/** * 发布广播 * * 广播时如果不用@进行点名,则通知全部成员 * * @param string text , 必填 * @param string type - user行为/主动广播 , 默认为主动广播 * @return todo array * @author EasyChen */ public function feed_publish() { $content = z(t(v('text'))); if (!not_empty($content)) { return self::send_error(LR_API_ARGS_ERROR, __('INPUT_CHECK_BAD_ARGS', 'TEXT')); } $reblog_id = intval(v('fid')); switch (z(t(v('type')))) { case 'user': $type = 3; break; case 'todo': $type = 2; break; case 'notice': $type = 1; break; case 'cast': default: $type = 4; } $sql = "INSERT INTO `feed` ( `content` , `reblog_id` , `uid` , `timeline` , `type` ) VALUES ( '" . s($content) . "' , '" . intval($reblog_id) . "' , '" . intval($_SESSION['uid']) . "' , NOW() , " . intval($type) . " )"; run_sql($sql); if (db_errno() != 0) { return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . db_error()); } $lid = last_id(); if (intval($lid) < 1) { return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR')); } if ($feed = get_feed_by_id($lid, db())) { // feed 发布成功 // 当用户主动发布时,视为广播,检测at信息 if ($type == 4) { if ($ats = find_at($content)) { $sql = "SELECT `id` FROM `user` WHERE (`level` > 0 AND `is_closed` != 1 ) "; foreach ($ats as $at) { $at = z(t($at)); if ($gname = get_group_names()) { if (in_array(strtoupper($at), $gname)) { if ($ndata = get_group_unames($at)) { foreach ($ndata as $nname) { $names[] = $nname; } } } else { $names[] = $at; } } else { $names[] = $at; } } foreach ($names as $at) { $at = z(t($at)); if (mb_strlen($at, 'UTF-8') < 2) { continue; } $wsql[] = " `name` = '" . s(t($at)) . "' "; if (c('at_short_name')) { if (mb_strlen($at, 'UTF-8') == 2) { $wsql[] = " `name` LIKE '_" . s($at) . "' "; } } } if (isset($wsql) && is_array($wsql)) { $sql = $sql . ' AND ( ' . join(' OR ', $wsql) . ' ) '; if ($udata = get_data($sql)) { foreach ($udata as $uitem) { $myuids[] = $uitem['id']; } } if (isset($myuids) && is_array($myuids)) { $myuids = array_unique($myuids); foreach ($myuids as $muid) { if ($muid != uid()) { send_notice($muid, __('API_TEXT_AT_IN_CAST', array(uname(), $content)), 2, array('fid' => intval($lid), 'count' => $feed['comment_count'])); } } } } } else { // 如果没有at,则认为是@全部人 $sql = "SELECT `id` FROM `user` WHERE `level` > 0 AND `is_closed` != 1 AND `id` !=" . intval(uid()); if ($udata = get_data($sql)) { foreach ($udata as $uitem) { $myuids[] = $uitem['id']; } if (isset($myuids) && is_array($myuids)) { $myuids = array_unique($myuids); foreach ($myuids as $muid) { if ($muid != uid()) { send_notice($muid, __('API_TEXT_ADD_CAST', array(uname(), $content)), 2, array('fid' => intval($lid), 'count' => $feed['comment_count'])); } } } } } } return self::send_result($feed); } else { return self::send_error(LR_API_DB_ERROR, __('API_MESSAGE_DATABASE_ERROR') . db_error()); } }
function validation($data, $files) { // need to fill in name with document title if it wasn't supplied if ($data['name'] == '') { global $CFG, $USER, $COURSE; require_once "{$CFG->dirroot}/google/lib.php"; if (!($CONSUMER_KEY = get_config('morsle', 'consumer_key'))) { exit; } $owner = strtolower($USER->email); $owner = strtolower($COURSE->shortname . '@' . $CONSUMER_KEY); $id = get_doc_id($data['externalurl']); $feed = get_feed_by_id($owner, $id); $data['name'] = (string) $feed->title; $this->_form->_submitValues['name'] = $data['name']; } $errors = parent::validation($data, $files); // Validating Entered url, we are looking for obvious problems only, // teachers are responsible for testing if it actually works. // This is not a security validation!! Teachers are allowed to enter "javascript:alert(666)" for example. // NOTE: do not try to explain the difference between URL and URI, people would be only confused... if (empty($data['externalurl'])) { $errors['externalurl'] = get_string('required'); } else { $morsle = trim($data['externalurl']); if (empty($morsle)) { $errors['externalurl'] = get_string('required'); } else { if (preg_match('|^/|', $morsle)) { // links relative to server root are ok - no validation necessary } else { if (preg_match('|^[a-z]+://|i', $morsle) or preg_match('|^https?:|i', $morsle) or preg_match('|^ftp:|i', $morsle)) { // normal URL if (!morsle_appears_valid_url($morsle)) { $errors['externalurl'] = get_string('invalidurl', 'morsle'); } } else { if (preg_match('|^[a-z]+:|i', $morsle)) { // general URI such as teamspeak, mailto, etc. - it may or may not work in all browsers, // we do not validate these at all, sorry } else { // invalid URI, we try to fix it by adding 'http://' prefix, // relative links are NOT allowed because we display the link on different pages! if (!morsle_appears_valid_url('http://' . $morsle)) { $errors['externalurl'] = get_string('invalidurl', 'morsle'); } } } } } } return $errors; }