Example #1
0
function get_IPTC($filename)
{
    $IPTC_data = array();
    $size = GetImageSize($filename, $info);
    if (isset($info["APP13"])) {
        $iptc = iptcparse($info["APP13"]);
        if (is_array($iptc)) {
            $IPTC_data = array("Title" => $iptc["2#005"][0], "Urgency" => $iptc["2#010"][0], "Category" => $iptc["2#015"][0], "SubCategories" => $iptc["2#020"], "Keywords" => $iptc["2#025"], "Instructions" => $iptc["2#040"][0], "CreationDate" => $iptc["2#055"][0], "CreationTime" => $iptc["2#060"][0], "ProgramUsed" => $iptc["2#065"][0], "Author" => $iptc["2#080"][0], "Position" => $iptc["2#085"][0], "City" => $iptc["2#090"][0], "State" => $iptc["2#095"][0], "Country" => $iptc["2#101"][0], "TransmissionReference" => $iptc["2#103"][0], "Headline" => $iptc["2#105"][0], "Credit" => $iptc["2#110"][0], "Source" => $iptc["2#115"][0], "Copyright" => $iptc["2#116"][0], "Caption" => $iptc["2#120"][0], "CaptionWriter" => $iptc["2#122"][0]);
            $IPTC_data = strip_IPTC($IPTC_data);
            //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
            $IPTC_data = filter_content($IPTC_data);
            //run the data against the bad word list
        }
    }
    return $IPTC_data;
}
Example #2
0
 /**
  * 发布活动
  * @param int $id
  * @param int $cover_id
  * @param string $title
  * @param string $explain
  * @param string $sTime
  * @param string $eTime
  * @param string $address
  * @param int $limitCount
  * @param string $deadline
  * autor:xjw129xjt
  */
 public function doPost($id = 0, $cover_id = 0, $title = '', $explain = '', $sTime = '', $eTime = '', $address = '', $limitCount = 0, $deadline = '', $type_id = 0)
 {
     if (!is_login()) {
         $this->error('请登陆后再投稿。');
     }
     if (!$cover_id) {
         $this->error('请上传封面。');
     }
     if (trim(op_t($title)) == '') {
         $this->error('请输入标题。');
     }
     if ($type_id == 0) {
         $this->error('请选择分类。');
     }
     if (trim(op_h($explain)) == '') {
         $this->error('请输入内容。');
     }
     if (trim(op_h($address)) == '') {
         $this->error('请输入地点。');
     }
     if ($eTime < $deadline) {
         $this->error('报名截止不能大于活动结束时间');
     }
     if ($deadline == '') {
         $this->error('请输入截止日期');
     }
     if ($sTime > $eTime) {
         $this->error('活动开始时间不能大于活动结束时间');
     }
     $content = $this->eventModel->create();
     $content['explain'] = filter_content($content['explain']);
     $content['title'] = op_t($content['title']);
     $content['sTime'] = strtotime($content['sTime']);
     $content['eTime'] = strtotime($content['eTime']);
     $content['deadline'] = strtotime($content['deadline']);
     $content['type_id'] = intval($type_id);
     if ($id) {
         $content_temp = $this->eventModel->find($id);
         $this->checkAuth('Event/Index/edit', $content_temp['uid'], '您无该活动编辑权限。');
         $this->checkActionLimit('add_event', 'event', $id, is_login(), true);
         $content['uid'] = $content_temp['uid'];
         //权限矫正,防止被改为管理员
         $rs = $this->eventModel->save($content);
         if (D('Common/Module')->isInstalled('Weibo')) {
             //安装了微博模块
             $postUrl = "http://{$_SERVER['HTTP_HOST']}" . U('detail', array('id' => $id));
             D('Weibo')->addWeibo(is_login(), "我修改了活动【" . $title . "】:" . $postUrl);
         }
         if ($rs) {
             action_log('add_event', 'event', $id, is_login());
             $this->success('编辑成功。', U('detail', array('id' => $content['id'])));
         } else {
             $this->success('编辑失败。', '');
         }
     } else {
         $this->checkAuth('Event/Index/add', -1, '您无活动发布权限。');
         $this->checkActionLimit('add_event', 'event', 0, is_login(), true);
         if (modC('NEED_VERIFY', 0) && !is_administrator()) {
             $content['status'] = 0;
             $tip = '但需管理员审核通过后才会显示在列表中,请耐心等待。';
             $user = query_user(array('username', 'nickname'), is_login());
             D('Common/Message')->sendMessage(C('USER_ADMINISTRATOR'), $title = '活动发布提醒', "{$user['nickname']}发布了一个活动,请到后台审核。", 'Admin/Event/verify', array(), is_login(), 2);
         }
         $aIsAttend = I('post.isAttend', 0, 'intval');
         if ($aIsAttend) {
             $content['attentionCount'] = 1;
             $content['signCount'] = 1;
         }
         $rs = $this->eventModel->add($content);
         if ($aIsAttend) {
             $data['uid'] = is_login();
             $data['event_id'] = $rs;
             $data['name'] = '活动发布者';
             $data['create_time'] = time();
             $data['status'] = 1;
             $this->eventAttendModel->add($data);
         }
         if (D('Common/Module')->isInstalled('Weibo')) {
             //安装了微博模块
             //同步到微博
             $postUrl = "http://{$_SERVER['HTTP_HOST']}" . U('Event/Index/detail', array('id' => $rs));
             D('Weibo')->addWeibo(is_login(), "我发布了一个新的活动【" . $title . "】:" . $postUrl);
         }
         if ($rs) {
             action_log('add_event', 'event', $rs, is_login());
             $this->success('发布成功。' . $tip, U('index'));
         } else {
             $this->success('发布失败。', '');
         }
     }
 }
function wototo_get_manifest()
{
    global $wpdb;
    $id = intval(array_key_exists('id', $_POST) ? $_POST['id'] : (array_key_exists('id', $_GET) ? $_GET['id'] : ''));
    if (!$id) {
        echo '# Invalid request: id not specified';
        wp_die();
    }
    $post = get_post($id);
    if ($post === null) {
        echo '# Not found: post ' . $id . ' not found';
        wp_die();
    }
    if ($post->post_status != 'publish') {
        echo '# Not permitted: post ' . $id . ' is not published/public (' . $post->post_status . ')';
        wp_die();
    }
    if ($post->post_type != 'wototo_app') {
        echo '# Invalid request: post ' . $id . ' is not an app (' . $post->post_type . ')';
        wp_die();
    }
    $lastModified = mysql2date('U', $post->post_modified_gmt);
    // plugiN change => check the rest
    $pluginLastModified = filemtime(__FILE__);
    if ($lastModified && $pluginLastModified && $pluginLastModified > $lastModified) {
        $lastModified = $pluginLastModified;
    }
    // check last modified and cache things
    $thing_ids = wototo_get_thing_ids($post->ID);
    $items = array();
    foreach ($thing_ids as $thing_id) {
        $ix = strpos($thing_id, ':');
        $idprefix = '';
        if ($ix !== FALSE) {
            $item_id = substr($thing_id, $ix + 1);
            $idprefix = substr($thing_id, 0, $ix);
        }
        if ($idprefix) {
            $item = get_post($item_id);
            if ($item) {
                $items[(string) $thing_id] = $item;
                $itemLastModified = mysql2date('U', $item->post_modified_gmt);
                if ($lastModified && $itemLastModified && $itemLastModified > $lastModified) {
                    $lastModified = $itemLastModified;
                }
            }
        }
    }
    handle_if_modified_since($lastModified);
    header("Content-Type: text/cache-manifest");
    ?>
CACHE MANIFEST
<?php 
    echo '# wototo version ' . WOTOTO_VERSION . "\n";
    output_plugin_files(array('stylesheets/offline.css', 'vendor/leaflet/leaflet.css'), "cache files");
    output_plugin_files(array('icons/loading.gif', 'icons/place.png', 'icons/booklet.png', 'icons/list.png', 'icons/file.png', 'icons/form.png', 'icons/html.png', 'icons/arrow-l-black.png', 'icons/arrow-r-black.png', 'icons/back-black.png', 'icons/bars-black.png', 'icons/locked.png'), "default icons");
    output_plugin_files(array('vendor/leaflet/images/marker-icon-2x.png', 'vendor/leaflet/images/marker-icon.png', 'vendor/leaflet/images/marker-shadow.png', 'vendor/leaflet/images/my-icon-2x.png', 'vendor/leaflet/images/my-icon.png'), "leaflet icons");
    output_plugin_files(array('icons/upload.png', 'icons/uploading.png', 'icons/upload-success.png', 'icons/upload-error.png'), "upload icons");
    output_plugin_files(array('icons/location-ok.png', 'icons/location-searching.png', 'icons/location-off.png', 'icons/navigation-black.png'), "location icons");
    output_plugin_files(array('icons/like-undefined.png', 'icons/like-0.png', 'icons/like-1.png', 'icons/like-2.png'), "like icons");
    output_plugin_files(array('vendor/modernizr/modernizr.js', 'vendor/jquery/dist/jquery.min.js', 'vendor/foundation/js/foundation.min.js', 'vendor/foundation/js/foundation/foundation.reveal.js', 'vendor/foundation/js/foundation/foundation.offcanvas.js', 'vendor/foundation/js/foundation/foundation.topbar.js', 'vendor/underscore/underscore.js', 'vendor/IndexedDBShim/IndexedDBShim.min.js', 'vendor/backbone/backbone.js', 'vendor/pouchdb/dist/pouchdb-3.0.2.min.js', 'vendor/backbone-pouchdb/dist/backbone-pouch.js', 'vendor/backbone-indexeddb/backbone-indexeddb.js', 'vendor/filesaver/FileSaver.js', 'vendor/node-uuid/uuid.js', 'vendor/js-base64/base64.js', 'js/offlineapp.js', 'clientid.js', 'vendor/leaflet/leaflet.js'), "javascript from index");
    $wototo = array_key_exists('wototo', $_POST) ? $_POST['wototo'] : (array_key_exists('wototo', $_GET) ? $_GET['wototo'] : 0);
    if ($wototo) {
        output_plugin_files(array('vendor/cordova/cordova.js', 'vendor/cordova/cordova_plugins.js', 'vendor/cordova/plugins/org.opensharingtoolkit.cordova.aestheticodes/www/aestheticodes.js', 'vendor/cordova/plugins/com.phonegap.plugins.barcodescanner/www/barcodescanner.js'), "Apache Cordova");
    }
    ?>
# app json
<?php 
    echo "# last modified {$post->post_modified_gmt}\n";
    echo admin_url('admin-ajax.php') . '?action=wototo_get_json&id=' . rawurlencode('app:' . $post->ID) . "\n";
    $mediafiles = array();
    add_mediafiles($mediafiles, filter_content($post->post_content));
    foreach ($thing_ids as $thing_id) {
        echo "# item {$thing_id}\n";
        $item = $items[(string) $thing_id];
        if ($item) {
            if ($idprefix == 'html' || $idprefix == 'place') {
                echo "# last modified {$item->post_modified_gmt}\n";
                echo admin_url('admin-ajax.php') . '?action=wototo_get_json&id=' . rawurlencode($thing_id) . "\n";
                add_mediafiles($mediafiles, filter_content($item->post_content));
                $thumbid = get_post_thumbnail_id($item->ID);
                if ($thumbid) {
                    $url = wototo_get_iconurl($thumbid);
                    if (!in_array($url, $mediafiles)) {
                        $mediafiles[] = $url;
                    }
                }
            }
            if ($idprefix == 'place') {
                $geojson = json_decode(get_post_meta($item->ID, 'geojson', true), true);
                if ($geojson && is_array($geojson)) {
                    $lat = geojson_get_lat($geojson);
                    $lon = geojson_get_lon($geojson);
                    $zoom = geojson_get_zoom($geojson);
                    if ($lat !== null && $lon !== null && $zoom !== null) {
                        add_maptiles($mediafiles, $lat, $lon, $zoom);
                    } else {
                        echo "# invalid map post geojson " . json_encode($geojson) . "\n";
                    }
                }
            }
        }
    }
    ?>
# media files
<?php 
    foreach ($mediafiles as $mediafile) {
        echo $mediafile . "\n";
    }
    ?>
# artcode experience hook
<?php 
    echo '#' . admin_url('admin-ajax.php') . '?action=wototo_get_artcode&id=' . rawurlencode($id) . "\n";
    ?>
# general network access
NETWORK:
#*

<?php 
    echo '# Manifest...';
    wp_die();
}
Example #4
0
/**
 * filter_content()
 *
 * Replace strings that match badwords with tokens indicating it has been filtered.
 *
 * @param string or array $str
 * @return string or array
 **/
function filter_content($str)
{
    global $lang_bad_words, $CONFIG, $ercp;
    if ($CONFIG['filter_bad_words']) {
        static $ercp = array();
        if (!count($ercp)) {
            foreach ($lang_bad_words as $word) {
                $ercp[] = '/' . ($word[0] == '*' ? '' : '\\b') . str_replace('*', '', $word) . ($word[strlen($word) - 1] == '*' ? '' : '\\b') . '/i';
            }
        }
        if (is_array($str)) {
            $new_str = array();
            foreach ($str as $key => $element) {
                $new_str[$key] = filter_content($element);
            }
            $str = $new_str;
        } else {
            $stripped_str = strip_tags($str);
            $str = preg_replace($ercp, '(...)', $stripped_str);
        }
    }
    return $str;
}
 public function editReply($id = null, $content = '', $create_time = 0, $update_time = 0, $status = 1)
 {
     if (IS_POST) {
         //判断是否为编辑模式
         $isEdit = $id ? true : false;
         //写入数据库
         $data = array('content' => filter_content($content), 'create_time' => $create_time, 'update_time' => $update_time, 'status' => $status);
         $model = M('ForumPostReply');
         if ($isEdit) {
             $result = $model->where(array('id' => $id))->save($data);
         } else {
             $result = $model->add($data);
         }
         //如果写入出错,则显示错误消息
         if ($result === false) {
             $this->error($isEdit ? '编辑失败' : '创建失败');
         }
         //返回成功消息
         $this->success($isEdit ? '编辑成功' : '创建成功', U('reply'));
     } else {
         //判断是否为编辑模式
         $isEdit = $id ? true : false;
         //读取回复内容
         if ($isEdit) {
             $model = M('ForumPostReply');
             $reply = $model->where(array('id' => $id))->find();
         } else {
             $reply = array('status' => 1);
         }
         //显示页面
         $builder = new AdminConfigBuilder();
         $builder->title($isEdit ? '编辑回复' : '创建回复')->keyId()->keyEditor('content', '内容')->keyCreateTime()->keyUpdateTime()->keyStatus()->data($reply)->buttonSubmit(U('editReply'))->buttonBack()->display();
     }
 }
 public function doPost($id = 0, $cover_id = 0, $title = '', $content = '', $issue_id = 0, $url = '')
 {
     if (!check_auth('addIssueContent')) {
         $this->error('抱歉,您不具备投稿权限。');
     }
     $issue_id = intval($issue_id);
     if (!is_login()) {
         $this->error('请登陆后再投稿。');
     }
     if (!$cover_id) {
         $this->error('请上传封面。');
     }
     if (trim(op_t($title)) == '') {
         $this->error('请输入标题。');
     }
     if (trim(op_h($content)) == '') {
         $this->error('请输入内容。');
     }
     if ($issue_id == 0) {
         $this->error('请选择分类。');
     }
     if (trim(op_h($url)) == '') {
         $this->error('请输入网址。');
     }
     $content = D('IssueContent')->create();
     $content['content'] = filter_content($content['content']);
     $content['title'] = op_t($content['title']);
     $content['url'] = op_t($content['url']);
     //新增链接框
     $content['issue_id'] = $issue_id;
     if ($id) {
         $content_temp = D('IssueContent')->find($id);
         if (!check_auth('editIssueContent')) {
             //不是管理员则进行检测
             if ($content_temp['uid'] != is_login()) {
                 $this->error('不可操作他人的内容。');
             }
         }
         $content['uid'] = $content_temp['uid'];
         //权限矫正,防止被改为管理员
         $rs = D('IssueContent')->save($content);
         if ($rs) {
             $this->success('编辑成功。', U('issueContentDetail', array('id' => $content['id'])));
         } else {
             $this->success('编辑失败。', '');
         }
     } else {
         if (modC('NEED_VERIFY', 0) && !is_administrator()) {
             $content['status'] = 0;
             $tip = '但需管理员审核通过后才会显示在列表中,请耐心等待。';
             $user = query_user(array('nickname'), is_login());
             $admin_uids = explode(',', C('USER_ADMINISTRATOR'));
             foreach ($admin_uids as $admin_uid) {
                 D('Common/Message')->sendMessage($admin_uid, $title = '专辑投稿提醒', "{$user['nickname']}向专辑投了一份稿件,请到后台审核。", 'Admin/Issue/verify', array(), is_login(), 2);
             }
         }
         $rs = D('IssueContent')->add($content);
         if ($rs) {
             $this->success('投稿成功。' . $tip, 'refresh');
         } else {
             $this->success('投稿失败。', '');
         }
     }
 }
        </div>
    </div>
    <script>
        $(function(){
           $('.tooltip-options').tooltip({html:true});
        });
    </script>
    <div id="romanOrigin" class="panel panel-default instrument-body">
        <div class="panel-heading">
            <h4 class="panel-title">拉曼光谱原理介绍</h4>
        </div>
        <div class="panel-body">
            <p>
                <?php 
$content = file_get_contents('content/romanOrigin.txt');
filter_content($content);
?>
            </p>
        </div>
    </div>

    <div id="blank" class="panel panel-default instrument-body">
        <div class="panel-heading">
            <h4 class="panel-title">提示</h4>
        </div>
        <div class="panel-body">
            <p>
                该栏目还没有相关内容。
            </p>
        </div>
    </div>
function postselector_get_posts()
{
    global $wpdb;
    check_ajax_referer('postselector-ajax', 'security');
    $id = intval($_POST['id'] ? $_POST['id'] : $_GET['id']);
    if (!$id) {
        echo '# Invalid request: id not specified';
        wp_die();
    }
    $post = get_post($id);
    if ($post === null) {
        echo '# Not found: post ' . $id . ' not found';
        wp_die();
    }
    if (!current_user_can('read_post', $post->ID)) {
        echo '# Not permitted: post ' . $id . ' is not readable for this user';
        wp_die();
    }
    if ($post->post_type != 'postselector') {
        echo '# Invalid request: post ' . $id . ' is not an app (' . $post->post_type . ')';
        wp_die();
    }
    $postselector_output_app = get_post_meta($post->ID, '_postselector_output_app', true);
    $selected_ids = array();
    $rejected_ids = array();
    if ($postselector_output_app) {
        $app = get_post(intval($postselector_output_app));
        if (!$app) {
            echo '# Invalid request: output app ' . ${$postselector_output_app} . ' not found';
            wp_die();
        }
        $ids = get_post_meta($app->ID, '_postselector_selected_ids', true);
        if ($ids) {
            $ids = json_decode($ids, true);
            if (is_array($ids)) {
                $selected_ids = $ids;
            }
            // else error... not sure how to signal it, though!
        }
        $ids = get_post_meta($app->ID, '_postselector_rejected_ids', true);
        if ($ids) {
            $ids = json_decode($ids, true);
            if (is_array($ids)) {
                $rejected_ids = $ids;
            }
            // else error... not sure how to signal it, though!
        }
    }
    $postselector_input_category = get_post_meta($post->ID, '_postselector_input_category', true);
    $posts = array();
    if ($postselector_input_category) {
        $args = array('category' => $postselector_input_category, 'post_type' => array('post', 'page', 'anywhere_map_post'));
        $ps = get_posts($args);
        foreach ($ps as $p) {
            if (current_user_can('read_post', $p->ID)) {
                $thumbid = get_post_thumbnail_id($p->ID);
                $selected = null;
                $rank = array_search($p->ID, $selected_ids);
                if ($rank !== FALSE) {
                    $selected = TRUE;
                } else {
                    $rank = array_search($p->ID, $rejected_ids);
                    if ($rank !== FALSE) {
                        $selected = FALSE;
                    }
                }
                if ($rank === FALSE) {
                    $rank = null;
                }
                $selected = in_array($p->ID, $selected_ids) ? true : (in_array($p->ID, $rejected_ids) ? false : null);
                $post = array("title" => $p->post_title, "id" => $p->ID, "content" => filter_content($p->post_content), "status" => $p->post_status, "type" => $p->post_type, "iconurl" => $thumbid ? wp_get_attachment_url($thumbid) : null, "selected" => $selected, "rank" => $rank);
                $posts[] = $post;
            }
        }
    }
    header("Content-Type: application/json");
    echo json_encode($posts);
    wp_die();
}
Example #9
0
 public function doAddInfo()
 {
     unset($_POST['__hash__']);
     $entity_id = I('post.entity_id', 0, 'intval');
     $info_id = I('post.info_id', 0, 'intval');
     $aOverTime = I('post.over_time', '', 'op_t');
     $entity = D('cat_entity')->find($entity_id);
     /**权限认证**/
     $can_post = CheckCanPostEntity(is_login(), $entity_id);
     if (!$can_post) {
         $this->error('对不起,您无权发布。');
     }
     /**权限认证end*/
     $info['title'] = I('post.title', '', 'op_t');
     if ($info['title'] == '') {
         $this->error('必须输入标题');
     }
     if (mb_strlen($info['title'], 'utf-8') > 40) {
         $this->error('标题过长。');
     }
     $info['create_time'] = time();
     if ($info_id != 0) {
         //保存逻辑
         $info = D('cat_info')->find($info_id);
         $this->checkAuth('Cat/Index/editInfo', $info['uid'], '你没有编辑该条信息的权限!');
         $this->checkActionLimit('cat_edit_info', 'cat_info', $info['id']);
         if ($aOverTime != '') {
             $info['over_time'] = strtotime($aOverTime);
         }
         $info['id'] = $info_id;
         $res = D('cat_info')->save($info);
         $rs_info = $info['id'];
         if ($res) {
             action_log('cat_edit_info', 'cat_info', $info['id']);
         }
     } else {
         $this->checkAuth('Cat/Index/addInfo', -1, '你没有发布信息的权限!');
         $this->checkActionLimit('cat_add_info', 'cat_info');
         //新增逻辑
         $info['entity_id'] = $entity_id;
         $info['uid'] = is_login();
         if ($entity['need_active'] && !is_administrator()) {
             $info['status'] = 2;
         } else {
             $info['status'] = 1;
         }
         if (isset($_POST['over_time'])) {
             $info['over_time'] = strtotime($_POST['over_time']);
         }
         $rs_info = D('cat_info')->add($info);
         if ($rs_info) {
             action_log('cat_add_info', 'cat_info');
         }
     }
     $rs_data = 1;
     if ($rs_info != 0) {
         if ($info_id != 0) {
             $map_data['info_id'] = $info_id;
             D('Data')->where($map_data)->delete();
         }
         $dataModel = D('Data');
         //处理房屋的图片
         if ($entity_id == 2) {
             $listl = array('zhaopian1' => "", 'zhaopian2' => "", 'zhaopian3' => "", 'zhaopian4' => "", 'zhaopian5' => "");
             $list = $_POST;
             foreach ($list as $key => &$v) {
                 $array = explode(",", $list['zhaopian']);
                 foreach ($array as $k => $val) {
                     $list['zhaopian' . ($k + 1)] = $val;
                 }
                 unset($k, $val);
             }
             unset($list['zhaopian']);
             $list = array_merge($listl, $list);
         } else {
             if ($entity_id == 3) {
                 $list = $_POST;
                 if ($list['zhaopian']) {
                     $img_ids = explode(',', $list['zhaopian']);
                     //把图片和内容结合
                     foreach ($img_ids as &$v) {
                         $v = M('Picture')->where(array('status' => 1))->getById($v);
                         if (!is_bool(strpos($v['path'], 'http://'))) {
                             $v = $v['path'];
                         } else {
                             $v = getRootUrl() . substr($v['path'], 1);
                         }
                         $v = '<p><img src="' . $v . '" style=""/></p><br>';
                     }
                     $img_ids = implode('', $img_ids);
                     $list['jieshao'] = $img_ids . $list['jieshao'];
                     $contentHandler = new ContentHandlerModel();
                     $list['jieshao'] = $data['content'] = $contentHandler->filterHtmlContent($list['jieshao']);
                     //把图片和内容结合END
                 }
                 unset($list['zhaopian']);
             } else {
                 $list = $_POST;
                 if ($list['zhaopian']) {
                     $img_ids = explode(',', $list['zhaopian']);
                     //把图片和内容结合
                     foreach ($img_ids as &$v) {
                         $v = M('Picture')->where(array('status' => 1))->getById($v);
                         if (!is_bool(strpos($v['path'], 'http://'))) {
                             $v = $v['path'];
                         } else {
                             $v = getRootUrl() . substr($v['path'], 1);
                         }
                         $v = '<p><img src="' . $v . '" style=""/></p><br>';
                     }
                     $img_ids = implode('', $img_ids);
                     $list['des'] = $img_ids . $list['des'];
                     $contentHandler = new ContentHandlerModel();
                     $list['des'] = $data['content'] = $contentHandler->filterHtmlContent($list['des']);
                     //把图片和内容结合END
                 }
                 unset($list['zhaopian']);
             }
         }
         // dump($list);exit;
         foreach ($list as $key => $v) {
             if ($key != 'entity_id' && $key != 'over_time' && $key != 'ignore' && $key != 'info_id' && $key != 'title' && $key != '__hash__' && $key != 'file') {
                 if (is_array($v)) {
                     $rs_data = $rs_data && $dataModel->addData($key, implode(',', $v), $rs_info, $entity_id);
                 } else {
                     $v = filter_content($v);
                     $rs_data = $rs_data && $dataModel->addData($key, $v, $rs_info, $entity_id);
                 }
             }
             if ($rs_data == 0) {
                 $this->error($dataModel->getError());
             }
         }
         if ($rs_info && $rs_data) {
             $this->assign('jumpUrl', U('Cat/Index/info', array('info_id' => $rs_info)));
             if ($entity['need_active']) {
                 $this->success('发布成功。' . cookie('score_tip') . ' 请耐心等待管理员审核。通过审核后该信息将出现在前台页面中。');
             } else {
                 if ($entity['show_nav']) {
                     if (D('Common/Module')->isInstalled('Weibo')) {
                         //安装了微博模块
                         $postUrl = U('detail', array('info_id' => $rs_info), null, true);
                         $weiboModel = D('Weibo');
                         $weiboModel->addWeibo(is_login(), "我发布了一个新的 " . $entity['alias'] . "信息 【" . $info['title'] . "】:" . $postUrl);
                     }
                 }
                 $this->success('发布成功。' . cookie('score_tip'));
             }
         }
     } else {
         $this->error('发布失败。');
     }
 }
 public function doReply($post_id, $content)
 {
     $post_id = intval($post_id);
     $content = $this->filterPostContent($content);
     $content = filter_content($content);
     //确认有权限评论
     $post_id = intval($post_id);
     $post = D('ForumPost')->where(array('id' => $post_id))->find();
     if (!$post) {
         $this->error('帖子不存在');
     }
     $this->requireLogin();
     $this->checkAuth('Forum/Index/doReply', $post['uid'], '你没有评论贴子权限!');
     //确认有权限评论 end
     $this->checkActionLimit('forum_post_reply', 'Forum', null, get_uid());
     //添加到数据库
     $model = D('ForumPostReply');
     $before = getMyScore();
     $result = $model->addReply($post_id, $content);
     $after = getMyScore();
     if (!$result) {
         $this->error('评论失败:' . $model->getError());
     }
     //显示成功消息
     action_log('forum_post_reply', 'Forum', $result, get_uid());
     $this->success('回复成功。' . getScoreTip($before, $after), 'refresh');
 }
 /**
  * 帖子回复
  */
 public function AddForumComment($is_edit = 0)
 {
     $attach_ids = I('post.attach_ids', '', 'text');
     if ($attach_ids) {
         $aContent = I('post.forumcontent', 0, 'op_t');
         $img_ids = explode(',', $attach_ids);
         //把图片和内容结合
         //    dump($img_ids);
         foreach ($img_ids as &$v) {
             $v = D('Picture')->where(array('status' => 1))->getById($v);
             if (!is_bool(strpos($v['path'], 'http://'))) {
                 $v = $v['path'];
             } else {
                 $v = getRootUrl() . substr($v['path'], 1);
             }
             $v = '<p><img src="' . $v . '" style=""/></p><br>';
         }
         $img_ids = implode('', $img_ids);
         //  dump($img_ids);
         $aContent = $img_ids . $aContent;
         $contentHandler = new ContentHandlerModel();
         $aContent = $contentHandler->filterHtmlContent($aContent);
         //把图片和内容结合END
     } else {
         $aContent = I('post.forumcontent', 0, 'op_t');
     }
     $aPostId = I('post.forumId', 0, 'intval');
     $post_id = $aPostId;
     $content = $aContent;
     if ($is_edit == 0) {
         $content = $this->filterPostContent($content);
         //确认有权限回复
         $this->requireAllowReply($post_id);
         //检测回复时间限制
         $uid = is_login();
         $near = M('ForumPostReply')->where(array('uid' => $uid))->order('create_time desc')->find();
         $cha = time() - $near['create_time'];
         if ($cha > 10) {
             //添加到数据库
             $model = M('Mob/ForumPostReply');
             $result = $model->addReply($post_id, $content);
             if (!$result) {
                 $this->error('回复失败:' . $model->getError());
             }
             //显示成功消息
             $this->success('回复成功。', 'refresh');
         } else {
             $this->error('请10秒之后再回复');
         }
     } else {
         $reply_id = intval($post_id);
         //对帖子内容进行安全过滤
         $content = $this->filterPostContent($content);
         $content = filter_content($content);
         $this->checkAuth('Forum/Index/doReplyEdit', $this->get_expect_ids(0, $reply_id, 0, 0, 1), '你没有编辑该评论权限!');
         if (!$content) {
             $this->error("评论内容不能为空!");
         }
         $data['content'] = $content;
         $data['update_time'] = time();
         $post_id = M('forum_post_reply')->where(array('id' => intval($reply_id), 'status' => 1))->getField('post_id');
         $reply = M('forum_post_reply')->where(array('id' => intval($reply_id)))->save($data);
         if ($reply) {
             S('post_replylist_' . $post_id, null);
             $this->success('编辑评论成功', U('Forum/Index/detail', array('id' => $post_id)));
         } else {
             $this->error("编辑评论失败");
         }
     }
 }
Example #12
0
<?php

// Make sure user is logged in
require_login();
// Normalize the URL
$href = normalize_url(@$_POST['href']);
// Strip tags, normalize whitespace, shorten if necessary
$summary = summarize($_POST['summary']);
// Filter content to prevent against XSS attacks
$content = filter_content($_POST['content']);
// Escape content for the database to prevent SQL injection
$href = $db->escape($href);
$summary = $db->escape($summary);
$space = $db->escape($_POST['space']);
$content = $db->escape($content);
$version = $db->escape($_POST['version']);
if (isset($_POST['status']) && is_numeric($_POST['status'])) {
    $status = $db->escape($_POST['status']);
} else {
    $status = 1;
}
// Check to make sure we have everything
if (empty($href)) {
    respond(0, "Please specify an 'href' argument.");
} else {
    if (empty($space)) {
        respond(0, "Please specify a 'space' argument.");
    } else {
        if (empty($content)) {
            respond(0, "Please specify a 'content' argument.");
        } else {