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (empty($old_lid) || $old_lid == $lid) { PLG_itemSaved($lid, 'links'); } else { PLG_itemSaved($lid, 'links', $old_lid); } // Get category for rdf check $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('links', $category, $lid); return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2); } else { // missing fields $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $retval .= editlink('edit', $old_lid); } else { $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); return $retval; } }
/** * Sets all variables to the matching values from $rows. * * @param array $row Array of values, from DB or $_POST * @param boolean $fromDB True if read from DB, false if from $_POST */ public function SetVars($row, $fromDB = false) { global $_EV_CONF; if (!is_array($row)) { return; } $this->date_start1 = isset($row['date_start1']) && !empty($row['date_start1']) ? $row['date_start1'] : date('Y-m-d'); $this->date_end1 = isset($row['date_end1']) && !empty($row['date_end1']) ? $row['date_end1'] : $this->date_start1; $this->cal_id = $row['cal_id']; $this->show_upcoming = isset($row['show_upcoming']) ? 1 : 0; $this->recurring = isset($row['recurring']) && $row['recurring'] == 1 ? 1 : 0; $this->show_upcoming = isset($row['show_upcoming']) && $row['show_upcoming'] == 1 ? 1 : 0; if (isset($row['allday']) && $row['allday'] == 1) { $this->allday = 1; $this->split = 0; } else { $this->allday = 0; $this->split = isset($row['split']) && $row['split'] == 1 ? 1 : 0; } // Multi-day events can't be split if ($this->date_start1 != $this->date_end1) { $this->split = 0; } $this->status = isset($row['status']) && $row['status'] == 1 ? 1 : 0; $this->postmode = isset($row['postmode']) && $row['postmode'] == 'html' ? 'html' : 'plaintext'; $this->enable_reminders = isset($row['enable_reminders']) && $row['enable_reminders'] == 1 ? 1 : 0; $this->owner_id = $row['owner_id']; $this->group_id = $row['group_id']; //$this->title = $row['title']; if (isset($row['categories']) && is_array($row['categories'])) { $this->categories = $row['categories']; } // Join or split the date values as needed if ($fromDB) { // dates are YYYY-MM-DD $this->id = isset($row['id']) ? $row['id'] : ''; $this->rec_data = unserialize($row['rec_data']); if (!$this->rec_data) { $this->rec_data = array(); } $this->det_id = $row['det_id']; $this->hits = $row['hits']; $this->perm_owner = $row['perm_owner']; $this->perm_group = $row['perm_group']; $this->perm_members = $row['perm_members']; $this->perm_anon = $row['perm_anon']; $this->time_start1 = $row['time_start1']; $this->time_end1 = $row['time_end1']; $this->time_start2 = $row['time_start2']; $this->time_end2 = $row['time_end2']; $this->options = unserialize($row['options']); if (!$this->options) { $this->options = array(); } } else { // Coming from the form $this->id = isset($row['eid']) ? $row['eid'] : ''; // Ignore time entries & set to all day if flagged as such if (isset($row['allday']) && $row['allday'] == '1') { $this->time_start1 = '00:00:00'; $this->time_end1 = '23:59:59'; } else { $tmp = EVLIST_12to24($row['starthour1'], $row['start1_ampm']); $this->time_start1 = sprintf('%02d:%02d:00', $tmp, $row['startminute1']); $tmp = EVLIST_12to24($row['endhour1'], $row['end1_ampm']); $this->time_end1 = sprintf('%02d:%02d:00', $tmp, $row['endminute1']); } // If split, record second time/date values. // Splits don't support allday events if ($this->split == 1) { $tmp = EVLIST_12to24($row['starthour2'], $row['start2_ampm']); $this->time_start2 = sprintf('%02d:%02d:00', $tmp, $row['startminute2']); $tmp = EVLIST_12to24($row['endhour2'], $row['end2_ampm']); $this->time_end2 = sprintf('%02d:%02d:00', $tmp, $row['endminute1']); } else { $this->time_start2 = NULL; $this->time_end2 = NULL; } if (isset($_POST['perm_owner'])) { $perms = SEC_getPermissionValues($row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']); $this->perm_owner = $perms[0]; $this->perm_group = $perms[1]; $this->perm_members = $perms[2]; $this->perm_anon = $perms[3]; } $this->owner_id = $row['owner_id']; $this->group_id = $row['group_id']; $this->options['contactlink'] = isset($row['contactlink']) ? 1 : 0; $this->options['tickets'] = array(); if ($_EV_CONF['enable_rsvp']) { $this->options['use_rsvp'] = (int) $row['use_rsvp']; $this->options['max_rsvp'] = (int) $row['max_rsvp']; $this->options['rsvp_waitlist'] = isset($row['rsvp_waitlist']) ? 1 : 0; $this->options['rsvp_cutoff'] = (int) $row['rsvp_cutoff']; if ($this->options['max_rsvp'] < 0) { $this->options['max_rsvp'] = 0; } $this->options['max_user_rsvp'] = (int) $row['max_user_rsvp']; if (!isset($row['tickets']) || !is_array($row['tickets'])) { // if no ticket specified but rsvp is ensabled, make sure // the general admission ticket is set for free $row['tickets'] = array(1); $row['tick_fees'] = array(0); } foreach ($row['tickets'] as $tick_id => $tick_data) { $tick_fee = isset($row['tick_fees'][$tick_id]) ? (double) $row['tick_fees'][$tick_id] : 0; $this->options['tickets'][$tick_id] = array('fee' => $tick_fee); } $this->options['rsvp_print'] = $row['rsvp_print']; } else { $this->options['use_rsvp'] = 0; $this->options['max_rsvp'] = 0; $this->options['rsvp_cutoff'] = 0; $this->options['rsvp_waitlist'] = 0; $this->options['max_user_rsvp'] = 1; $this->options['rsvp_print'] = 0; } } }
/** * Save topic to the database * * @param string $tid Topic ID * @param string $topic Name of topic (what the user sees) * @param string $imageurl (partial) URL to topic image * @param int $sortnum number for sort order in "Topics" block * @param int $limitnews number of stories per page for this topic * @param int $owner_id ID of owner * @param int $group_id ID of group topic belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @param string $is_default 'on' if this is the default topic * @param string $archive_flag 'on' if this is the archive topic * @return string HTML redirect or error message */ function TOPIC_save($T) { global $_CONF, $_TABLES, $LANG27, $MESSAGE; $retval = ''; $tid = isset($T['tid']) ? $T['tid'] : ''; $topic = $T['topic']; $imageurl = $T['imageurl']; $sortnum = $T['sortnum']; $sort_by = $T['sort_by']; $limitnews = $T['limitnews']; $sort_dir = $T['sort_dir']; $owner_id = $T['owner_id']; $group_id = $T['group_id']; $perm_owner = $T['perm_owner']; $perm_group = $T['perm_group']; $perm_members = $T['perm_members']; $perm_anon = $T['perm_anon']; $is_default = $T['is_default']; $archive_flag = $T['archive_flag']; // error checks... if (empty($tid)) { $msg = $LANG27[7]; $retval .= COM_siteHeader(); $retval .= TOPIC_edit('', $T, $msg); $retval .= COM_siteFooter(); return $retval; } if (empty($topic)) { $msg = $LANG27[7]; $retval .= COM_siteHeader(); $retval .= TOPIC_edit('', $T, $msg); $retval .= COM_siteFooter(); return $retval; } if (strstr($tid, ' ')) { $msg = $LANG27[42]; $retval .= COM_siteHeader(); $retval .= TOPIC_edit('', $T, $msg); $retval .= COM_siteFooter(); return $retval; } if ($sortnum != '') { $tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($sortnum) . '"'); $newSortNum = $tidSortNumber + 1; } else { $newSortNum = 0; } $T['sortnum'] = $newSortNum; list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $tid = COM_sanitizeID($tid); $access = 0; if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'"); $A = DB_fetchArray($result); if (SEC_inGroup('Topic Admin')) { $access = 3; } else { $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } } else { if (SEC_inGroup('Topic Admin')) { $access = 3; } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]); $retval .= COM_showMessageText($MESSAGE[32], $MESSAGE[30], true); $retval .= COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}."); } elseif (!empty($tid) && !empty($topic)) { if ($imageurl == '/images/topics/') { $imageurl = ''; } $topic = DB_escapeString(strip_tags($topic)); if ($is_default == 'on') { $is_default = 1; DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1"); } else { $is_default = 0; } $archive_flag = $archive_flag == 'on' ? 1 : 0; $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); if ($archive_flag) { // $tid is the archive topic // - if it wasn't already, mark all its stories "archived" now if ($archivetid != $tid) { DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'"); DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"); } } else { // $tid is not the archive topic // - if it was until now, reset the "archived" status of its stories if ($archivetid == $tid) { DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'"); DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"); } } if ($sortnum != '') { $tidSortNumber = DB_getItem($_TABLES['topics'], 'sortnum', 'tid="' . DB_escapeString($sortnum) . '"'); $newSortNum = $tidSortNumber + 1; } else { $newSortNum = 0; } DB_save($_TABLES['topics'], 'tid, topic, imageurl, sortnum, sort_by, sort_dir, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}','{$newSortNum}',{$sort_by},'{$sort_dir}','{$limitnews}',{$is_default},'{$archive_flag}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); TOPIC_reorderTopics(); // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article', $tid); COM_olderStuff(); CACHE_remove_instance('stmenu'); COM_setMessage(13); $retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php'); } else { $retval .= COM_siteHeader('menu', $LANG27[1]); $retval .= COM_errorLog($LANG27[7], 2); $retval .= COM_siteFooter(); } return $retval; }
/** * Saves a Auto Tag to the database * */ function saveautotags($tag, $old_tag, $description, $is_enabled, $is_function, $replacement, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $LANG_AUTO, $_AUTO_CONF, $_TABLES; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } $old_tag = COM_applyFilter($old_tag); // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['autotags'], 'tag', $tag) > 0) { if ($tag != $old_tag) { $duplicate_id = true; } } elseif (!empty($old_tag)) { if ($tag != $old_tag) { $delete_old_page = true; } } $is_function = $is_function == 'on' ? 1 : 0; // If user does not have php edit perms, then set php flag to 0. if ($_AUTO_CONF['allow_php'] != 1 || !SEC_hasRights('autotags.PHP')) { $is_function = 0; } $retval = ''; if ($duplicate_id) { $retval .= COM_siteHeader(); $retval .= COM_errorLog($LANG_AUTO['duplicate_tag'], 2); $retval .= autotagseditor($tag); $retval .= COM_siteFooter(); } elseif (!empty($tag) && in_array($tag, autotags_existing_tags())) { $retval .= COM_siteHeader(); $retval .= COM_errorLog($LANG_AUTO['disallowed_tag'], 2); $retval .= autotagseditor(''); $retval .= COM_siteFooter(); } elseif (!empty($tag) && (!empty($replacement) || $is_function == 1)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } // Clean up the text $description = strip_tags($description); $description = addslashes($description); $replacement = addslashes($replacement); DB_save($_TABLES['autotags'], 'tag,description,is_enabled,is_function,replacement,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$tag}','{$description}',{$is_enabled},{$is_function},'{$replacement}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if ($delete_old_page && !empty($old_tag)) { DB_delete($_TABLES['autotags'], 'tag', $old_tag); } $retval = COM_refresh($_CONF['site_admin_url'] . '/plugins/autotags/index.php'); } else { $retval .= COM_siteHeader(); $retval .= COM_errorLog($LANG_AUTO['no_tag_or_replacement'], 2); $retval .= autotagseditor($tag); $retval .= COM_siteFooter(); } return $retval; }
if ($cat_id > 0) { //catDelImage($cat_id); adCategory::DelImage($cat_id); } $view = 'editcat'; break;*/ case 'resetadperms': $perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']); $sql = "UPDATE\n {$_TABLES['ad_ads']}\n SET\n perm_owner={$perms[0]},\n perm_group={$perms[1]},\n perm_members={$perms[2]},\n perm_anon={$perms[3]},\n group_id=" . COM_applyFilter($_POST['group_id'], true); DB_query($sql); $content .= COM_showMessage('09', $_CONF_ADVT['pi_name']); $view = 'admin'; $actionval = 'other'; break; case 'resetcatperms': $perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']); $sql = "UPDATE\n {$_TABLES['ad_category']}\n SET\n perm_owner={$perms[0]},\n perm_group={$perms[1]},\n perm_members={$perms[2]},\n perm_anon={$perms[3]},\n group_id=" . COM_applyFilter($_POST['group_id'], true); DB_query($sql); $content .= COM_showMessage('09', $_CONF_ADVT['pi_name']); $view = 'admin'; $actionval = 'other'; break; case 'toggleadtype': USES_classifieds_class_adtype(); AdType::toggleEnabled($ad_id, $_REQUEST['enabled']); $view = 'admintypes'; break; /* case 'saveadtype': USES_classifieds_class_adtype(); $AdType = new AdType($ad_id); $AdType->SetVars($_POST);
/** * Saves a poll * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainPage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param string $meta_description * @param string $meta_keywords * @param int $statusCode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideResults Checkbox: hide results until closed * @param int $commentCode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_group Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @param bool $allow_multipleanswers * @param string $topic_description * @param string $description * @return string|void */ function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $topic = COM_checkHTML($topic); $topic_description = strip_tags(COM_stripslashes($topic_description)); $meta_description = strip_tags(COM_stripslashes($meta_description)); $meta_keywords = strip_tags(COM_stripslashes($meta_keywords)); $pid = COM_sanitizeID($pid); $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) { $retval .= COM_showMessageText($LANG25[2], $LANG21[32]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5])); return $retval; } if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); COM_output($display); exit; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } // Retrieve Created Date before delete $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'"); if ($created_date == '') { $created_date = date('Y-m-d H:i:s'); } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = GLText::remove4byteUtf8Chars($topic); $topic = DB_escapeString($topic); $topic_description = GLText::remove4byteUtf8Chars($topic_description); $topic_description = DB_escapeString($topic_description); $meta_description = GLText::remove4byteUtf8Chars($meta_description); $meta_description = DB_escapeString($meta_description); $meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords); $meta_keywords = DB_escapeString($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's // first dimension of array are the questions $num_questions = count($Q); $num_total_votes = 0; $num_questions_exist = 0; for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); $Q[$i] = COM_checkHTML($Q[$i]); $Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]); $allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i])); $description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i]))); if ($allow_multipleanswers[$i] == 'on') { $allow_multipleanswers[$i] = 1; } else { $allow_multipleanswers[$i] = 0; } if (strlen($Q[$i]) > 0) { // only insert questions that exist $num_questions_exist++; $Q[$i] = DB_escapeString($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); $A[$i][$j] = COM_checkHTML($A[$i][$j]); $A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]); $R[$i][$j] = COM_stripslashes($R[$i][$j]); $R[$i][$j] = COM_checkHTML($R[$i][$j]); $R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = DB_escapeString($A[$i][$j]); $R[$i][$j] = DB_escapeString($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $num_total_votes = $num_total_votes + $V[$i][$j]; } } $k++; } } // determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime']) if ($num_questions_exist > 0) { $numVoters = $num_total_votes / $num_questions_exist; } else { // This shouldn't happen $numVoters = $num_total_votes; } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s'); if ($mainPage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideResults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls')); DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid)); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); }
/** * Insert or update an ad with form values. Setting $admin to true * allows ads to be saved on behalf of another user. * * @param string $savetype Save action to perform * @return array * [0] = string value of page to redirect to * [1] = content of any error message or text */ function adSave($savetype = 'edit') { global $_TABLES, $_CONF_ADVT, $_USER, $_CONF, $LANG_ADVT, $LANG12; global $LANG_ADMIN; $admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin'); // Sanitize form variables. There should always be an ad id defined $A = array(); if (isset($_POST['ad_id'])) { $A['ad_id'] = COM_sanitizeID($_POST['ad_id'], false); } elseif (isset($_POST['id'])) { $A['ad_id'] = COM_sanitizeID($_POST['id'], false); } if ($A['ad_id'] == '') { return array(CLASSIFIEDS_URL, 'Missing Ad ID'); } // Make sure the current user can edit this ad. if (CLASSIFIEDS_checkAccess($A['ad_id']) < 3) { return array(); } $A['subject'] = trim($_POST['subject']); $A['descript'] = trim($_POST['descript']); if ($_POST['postmode'] == 'plaintext') { $A['descript'] = nl2br($A['descript']); } $A['price'] = trim($_POST['price']); $A['url'] = COM_sanitizeUrl($_POST['url'], array('http', 'https'), 'http'); $A['catid'] = (int) $_POST['catid']; $A['ad_type'] = (int) $_POST['ad_type']; $A['keywords'] = trim($_POST['keywords']); $A['add_date'] = COM_applyFilter($_POST['add_date'], true); $A['exp_date'] = COM_applyFilter($_POST['exp_date'], true); if ($A['exp_date'] == 0) { $A['exp_date'] = $A['add_date']; } $A['exp_sent'] = (int) $_POST['exp_sent'] == 1 ? 1 : 0; $A['owner_id'] = (int) $_POST['owner_id']; $A['group_id'] = (int) $_POST['group_id']; $A['uid'] = $A['owner_id']; $A['comments_enabled'] = (int) $_POST['comments_enabled']; switch ($savetype) { case 'moderate': case 'adminupdate': case 'savesubmission': case 'editsubmission': case 'submission': $perms = SEC_getPermissionValues($_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']); $A['perms'] = $perms; break; case $LANG_ADMIN['save']: case $LANG12[8]: default: $A['perms'] = array((int) $_POST['perm_owner'], (int) $_POST['perm_group'], (int) $_POST['perm_members'], (int) $_POST['perm_anon']); break; } // Set anon permissions according to category if not an admin. // To avoid form injection. if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') { $A['perms'][3] = 0; } $photo = $_FILES['photo']; $moredays = COM_applyFilter($_POST['moredays'], true); if ($_CONF_ADVT['purchase_enabled'] && !$admin) { // non-administrator is limited to the available days on account, // if applicable. USES_classifieds_class_userinfo(); $User = new adUserInfo(); $moredays = min($moredays, $User->getMaxDays()); } // Validate some fields. $errmsg = ''; if ($A['subject'] == '') { $errmsg .= "<li>{$LANG_ADVT['subject_required']}</li>"; } if ($A['descript'] == '') { $errmsg .= "<li>{$LANG_ADVT['description_required']}</li>"; } if ($errmsg != '') { $errmsg = "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n"; // return to edit page so user can correct return array(1, $errmsg); //return $errmsg; } // Calculate the new number of days. For an existing ad start from the // date added, if new then start from now. If the ad has already expired, // then $moredays will be added to now() rather than exp_date. if ($moredays > 0) { $moretime = $moredays * 86400; $save_exp_date = $A['exp_date']; if ($A['exp_date'] < time()) { $basetime = time(); } else { $basetime = $A['exp_date']; } $A['exp_date'] = min($basetime + $moretime, $A['add_date'] + intval($_CONF_ADVT['max_total_duration']) * 86400); // Figure out the number of days added to this ad, and subtract // it from the user's account. $days_used = (int) (($A['exp_date'] - $save_exp_date) / 86400); if ($_CONF_ADVT['purchase_enabled'] && !$admin) { $User->UpdateDaysBalance($days_used * -1); } // Reset the "expiration notice sent" flag if the new date is at least // one more day from the old one. //if ($A['exp_date'] - $save_exp_date >= 86400) { if ($days_used > 0) { $A['exp_sent'] = 0; } } $errmsg .= CLASSIFIEDS_UploadPhoto($A['ad_id'], 'photo'); if ($errmsg != '') { // Display the real error message, if there is one return array(1, "<span class=\"alert\"><ul>{$errmsg}</ul></span>\n"); //return "<span class=\"alert\"><ul>$errmsg</ul></span>\n"; } if (($savetype == 'moderate' || $savetype == 'editsubmission' || $savetype == 'submission') && plugin_ismoderator_classifieds()) { // If we're editing a submission, delete the submission item // after moving data to the main table $status = CLASSIFIEDS_insertAd($A, 'ad_ads'); if ($status == NULL) { DB_delete($_TABLES['ad_submission'], 'ad_id', $A['ad_id']); } else { $errmsg = $status; } // Now we've duplicated most functions of the moderator approval, // so call the plugin_ function to do the same post-approval stuff plugin_moderationapprove_classifieds($A['ad_id'], $A['owner_id']); } elseif (CLASSIFIEDS_checkAccess($A['ad_id']) == 3) { CLASSIFIEDS_updateAd($A); } else { return array(1, "Acess Denied"); } //$errmsg = COM_showMessage('02', $_CONF_ADVT['pi_name']); //$errmsg = ''; if ($errmsg == '') { return array(0, '02'); } else { return array(1, $errmsg); } //return $errmsg; }
/** * Set values of one menuitem in global array $MI */ function CMED_setMI() { global $_CONF, $MI; $url = trim($_POST['url']); $icon_url = trim($_POST['icon_url']); $menuorder = trim($_POST['menuorder']); $MI = array('mid' => COM_applyFilter($_POST['mid']), 'pmid' => COM_applyFilter($_POST['pmid']), 'is_enabled' => $_POST['is_enabled'] == 'on' ? 1 : 0, 'type' => $_POST['type'], 'mode' => $_POST['mmode'], 'label' => $_POST['title_fixation'], 'label_var' => $_POST['title_variable'], 'php_function' => $_POST['php_function'], 'url' => empty($url) ? '' : strip_tags($url), 'icon_url' => empty($icon_url) ? '' : strip_tags($icon_url), 'tid' => COM_applyFilter($_POST['tid']), 'menuorder' => empty($menuorder) ? 0 : COM_applyFilter($menuorder, true), 'pattern' => $_POST['pattern'], 'is_preg' => $_POST['is_preg'] == 'on' ? 1 : 0, 'class_name' => COM_applyFilter($_POST['class_name']), 'owner_id' => COM_applyFilter($_POST['owner_id'], true), 'group_id' => COM_applyFilter($_POST['group_id'], true), 'perm_owner' => $_POST['perm_owner'], 'perm_group' => $_POST['perm_group'], 'perm_members' => $_POST['perm_members'], 'perm_anon' => $_POST['perm_anon'], 'old_mid' => COM_applyFilter($_POST['old_mid'])); // Convert array values to numeric permission values list($MI['perm_owner'], $MI['perm_group'], $MI['perm_members'], $MI['perm_anon']) = SEC_getPermissionValues($MI['perm_owner'], $MI['perm_group'], $MI['perm_members'], $MI['perm_anon']); }
/** * Saves a block * * @param string $bid Block ID * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Topic block should appear in * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @return string HTML redirect or error message * */ function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $tid, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE; $retval = ''; $title = addslashes(COM_stripslashes(strip_tags($title))); $phpblockfn = addslashes(COM_stripslashes(trim($phpblockfn))); if (empty($title)) { $retval .= COM_siteHeader('menu', $LANG21[63]) . COM_startBlock($LANG21[63], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[64] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter(); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !hasBlockTopicAccess($tid) || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'gldefault' && strlen($blockorder) > 0 or $type == 'phpblock' && !empty($phpblockfn) && !empty($title)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 'on') { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } else { if (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { if ($name != 'older_stories') { $content = ''; } $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_siteHeader('menu', $LANG21[37]) . COM_startBlock($LANG21[37], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG21[38] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter(); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; $content = addslashes($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = addslashes($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '0000-00-00 00:00:00'; } if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},NULL,NULL"); } else { $sql = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,tid,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$tid}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags})"; DB_query($sql); $bid = DB_insertId(); } if ($type == 'gldefault' && $name == 'older_stories') { COM_olderStuff(); } return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11'); } else { $retval .= COM_siteHeader('menu', $LANG21[32]) . COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header')); if ($type == 'portal') { // Portal block is missing fields $retval .= $LANG21[33]; } else { if ($type == 'phpblock') { // PHP Block is missing field $retval .= $LANG21[34]; } else { if ($type == 'normal') { // Normal block is missing field $retval .= $LANG21[35]; } else { if ($type == 'gldefault') { // Default geeklog field missing $retval .= $LANG21[42]; } else { // Layout block missing content $retval .= $LANG21[36]; } } } } $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')) . editblock($bid) . COM_siteFooter(); } return $retval; }
function fncSave($edt_flg, $navbarMenu, $menuno) { $pi_name = "userbox"; global $_CONF; global $_TABLES; global $_USER; global $_USERBOX_CONF; global $LANG_USERBOX_ADMIN; global $_FILES; $addition_def = DATABOX_getadditiondef($pi_name); $retval = ''; // clean 'em up $id = COM_applyFilter($_POST['id'], true); $fieldset_id = COM_applyFilter($_POST['fieldset'], true); //@@@@@ username fullname $username = COM_applyFilter($_POST['username']); $username = addslashes(COM_checkHTML(COM_checkWords($username))); $fullname = COM_applyFilter($_POST['fullname']); $fullname = addslashes(COM_checkHTML(COM_checkWords($fullname))); $page_title = COM_applyFilter($_POST['page_title']); $page_title = addslashes(COM_checkHTML(COM_checkWords($page_title))); $description = $_POST['description']; //COM_applyFilter($_POST['description']); $description = addslashes(COM_checkHTML(COM_checkWords($description))); $defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']); $defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory))); $draft_flag = COM_applyFilter($_POST['draft_flag'], true); // $hits =0; // $comments=0; $comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true); if ($comment_expire_flag) { $comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true); $comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true); $comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true); $comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true); $comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true); if ($comment_expire_ampm == 'pm') { if ($comment_expire_hour < 12) { $comment_expire_hour = $comment_expire_hour + 12; } } if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) { $comment_expire_hour = '00'; } } else { $comment_expire_month = 0; $comment_expire_day = 0; $comment_expire_year = 0; $comment_expire_hour = 0; $comment_expire_minute = 0; } $commentcode = COM_applyFilter($_POST['commentcode'], true); $trackbackcode = COM_applyFilter($_POST['trackbackcode'], true); $cache_time = COM_applyFilter($_POST['cache_time'], true); $meta_description = $_POST['meta_description']; $meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description))); $meta_keywords = $_POST['meta_keywords']; $meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords))); $language_id = COM_applyFilter($_POST['language_id']); $language_id = addslashes(COM_checkHTML(COM_checkWords($language_id))); $category = $_POST['category']; //@@@@@ $additionfields = $_POST['afield']; $additionfields_old = $_POST['afield']; $additionfields_fnm = $_POST['afield_fnm']; $additionfields_del = $_POST['afield_del']; $additionfields_alt = $_POST['afield_alt']; $additionfields_date = array(); $dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt); // $owner_id = COM_applyFilter($_POST['owner_id'], true); $group_id = COM_applyFilter($_POST['group_id'], true); // $array['perm_owner'] = $_POST['perm_owner']; $array['perm_group'] = $_POST['perm_group']; $array['perm_members'] = $_POST['perm_members']; $array['perm_anon'] = $_POST['perm_anon']; if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']); } else { $perm_owner = COM_applyBasicFilter($array['perm_owner'], true); $perm_group = COM_applyBasicFilter($array['perm_group'], true); $perm_members = COM_applyBasicFilter($array['perm_members'], true); $perm_anon = COM_applyBasicFilter($array['perm_anon'], true); } //編集日付 $modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true); if ($modified_autoupdate == 1) { //$udate = date('Ymd'); $modified_month = date('m'); $modified_day = date('d'); $modified_year = date('Y'); $modified_hour = date('H'); $modified_minute = date('i'); } else { $modified_month = COM_applyFilter($_POST['modified_month'], true); $modified_day = COM_applyFilter($_POST['modified_day'], true); $modified_year = COM_applyFilter($_POST['modified_year'], true); $modified_hour = COM_applyFilter($_POST['modified_hour'], true); $modified_minute = COM_applyFilter($_POST['modified_minute'], true); $modified_ampm = COM_applyFilter($_POST['modified_ampm']); if ($modified_ampm == 'pm') { if ($modified_hour < 12) { $modified_hour = $modified_hour + 12; } } if ($modified_ampm == 'am' and $modified_hour == 12) { $modified_hour = '00'; } } //公開日 $released_month = COM_applyFilter($_POST['released_month'], true); $released_day = COM_applyFilter($_POST['released_day'], true); $released_year = COM_applyFilter($_POST['released_year'], true); $released_hour = COM_applyFilter($_POST['released_hour'], true); $released_minute = COM_applyFilter($_POST['released_minute'], true); if ($released_ampm == 'pm') { if ($released_hour < 12) { $released_hour = $released_hour + 12; } } if ($released_ampm == 'am' and $released_hour == 12) { $released_hour = '00'; } //公開終了日 $expired_flag = COM_applyFilter($_POST['expired_flag'], true); if ($expired_flag) { $expired_month = COM_applyFilter($_POST['expired_month'], true); $expired_day = COM_applyFilter($_POST['expired_day'], true); $expired_year = COM_applyFilter($_POST['expired_year'], true); $expired_hour = COM_applyFilter($_POST['expired_hour'], true); $expired_minute = COM_applyFilter($_POST['expired_minute'], true); if ($expired_ampm == 'pm') { if ($expired_hour < 12) { $expired_hour = $expired_hour + 12; } } if ($expired_ampm == 'am' and $expired_hour == 12) { $expired_hour = '00'; } } else { $expired_month = 0; $expired_day = 0; $expired_year = 0; $expired_hour = 0; $expired_minute = 0; } $created = COM_applyFilter($_POST['created_un']); $orderno = mb_convert_kana($_POST['orderno'], "a"); //全角英数字を半角英数字に変換する $orderno = COM_applyFilter($orderno, true); //$name = mb_convert_kana($name,"AKV"); //A:半角英数字を全角英数字に変換する //K:半角カタカナを全角カタカナに変換する //V:濁点つきの文字を1文字に変換する (K、H と共に利用する) //$name = str_replace ("'", "’",$name); //$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する //----- $type = 1; $uuid = $_USER['uid']; // CHECK はじめ $err = ""; //id if ($id == 0) { //$err.=$LANG_USERBOX_ADMIN['err_uid']."<br {XHTML}>".LB; } else { if (!is_numeric($id)) { $err .= $LANG_USERBOX_ADMIN['err_id'] . "<br {XHTML}>" . LB; } } //文字数制限チェック if (mb_strlen($description, 'UTF-8') > $_USERBOX_CONF['maxlength_description']) { $err .= $LANG_USERBOX_ADMIN['description'] . $_USERBOX_CONF['maxlength_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } if (mb_strlen($meta_description, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_description']) { $err .= $LANG_USERBOX_ADMIN['meta_description'] . $_USERBOX_CONF['maxlength_meta_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } if (mb_strlen($meta_keywords, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_keywords']) { $err .= $LANG_USERBOX_ADMIN['meta_keywords'] . $_USERBOX_CONF['maxlength_meta_keywords'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB; } //----追加項目チェック $err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt); //編集日付 $modified = $modified_year . "-" . $modified_month . "-" . $modified_day; if (checkdate($modified_month, $modified_day, $modified_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_modified'] . "<br {XHTML}>" . LB; } $modified = COM_convertDate2Timestamp($modified_year . "-" . $modified_month . "-" . $modified_day, $modified_hour . ":" . $modified_minute . "::00"); //公開日 $released = $released_year . "-" . $released_month . "-" . $released_day; if (checkdate($released_month, $released_day, $released_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_released'] . "<br {XHTML}>" . LB; } $released = COM_convertDate2Timestamp($released_year . "-" . $released_month . "-" . $released_day, $released_hour . ":" . $released_minute . "::00"); //コメント受付終了日時 if ($comment_expire_flag) { if (checkdate($comment_expire_month, $comment_expire_day, $comment_expire_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_comment_expire'] . "<br {XHTML}>" . LB; } $comment_expire = COM_convertDate2Timestamp($comment_expire_year . "-" . $comment_expire_month . "-" . $comment_expire_day, $comment_expire_hour . ":" . $comment_expire_minute . "::00"); } else { $comment_expire = '0000-00-00 00:00:00'; //$comment_expire=""; } //公開終了日 if ($expired_flag) { if (checkdate($expired_month, $expired_day, $expired_year) == false) { $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB; } $expired = COM_convertDate2Timestamp($expired_year . "-" . $expired_month . "-" . $expired_day, $expired_hour . ":" . $expired_minute . "::00"); if ($expired < $released) { $err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB; } } else { $expired = '0000-00-00 00:00:00'; //$expired=""; } //errorのあるとき if ($err != "") { $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit']; $retval['display'] = fncEdit($id, $edt_flg, 3, $err); return $retval; } // CHECK おわり if ($id == 0) { $w = DB_getItem($_TABLES['USERBOX_base'], "max(id)", "1=1"); if ($w == "") { $w = 0; } $id = $w + 1; $created_month = date('m'); $created_day = date('d'); $created_year = date('Y'); $created_hour = date('H'); $created_minute = date('i'); $created = COM_convertDate2Timestamp($created_year . "-" . $created_month . "-" . $created_day, $created_hour . ":" . $created_minute . "::00"); } $hits = 0; $comments = 0; $fields = "id"; $values = "{$id}"; $fields .= ",page_title"; // $values .= ",'{$page_title}'"; $fields .= ",description"; // $values .= ",'{$description}'"; $fields .= ",defaulttemplatesdirectory"; // $values .= ",'{$defaulttemplatesdirectory}'"; //$fields.=",hits";// //$values.=",$hits"; $fields .= ",comments"; // $values .= ",{$comments}"; $fields .= ",meta_description"; // $values .= ",'{$meta_description}'"; $fields .= ",meta_keywords"; // $values .= ",'{$meta_keywords}'"; $fields .= ",commentcode"; // $values .= ",{$commentcode}"; $fields .= ",trackbackcode"; // $values .= ",{$trackbackcode}"; $fields .= ",cache_time"; // $values .= ",{$cache_time}"; $fields .= ",comment_expire"; // if ($comment_expire == '0000-00-00 00:00:00') { $values .= ",'{$comment_expire}'"; } else { $values .= ",FROM_UNIXTIME('{$comment_expire}')"; } $fields .= ",language_id"; // $values .= ",'{$language_id}'"; $fields .= ",owner_id"; $values .= ",{$owner_id}"; $fields .= ",group_id"; $values .= ",{$group_id}"; $fields .= ",perm_owner"; $values .= ",{$perm_owner}"; $fields .= ",perm_group"; $values .= ",{$perm_group}"; $fields .= ",perm_members"; $values .= ",{$perm_members}"; $fields .= ",perm_anon"; $values .= ",{$perm_anon}"; $fields .= ",modified"; $values .= ",FROM_UNIXTIME('{$modified}')"; if ($created != "") { $fields .= ",created"; $values .= ",FROM_UNIXTIME('{$created}')"; } $fields .= ",expired"; if ($expired == '0000-00-00 00:00:00') { $values .= ",'{$expired}'"; } else { $values .= ",FROM_UNIXTIME('{$expired}')"; } $fields .= ",released"; $values .= ",FROM_UNIXTIME('{$released}')"; $fields .= ",orderno"; // $values .= ",{$orderno}"; $fields .= ",fieldset_id"; // $values .= ",{$fieldset_id}"; $fields .= ",uuid"; $values .= ",{$uuid}"; $fields .= ",draft_flag"; $values .= ",{$draft_flag}"; DB_save($_TABLES['USERBOX_base'], $fields, $values); //カテゴリ $rt = DATABOX_savecategorydatas($id, $category, $pi_name); //追加項目 DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt); $rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name); //user (コアのテーブル) //kokoka $sql = "UPDATE " . $_TABLES['users'] . " SET "; $sql .= " fullname ='" . $fullname . "'"; $sql .= " WHERE uid=" . $id; DB_query($sql); $rt = fncsendmail('data', $id); $cacheInstance = 'userbox__' . $id . '__'; CACHE_remove_instance($cacheInstance); //exit;// debug 用 // if ($edt_flg){ // $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT; // $return_page.="?id=".$id; // }else{ // $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1'; // } // return COM_refresh ($return_page); if ($_USERBOX_CONF['aftersave_admin'] === 'no') { $retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit']; $retval['display'] .= fncEdit($id, $edt_flg, 1, ""); return $retval; } else { if ($_USERBOX_CONF['aftersave_admin'] === 'list') { $url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/profile.php"; $item_url = COM_buildURL($url); $target = 'item'; } else { $url = $_CONF['site_url'] . "/userbox/profile.php"; $url .= "?"; //コード使用の時 if ($_USERBOX_CONF['datacode']) { $url .= "code=" . $username; $url .= "&m=code"; } else { $url .= "id=" . $id; $url .= "&m=id"; } $item_url = COM_buildUrl($url); $target = $_USERBOX_CONF['aftersave_admin']; } } $return_page = PLG_afterSaveSwitch($target, $item_url, 'userbox', 1); echo $return_page; exit; }
/** * Saves the global configuration to all albums * * @return string HTML * */ function MG_saveGlobalAlbumPerm() { global $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00; if (!SEC_hasRights('mediagallery.admin')) { COM_errorLog("Media Gallery user attempted to edit global album attributes without proper accss."); return COM_showMessageText($LANG_MG00['access_denied_msg']); } $A['group_id'] = COM_applyFilter($_POST['group_id'], true); $A['member_uploads'] = COM_applyFilter($_POST['member_upload'], true); $A['moderate'] = COM_applyFilter($_POST['moderation'], true); $A['mod_group_id'] = COM_applyFilter($_POST['mod_id'], true); $A['email_mod'] = COM_applyFilter($_POST['email_mod'], true); $adminMenu = COM_applyFilter($_POST['admin_menu'], true); $perm_owner = $_POST['perm_owner']; $perm_group = $_POST['perm_group']; $perm_members = $_POST['perm_members']; $perm_anon = $_POST['perm_anon']; $group_id = $_POST['group_id']; // Convert array values to numeric permission values list($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $group_active = COM_applyFilter($_POST['group_active'], true); $perm_active = COM_applyFilter($_POST['perm_active'], true); $upload_active = COM_applyFilter($_POST['upload_active'], true); $moderate_active = COM_applyFilter($_POST['moderate_active'], true); $mod_group_active = COM_applyFilter($_POST['mod_group_active'], true); $email_mod_active = COM_applyFilter($_POST['email_mod_active'], true); $updateSQL = ''; $updateSQL .= $group_active ? "group_id={$group_id}" : ''; $updateSQL .= $perm_active ? ($updateSQL != '' ? ',' : '') . "perm_owner={$A['perm_owner']},perm_group={$A['perm_group']},perm_members={$A['perm_members']},perm_anon={$A['perm_anon']}" : ''; $updateSQL .= $upload_active ? ($updateSQL != '' ? ',' : '') . "member_uploads={$A['member_uploads']}" : ''; $updateSQL .= $moderate_active ? ($updateSQL != '' ? ',' : '') . "moderate={$A['moderate']}" : ''; $updateSQL .= $mod_group_active ? ($updateSQL != '' ? ',' : '') . "mod_group_id={$A['mod_group_id']}" : ''; $updateSQL .= $email_mod_active ? ($updateSQL != '' ? ',' : '') . "email_mod={$A['email_mod']}" : ''; if ($updateSQL != '') { $sql = "UPDATE {$_TABLES['mg_albums']} SET " . $updateSQL; DB_query($sql); require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_GlobalrebuildAllAlbumsRSS(0); } if ($adminMenu == 1) { echo COM_refresh($_MG_CONF['admin_url'] . '/index.php?msg=10'); } else { echo COM_refresh($_MG_CONF['site_url'] . '/index.php'); } exit; }
function MG_saveMemberDefaults() { global $_CONF, $_MG_CONF, $_TABLES, $_USER, $_POST; $member_albums = isset($_POST['member_albums']) ? COM_applyFilter($_POST['member_albums'], true) : 0; $member_quota = COM_applyFilter($_POST['member_quota'], true) * 1048576; $auto_create = isset($_POST['auto_create']) ? COM_applyFilter($_POST['auto_create'], true) : 0; $allow_create = isset($_POST['allow_create']) ? COM_applyFilter($_POST['allow_create'], true) : 0; $member_use_fullname = isset($_POST['member_use_fullname']) ? COM_applyFilter($_POST['member_use_fullname'], true) : 0; $feature_member_album = isset($_POST['feature_member_album']) ? COM_applyFilter($_POST['feature_member_album'], true) : 0; $allow_remote = isset($_POST['allow_remote']) ? COM_applyFilter($_POST['allow_remote'], true) : 0; $member_root = isset($_POST['member_root']) ? COM_applyFilter($_POST['member_root'], true) : 0; $member_archive = isset($_POST['member_archive']) ? COM_applyFilter($_POST['member_archive'], true) : 0; $enable_random = isset($_POST['enable_random']) ? COM_applyFilter($_POST['enable_random'], true) : 0; $max_image_width = COM_applyFilter($_POST['max_image_width'], true); $max_image_height = COM_applyFilter($_POST['max_image_height'], true); $max_filesize = COM_applyFilter($_POST['max_filesize'], true) * 1024; $uploads = isset($_POST['uploads']) ? COM_applyFilter($_POST['uploads'], true) : 0; $moderate = isset($_POST['moderate']) ? COM_applyFilter($_POST['moderate'], true) : 0; $mod_id = COM_applyFilter($_POST['mod_id'], true); $email_mod = isset($_POST['email_mod']) ? COM_applyFilter($_POST['email_mod'], true) : 0; $tperm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0; $tperm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0; $tperm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0; $tperm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0; list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($tperm_owner, $tperm_group, $tperm_members, $tperm_anon); // valid media formats.... $format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0; $format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0; $format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0; $format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0; $format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0; $format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0; $format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0; $format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0; $format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0; $format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0; $format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0; $format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0; $format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0; $format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0; $format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0; $format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0; $format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0; $format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0; $format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0; $member_valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb; // put any error checking / validation here DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_albums','{$member_albums}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_use_fullname','{$member_use_fullname}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'feature_member_album','{$feature_member_album}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'allow_remote','{$allow_remote}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_quota','{$member_quota}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_auto_create','{$auto_create}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_create_new','{$allow_create}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_root','{$member_root}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_archive','{$member_archive}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_enable_random','{$enable_random}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_width','{$max_image_width}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_height','{$max_image_height}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_filesize','{$max_filesize}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_uploads','{$uploads}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_moderate','{$moderate}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_mod_group_id','{$mod_id}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_email_mod','{$email_mod}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_owner','{$perm_owner}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_group','{$perm_group}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_members','{$perm_members}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_anon','{$perm_anon}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_valid_formats','{$member_valid_formats}'"); CACHE_remove_instance('stmenu'); echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=12'); exit; }
/** * Saves an event to the database * * @param array $_POST fields * @return string HTML redirect or error message * */ function CALENDAR_save($eid, $C) { global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF; $allday = isset($C['allday']) ? COM_applyFilter($C['allday']) : ''; $hour_mode = isset($C['hour_mode']) && $C['hour_mode'] == 24 ? 24 : 12; if ($hour_mode == 24) { // these aren't set in 24 hour mode $C['start_ampm'] = ''; $C['end_ampm'] = ''; } $status = $C['status']; $title = $C['title']; $event_type = $C['event_type']; $url = $C['url']; $start_month = COM_applyFilter($C['start_month'], true); $start_day = COM_applyFilter($C['start_day'], true); $start_year = COM_applyFilter($C['start_year'], true); $start_hour = COM_applyFilter($C['start_hour'], true); $start_minute = COM_applyFilter($C['start_minute'], true); $start_ampm = $C['start_ampm']; $end_month = COM_applyFilter($C['end_month'], true); $end_day = COM_applyFilter($C['end_day'], true); $end_year = COM_applyFilter($C['end_year'], true); $end_hour = COM_applyFilter($C['end_hour'], true); $end_minute = COM_applyFilter($C['end_minute'], true); $end_ampm = $C['end_ampm']; $location = $C['location']; $address1 = $C['address1']; $address2 = $C['address2']; $city = $C['city']; $state = $C['state']; $zipcode = $C['zipcode']; $description = $C['description']; $postmode = $C['postmode']; $owner_id = COM_applyFilter($C['owner_id'], true); $group_id = COM_applyFilter($C['group_id'], true); $perm_owner = $C['perm_owner']; $perm_group = $C['perm_group']; $perm_members = isset($C['perm_members']) ? $C['perm_members'] : ''; $perm_anon = isset($C['perm_anon']) ? $C['perm_anon'] : ''; $type = isset($C['type']) ? COM_applyFilter($C['type']) : ''; $C['datestart'] = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $C['timestart'] = $start_hour . ':' . $start_minute . ':00'; $C['dateend'] = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $C['timeend'] = $end_hour . ':' . $end_minute . ':00'; $C['allday'] = $allday; $C['hits'] = 0; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if (DB_count($_TABLES['events'], 'eid', $eid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]); $retval .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true); $retval .= COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}."); return $retval; } if ($hour_mode == 24) { // to avoid having to mess with the tried and tested code below, map // the 24-hour values onto their 12-hour counterparts and use those if ($start_hour >= 12) { $start_ampm = 'pm'; $start_hour = $start_hour - 12; } else { $start_ampm = 'am'; $start_hour = $start_hour; } if ($start_hour == 0) { $start_hour = 12; } if ($end_hour >= 12) { $end_ampm = 'pm'; $end_hour = $end_hour - 12; } else { $end_ampm = 'am'; $end_hour = $end_hour; } if ($end_hour == 0) { $end_hour = 12; } } if ($allday == 'on') { $allday = 1; } else { $allday = 0; } // Make sure start date is before end date if (checkdate($start_month, $start_day, $start_year)) { $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $timestart = $start_hour . ':' . $start_minute . ':00'; } else { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } if (checkdate($end_month, $end_day, $end_year)) { $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $timeend = $end_hour . ':' . $end_minute . ':00'; } else { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } if ($allday == 0) { if ($dateend < $datestart) { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } } else { if ($dateend < $datestart) { // Force end date to be same as start date $dateend = $datestart; } } // clean 'em up if ($postmode == 'html') { $description = COM_checkHTML(COM_checkWords($description)); } else { $postmode = 'plaintext'; $description = @htmlspecialchars(COM_checkWords($description)); } $description = DB_escapeString($description); $title = DB_escapeString(COM_checkHTML(COM_checkWords($title))); $location = DB_escapeString(COM_checkHTML(COM_checkWords($location))); $address1 = DB_escapeString(COM_checkHTML(COM_checkWords($address1))); $address2 = DB_escapeString(COM_checkHTML(COM_checkWords($address2))); $city = DB_escapeString(COM_checkHTML(COM_checkWords($city))); $state = DB_escapeString(COM_checkHTML(COM_checkWords($state))); $zipcode = DB_escapeString(COM_checkHTML(COM_checkWords($zipcode))); $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type))); $url = DB_escapeString(strip_tags($url)); if ($allday == 0) { // Add 12 to make time on 24 hour clock if needed if ($start_ampm == 'pm' and $start_hour != 12) { $start_hour = $start_hour + 12; } // If 12AM set hour to 00 if ($start_ampm == 'am' and $start_hour == 12) { $start_hour = '00'; } // Add 12 to make time on 24 hour clock if needed if ($end_ampm == 'pm' and $end_hour != 12) { $end_hour = $end_hour + 12; } // If 12AM set hour to 00 if ($end_ampm == 'am' and $end_hour == 12) { $end_hour = '00'; } $timestart = $start_hour . ':' . $start_minute . ':00'; $timeend = $end_hour . ':' . $end_minute . ':00'; } if (!empty($eid) and !empty($description) and !empty($title)) { DB_delete($_TABLES['eventsubmission'], 'eid', $eid); DB_save($_TABLES['events'], 'eid,status,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon', "'{$eid}',{$status},'{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) { $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'"); $numrows = DB_numRows($result); for ($i = 1; $i <= $numrows; $i++) { $P = DB_fetchArray($result); DB_save($_TABLES['personal_events'], 'eid,status,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}',{$status},'{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'"); } } PLG_itemSaved($eid, 'calendar'); COM_rdfUpToDateCheck('calendar', $event_type, $eid); // if we just saved a submission, then return to the submissions page if ($type == 'submission') { return COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17); } } else { $retval .= COM_siteHeader('menu', $LANG_CAL_ADMIN[2]); $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2], true); $retval .= CALENDAR_edit('edit', $C, ''); $retval .= COM_siteFooter(); return $retval; } }
/** * Saves a block * * @param string $bid Block ID * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Ids of topics block is assigned to * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @return string HTML redirect or error message * */ function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER; $retval = ''; $title = DB_escapeString(COM_stripslashes(strip_tags($title))); $phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn))); if (empty($title) || !TOPIC_checkTopicSelectionControl()) { $retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63])); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 'on') { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($cache_time < -1 or $cache_time == "") { $cache_time = $_CONF['default_cache_time_block']; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } elseif (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37])); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; if ($allow_autotags == 1) { // Remove any autotags the user doesn't have permission to use $content = PLG_replaceTags($content, '', true); } $content = DB_escapeString($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = DB_escapeString($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '0000-00-00 00:00:00'; } if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL"); } else { $sql = array(); $sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})"; $sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})"; DB_query($sql); $bid = DB_insertId(); } TOPIC_saveTopicSelectionControl('block', $bid); $cacheInstance = 'block__' . $bid . '__'; // remove any of this blocks instances if exists CACHE_remove_instance($cacheInstance); return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11'); } else { if (empty($name)) { // empty block name $msgtxt = $LANG21[50]; } elseif ($type == 'portal') { // Portal block is missing fields $msgtxt = $LANG21[33]; } elseif ($type == 'phpblock') { // PHP Block is missing field $msgtxt = $LANG21[34]; } elseif ($type == 'normal') { // Normal block is missing field $msgtxt = $LANG21[35]; } elseif ($type == 'gldefault') { // Default geeklog field missing $msgtxt = $LANG21[42]; } else { // Layout block missing content $msgtxt = $LANG21[36]; } $retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32])); } return $retval; }
/** * saves the specified album information * * @param int album_id album_id to edit * @return string HTML * */ function MG_saveAlbum($album_id, $actionURL = '') { global $_DB_dbms, $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $_POST; $update = 0; if (isset($_POST['album_id'])) { $aid = COM_applyFilter($_POST['album_id'], true); } else { $aid = 0; } if (isset($_POST['force_child_update'])) { $forceChildPermUpdate = COM_applyFilter($_POST['force_child_update'], true); } else { $forceChildPermUpdate = 0; } $thumb = $_FILES['thumbnail']; $thumbnail = $thumb['tmp_name']; if (isset($_POST['attach_tn'])) { $att = COM_applyFilter($_POST['attach_tn']); } else { $att = 0; } if ($aid > 0) { // should be 0 or negative 1 for create $album = $MG_albums[$aid]; $oldparent = $album->parent; $old_tn_attached = $album->tn_attached; $old_featured = $album->featured; $update = 1; } else { $album = new mgAlbum(); $album->id = $aid; $update = 0; $old_tn_attached = 0; } if ($_MG_CONF['htmlallowed'] == 1) { $album->title = COM_checkHTML(COM_killJS($_POST['album_name'])); $album->description = COM_checkHTML(COM_killJS($_POST['album_desc'])); } else { $album->title = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_name'])))); $album->description = htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($_POST['album_desc'])))); } if ($album->title == "") { return MG_errorHandler("You must enter an Album Name"); } $album->parent = COM_applyFilter($_POST['parentaid'], true); // we should not need this if (isset($_POST['hidden'])) { $album->hidden = COM_applyFilter($_POST['hidden'], true); } else { $album->hidden = 0; } $album->cover = COM_applyFilter($_POST['cover']); $album->cover_filename = COM_applyFilter($_POST['album_cover_filename']); if (isset($_POST['enable_album_views'])) { $album->enable_album_views = COM_applyFilter($_POST['enable_album_views'], true); } else { $album->enable_album_views = 0; } $album->image_skin = COM_applyFilter($_POST['skin']); $album->album_skin = COM_applyFilter($_POST['askin']); $album->display_skin = COM_applyFilter($_POST['dskin']); if (isset($_POST['display_album_desc'])) { $album->display_album_desc = COM_applyFilter($_POST['display_album_desc'], true); } else { $album->display_album_desc = 0; } if (isset($_POST['enable_comments'])) { $album->enable_comments = COM_applyFilter($_POST['enable_comments'], true); } else { $album->enable_comments = 0; } $album->exif_display = COM_applyFilter($_POST['enable_exif'], true); if (isset($_POST['enable_rating'])) { $album->enable_rating = COM_applyFilter($_POST['enable_rating'], true); } else { $album->enable_rating = 0; } $album->playback_type = COM_applyFilter($_POST['playback_type'], true); $album->tn_attached = isset($_POST['attach_tn']) ? COM_applyFilter($_POST['attach_tn'], true) : 0; $album->enable_slideshow = COM_applyFilter($_POST['enable_slideshow'], true); if (isset($_POST['enable_random'])) { $album->enable_random = COM_applyFilter($_POST['enable_random'], true); } else { $album->enable_random = 0; } if (isset($_POST['enable_shutterfly'])) { $album->enable_shutterfly = COM_applyFilter($_POST['enable_shutterfly'], true); } else { $album->enable_shutterfly = 0; } if (isset($_POST['enable_views'])) { $album->enable_views = COM_applyFilter($_POST['enable_views'], true); } else { $album->enable_views = 0; } if (isset($_POST['enable_keywords'])) { $album->enable_keywords = COM_applyFilter($_POST['enable_keywords'], true); } else { $album->enable_keywords = 0; } if (isset($_POST['enable_sort'])) { $album->enable_sort = COM_applyFilter($_POST['enable_sort'], true); } else { $album->enable_sort = 0; } if (isset($_POST['enable_rss'])) { $album->enable_rss = COM_applyFilter($_POST['enable_rss'], true); } else { $album->enable_rss = 0; } $album->enable_postcard = COM_applyFilter($_POST['enable_postcard'], true); if (isset($_POST['albums_first'])) { $album->albums_first = COM_applyFilter($_POST['albums_first'], true); } else { $album->albums_first = 0; } if (isset($_POST['allow_download'])) { $album->allow_download = COM_applyFilter($_POST['allow_download'], true); } else { $album->allow_download = 0; } if (isset($_POST['usealternate'])) { $album->useAlternate = COM_applyFilter($_POST['usealternate'], true); } else { $album->useAlternate = 0; } $album->full = COM_applyFilter($_POST['full_display'], true); $album->tn_size = COM_applyFilter($_POST['tn_size'], true); $album->max_image_height = COM_applyFilter($_POST['max_image_height'], true); $album->max_image_width = COM_applyFilter($_POST['max_image_width'], true); $album->max_filesize = COM_applyFilter($_POST['max_filesize'], true); if ($album->max_filesize != 0) { $album->max_filesize = $album->max_filesize * 1024; } $album->display_image_size = COM_applyFilter($_POST['display_image_size'], true); $album->display_rows = COM_applyFilter($_POST['display_rows'], true); $album->display_columns = COM_applyFilter($_POST['display_columns'], true); $album->skin = COM_applyFilter($_POST['album_theme']); if (isset($_POST['filename_title'])) { $album->filename_title = COM_applyFilter($_POST['filename_title'], true); } else { $album->filename_title = 0; } $album->shopping_cart = 0; if (isset($_POST['wm_auto'])) { $album->wm_auto = COM_applyFilter($_POST['wm_auto'], true); } else { $album->wm_auto = 0; } $album->wm_id = COM_applyFilter($_POST['wm_id']); $album->wm_opacity = COM_applyFilter($_POST['wm_opacity'], true); $album->wm_location = COM_applyFilter($_POST['wm_location'], true); $album->album_sort_order = COM_applyFilter($_POST['album_sort_order'], true); if (isset($_POST['uploads'])) { $album->member_uploads = COM_applyFilter($_POST['uploads'], true); } else { $album->member_uploads = 0; } if (isset($_POST['moderate'])) { $album->moderate = COM_applyFilter($_POST['moderate'], true); } else { $album->moderate = 0; } if (isset($_POST['email_mod'])) { $album->email_mod = COM_applyFilter($_POST['email_mod'], true); } else { $album->email_mod = 0; } if (isset($_POST['podcast'])) { $album->podcast = COM_applyFilter($_POST['podcast'], true); } else { $album->podcast = 0; } if (isset($_POST['mp3ribbon'])) { $album->mp3ribbon = COM_applyFilter($_POST['mp3ribbon'], true); } else { $album->mp3ribbon = 0; } if (isset($_POST['rsschildren'])) { $album->rssChildren = COM_applyFilter($_POST['rsschildren'], true); } else { $album->rssChildren = 0; } if (isset($_POST['tnheight'])) { $album->tnHeight = COM_applyFilter($_POST['tnheight'], true); if ($album->tnHeight == 0) { $album->tnHeight = 200; } } else { $album->tnHeight = 200; } if (isset($_POST['tnwidth'])) { $album->tnWidth = COM_applyFilter($_POST['tnwidth'], true); if ($album->tnWidth == 0) { $album->tnWidth = 200; } } else { $album->tnWidth = 200; } if (SEC_hasRights('mediagallery.admin')) { $format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0; $format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0; $format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0; $format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0; $format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0; $format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0; $format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0; $format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0; $format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0; $format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0; $format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0; $format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0; $format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0; $format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0; $format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0; $format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0; $format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0; $format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0; $format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0; $album->valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb; if (isset($_POST['featured'])) { $album->featured = COM_applyFilter($_POST['featured'], true); // admin only } else { $album->featured = 0; } $album->cbposition = COM_applyFilter($_POST['featureposition'], true); // admin only $album->cbpage = COM_applyFilter($_POST['featurepage']); // admin only $album->group_id = isset($_POST['group_id']) ? COM_applyFilter($_POST['group_id']) : 0; // admin only $album->mod_group_id = isset($_POST['mod_id']) ? COM_applyFilter($_POST['mod_id'], true) : 0; // admin only $perm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0; // admin only $perm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0; // admin only $perm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0; $perm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0; list($album->perm_owner, $album->perm_group, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } else { $perm_owner = $album->perm_owner; // already set by existing album? $perm_group = $album->perm_group; // already set by existing album? if ($update == 0) { if (isset($MG_albums[$album->parent]->group_id)) { $grp_id = $MG_albums[$album->parent]->group_id; $album->group_id = $grp_id; } else { $gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'"); $grow = DB_fetchArray($gresult); $grp_id = $grow['grp_id']; $album->group_id = $grp_id; // only do these two if create.... } $album->mod_group_id = $_MG_CONF['member_mod_group_id']; if ($album->mod_group_id == '' || $album->mod_group_id < 1) { $album->mod_group_id = $grp_id; } } $perm_members = $_POST['perm_members']; $perm_anon = $_POST['perm_anon']; list($junk1, $junk2, $album->perm_members, $album->perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } if (isset($_POST['owner_id'])) { $album->owner_id = COM_applyFilter($_POST['owner_id']); } else { $album->owner_id = 2; } // simple check to see if we can create off the album root... if (!SEC_hasRights('mediagallery.admin')) { if ($album->parent == $_MG_CONF['member_album_root'] && $update == 0) { if ($_MG_CONF['member_create_new'] == 0) { return MG_errorHandler("Cannot create a new album off the member root, please select a new parent album"); } } } // final permission check to make sure we have the proper rights to create here.... if ($album->parent == 0 && $update == 0 && !$_MG_CONF['member_albums'] == 1 && !$_MG_CONF['member_album_root'] == 0) { // see if we are mediagallery.admin if (!SEC_hasRights('mediagallery.admin')) { COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album in Root. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } } elseif ($album->parent != 0) { if (!isset($MG_albums[$album->parent]->id)) { // does not exist... COM_errorLog("MediaGallery: Someone has tried to save a album to non-existent parent album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } else { if ($MG_albums[$album->parent]->access != 3 && !SEC_hasRights('mediagallery.admin') && !$_MG_CONF['member_albums'] && !($_MG_CONF['member_album_root'] == $MG_album[$album->parent]->id)) { COM_errorLog("MediaGallery: Someone has tried to illegally save a Media Gallery Album. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } } } if ($old_tn_attached == 0 && $album->tn_attached == 1 && $thumb['tmp_name'] == '') { $album->tn_attached = 0; } if ($old_tn_attached == 1 && $album->tn_attached == 0) { $remove_old_tn = 1; } else { $remove_old_tn = 0; } if ($thumb['tmp_name'] != '' && $album->tn_attached == 1) { $thumbnail = $thumb['tmp_name']; $attachtn = 1; } else { $attachtn = 0; } // pull the watermark id associated with the filename... if ($album->wm_id == 'blank.png') { $wm_id = 0; } else { $wm_id = DB_getItem($_TABLES['mg_watermarks'], 'wm_id', 'filename="' . DB_escapeString($album->wm_id) . '"'); } if ($wm_id == '') { $wm_id = 0; } if ($wm_id == 0) { $album->wm_auto = 0; } $album->wm_id = $wm_id; // handle new featured albums if (SEC_hasRights('mediagallery.admin')) { if ($album->featured) { // check for other featured albums, we can only have one $sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE featured=1 AND cbpage='" . DB_escapeString($album->cbpage) . "'"; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows > 0) { $row = DB_fetchArray($result); $sql = "UPDATE {$_TABLES['mg_albums']} SET featured=0 WHERE album_id=" . $row['album_id']; DB_query($sql); } } } else { // if a new album, set the member album defaults since we are a non-admin if ($album->isMemberAlbum() && update == 0) { $album->perm_owner = $_MG_CONF['member_perm_owner']; $album->perm_group = $_MG_CONF['member_perm_group']; $album->enable_random = $_MG_CONF['member_enable_random']; $album->max_image_height = $_MG_CONF['member_max_height']; $album->max_image_width = $_MG_CONF['member_max_width']; $album->max_filesize = $_MG_CONF['member_max_filesize']; $album->member_uploads = $_MG_CONF['member_uploads']; $album->moderate = $_MG_CONF['member_moderate']; $album->email_mod = $_MG_CONF['member_email_mod']; $album->valid_formats = $_MG_CONF['member_valid_formats']; } } $album->title = substr($album->title, 0, 254); if ($_DB_dbms == "mssql") { $album->description = substr($album->description, 0, 1500); } if ($album->last_update == '') { $album->last_update = 0; } $album->last_update = intval($album->last_update); if ($album->id < 1) { $album->id = $album->createAlbumID(); $aid = $album->id; $album->order = $album->getNextSortOrder(); } if ($album->id == 0) { COM_errorLog("MediaGallery: Internal Error - album_id = 0 - Contact mark@glfusion.org "); return MG_genericError($LANG_MG00['access_denied_msg']); } $album->saveAlbum(); $album->updateChildPermissions($forceChildPermUpdate); // now handle the attached cover... if ($attachtn == 1) { if (!function_exists('MG_getFile')) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; } $media_filename = $_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id; MG_attachThumbnail($album->id, $thumbnail, $media_filename); } if ($remove_old_tn == 1) { foreach ($_MG_CONF['validExtensions'] as $ext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext)) { @unlink($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $album->id . $ext); break; } } } MG_initAlbums(1); // do any album sorting here... if (isset($MG_albums[$aid]) && $MG_albums[$aid]->parent == 0) { switch ($MG_albums[$aid]->album_sort_order) { case 0: break; case 3: // upload, asc MG_staticSortAlbum($aid, 2, 1, 0); break; case 4: // upload, desc MG_staticSortAlbum($aid, 2, 0, 0); break; case 5: // title, asc MG_staticSortAlbum($aid, 0, 1, 0); break; case 6: // title, desc MG_staticSortAlbum($aid, 0, 0, 0); break; case 7: // rating, desc MG_staticSortAlbum($aid, 3, 0, 0); break; case 8: // rating, desc MG_staticSortAlbum($aid, 3, 1, 0); break; default: // skip it... break; } } else { // not a root album... switch ($MG_albums[$MG_albums[$aid]->parent]->album_sort_order) { case 0: break; case 3: // upload, asc MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 1, 0); break; case 4: // upload, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 2, 0, 0); break; case 5: // title, asc MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 1, 0); break; case 6: // title, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 0, 0, 0); break; case 7: // rating, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 0, 0); break; case 8: // rating, desc MG_staticSortAlbum($MG_albums[$aid]->parent, 3, 1, 0); break; default: // skip it... break; } // now call it for myself to sort my subs switch ($MG_albums[$aid]->album_sort_order) { case 0: break; case 3: // upload, asc MG_staticSortAlbum($aid, 2, 1, 0); break; case 4: // upload, desc MG_staticSortAlbum($aid, 2, 0, 0); break; case 5: // title, asc MG_staticSortAlbum($aid, 0, 1, 0); break; case 6: // title, desc MG_staticSortAlbum($aid, 0, 0, 0); break; case 7: // rating, desc MG_staticSortAlbum($aid, 3, 0, 0); break; case 8: // rating, desc MG_staticSortAlbum($aid, 3, 1, 0); break; default: // skip it... break; } } if (!function_exists('MG_buildFullRSS')) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; } MG_buildFullRSS(); MG_buildAlbumRSS($album->id); $actionURL = $_MG_CONF['site_url'] . '/album.php?aid=' . $album->id; echo COM_refresh($actionURL); exit; }
//token expired? SEC_setCookie($_CONF['cookie_name'] . 'adveditor', SEC_createTokenGeneral('advancededitor'), time() + 1200, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], false); $display .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $display .= COM_showMessage(501); $editor = ''; if (isset($_GET['editor'])) { $editor = COM_applyFilter($_GET['editor']); } // $mode = 'edit'; $owner_id = $_POST['owner_id']; $group_id = $_POST['group_id']; $perm_owner = $_POST['perm_owner']; $perm_group = $_POST['perm_group']; $perm_members = $_POST['perm_members']; $perm_anon = $_POST['perm_anon']; list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $_POST['perm_owner'] = $perm_owner; $_POST['perm_group'] = $perm_group; $_POST['perm_members'] = $perm_members; $_POST['perm_anon'] = $perm_anon; $sp_centerblock = isset($_POST['sp_centerblock']) ? $_POST['sp_centerblock'] : ''; $sp_help = ''; if (!empty($_POST['sp_help'])) { $sp_help = $_POST['sp_help']; } $sp_inblock = isset($_POST['sp_inblock']) ? $_POST['sp_inblock'] : ''; $sp_search = isset($_POST['sp_search']) ? $_POST['sp_search'] : ''; $sp_onmenu = isset($_POST['sp_onmenu']) ? $_POST['sp_onmenu'] : ''; $sp_nf = isset($_POST['sp_nf']) ? $_POST['sp_nf'] : ''; if ($sp_onmenu == 'on') { $_POST['sp_onmenu'] = 1;
/** * Saves an event to the database * * (parameters should be obvious - old list was incomplete anyway) * @return string HTML redirect or error message * */ function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode) { global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if (DB_count($_TABLES['events'], 'eid', $eid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}."); return $retval; } if ($hour_mode == 24) { // to avoid having to mess with the tried and tested code below, map // the 24-hour values onto their 12-hour counterparts and use those if ($start_hour >= 12) { $start_ampm = 'pm'; $start_hour = $start_hour - 12; } else { $start_ampm = 'am'; $start_hour = $start_hour; } if ($start_hour == 0) { $start_hour = 12; } if ($end_hour >= 12) { $end_ampm = 'pm'; $end_hour = $end_hour - 12; } else { $end_ampm = 'am'; $end_hour = $end_hour; } if ($end_hour == 0) { $end_hour = 12; } } if ($allday == 'on') { $allday = 1; } else { $allday = 0; } // Make sure start date is before end date if (checkdate($start_month, $start_day, $start_year)) { $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day); $timestart = $start_hour . ':' . $start_minute . ':00'; } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } if (checkdate($end_month, $end_day, $end_year)) { $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day); $timeend = $end_hour . ':' . $end_minute . ':00'; } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } if ($allday == 0) { if ($dateend < $datestart) { $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } } else { if ($dateend < $datestart) { // Force end date to be same as start date $dateend = $datestart; } } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up if ($postmode == 'html') { $description = COM_checkHTML(COM_checkWords($description), 'calendar.edit'); } else { $postmode = 'plaintext'; $description = htmlspecialchars(COM_checkWords($description)); } $description = DB_escapeString($description); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit')); $address1 = DB_escapeString(strip_tags(COM_checkWords($address1))); $address2 = DB_escapeString(strip_tags(COM_checkWords($address2))); $city = DB_escapeString(strip_tags(COM_checkWords($city))); $zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode))); $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type))); $url = DB_escapeString(strip_tags($url)); if ($allday == 0) { // Add 12 to make time on 24 hour clock if needed if ($start_ampm == 'pm' and $start_hour != 12) { $start_hour = $start_hour + 12; } // If 12AM set hour to 00 if ($start_ampm == 'am' and $start_hour == 12) { $start_hour = '00'; } // Add 12 to make time on 24 hour clock if needed if ($end_ampm == 'pm' and $end_hour != 12) { $end_hour = $end_hour + 12; } // If 12AM set hour to 00 if ($end_ampm == 'am' and $end_hour == 12) { $end_hour = '00'; } $timestart = $start_hour . ':' . $start_minute . ':00'; $timeend = $end_hour . ':' . $end_minute . ':00'; } if (!empty($eid) and !empty($description) and !empty($title)) { if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php'); } $hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'"); if (empty($hits)) { $hits = 0; } DB_delete($_TABLES['eventsubmission'], 'eid', $eid); DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}"); if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) { $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'"); $numrows = DB_numRows($result); for ($i = 1; $i <= $numrows; $i++) { $P = DB_fetchArray($result); DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'"); } } PLG_itemSaved($eid, 'calendar'); COM_rdfUpToDateCheck('calendar', $event_type, $eid); return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17); } else { $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2])); return $retval; } }
/** * Saves a poll * * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainpage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param string $meta_description * @param string $meta_keywords * @param int $statuscode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideresults Checkbox: hide results until closed * @param int $commentcode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_grup Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @return string HTML redirect or error message * */ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $meta_description = strip_tags(COM_stripslashes($meta_description)); $meta_keywords = strip_tags(COM_stripslashes($meta_keywords)); $pid = COM_sanitizeID($pid); $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) { $retval .= COM_siteHeader('menu', $LANG25[5]); $retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG25[2]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); return $retval; } if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } $access = 0; if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); COM_output($display); exit; } if (empty($voters)) { $voters = 0; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = addslashes($topic); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's $v = 0; // re-count votes sine they might have been changed // first dimension of array are the questions $num_questions = count($Q); for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); if (strlen($Q[$i]) > 0) { // only insert questions that exist $Q[$i] = addslashes($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = addslashes($A[$i][$j]); $R[$i][$j] = addslashes($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $v = $v + $V[$i][$j]; } } $k++; } } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s'); if ($mainpage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideresults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls')); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); }
/** * Loads the basic details of an article into the internal * variables, cleaning them up nicely. * @access Private * @param $array Array of POST/GET data (by ref). * @return Nothing. */ function _loadBasics(&$array) { /* For the really, really basic stuff, we can very easily load them * based on an array that defines how to COM_applyFilter them. */ foreach ($this->_postFields as $key => $value) { $vartype = $value[0]; $varname = $value[1]; // If we have a value if (array_key_exists($key, $array)) { // And it's alphanumeric or numeric, filter it and use it. if ($vartype == STORY_AL_ALPHANUM || $vartype == STORY_AL_NUMERIC) { $this->{$varname} = COM_applyFilter($array[$key], $vartype); } elseif ($vartype == STORY_AL_ANYTHING) { $this->{$varname} = $array[$key]; } elseif ($array[$key] === 'on' || $array[$key] === 1) { // If it's a checkbox that is on $this->{$varname} = 1; } else { // Otherwise, it must be a checkbox that is off: $this->{$varname} = 0; } } elseif ($vartype == STORY_AL_NUMERIC || $vartype == STORY_AL_CHECKBOX) { // If we don't have a value, and have a numeric or text box, default to 0 $this->{$varname} = 0; } } // SID's are a special case: $sid = COM_sanitizeID($array['sid']); if (isset($array['old_sid'])) { $oldsid = COM_sanitizeID($array['old_sid'], false); } else { $oldsid = ''; } if (empty($sid)) { $sid = $oldsid; } if (empty($sid)) { $sid = COM_makeSid(); } $this->_sid = $sid; $this->_originalSid = $oldsid; /* Need to deal with the postdate and expiry date stuff */ $publish_ampm = ''; if (isset($array['publish_ampm'])) { $publish_ampm = COM_applyFilter($array['publish_ampm']); } $publish_hour = 0; if (isset($array['publish_hour'])) { $publish_hour = COM_applyFilter($array['publish_hour'], true); } $publish_minute = 0; if (isset($array['publish_minute'])) { $publish_minute = COM_applyFilter($array['publish_minute'], true); } $publish_second = 0; if (isset($array['publish_second'])) { $publish_second = COM_applyFilter($array['publish_second'], true); } if ($publish_ampm == 'pm') { if ($publish_hour < 12) { $publish_hour = $publish_hour + 12; } } if ($publish_ampm == 'am' and $publish_hour == 12) { $publish_hour = '00'; } $publish_year = 0; if (isset($array['publish_year'])) { $publish_year = COM_applyFilter($array['publish_year'], true); } $publish_month = 0; if (isset($array['publish_month'])) { $publish_month = COM_applyFilter($array['publish_month'], true); } $publish_day = 0; if (isset($array['publish_day'])) { $publish_day = COM_applyFilter($array['publish_day'], true); } $this->_date = strtotime("{$publish_month}/{$publish_day}/{$publish_year} {$publish_hour}:{$publish_minute}:{$publish_second}"); $archiveflag = 0; if (isset($array['archiveflag'])) { $archiveflag = COM_applyFilter($array['archiveflag'], true); } /* Override status code if no archive flag is set: */ if ($archiveflag != 1) { $this->_statuscode = 0; } if (array_key_exists('expire_ampm', $array)) { $expire_ampm = COM_applyFilter($array['expire_ampm']); $expire_hour = COM_applyFilter($array['expire_hour'], true); $expire_minute = COM_applyFilter($array['expire_minute'], true); $expire_second = COM_applyFilter($array['expire_second'], true); $expire_year = COM_applyFilter($array['expire_year'], true); $expire_month = COM_applyFilter($array['expire_month'], true); $expire_day = COM_applyFilter($array['expire_day'], true); if ($expire_ampm == 'pm') { if ($expire_hour < 12) { $expire_hour = $expire_hour + 12; } } if ($expire_ampm == 'am' and $expire_hour == 12) { $expire_hour = '00'; } $expiredate = strtotime("{$expire_month}/{$expire_day}/{$expire_year} {$expire_hour}:{$expire_minute}:{$expire_second}"); } else { $expiredate = time(); } $this->_expire = $expiredate; // comment expire time if (isset($array['cmt_close_flag'])) { $cmt_close_ampm = COM_applyFilter($array['cmt_close_ampm']); $cmt_close_hour = COM_applyFilter($array['cmt_close_hour'], true); $cmt_close_minute = COM_applyFilter($array['cmt_close_minute'], true); $cmt_close_second = COM_applyFilter($array['cmt_close_second'], true); $cmt_close_year = COM_applyFilter($array['cmt_close_year'], true); $cmt_close_month = COM_applyFilter($array['cmt_close_month'], true); $cmt_close_day = COM_applyFilter($array['cmt_close_day'], true); if ($cmt_close_ampm == 'pm') { if ($cmt_close_hour < 12) { $cmt_close_hour = $cmt_close_hour + 12; } } if ($cmt_close_ampm == 'am' and $cmt_close_hour == 12) { $cmt_close_hour = '00'; } $cmt_close_date = strtotime("{$cmt_close_month}/{$cmt_close_day}/{$cmt_close_year} {$cmt_close_hour}:{$cmt_close_minute}:{$cmt_close_second}"); $this->_comment_expire = $cmt_close_date; } else { $this->_comment_expire = 0; } /* Then grab the permissions */ // Convert array values to numeric permission values if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) { list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']); } else { $this->_perm_owner = $array['perm_owner']; $this->_perm_group = $array['perm_group']; $this->_perm_members = $array['perm_members']; $this->_perm_anon = $array['perm_anon']; } }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG_STATIC['access_denied_msg']; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 3) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') { $args['draft_flag'] = 'on'; } if (empty($args['template_flag'])) { $args['template_flag'] = ''; } if (empty($args['template_id'])) { $args['template_id'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_title = $args['sp_title']; $sp_page_title = $args['sp_page_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $meta_description = $args['meta_description']; $meta_keywords = $args['meta_keywords']; $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $draft_flag = $args['draft_flag']; $template_flag = $args['template_flag']; $template_id = $args['template_id']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } if ($draft_flag == 'on') { $draft_flag = 1; } else { $draft_flag = 0; } if ($template_flag == 'on') { $template_flag = 1; } else { $template_flag = 0; } // Remove any autotags the user doesn't have permission to use $sp_content = PLG_replaceTags($sp_content, '', true); // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_page_title = strip_tags($sp_page_title); $sp_label = strip_tags($sp_label); $meta_description = strip_tags($meta_description); $meta_keywords = strip_tags($meta_keywords); $sp_content = addslashes($sp_content); $sp_title = addslashes($sp_title); $sp_page_title = addslashes($sp_page_title); $sp_label = addslashes($sp_label); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // If marked as a template then set id to nothing and other default settings if ($template_flag == 1) { $template_id = ''; $sp_onmenu = 0; $sp_label = ""; $sp_centerblock = 0; $sp_php = 0; $sp_inblock = 0; $sp_nf = 0; $sp_hits = 0; $meta_description = ""; $meta_keywords = ""; } else { // See if it was a template before, if so and option changed, remove use from other pages if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } if ($template_id != '') { // If using a template, make sure php disabled $sp_php = 0; // Double check template id exists and is still a template $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) { $template_id = ''; } } } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)"; // if we're in a multi-language setup, we need to allow one "entire // page" centerblock for 'all' or 'none' per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_{$lang_id}'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Retrieve created date $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'"); if ($datecreated == '') { $datecreated = date('Y-m-d H:i:s'); } DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'"); if ($delete_old_page && !empty($sp_old_id)) { // If a template and the id changed, update any staticpages that use it if ($template_flag == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); } if (empty($sp_old_id) || $sp_id == $sp_old_id) { if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages'); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } else { DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages')); if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages', $sp_old_id); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
COM_errorLog("Someone has tried to illegally access the external Admin page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); $display = COM_siteHeader(); $display .= COM_startBlock($LANG_EX00['access_denied']); $display .= $LANG_EX00['access_denied_msg']; $display .= COM_endBlock(); $display .= COM_siteFooter(true); echo $display; exit; } /** * Main */ $exid = (int) $_REQUEST['exid']; switch ($_REQUEST['action']) { case $LANG_EX00['save']: list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($_REQUEST['perm_owner'], $_REQUEST['perm_group'], $_REQUEST['perm_members'], $_REQUEST['perm_anon']); if ($exid == 0) { $sql = "INSERT INTO "; } else { $sql = "UPDATE "; } $sql .= " {$_TABLES['external']} SET\n title='" . DB_escapeString($_REQUEST['title']) . "',\n url='" . DB_escapeString($_REQUEST['url']) . "',\n hits='" . DB_escapeString($_REQUEST['hits']) . "',\n group_id=" . (int) $_REQUEST['group_id'] . ",\n owner_id=" . (int) $_REQUEST['owner_id'] . ",\n perm_owner={$perm_owner},\n perm_group={$perm_group},\n perm_members={$perm_members},\n perm_anon={$perm_anon} "; if ($exid != 0) { $sql .= " WHERE exid={$exid}"; } DB_query($sql); echo COM_refresh($_CONF['site_admin_url'] . "/plugins/external/index.php"); exit; case $LANG_EX00['delete']: DB_delete($_TABLES['external'], 'exid', $exid); echo COM_refresh($_CONF['site_admin_url'] . "/plugins/external/index.php");
/** * Prepare an array of the standard permission values * This helper functions does the following: * 1) filter permission values, e.g. after a POST request * 2) translates the permission checkbox arrays into numerical values * 3) ensures that all the standard permission entries are set, so you don't * have to check with isset() all the time * <code> * $PERM = SEC_filterPermissions($_POST); * if ($PERM['perm_anon'] != 0) { ... * </code> * * @param array $A array to filter on, e.g. $_POST * @return array array of only the 6 standard permission values * @see SEC_getPermissionValues */ function SEC_filterPermissions($A) { $retval = array(); if (isset($A['owner_id'])) { $retval['owner_id'] = COM_applyFilter($A['owner_id'], true); } else { $retval['owner_id'] = 0; } if (isset($A['group_id'])) { $retval['group_id'] = COM_applyFilter($A['group_id'], true); } else { $retval['group_id'] = 0; } $perms = array('perm_owner', 'perm_group', 'perm_members', 'perm_anon'); $B = array(); foreach ($perms as $p) { if (isset($A[$p])) { $B[$p] = $A[$p]; } else { $B[$p] = array(); } } $B = SEC_getPermissionValues($B['perm_owner'], $B['perm_group'], $B['perm_members'], $B['perm_anon']); for ($i = 0; $i < 4; $i++) { $retval[$perms[$i]] = $B[$i]; } return $retval; }
/** * Sets all variables to the matching values from the provided array * * @param array $A Array of values, from DB or $_POST */ function SetVars($A, $fromDB = false) { if (!is_array($A)) { return; } $this->cat_id = $A['cat_id']; $this->papa_id = $A['papa_id']; $this->cat_name = $A['cat_name']; $this->description = $A['description']; $this->add_date = $A['add_date']; $this->group_id = $A['group_id']; $this->owner_id = $A['owner_id']; $this->price = $A['price']; $this->ad_type = $A['ad_type']; $this->keywords = $A['keywords']; $this->image = $A['image']; $this->fgcolor = $A['fgcolor']; $this->bgcolor = $A['bgcolor']; if ($fromDB) { // perm values are already int $this->perm_owner = $A['perm_owner']; $this->perm_group = $A['perm_group']; $this->perm_members = $A['perm_members']; $this->perm_anon = $A['perm_anon']; } else { // perm values are in arrays from form list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); $this->perm_owner = $perm_owner; $this->perm_group = $perm_group; $this->perm_members = $perm_members; $this->perm_anon = $perm_anon; } }
/** * Save topic to the database * * @param string $tid Topic ID * @param string $topic Name of topic (what the user sees) * @param int $inherit whether to inherit * @param int $hidden whether to hide * @param string $parent_id Parent ID * @param string $imageUrl (partial) URL to topic image * @param string $meta_description Topic meta description * @param string $meta_keywords Topic meta keywords * @param int $sortNum number for sort order in "Topics" block * @param int $limitNews number of stories per page for this topic * @param int $owner_id ID of owner * @param int $group_id ID of group topic belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @param string $is_default 'on' if this is the default topic * @param string $is_archive 'on' if this is the archive topic * @return string HTML redirect or error message */ function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive) { global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $tid = COM_sanitizeID($tid); // Check if tid is a restricted name $restricted_tid = false; if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) { $restricted_tid = true; } // Check if tid is used by another topic $duplicate_tid = false; $old_tid = ''; if (isset($_POST['old_tid'])) { $old_tid = COM_applyFilter($_POST['old_tid']); if (!empty($old_tid)) { $old_tid = COM_sanitizeID($old_tid); // See if new topic id if (strcasecmp($tid, $old_tid)) { if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) { $duplicate_tid = true; } } } else { if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) { $duplicate_tid = true; } } } // Make sure parent id exists $parent_id_found = false; if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) { $parent_id_found = true; } // Check if parent archive topic, if so bail $archive_parent = false; $archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1'); if ($parent_id == $archive_tid) { $archive_parent = true; } // If archive topic, make sure no child topics else bail $archive_child = false; $is_archive = $is_archive == 'on' ? 1 : 0; if ($is_archive) { if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) { $archive_child = true; } } if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}."); } else { // Now check access to parent topic if ($parent_id != TOPIC_ROOT) { if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } $in_Group = SEC_inGroup($A['group_id']); } else { $access = 3; $in_Group = true; } if ($access < 3 || !$in_Group) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}."); } elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) { if ($imageUrl === '/images/topics/') { $imageUrl = ''; } $topic = GLText::remove4byteUtf8Chars(strip_tags($topic)); $topic = DB_escapeString($topic); $meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description)); $meta_description = DB_escapeString($meta_description); $meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords)); $meta_keywords = DB_escapeString($meta_keywords); if ($is_default == 'on') { $is_default = 1; DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1"); } else { $is_default = 0; } if ($is_archive) { // $tid is the archive topic // - if it wasn't already, mark all its stories "archived" now if ($archive_tid != $tid) { $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid"; DB_query($sql); $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"; DB_query($sql); } // Set hidden and inherit to false since archive topic now $inherit = ''; $hidden = ''; } else { // $tid is not the archive topic // - if it was until now, reset the "archived" status of its stories if ($archive_tid == $tid) { $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.statuscode = 0\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid"; DB_query($sql); $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"; DB_query($sql); } } $inherit = $inherit == 'on' ? 1 : 0; $hidden = $hidden == 'on' ? 1 : 0; // Cannot hide root topics so switch if needed if ($parent_id == TOPIC_ROOT && $hidden == 1) { $hidden = 0; } // If not a new topic and id change then... if (!empty($old_tid)) { if ($tid != $old_tid) { changetopicid($tid, $old_tid); $old_tid = DB_escapeString($old_tid); DB_delete($_TABLES['topics'], 'tid', $old_tid); } } DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if ($old_tid != $tid) { PLG_itemSaved($tid, 'topic', $old_tid); } else { PLG_itemSaved($tid, 'topic'); } // Reorder Topics, Delete topic cache and reload topic tree reorderTopics(); // update feed(s) COM_rdfUpToDateCheck('article', $tid); COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13'); } elseif ($restricted_tid) { $retval .= COM_errorLog($LANG27[31], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } elseif ($duplicate_tid) { $retval .= COM_errorLog($LANG27[49], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } elseif ($archive_parent) { $retval .= COM_errorLog($LANG27[46], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } elseif ($archive_child) { $retval .= COM_errorLog($LANG27[47], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } elseif (!$parent_id_found) { $retval .= COM_errorLog($LANG27[48], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } else { $retval .= COM_errorLog($LANG27[7], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } } return $retval; }
/** * Sets all variables to the matching values from $rows * * @param array $row Array of values, from DB or $_POST * @param boolean $fromDB True if read from DB, false if from form */ public function SetVars($row, $fromDB = false) { if (!is_array($row)) { return; } $this->cat_id = $row['cat_id']; $this->parent_id = $row['parent_id']; $this->description = $row['description']; $this->enabled = $row['enabled']; $this->cat_name = $row['cat_name']; $this->keywords = $row['keywords']; $this->image = $row['image']; $this->group_id = $row['group_id']; $this->owner_id = $row['owner_id']; if ($fromDB) { $this->perm_owner = $row['perm_owner']; $this->perm_group = $row['perm_group']; $this->perm_members = $row['perm_members']; $this->perm_anon = $row['perm_anon']; } else { if (isset($_POST['perm_owner'])) { $perms = SEC_getPermissionValues($row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']); $this->perm_owner = $perms[0]; $this->perm_group = $perms[1]; $this->perm_members = $perms[2]; $this->perm_anon = $perms[3]; } } }