$_CONF['advanced_editor'] = false;
}
}
$display = '';
if ($mode == $LANG_ADMIN['delete'] && !empty($LANG_ADMIN['delete'])) {
$sid = COM_applyFilter($_POST['sid']);
$type = '';
if (isset($_POST['type'])) {
$type = COM_applyFilter($_POST['type']);
}
if (!isset($sid) || empty($sid)) {
COM_errorLog('Attempted to delete story sid=' . $sid);
echo COM_refresh($_CONF['site_admin_url'] . '/story.php');
} else {
if ($type == 'submission') {
if (TOPIC_hasMultiTopicAccess('article', $sid) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
} else {
if (SEC_checkToken()) {
// Delete Topic Assignments for this submission
TOPIC_deleteTopicAssignments('article', $sid);
DB_delete($_TABLES['storysubmission'], 'sid', $sid, $_CONF['site_admin_url'] . '/moderation.php');
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
}
} else {
if (SEC_checkToken()) {
echo STORY_deleteStory($sid);
/**
* Check if the current user is allowed to delete trackback comments.
*
* @param string $sid ID of the parent object of the comment
* @param string $type type of the parent object ('article' = story, etc.)
* @return boolean true = user can delete the comment, false = nope
*
*/
function TRB_allowDelete($sid, $type)
{
global $_TABLES;
$allowed = false;
if ($type == 'article') {
$sid = DB_escapeString($sid);
$sql = "SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'" . COM_getPermSql('AND', 0, 3);
$result = DB_query($sql);
$A = DB_fetchArray($result);
if (SEC_hasRights('story.edit') && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && TOPIC_hasMultiTopicAccess('article', $sid) == 3) {
$allowed = true;
} else {
$allowed = false;
}
} else {
$allowed = PLG_handlePingComment($type, $sid, 'delete');
}
return $allowed;
}
/**
* Delete an existing story
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER;
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
if ($args['gl_svc']) {
$args['sid'] = COM_applyBasicFilter($args['sid']);
}
$sid = $args['sid'];
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
$access = min($access, TOPIC_hasMultiTopicAccess('article', $sid));
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete story {$sid}.");
$output = COM_refresh($_CONF['site_admin_url'] . '/story.php');
if ($_USER['uid'] > 1) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
STORY_doDeleteThisStoryNow($sid);
$output = COM_refresh($_CONF['site_admin_url'] . '/story.php?msg=10');
return PLG_RET_OK;
}
/**
* used for the list of stories in admin/story.php
*
* @param string $fieldName
* @param string $fieldValue
* @param array $A
* @param array $icon_arr
* @return string
*/
function ADMIN_getListField_stories($fieldName, $fieldValue, $A, $icon_arr)
{
global $_CONF, $_TABLES, $LANG24, $LANG_ACCESS, $_IMAGE_TYPE;
static $topics;
if (!isset($topics)) {
$topics = array();
}
$retval = '';
switch ($fieldName) {
case 'unixdate':
$currentTime = COM_getUserDateTimeFormat($A['unixdate']);
$retval = strftime($_CONF['daytime'], $currentTime[1]);
break;
case 'title':
$A['title'] = str_replace('$', '$', $A['title']);
$article_url = COM_buildURL($_CONF['site_url'] . '/article.php?story=' . $A['sid']);
$attr = array();
if (!empty($A['page_title'])) {
$attr['title'] = htmlspecialchars($A['page_title']);
}
$retval = COM_createLink(stripslashes($A['title']), $article_url, $attr);
break;
case 'draft_flag':
if ($A['draft_flag'] == 1) {
$retval = $LANG24[35];
} else {
$retval = $LANG24[36];
}
break;
case 'access':
case 'copy':
case 'edit':
case 'edit_adv':
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access == 3) {
if (TOPIC_hasMultiTopicAccess('article', $A['sid']) == 3) {
$access = $LANG_ACCESS['edit'];
} else {
$access = $LANG_ACCESS['readonly'];
}
} else {
$access = $LANG_ACCESS['readonly'];
}
if ($fieldName === 'access') {
$retval = $access;
} elseif ($access === $LANG_ACCESS['edit']) {
if ($fieldName == 'edit_adv') {
$editMode = 'adv';
} elseif ($fieldName === 'edit') {
$editMode = 'std';
}
if ($fieldName === 'copy') {
$copyUrl = $_CONF['site_admin_url'] . '/story.php?mode=clone&sid=' . $A['sid'];
$retval = COM_createLink($icon_arr['copy'], $copyUrl);
} else {
$editUrl = $_CONF['site_admin_url'] . '/story.php?mode=edit&editor=' . $editMode . '&sid=' . $A['sid'];
$retval = COM_createLink($icon_arr['edit'], $editUrl);
}
}
break;
case 'featured':
if ($A['featured'] == 1) {
$retval = $LANG24[35];
} else {
$retval = $LANG24[36];
}
break;
case 'ping':
// Allow ping if all topics allow anonymous access that story belongs too
$topic_anon = 0;
$tids = TOPIC_getTopicIdsForObject('article', $A['sid']);
foreach ($tids as $tid) {
$current_access = DB_getItem($_TABLES['topics'], 'perm_anon', "tid = '" . DB_escapeString($tid) . "'");
if ($topic_anon < $current_access) {
$topic_anon = $current_access;
}
}
if ($A['draft_flag'] == 0 && $A['unixdate'] < time() && $A['perm_anon'] != 0 && $topic_anon != 0) {
$pingico = '<img src="' . $_CONF['layout_url'] . '/images/sendping.' . $_IMAGE_TYPE . '" alt="' . $LANG24[21] . '" title="' . $LANG24[21] . '"' . XHTML . '>';
$url = $_CONF['site_admin_url'] . '/trackback.php?mode=sendall&id=' . $A['sid'];
$retval = COM_createLink($pingico, $url);
} else {
$retval = '';
}
break;
case 'tid':
$retval = TOPIC_getTopicAdminColumn('article', $A['sid']);
break;
case 'username':
case 'fullname':
$retval = COM_getDisplayName($A['uid'], $A['username'], $A['fullname']);
break;
default:
$retval = $fieldValue;
break;
}
return $retval;
}
/**
* Delete a block
*
* @param string $bid id of block to delete
* @return string HTML redirect or error message
*
*/
function deleteBlock($bid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}.");
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
}
TOPIC_deleteTopicAssignments('block', $bid);
DB_delete($_TABLES['blocks'], 'bid', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12');
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']);
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied']));
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_format', 'postmode');
$par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (!TOPIC_checkTopicSelectionControl()) {
$svc_msg['error_desc'] = 'No topic selected.';
return PLG_RET_ERROR;
}
if (!TOPIC_hasMultiTopicAccess('topic') < 3) {
$svc_msg['error_desc'] = 'Do not have access to one or more of selected topics.';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
$args['draft_flag'] = 'on';
}
if (empty($args['cache_time'])) {
$args['cache_time'] = $_SP_CONF['default_cache_time'];
}
if (empty($args['template_flag'])) {
$args['template_flag'] = '';
}
if (empty($args['template_id'])) {
$args['template_id'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_title = $args['sp_title'];
$sp_page_title = $args['sp_page_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
} else {
// If empty but menu on then use title as default
if ($sp_onmenu == 'on') {
$sp_label = $sp_title;
}
}
$meta_description = $args['meta_description'];
$meta_keywords = $args['meta_keywords'];
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$draft_flag = $args['draft_flag'];
$cache_time = $args['cache_time'];
$template_flag = $args['template_flag'];
$template_id = $args['template_id'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor']));
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content) && TOPIC_checkTopicSelectionControl() && TOPIC_hasMultiTopicAccess('topic') == 3) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
if ($draft_flag == 'on') {
$draft_flag = 1;
} else {
$draft_flag = 0;
}
if ($template_flag == 'on') {
$template_flag = 1;
} else {
$template_flag = 0;
}
// Remove any autotags the user doesn't have permission to use
$sp_content = PLG_replaceTags($sp_content, '', true);
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_page_title = strip_tags($sp_page_title);
$sp_label = strip_tags($sp_label);
$meta_description = strip_tags($meta_description);
$meta_keywords = strip_tags($meta_keywords);
$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_page_title = DB_escapeString($sp_page_title);
$sp_label = DB_escapeString($sp_label);
$meta_description = DB_escapeString($meta_description);
$meta_keywords = DB_escapeString($meta_keywords);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// If PHP page then no cache
if ($sp_php == 0) {
if ($cache_time < -1) {
$cache_time = $_SP_CONF['default_cache_time'];
}
} else {
$cache_time = $_SP_CONF['default_cache_time'];
}
// If marked as a template then set id to nothing and other default settings
if ($template_flag == 1) {
$template_id = '';
$sp_onmenu = 0;
$sp_label = "";
$sp_centerblock = 0;
$sp_php = 0;
$cache_time = 0;
$sp_inblock = 0;
$sp_nf = 0;
$sp_hits = 0;
$meta_description = "";
$meta_keywords = "";
} else {
// See if it was a template before, if so and option changed, remove use from other pages
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
if ($template_id != '') {
// If using a template, make sure php disabled
$sp_php = 0;
// Double check template id exists and is still a template
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
$template_id = '';
}
}
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
// Retrieve Topic data
TOPIC_getDataTopicSelectionControl($topic_option, $tids, $inherit_tids, $default_tid);
$sql = "UPDATE {$_TABLES['staticpage']},{$_TABLES['topic_assignments']} ta SET sp_centerblock = 0\n WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (draft_flag = 0)\n AND ta.type = 'staticpages' AND ta.id = sp_id ";
if ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION) {
$sql .= " AND (ta.tid = '{$topic_option}')";
} else {
$sql .= " AND (ta.tid IN ('" . implode("','", $tids) . "'))";
}
// if we're in a multi-language setup, we need to allow one "entire
// page" centerblock for 'all' or 'none' per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($topic_option == TOPIC_ALL_OPTION || $topic_option == TOPIC_HOMEONLY_OPTION)) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND ta.tid LIKE '%\\_{$lang_id}'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Retrieve created date
$datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
if ($datecreated == '') {
$datecreated = date('Y-m-d H:i:s');
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,cache_time,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$cache_time},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
TOPIC_saveTopicSelectionControl('staticpages', $sp_id);
if ($delete_old_page && !empty($sp_old_id)) {
// If a template and the id changed, update any staticpages that use it
if ($template_flag == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
// Delete Topic Assignments for this old staticpage since we just created new ones
TOPIC_deleteTopicAssignments('staticpages', $sp_old_id);
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
}
if (empty($sp_old_id) || $sp_id == $sp_old_id) {
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages');
// Clear Cache
$cacheInstance = 'staticpage__' . $sp_id . '__';
CACHE_remove_instance($cacheInstance);
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
// Clear Cache
$cacheInstance = 'staticpage__' . $A['sp_id'] . '__';
CACHE_remove_instance($cacheInstance);
}
}
} else {
DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
// Clear Cache
$cacheInstance = 'staticpage__' . $sp_old_id . '__';
CACHE_remove_instance($cacheInstance);
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
// Clear Cache
$cacheInstance = 'staticpage__' . $A['sp_id'] . '__';
CACHE_remove_instance($cacheInstance);
}
}
}
$url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['staticpageeditor']));
return PLG_RET_ERROR;
}
}
/**
* Handles comment processing
*
* @param string $mode Mode of comment processing
* @param string $type Type of item (article, polls, etc.)
* @param string $title Title of item
* @param string $sid ID for item to show comments for
* @param string $format 'threaded', 'nested', or 'flat'
* @return string HTML formated
*/
function CMT_handleComment($mode = '', $type = '', $title = '', $sid = '', $format = '')
{
global $_CONF, $_TABLES, $_USER, $LANG03, $LANG_ADMIN, $topic, $_PLUGINS;
$commentmode = '';
if (!empty($_REQUEST[CMT_MODE])) {
$commentmode = COM_applyFilter($_REQUEST[CMT_MODE]);
}
if (empty($mode)) {
$mode = COM_applyFilter(COM_getArgument(CMT_MODE));
}
if (empty($commentmode) && !empty($mode)) {
$commentmode = $mode;
}
if (empty($sid) && !empty($_REQUEST[CMT_SID])) {
$sid = COM_applyFilter($_REQUEST[CMT_SID]);
}
$pid = 0;
if (!empty($_REQUEST[CMT_PID])) {
$pid = COM_applyFilter($_REQUEST[CMT_PID], true);
}
if (empty($type) && !empty($_REQUEST[CMT_TYPE])) {
$type = COM_applyFilter($_REQUEST[CMT_TYPE]);
}
if (!empty($_REQUEST['title'])) {
$title = $_REQUEST['title'];
// apply filters later in CMT_commentForm or CMT_saveComment
}
if (!empty($_REQUEST[CMT_UID])) {
$uid = COM_applyFilter($_REQUEST[CMT_UID]);
} else {
$uid = 1;
if (!empty($_USER['uid'])) {
$uid = $_USER['uid'];
}
}
$postmode = $_CONF['postmode'];
if (isset($_REQUEST['postmode'])) {
$postmode = COM_applyFilter($_REQUEST['postmode']);
}
$formtype = '';
if (!empty($_REQUEST['formtype'])) {
$formtype = COM_applyFilter($_REQUEST['formtype']);
}
// Get comment id, may not be there...will handle in function
$cid = 0;
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
TOPIC_getTopic('comment', $cid);
if (empty($format) && isset($_REQUEST['format'])) {
$format = COM_applyFilter($_REQUEST['format']);
}
if (!in_array($format, array('threaded', 'nested', 'flat', 'nocomment'))) {
if (COM_isAnonUser()) {
$format = $_CONF['comment_mode'];
} else {
$format = DB_getItem($_TABLES['usercomment'], 'commentmode', "uid = {$_USER['uid']}");
}
}
$order = '';
if (isset($_REQUEST['order'])) {
$order = COM_applyFilter($_REQUEST['order']);
}
$cpage = 1;
if (!empty($_REQUEST['cpage'])) {
$cpage = COM_applyFilter($_REQUEST['cpage'], true);
if (empty($cpage)) {
$cpage = 1;
}
}
$is_comment_page = CMT_isCommentPage();
$retval = '';
if ($_CONF['show_comments_at_replying'] && $is_comment_page && !empty($sid) && !empty($type) && in_array($commentmode, array('', $LANG03[28], $LANG03[34], $LANG03[14], 'edit'))) {
if ($commentmode == 'edit') {
$cid = 0;
if (isset($_REQUEST[CMT_CID])) {
$cid = COM_applyFilter($_REQUEST[CMT_CID], true);
}
if ($cid <= 0) {
COM_errorLog("CMT_handleComment(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$pid = $cid;
}
if ($pid > 0 && empty($title)) {
$atype = DB_escapeString($type);
$title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
}
if (empty($title)) {
$title = PLG_getItemInfo($type, $sid, 'title');
$title = str_replace('$', '$', $title);
// CMT_userComments expects non-htmlspecial chars for title...
$title = str_replace('&', '&', $title);
$title = str_replace('"', '"', $title);
$title = str_replace('<', '<', $title);
$title = str_replace('>', '>', $title);
}
$retval .= CMT_userComments($sid, $title, $type, $order, $format, $pid, $cpage, $pid > 0, false, 0);
}
switch ($commentmode) {
case $LANG03[28]:
// Preview Changes (for edit)
// Preview Changes (for edit)
case $LANG03[34]:
// Preview Submission changes (for edit)
// Preview Submission changes (for edit)
case $LANG03[14]:
// Preview
$retval .= CMT_commentForm($title, $_POST['comment'], $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
if ($is_comment_page) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[14]));
}
break;
case $LANG03[35]:
// Submit Changes to Moderation table
// Submit Changes to Moderation table
case $LANG03[29]:
// Submit Changes
if (SEC_checkToken()) {
$retval .= CMT_handleEditSubmit($commentmode);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
break;
case $LANG03[11]:
// Submit comment
$retval .= CMT_handleSubmit($title, $sid, $pid, $type, $postmode, $uid);
break;
case $LANG_ADMIN['delete']:
case 'delete':
// Delete comment
if (SEC_checkToken()) {
$retval .= CMT_handleDelete($sid, $type, $formtype);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
break;
case 'view':
// View comment by $cid
$retval .= CMT_handleView($format, $order, $cpage, true);
break;
case 'display':
// View comment by $pid
$retval .= CMT_handleView($format, $order, $cpage, false);
break;
case 'report':
if ($is_comment_page) {
$cid = 0;
if (isset($_GET[CMT_CID])) {
$cid = COM_applyFilter($_GET[CMT_CID], true);
}
$type = '';
if (isset($_GET[CMT_TYPE])) {
$type = COM_applyFilter($_GET[CMT_TYPE]);
}
if ($cid <= 0 || empty($type)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$retval .= CMT_reportAbusiveComment($cid, $type);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[27]));
}
break;
case 'sendreport':
if (SEC_checkToken()) {
$cid = 0;
if (isset($_POST[CMT_CID])) {
$cid = COM_applyFilter($_POST[CMT_CID], true);
}
$type = '';
if (isset($_POST[CMT_TYPE])) {
$type = COM_applyFilter($_POST[CMT_TYPE]);
}
if ($cid <= 0 || empty($type)) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$retval .= CMT_sendReport($cid, $type);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
break;
case 'editsubmission':
if (!SEC_hasRights('comment.moderate')) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
// deliberate fall-through
// deliberate fall-through
case 'edit':
$retval .= CMT_handleEdit($commentmode, $postmode, $format, $order, $cpage);
if ($is_comment_page) {
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1]));
}
break;
case 'unsubscribe':
$cid = 0;
$key = COM_applyFilter($_GET['key']);
if (!empty($key)) {
$key = DB_escapeString($key);
$cid = DB_getItem($_TABLES['commentnotifications'], 'cid', "deletehash = '{$key}'");
if (!empty($cid)) {
$redirecturl = $_CONF['site_url'] . '/comment.php?mode=view&cid=' . $cid . '&format=nested&msg=16';
DB_delete($_TABLES['commentnotifications'], 'deletehash', $key, $redirecturl);
exit;
}
}
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
break;
case $LANG_ADMIN['cancel']:
if ($formtype == 'editsubmission') {
echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
exit;
} else {
$retval .= CMT_handleCancel();
// moved to function for readibility
}
break;
default:
// New Comment or Reply Comment
$abort = false;
// Check to make sure comment type exists
if ($type != 'article' && !in_array($type, $_PLUGINS)) {
$abort = true;
}
// Check article permissions
if (!$abort && $type == 'article' && !empty($sid)) {
$dbTitle = DB_getItem($_TABLES['stories'], 'title', "(sid = '{$sid}') AND (draft_flag = 0) AND (date <= NOW()) AND (commentcode = 0)" . COM_getPermSQL('AND'));
// if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid) < 2) { // Make sure have at least read access to topics to post comment
if ($dbTitle === null || TOPIC_hasMultiTopicAccess('article', $sid, $topic) < 2) {
// Make sure have at least read access to current topic of article to post comment
// no permissions, or no story of that title
$abort = true;
}
}
if (!$abort && !empty($sid) && !empty($type)) {
if ($pid > 0 && empty($title)) {
$atype = DB_escapeString($type);
$title = DB_getItem($_TABLES['comments'], 'title', "(cid = {$pid}) AND (type = '{$atype}')");
}
if (empty($title)) {
$title = PLG_getItemInfo($type, $sid, 'title');
// Check title, if for some reason blank assume no access allowed to plugin item (therefore cannot add comment) so return to homepage
if (is_array($title) || empty($title) || $title == false) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
$title = str_replace('$', '$', $title);
// CMT_commentForm expects non-htmlspecial chars for title...
$title = str_replace('&', '&', $title);
$title = str_replace('"', '"', $title);
$title = str_replace('<', '<', $title);
$title = str_replace('>', '>', $title);
}
$retval .= CMT_commentForm($title, '', $sid, $pid, $type, $commentmode, $postmode, $format, $order, $cpage);
} else {
if (COMMENT_ON_SAME_PAGE) {
// Do nothing and do not show comment form (happens most likely when admin viewing draft article)
} else {
// For comments not displayed on same page (probably owner pushed the post comment button on a draft article)
echo COM_refresh($_CONF['site_url'] . '/index.php');
exit;
}
}
if ($is_comment_page) {
$noindex = '<meta name="robots" content="noindex"' . XHTML . '>';
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG03[1], 'headercode' => $noindex));
}
break;
}
return $retval;
}
/**
* Saves a story submission.
*
* @return integer result code explaining behaviour.
*/
public function saveSubmission()
{
global $_USER, $_CONF, $_TABLES;
$this->_sid = COM_makeSid();
if (COM_isAnonUser()) {
$this->_uid = 1;
} else {
$this->_uid = $_USER['uid'];
}
// Remove any autotags the user doesn't have permission to use
$introText = PLG_replaceTags($this->_introtext, '', true);
$bodyText = PLG_replaceTags($this->_bodytext, '', true);
if (!TOPIC_hasMultiTopicAccess('topic')) {
// user doesn't have access to one or more topics - bail
return STORY_NO_ACCESS_TOPIC;
}
if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) {
$sid = DB_escapeString($this->_sid);
$title = DB_escapeString($this->_title);
$introText = DB_escapeString($introText);
$bodyText = DB_escapeString($bodyText);
$postMode = DB_escapeString($this->_postmode);
DB_save($_TABLES['storysubmission'], 'sid,uid,title,introtext,bodytext,date,postmode,text_version', "{$sid},{$this->_uid},'{$title}'," . "'{$introText}','{$bodyText}',NOW(),'{$postMode}','{$this->_text_version}'");
// Save Topics selected
TOPIC_saveTopicSelectionControl('article', $sid);
return STORY_SAVED_SUBMISSION;
} else {
// post this story directly. First establish the necessary missing data.
$this->sanitizeData();
if (!isset($_CONF['show_topic_icon'])) {
$_CONF['show_topic_icon'] = 1;
}
/*
if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) { // A bug using undefined variable $tmptid
$this->_frontpage = 0;
} elseif (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_oldsid = $this->_sid; // dead code
*/
$this->_date = mktime();
$this->_featured = 0;
$this->_commentcode = $_CONF['comment_code'];
$this->_trackbackcode = $_CONF['trackback_code'];
$this->_statuscode = 0;
$this->_show_topic_icon = $_CONF['show_topic_icon'];
$this->_cache_time = $_CONF['default_cache_time_article'];
if (COM_isAnonUser()) {
$this->_owner_id = 1;
} else {
$this->_owner_id = $_USER['uid'];
}
/*
$this->_group_id = $T['group_id'];
$this->_perm_owner = $T['perm_owner'];
$this->_perm_group = $T['perm_group'];
$this->_perm_members = $T['perm_members'];
$this->_perm_anon = $T['perm_anon'];
*/
// Save Topics selected
TOPIC_saveTopicSelectionControl('article', $this->_sid);
$sql = "SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag " . "FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta " . "WHERE ta.type = 'article' AND ta.id = '{$this->_sid}' " . "AND ta.tdefault = 1 AND ta.tid = t.tid";
$result = DB_query($sql);
$A = DB_fetchArray($result);
if ($A['archive_flag'] == 1) {
$this->_frontpage = 0;
} elseif (isset($_CONF['frontpage'])) {
$this->_frontpage = $_CONF['frontpage'];
} else {
$this->_frontpage = 1;
}
$this->_group_id = $A['group_id'];
$this->_perm_owner = $A['perm_owner'];
$this->_perm_group = $A['perm_group'];
$this->_perm_members = $A['perm_members'];
$this->_perm_anon = $A['perm_anon'];
$this->saveToDatabase();
PLG_itemSaved($this->_sid, 'article');
COM_rdfUpToDateCheck('article');
COM_rdfUpToDateCheck('comment');
STORY_updateLastArticlePublished();
return STORY_SAVED;
}
}
