/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { global $Messages, $localtimenow; // Group ID param('ivc_grp_ID', 'integer'); param_check_not_empty('ivc_grp_ID', T_('Please select a group')); $this->set_from_Request('grp_ID', 'ivc_grp_ID', true); // Code param('ivc_code', 'string'); param_check_not_empty('ivc_code', T_('You must provide an invitation code!')); param_check_regexp('ivc_code', '#^[A-Za-z0-9\\-_]{3,32}$#', T_('Invitation code must be from 3 to 32 letters, digits or signs "-", "_".')); $this->set_from_Request('code', 'ivc_code'); // Expire date if (param_date('ivc_expire_date', T_('Please enter a valid date.'), true) && param_time('ivc_expire_time')) { // If date and time were both correct we may set the 'expire_ts' value $this->set('expire_ts', form_date(get_param('ivc_expire_date'), get_param('ivc_expire_time'))); } // Source param('ivc_source', 'string'); $this->set_from_Request('source', 'ivc_source', true); if (mysql2timestamp($this->get('expire_ts')) < $localtimenow) { // Display a warning if date is expired $Messages->add($this->ID == 0 ? T_('Note: The newly created invitation code is already expired') : T_('Note: The updated invitation code is already expired'), 'warning'); } return !param_errors_detected(); }
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { // Name param('org_name', 'string'); param_check_not_empty('org_name', T_('You must provide a name!')); $this->set_from_Request('name', 'org_name'); // Url param('org_url', 'string'); param_check_url('org_url', 'commenting'); $this->set_from_Request('url', 'org_url', true); return !param_errors_detected(); }
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request($cron_job_names = array(), $cron_job_params = array()) { if ($this->ID > 0 || get_param('ctsk_ID') > 0) { // Update or copy cron job $cjob_name = param('cjob_name', 'string', true); param_check_not_empty('cjob_name', T_('Please enter job name')); } else { // Create new cron job $cjob_type = param('cjob_type', 'string', true); if (!isset($cron_job_params[$cjob_type])) { // This cron job type doesn't exist, so this is an invalid state debug_die('Invalid job type received'); $cjob_name = ''; } else { $cjob_name = $cron_job_names[$cjob_type]; } } // start datetime: param_date('cjob_date', T_('Please enter a valid date.'), true); param_time('cjob_time'); $this->set('start_datetime', form_date(get_param('cjob_date'), get_param('cjob_time'))); // repeat after: $cjob_repeat_after = param_duration('cjob_repeat_after'); if ($cjob_repeat_after == 0) { $cjob_repeat_after = NULL; } $this->set('repeat_after', $cjob_repeat_after); // name: if (!empty($cjob_name) && $cjob_name != $this->get('name')) { $this->set('name', $cjob_name); } if ($this->ID == 0 && get_param('ctsk_ID') == 0) { // Set these params only on creating and copying actions // controller: $this->set('controller', $cron_job_params[$cjob_type]['ctrl']); // params: $this->set('params', $cron_job_params[$cjob_type]['params']); } return !param_errors_detected(); }
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { global $Messages, $demo_mode; // Edited Group Name param('edited_grp_name', 'string'); param_check_not_empty('edited_grp_name', T_('You must provide a group name!')); $this->set_from_Request('name', 'edited_grp_name', true); // Edited Group Permission Blogs param('edited_grp_perm_blogs', 'string', true); $this->set_from_Request('perm_blogs', 'edited_grp_perm_blogs', true); $apply_antispam = param('apply_antispam', 'integer', 0) ? 0 : 1; $perm_xhtmlvalidation = param('perm_xhtmlvalidation', 'string', true); $perm_xhtmlvalidation_xmlrpc = param('perm_xhtmlvalidation_xmlrpc', 'string', true); $prevent_css_tweaks = param('prevent_css_tweaks', 'integer', 0) ? 0 : 1; $prevent_iframes = param('prevent_iframes', 'integer', 0) ? 0 : 1; $prevent_javascript = param('prevent_javascript', 'integer', 0) ? 0 : 1; $prevent_objects = param('prevent_objects', 'integer', 0) ? 0 : 1; if ($demo_mode && ($apply_antispam || $perm_xhtmlvalidation != 'always' && $perm_xhtmlvalidation_xmlrpc != 'always' || $prevent_css_tweaks || $prevent_iframes || $prevent_javascript || $prevent_objects)) { // Demo mode restriction: Do not allow to change these settings in demo mode, because it may lead to security problem! $Messages->add('Validation settings and security filters are not editable in demo mode!', 'error'); } else { // Apply Antispam $this->set('perm_bypass_antispam', $apply_antispam); // XHTML Validation $this->set('perm_xhtmlvalidation', $perm_xhtmlvalidation); // XHTML Validation XMLRPC $this->set('perm_xhtmlvalidation_xmlrpc', $perm_xhtmlvalidation_xmlrpc); // CSS Tweaks $this->set('perm_xhtml_css_tweaks', $prevent_css_tweaks); // Iframes $this->set('perm_xhtml_iframes', $prevent_iframes); // Javascript $this->set('perm_xhtml_javascript', $prevent_javascript); // Objects $this->set('perm_xhtml_objects', $prevent_objects); } // Stats $this->set('perm_stats', param('edited_grp_perm_stats', 'string', true)); // Load pluggable group permissions from request $GroupSettings =& $this->get_GroupSettings(); foreach ($GroupSettings->permission_values as $name => $value) { // We need to handle checkboxes and radioboxes separately , because when a checkbox isn't checked the checkbox variable is not sent if ($name == 'perm_createblog' || $name == 'perm_getblog' || $name == 'perm_templates') { // These two permissions are represented by checkboxes, all other pluggable group permissions are represented by radiobox. $value = param('edited_grp_' . $name, 'string', 'denied'); } elseif (($name == 'perm_admin' || $name == 'perm_users') && $this->ID == 1) { // Admin group has always admin perm, it can not be set or changed. continue; } else { $value = param('edited_grp_' . $name, 'string', ''); } if ($value != '' || $name == 'max_new_threads') { // if radio is not set, then doesn't change the settings $GroupSettings->set($name, $value, $this->ID); } } return !param_errors_detected(); }
break; } // Save DB config of phpBB in the session phpbb_set_var('db_config', $phpbb_db_config); phpbb_set_var('blog_ID', $forum_blog_ID); phpbb_set_var('path_avatars', $phpbb_path_avatars); $step = 'groups'; break; case "users": // Action for Step 2 // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('phpbb'); $phpbb_ranks = param('phpbb_ranks', 'array/integer', array()); $phpbb_group_default = param('phpbb_group_default', 'integer'); $phpbb_group_invalid = param('phpbb_group_invalid', 'integer'); param_check_not_empty('phpbb_group_default', T_('Please select a default group!')); phpbb_set_var('ranks', $phpbb_ranks); phpbb_set_var('group_default', $phpbb_group_default); phpbb_set_var('group_invalid', $phpbb_group_invalid); $phpbb_categories = param('phpbb_categories', 'array/integer', array()); $phpbb_forums = param('phpbb_forums', 'array/integer', array()); phpbb_set_var('import_categories', $phpbb_categories); phpbb_set_var('import_forums', $phpbb_forums); if (empty($phpbb_categories) && empty($phpbb_forums)) { $Messages->add(T_('Please select at least one forum to import!')); } if (param_errors_detected()) { $step = 'groups'; break; } // Set this action to complete all processes in the form
/** * Insert users for contacts group into database * * @param integer/string Group ID or 'new' * @param string Users IDs separated with comma * @param string Name of input element with new group name * @return array/boolean Array( 'count_users', 'group_name' ) if success, else false */ function create_contacts_group_users($group, $users, $new_group_field_name = 'group_combo') { global $DB, $current_User, $Messages; $users_IDs = explode(',', $users); if (count($users_IDs) == 0 || strlen($users) == 0) { // No selected users $Messages->add(T_('Please select at least one user.'), 'error'); return false; } if ($group == 'new' || (int) $group < 0) { // Add new group if ((int) $group < 0) { // Default group $default_groups = get_contacts_groups_default(); if (isset($default_groups[$group])) { // Get group name $group_name = $default_groups[$group]; } else { // Error $Messages->add('No found this group.', 'error'); return false; } } else { // New entered group $group_name = param($new_group_field_name, 'string', true); param_check_not_empty($new_group_field_name, T_('Please enter name for new group.')); } if ($group_ID = create_contacts_group($group_name)) { // Create group $Messages->add(T_('New contacts group has been created.'), 'success'); } else { // Errors return false; } } else { // Existing group $group_ID = (int) $group; if ($group_ID == 0) { // No defined group ID return false; } $SQL = new SQL(); $SQL->SELECT('cgr_name AS name'); $SQL->FROM('T_messaging__contact_groups'); $SQL->WHERE('cgr_user_ID = ' . $current_User->ID); $SQL->WHERE_and('cgr_ID = ' . $DB->quote($group_ID)); $group = $DB->get_row($SQL->get()); if (is_null($group)) { // User try use a group of another user return false; } $group_name = $group->name; } // Get all Users IDs of selected group in order to exclude duplicates $SQL = new SQL(); $SQL->SELECT('cgu_user_ID, cgu_cgr_ID'); $SQL->FROM('T_messaging__contact_groupusers'); $SQL->WHERE_and('cgu_cgr_ID = ' . $DB->quote($group_ID)); $users_already_grouped = $DB->get_assoc($SQL->get()); $sql = 'INSERT INTO T_messaging__contact_groupusers ( cgu_user_ID, cgu_cgr_ID ) VALUES '; $records = array(); foreach ($users_IDs as $user_ID) { $user_ID = (int) trim($user_ID); if ($user_ID == 0) { // User ID is empty continue; } else { if (isset($users_already_grouped[$user_ID])) { if ($users_already_grouped[$user_ID] == $group_ID) { // This user already is added in selected group continue; } } } $records[] = '( ' . $user_ID . ', ' . $DB->quote($group_ID) . ' )'; } $sql .= implode(', ', $records); if (count($records) == 0) { // No data to add return false; } if ($DB->query($sql, 'Insert users for contacts group')) { // Success query return array('count_users' => count($records), 'group_name' => $group_name); } else { // Failed query return false; } }
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { global $DB, $Settings, $UserSettings, $GroupCache, $Messages, $action; global $current_User, $Session, $localtimenow; $is_new_user = $this->ID == 0; // ---- Login checking / START ---- $edited_user_login = param('edited_user_login', 'string'); if (empty($edited_user_login)) { // Empty login param_error('edited_user_login', T_('Please enter your login.')); } param_check_valid_login('edited_user_login'); $UserCache =& get_UserCache(); $UserLogin = $UserCache->get_by_login($edited_user_login); if ($UserLogin && $UserLogin->ID != $this->ID) { // The login is already registered $login_error_message = T_('This login already exists.'); if ($current_User->check_perm('users', 'edit')) { $login_error_message = sprintf(T_('This login «%s» already exists. Do you want to <a %s>edit the existing user</a>?'), $edited_user_login, 'href="' . get_user_settings_url('profile', $UserLogin->ID) . '"'); } param_error('edited_user_login', $login_error_message); } if (!param_has_error('edited_user_login')) { // We want all logins to be lowercase to guarantee uniqueness regardless of the database case handling for UNIQUE indexes: $this->set_from_Request('login', 'edited_user_login', true, 'utf8_strtolower'); } // ---- Login checking / END ---- $is_identity_form = param('identity_form', 'boolean', false); $is_admin_form = param('admin_form', 'boolean', false); $has_full_access = $current_User->check_perm('users', 'edit'); $has_moderate_access = $current_User->check_perm('users', 'moderate'); // ******* Admin form or new user create ******* // // In both cases current user must have users edit permission! if (($is_admin_form || $is_identity_form && $is_new_user) && $has_moderate_access) { // level/group and email options are displayed on identity form only when creating a new user. if ($this->ID != 1) { // the admin user group can't be changed param_integer_range('edited_user_level', 0, 10, T_('User level must be between %d and %d.')); $this->set_from_Request('level', 'edited_user_level', true); $edited_user_Group = $GroupCache->get_by_ID(param('edited_user_grp_ID', 'integer')); if ($has_full_access || $has_moderate_access && $edited_user_Group->get('level') < $current_User->get_Group()->get('level')) { $this->set_Group($edited_user_Group); } } param('edited_user_source', 'string', true); $this->set_from_Request('source', 'edited_user_source', true); // set email, without changing the user status $edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true)); param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.')); param_check_email('edited_user_email', true); $this->set_email($edited_user_email, false); if ($is_admin_form) { // Admin form $notification_sender_email = utf8_strtolower(param('notification_sender_email', 'string', true)); param_check_email('notification_sender_email'); if (!empty($notification_sender_email)) { // Change a value of setting $UserSettings->set('notification_sender_email', $notification_sender_email, $this->ID); } elseif ($UserSettings->get('notification_sender_email', $this->ID) != '') { // Delete a setting record from DB $UserSettings->delete('notification_sender_email', $this->ID); } $notification_sender_name = param('notification_sender_name', 'string', true); if (!empty($notification_sender_name)) { // Change a value of setting $UserSettings->set('notification_sender_name', $notification_sender_name, $this->ID); } elseif ($UserSettings->get('notification_sender_name', $this->ID) != '') { // Delete a setting record from DB $UserSettings->delete('notification_sender_name', $this->ID); } if ($has_full_access && !isset($this->dbchanges['user_email'])) { // If email address is not changed // Update status of email address in the T_email_address table $edited_email_status = param('edited_email_status', 'string'); $EmailAddressCache =& get_EmailAddressCache(); $EmailAddress =& $EmailAddressCache->get_by_name($this->get('email'), false, false); if (!$EmailAddress && $edited_email_status != 'unknown') { // Create new record in the T_email_address table $EmailAddress = new EmailAddress(); $EmailAddress->set('address', $this->get('email')); } if (!empty($EmailAddress)) { // Save status of an email address $EmailAddress->set('status', $edited_email_status); $EmailAddress->dbsave(); } } if ($current_User->check_perm('spamblacklist', 'edit')) { // User can edit IP ranges // Update status of IP range in DB $edited_iprange_status = param('edited_iprange_status', 'string'); $IPRangeCache =& get_IPRangeCache(); $IPRange =& $IPRangeCache->get_by_ip(int2ip($UserSettings->get('created_fromIPv4', $this->ID))); if (!$IPRange && !empty($edited_iprange_status)) { // IP range doesn't exist in DB, Create new record $ip_24bit_start = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.0', int2ip($UserSettings->get('created_fromIPv4', $this->ID)))); $ip_24bit_end = ip2int(preg_replace('#\\.\\d{1,3}$#i', '.255', int2ip($UserSettings->get('created_fromIPv4', $this->ID)))); $IPRange = new IPRange(); $IPRange->set('IPv4start', $ip_24bit_start); $IPRange->set('IPv4end', $ip_24bit_end); $IPRange->set('user_count', 1); } if ($IPRange) { // Save status of IP range if ($IPRange->get('status') != 'blocked' && $edited_iprange_status == 'blocked') { // Status was changed to blocked, we should increase counter $IPRange->set('block_count', $IPRange->block_count + 1); } else { if ($IPRange->get('status') == 'blocked' && $edited_iprange_status != 'blocked') { // Status was changed from blocked to another, we should decrease counter $IPRange->set('block_count', $IPRange->block_count - 1); } } $IPRange->set('status', $edited_iprange_status, true); $IPRange->dbsave(); } } if ($current_User->check_perm('stats', 'edit')) { // User can edit Domains $DomainCache =& get_DomainCache(); // Update status of Domain in DB $edited_domain_status = param('edited_domain_status', 'string'); $user_domain = $UserSettings->get('user_domain', $this->ID); $Domain =& $DomainCache->get_by_name($user_domain, false, false); if (!$Domain && $edited_domain_status != 'unknown' && !empty($user_domain)) { // Domain doesn't exist in DB, Create new record $Domain = new Domain(); $Domain->set('name', $user_domain); } if ($Domain) { // Save status of Domain $Domain->set('status', $edited_domain_status, true); $Domain->dbsave(); } // Update status of Initial referer in DB load_funcs('sessions/model/_hitlog.funcs.php'); $edited_initial_referer_status = param('edited_initial_referer_status', 'string'); $initial_referer = $UserSettings->get('initial_referer', $this->ID); $initial_referer_domain = url_part($initial_referer, 'host'); $Domain =& get_Domain_by_url($initial_referer); if (!$Domain && $edited_initial_referer_status != 'unknown' && !empty($initial_referer_domain)) { // Domain doesn't exist in DB, Create new record $Domain = new Domain(); $Domain->set('name', $initial_referer_domain); } if ($Domain) { // Save status of Domain $Domain->set('status', $edited_initial_referer_status, true); $Domain->dbsave(); } } } } // ******* Identity form ******* // if ($is_identity_form) { $can_edit_users = $current_User->check_perm('users', 'edit'); $edited_user_perms = array('edited-user', 'edited-user-required'); global $edited_user_age_min, $edited_user_age_max; param('edited_user_age_min', 'string', true); param('edited_user_age_max', 'string', true); param_check_interval('edited_user_age_min', 'edited_user_age_max', T_('Age must be a number.'), T_('The first age must be lower than (or equal to) the second.')); if (!param_has_error('edited_user_age_min') && $Settings->get('minimum_age') > 0 && !empty($edited_user_age_min) && $edited_user_age_min < $Settings->get('minimum_age')) { // Limit user by minimum age param_error('edited_user_age_min', sprintf(T_('You must be at least %d years old to use this service.'), $Settings->get('minimum_age'))); } $this->set_from_Request('age_min', 'edited_user_age_min', true); $this->set_from_Request('age_max', 'edited_user_age_max', true); $firstname_editing = $Settings->get('firstname_editing'); if (in_array($firstname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $firstname_editing != 'hidden' && $can_edit_users) { // User has a permissions to save Firstname param('edited_user_firstname', 'string', true); if ($firstname_editing == 'edited-user-required') { // First name is required if ($can_edit_users) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_firstname', T_('Please enter your first name.'), 'note'); } else { // Display an error message param_check_not_empty('edited_user_firstname', T_('Please enter your first name.')); } } $this->set_from_Request('firstname', 'edited_user_firstname', true); } $lastname_editing = $Settings->get('lastname_editing'); if (in_array($lastname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $lastname_editing != 'hidden' && $can_edit_users) { // User has a permissions to save Lastname param('edited_user_lastname', 'string', true); if ($lastname_editing == 'edited-user-required') { // Last name is required if ($can_edit_users) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_lastname', T_('Please enter last name.'), 'note'); } else { // Display an error message param_check_not_empty('edited_user_lastname', T_('Please enter last name.')); } } $this->set_from_Request('lastname', 'edited_user_lastname', true); } $nickname_editing = $Settings->get('nickname_editing'); if (in_array($nickname_editing, $edited_user_perms) && $this->ID == $current_User->ID || $nickname_editing != 'hidden' && $can_edit_users) { // User has a permissions to save Nickname param('edited_user_nickname', 'string', true); if ($nickname_editing == 'edited-user-required') { // Nickname is required if ($can_edit_users) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_nickname', T_('Please enter your nickname.'), 'note'); } else { // Display an error message param_check_not_empty('edited_user_nickname', T_('Please enter your nickname.')); } } $this->set_from_Request('nickname', 'edited_user_nickname', true); } param('edited_user_gender', 'string', ''); if (param_check_gender('edited_user_gender', $Settings->get('registration_require_gender') == 'required')) { $this->set_from_Request('gender', 'edited_user_gender', true); } // ---- Locations / START ---- load_funcs('regional/model/_regional.funcs.php'); if (user_country_visible()) { // Save country $country_ID = param('edited_user_ctry_ID', 'integer', true); $country_is_required = $Settings->get('location_country') == 'required' && countries_exist(); if ($country_is_required && $can_edit_users && $country_ID == 0) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_ctry_ID', T_('Please select a country.'), 'note'); } else { // Display an error message param_check_number('edited_user_ctry_ID', T_('Please select a country.'), $country_is_required); } $this->set_from_Request('ctry_ID', 'edited_user_ctry_ID', true); } if (user_region_visible()) { // Save region $region_ID = param('edited_user_rgn_ID', 'integer', true); $region_is_required = $Settings->get('location_region') == 'required' && regions_exist($country_ID); if ($region_is_required && $can_edit_users && $region_ID == 0) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_rgn_ID', T_('Please select a region.'), 'note'); } else { // Display an error message param_check_number('edited_user_rgn_ID', T_('Please select a region'), $region_is_required); } $this->set_from_Request('rgn_ID', 'edited_user_rgn_ID', true); } if (user_subregion_visible()) { // Save subregion $subregion_ID = param('edited_user_subrg_ID', 'integer', true); $subregion_is_required = $Settings->get('location_subregion') == 'required' && subregions_exist($region_ID); if ($subregion_is_required && $can_edit_users && $subregion_ID == 0) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_subrg_ID', T_('Please select a sub-region.'), 'note'); } else { // Display an error message param_check_number('edited_user_subrg_ID', T_('Please select a sub-region.'), $subregion_is_required); } $this->set_from_Request('subrg_ID', 'edited_user_subrg_ID', true); } if (user_city_visible()) { // Save city $city_ID = param('edited_user_city_ID', 'integer', true); $city_is_required = $Settings->get('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID); if ($city_is_required && $can_edit_users && $city_ID == 0) { // Display a note message if user can edit all users param_add_message_to_Log('edited_user_city_ID', T_('Please select a city.'), 'note'); } else { // Display an error message param_check_number('edited_user_city_ID', T_('Please select a city.'), $city_is_required); } $this->set_from_Request('city_ID', 'edited_user_city_ID', true); } // ---- Locations / END ---- // ---- Organizations / START ---- $organizations = param('organizations', 'array:string'); $org_roles = param('org_roles', 'array:string'); $this->update_organizations($organizations, $org_roles); // ---- Organizations / END ---- // ---- Additional Fields / START ---- // Load all defined userfields for following checking of required fields $this->userfield_defs_load(); // EXPERIMENTAL user fields & EXISTING fields: // Get indices of existing userfields: $userfield_IDs = $DB->get_results(' SELECT uf_ID, uf_ufdf_ID FROM T_users__fields WHERE uf_user_ID = ' . $this->ID); foreach ($userfield_IDs as $userfield) { if (!isset($this->userfield_defs[$userfield->uf_ufdf_ID])) { // If user field definition doesn't exist in DB then delete field value of this user: $this->userfield_update($userfield->uf_ID, NULL); continue; } $field_type = $this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'text' ? 'text' : 'string'; $uf_val = param('uf_' . $userfield->uf_ID, $field_type, ''); if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'list' && $uf_val == '---') { // Option list has a value '---' for empty value $uf_val = ''; } $uf_val = trim(strip_tags($uf_val)); if (empty($uf_val) && $this->userfield_defs[$userfield->uf_ufdf_ID][2] == 'require') { // Display error for empty required field if ($current_User->check_perm('users', 'edit')) { // Display a note message if user can edit all users param_add_message_to_Log('uf_' . $userfield->uf_ID, sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$userfield->uf_ufdf_ID][1]), 'note'); } else { // Display an error message param_error('uf_' . $userfield->uf_ID, T_('Please enter a value.')); } } else { // Update field if ($this->userfield_defs[$userfield->uf_ufdf_ID][0] == 'url') { // Check url fields param_check_url('uf_' . $userfield->uf_ID, 'commenting'); } if ($this->userfield_defs[$userfield->uf_ufdf_ID][4] == 'list') { // Option "Multiple values" == "List style" // Split by comma and save each phrase as separate field $uf_val = explode(',', $uf_val); foreach ($uf_val as $v => $val) { $val = trim($val); if ($v == 0) { // Update field with first value $this->userfield_update($userfield->uf_ID, $val); } else { if (!empty($val)) { // Add a new field for new values $this->userfield_add($userfield->uf_ufdf_ID, $val); } } } } else { // Forbidden & Allowed fields $this->userfield_update($userfield->uf_ID, $uf_val); } } } // Duplicate fields: if ($is_new_user) { $user_id = param('orig_user_ID', 'integer', 0); if ($user_id !== 0) { $userfield_IDs = $DB->get_results(' SELECT uf_ID, uf_ufdf_ID FROM T_users__fields WHERE uf_user_ID = ' . $user_id); foreach ($userfield_IDs as $userfield_ID) { $uf_val = param('uf_' . $userfield_ID->uf_ID, 'string', ''); $uf_type = $userfield_ID->uf_ufdf_ID; if (!empty($uf_val)) { $this->userfield_add($uf_type, $uf_val); } } } } $uf_new_fields = param('uf_new', 'array:array:string'); // Recommended & required fields (it still not saved in DB) $uf_add_fields = param('uf_add', 'array:array:string'); // Added fields // Add a new field: (JS is not enabled) if ($action == 'add_field') { // Button 'Add' new field is pressed $new_field_type = param('new_field_type', 'integer', 0); if (empty($new_field_type)) { // We cannot add a new field without type param_error('new_field_type', T_('Please select a field type.')); } else { // Save an adding field(in the array) to display it again if errors will be exist $new_field_type_exists = false; if ($this->userfield_defs[$new_field_type][4] == 'allowed' || $this->userfield_defs[$new_field_type][4] == 'list') { // This field can be duplicated global $add_field_types; $add_field_types = array($new_field_type); } else { // We should to solve we can add this field or don't if (!isset($uf_new_fields[$new_field_type]) && !isset($uf_add_fields[$new_field_type])) { // User is adding this field first time if (is_array($userfield_IDs) && count($userfield_IDs) > 0) { // User has fields that saved in DB foreach ($userfield_IDs as $userfield) { if ($userfield->uf_ufdf_ID == $new_field_type) { // New adding field already exists for current user in DB $new_field_type_exists = true; break; } } } if (!$new_field_type_exists) { // Field doesn't still exist for current user global $add_field_types; $add_field_types = array($new_field_type); } } else { // Field exists, no duplicates available $new_field_type_exists = true; } if ($new_field_type_exists) { // Field already is added for current user, we should display error about this param_error('new_field_type', T_('You already added this field, please select another.')); } } if (!$new_field_type_exists) { // Mark a new field to enter a value param_error('uf_add[' . $new_field_type . '][]', T_('Please enter a value in this new field.')); } } } // Save a New recommended & require fields AND Adding fields if (count($uf_new_fields) > 0 || count($uf_add_fields) > 0) { $uf_fields = array('new' => $uf_new_fields, 'add' => $uf_add_fields); foreach ($uf_fields as $uf_type => $uf_new_fields) { if ($uf_type == 'add') { // Save an adding fields to display it again if errors will be exist global $add_field_types; if (!isset($add_field_types)) { // Don't rewrite already existing array $add_field_types = array(); } } foreach ($uf_new_fields as $uf_new_id => $uf_new_vals) { foreach ($uf_new_vals as $uf_new_val) { if ($this->userfield_defs[$uf_new_id][0] == 'list' && $uf_new_val == '---') { // Option list has a value '---' for empty value $uf_new_val = ''; } $uf_new_val = trim(strip_tags($uf_new_val)); if ($uf_new_val != '') { // Insert a new field in DB if it is filled if ($this->userfield_defs[$uf_new_id][0] == 'url') { // Check url fields param_check_url('uf_' . $uf_type . '[' . $uf_new_id . '][]', 'commenting'); } if ($this->userfield_defs[$uf_new_id][4] == 'list') { // Option "Multiple values" == "List style" // Split by comma and save each phrase as separate field $uf_new_val = explode(',', $uf_new_val); foreach ($uf_new_val as $val) { $val = trim($val); if (!empty($val)) { // Exclude empty values(spaces) $this->userfield_add((int) $uf_new_id, $val); } } } else { // Forbidden & Allowed fields $this->userfield_add((int) $uf_new_id, $uf_new_val); } } elseif (empty($uf_new_val) && $this->userfield_defs[$uf_new_id][2] == 'require') { // Display error for empty required field & new adding field if ($current_User->check_perm('users', 'edit')) { // Display a note message if user can edit all users param_add_message_to_Log('uf_' . $uf_type . '[' . $uf_new_id . '][]', sprintf(T_('Please enter a value for the field "%s".'), $this->userfield_defs[$uf_new_id][1]), 'note'); } else { // Display an error message param_error('uf_' . $uf_type . '[' . $uf_new_id . '][]', T_('Please enter a value.')); } } if ($uf_type == 'add') { // Save new added field, it used on the _user_identity.form $add_field_types[] = $uf_new_id; } } } } } // ---- Additional Fields / END ---- // update profileupdate_date, because a publicly visible user property was changed $this->set_profileupdate_date(); } // ******* Password form ******* // $is_password_form = param('password_form', 'boolean', false); if ($is_password_form || $is_new_user) { $reqID = param('reqID', 'string', ''); global $edited_user_pass1, $edited_user_pass2; $edited_user_pass1 = param('edited_user_pass1', 'string', true); $edited_user_pass2 = param('edited_user_pass2', 'string', true); // Remove the invalid chars from password vars $edited_user_pass1 = preg_replace('/[<>&]/', '', $edited_user_pass1); $edited_user_pass2 = preg_replace('/[<>&]/', '', $edited_user_pass2); if ($is_new_user || !empty($reqID) && $reqID == $Session->get('core.changepwd.request_id')) { // current password is not required: // - new user creating process // - password change requested by email if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'))) { // We can set password $this->set_password($edited_user_pass2); } } else { // ******* Password edit form ****** // $current_user_pass = param('current_user_pass', 'string', true); if ($this->ID != $current_User->ID) { // Set the messages when admin changes a password of other user $checkpwd_params = array('msg_pass_new' => T_('Please enter new password.'), 'msg_pass_twice' => T_('Please enter new password twice.')); } else { // Use default messages $checkpwd_params = array(); } if (!strlen($current_user_pass)) { param_error('current_user_pass', T_('Please enter your current password.')); param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params); } else { if ($has_full_access && $this->ID != $current_User->ID) { // Admin is changing a password of other user, Check a password of current admin $pass_to_check = $current_User->pass; $current_user_salt = $current_User->salt; } else { // User is changing own pasword $pass_to_check = $this->pass; $current_user_salt = $this->salt; } if ($pass_to_check == md5($current_user_salt . $current_user_pass, true)) { if (param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params)) { // We can set password $this->set_password($edited_user_pass2); } } else { param_error('current_user_pass', T_('Your current password is incorrect.')); param_check_passwords('edited_user_pass1', 'edited_user_pass2', true, $Settings->get('user_minpwdlen'), $checkpwd_params); } } } } // Used in Preferences & Notifications forms $has_messaging_perm = $this->check_perm('perm_messaging', 'reply'); // ******* Preferences form ******* // $is_preferences_form = param('preferences_form', 'boolean', false); if ($is_preferences_form) { // Other preferences param('edited_user_locale', 'string', true); $this->set_from_Request('locale', 'edited_user_locale', true); // Session timeout $edited_user_timeout_sessions = param('edited_user_timeout_sessions', 'string', NULL); if (isset($edited_user_timeout_sessions) && ($current_User->ID == $this->ID || $current_User->check_perm('users', 'edit'))) { switch ($edited_user_timeout_sessions) { case 'default': $UserSettings->set('timeout_sessions', NULL, $this->ID); break; case 'custom': $UserSettings->set('timeout_sessions', param_duration('timeout_sessions'), $this->ID); break; } } $UserSettings->set('show_online', param('edited_user_showonline', 'integer', 0), $this->ID); } // ******* Notifications form ******* // $is_subscriptions_form = param('subscriptions_form', 'boolean', false); if ($is_subscriptions_form) { if ($action == 'subscribe') { // Do only subscribe to new blog (Don't update the user's settings from the same form) // A selected blog to subscribe $subscribe_blog_ID = param('subscribe_blog', 'integer', 0); // Get checkbox values: $sub_items = param('sub_items_new', 'integer', 0); $sub_comments = param('sub_comments_new', 'integer', 0); // Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something if ($subscribe_blog_ID && ($sub_items || $sub_comments)) { // We need to record values: $DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments ) VALUES ( ' . $DB->quote($subscribe_blog_ID) . ', ' . $DB->quote($this->ID) . ', ' . $DB->quote($sub_items) . ', ' . $DB->quote($sub_comments) . ' )'); $Messages->add(T_('Subscriptions have been changed.'), 'success'); } else { // Display an error message to inform user about incorrect actions $Messages->add(T_('Please select at least one setting to subscribe on the selected blog.'), 'error'); } } else { // Update user's settings // Email communication $edited_user_email = utf8_strtolower(param('edited_user_email', 'string', true)); param_check_not_empty('edited_user_email', T_('Please enter your e-mail address.')); param_check_email('edited_user_email', true); $this->set_email($edited_user_email); // set messaging options if ($has_messaging_perm) { $UserSettings->set('enable_PM', param('PM', 'integer', 0), $this->ID); } $emails_msgform = $Settings->get('emails_msgform'); if ($emails_msgform == 'userset' || $emails_msgform == 'adminset' && $current_User->check_perm('users', 'edit')) { // enable email option is displayed only if user can set or if admin can set and current User is an administrator $UserSettings->set('enable_email', param('email', 'integer', 0), $this->ID); } // Email format $UserSettings->set('email_format', param('edited_user_email_format', 'string', 'auto'), $this->ID); // set notification options if ($has_messaging_perm) { // update 'notify messages' only if user has messaging rights and this option was displayed $UserSettings->set('notify_messages', param('edited_user_notify_messages', 'integer', 0), $this->ID); $UserSettings->set('notify_unread_messages', param('edited_user_notify_unread_messages', 'integer', 0), $this->ID); } if ($this->check_role('post_owner')) { // update 'notify_published_comments' only if user has at least one post or user has right to create new post $UserSettings->set('notify_published_comments', param('edited_user_notify_publ_comments', 'integer', 0), $this->ID); } $is_comment_moderator = $this->check_role('comment_moderator'); if ($is_comment_moderator || $this->check_role('comment_editor')) { // update 'notify_comment_moderation' only if user is comment moderator/editor at least in one blog $UserSettings->set('notify_comment_moderation', param('edited_user_notify_cmt_moderation', 'integer', 0), $this->ID); } if ($this->check_perm('admin', 'restricted', false)) { // update 'notify_meta_comments' only if edited user has a permission to back-office $UserSettings->set('notify_meta_comments', param('edited_user_notify_meta_comments', 'integer', 0), $this->ID); } if ($is_comment_moderator) { // update 'send_cmt_moderation_reminder' only if user is comment moderator at least in one blog $UserSettings->set('send_cmt_moderation_reminder', param('edited_user_send_cmt_moderation_reminder', 'integer', 0), $this->ID); } if ($this->check_role('post_moderator')) { // update 'notify_post_moderation' and 'send_cmt_moderation_reminder' only if user is post moderator at least in one blog $UserSettings->set('notify_post_moderation', param('edited_user_notify_post_moderation', 'integer', 0), $this->ID); $UserSettings->set('send_pst_moderation_reminder', param('edited_user_send_pst_moderation_reminder', 'integer', 0), $this->ID); } if ($this->grp_ID == 1) { $UserSettings->set('send_activation_reminder', param('edited_user_send_activation_reminder', 'integer', 0), $this->ID); } if ($this->check_perm('users', 'edit')) { // edited user has permission to edit all users, save notification preferences $UserSettings->set('notify_new_user_registration', param('edited_user_notify_new_user_registration', 'integer', 0), $this->ID); $UserSettings->set('notify_activated_account', param('edited_user_notify_activated_account', 'integer', 0), $this->ID); $UserSettings->set('notify_closed_account', param('edited_user_notify_closed_account', 'integer', 0), $this->ID); $UserSettings->set('notify_reported_account', param('edited_user_notify_reported_account', 'integer', 0), $this->ID); $UserSettings->set('notify_changed_account', param('edited_user_notify_changed_account', 'integer', 0), $this->ID); } if ($this->check_perm('options', 'edit')) { // edited user has permission to edit options, save notification preferences $UserSettings->set('notify_cronjob_error', param('edited_user_notify_cronjob_error', 'integer', 0), $this->ID); } // Newsletter $UserSettings->set('newsletter_news', param('edited_user_newsletter_news', 'integer', 0), $this->ID); $UserSettings->set('newsletter_ads', param('edited_user_newsletter_ads', 'integer', 0), $this->ID); // Emails limit per day param_integer_range('edited_user_notification_email_limit', 0, 999, T_('Notificaiton email limit must be between %d and %d.')); $UserSettings->set('notification_email_limit', param('edited_user_notification_email_limit', 'integer', 0), $this->ID); param_integer_range('edited_user_newsletter_limit', 0, 999, T_('Newsletter limit must be between %d and %d.')); $UserSettings->set('newsletter_limit', param('edited_user_newsletter_limit', 'integer', 0), $this->ID); /** * Update the subscriptions: */ $subs_blog_IDs = param('subs_blog_IDs', 'string', true); $subs_item_IDs = param('subs_item_IDs', 'string', true); // Work the blogs: $subscription_values = array(); $unsubscribed = array(); $subs_blog_IDs = explode(',', $subs_blog_IDs); foreach ($subs_blog_IDs as $loop_blog_ID) { // Make sure no dirty hack is coming in here: $loop_blog_ID = intval($loop_blog_ID); // Get checkbox values: $sub_items = param('sub_items_' . $loop_blog_ID, 'integer', 0); $sub_comments = param('sub_comments_' . $loop_blog_ID, 'integer', 0); if ($sub_items || $sub_comments) { // We have a subscription for this blog $subscription_values[] = "( {$loop_blog_ID}, {$this->ID}, {$sub_items}, {$sub_comments} )"; } else { // No subscription here: $unsubscribed[] = $loop_blog_ID; } } // Note: we do not check if subscriptions are allowed here, but we check at the time we're about to send something if (count($subscription_values)) { // We need to record values: $DB->query('REPLACE INTO T_subscriptions( sub_coll_ID, sub_user_ID, sub_items, sub_comments ) VALUES ' . implode(', ', $subscription_values)); } if (count($unsubscribed)) { // We need to make sure some values are cleared: $DB->query('DELETE FROM T_subscriptions WHERE sub_user_ID = ' . $this->ID . ' AND sub_coll_ID IN (' . implode(', ', $unsubscribed) . ')'); } // Individual post subscriptions if (!empty($subs_item_IDs)) { // user was subscribed to at least one post update notification $subs_item_IDs = explode(',', $subs_item_IDs); $unsubscribed = array(); foreach ($subs_item_IDs as $loop_item_ID) { if (!param('item_sub_' . $loop_item_ID, 'integer', 0)) { // user wants to unsubscribe from this post notifications $unsubscribed[] = $loop_item_ID; } } if (!empty($unsubscribed)) { // unsubscribe list is not empty, delete not wanted subscriptions $DB->query('DELETE FROM T_items__subscriptions WHERE isub_user_ID = ' . $this->ID . ' AND isub_item_ID IN (' . implode(', ', $unsubscribed) . ')'); } } } } // ******* Advanced form ******* // $is_advanced_form = param('advanced_form', 'boolean', false); if ($is_advanced_form) { $UserSettings->set('admin_skin', param('edited_user_admin_skin', 'string'), $this->ID); // Action icon params: param_integer_range('edited_user_action_icon_threshold', 1, 5, T_('The threshold must be between 1 and 5.')); $UserSettings->set('action_icon_threshold', param('edited_user_action_icon_threshold', 'integer', true), $this->ID); param_integer_range('edited_user_action_word_threshold', 1, 5, T_('The threshold must be between 1 and 5.')); $UserSettings->set('action_word_threshold', param('edited_user_action_word_threshold', 'integer'), $this->ID); $UserSettings->set('display_icon_legend', param('edited_user_legend', 'integer', 0), $this->ID); // Set bozo validador activation $UserSettings->set('control_form_abortions', param('edited_user_bozo', 'integer', 0), $this->ID); // Focus on first $UserSettings->set('focus_on_first_input', param('edited_user_focusonfirst', 'integer', 0), $this->ID); // Results per page $edited_user_results_page_size = param('edited_user_results_page_size', 'integer', NULL); if (isset($edited_user_results_page_size)) { $UserSettings->set('results_per_page', $edited_user_results_page_size, $this->ID); } } if ($is_preferences_form || $is_identity_form && $is_new_user) { // Multiple session $multiple_sessions = $Settings->get('multiple_sessions'); if ($multiple_sessions != 'adminset_default_no' && $multiple_sessions != 'adminset_default_yes' || $current_User->check_perm('users', 'edit')) { $UserSettings->set('login_multiple_sessions', param('edited_user_set_login_multiple_sessions', 'integer', 0), $this->ID); } } return !param_errors_detected(); }
/** Email notifications **/ // Sender email address $sender_email = param('notification_sender_email', 'string', ''); param_check_email('notification_sender_email', true); $Settings->set('notification_sender_email', $sender_email); // Return path $return_path = param('notification_return_path', 'string', ''); param_check_email('notification_return_path', true); $Settings->set('notification_return_path', $return_path); // Sender name $sender_name = param('notification_sender_name', 'string', ''); param_check_not_empty('notification_sender_name'); $Settings->set('notification_sender_name', $sender_name); // Site short name $short_name = param('notification_short_name', 'string', ''); param_check_not_empty('notification_short_name'); $Settings->set('notification_short_name', $short_name); // Site long name $Settings->set('notification_long_name', param('notification_long_name', 'string', '')); // Site logo url $Settings->set('notification_logo', param('notification_logo', 'string', '')); /** Settings to decode the returned emails **/ param('repath_enabled', 'boolean', 0); $Settings->set('repath_enabled', $repath_enabled); param('repath_method', 'string', true); $Settings->set('repath_method', strtolower($repath_method)); param('repath_server_host', 'string', true); $Settings->set('repath_server_host', evo_strtolower($repath_server_host)); param('repath_server_port', 'integer', true); $Settings->set('repath_server_port', $repath_server_port); param('repath_encrypt', 'string', true);
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { global $Plugins, $msg_text, $Settings; $new_thread = empty($this->thread_ID); // Renderers: if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) $renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Message' => &$this)); $this->set_renderers($renderers); } // Text if ($Settings->get('allow_html_message')) { // HTML is allowed for messages $text_format = 'html'; } else { // HTML is disallowed for messages $text_format = 'htmlspecialchars'; } $msg_text = param('msg_text', $text_format); $this->original_text = html_entity_decode($msg_text); // This must get triggered before any internal validation and must pass all relevant params. $Plugins->trigger_event('MessageThreadFormSent', array('content' => &$msg_text, 'dont_remove_pre' => true, 'renderers' => $this->get_renderers_validated())); if (!$new_thread) { param_check_not_empty('msg_text'); } if ($text_format == 'html') { // message text may contain html, check the html sanity param_check_html('msg_text', T_('Invalid message content.')); } $this->set('text', get_param('msg_text')); // Thread if ($new_thread) { $this->Thread->load_from_Request(); } else { // this is a reply to an existing conversation, check if current User is allowed to reply $this->get_Thread(); if ($this->Thread->check_allow_reply()) { // If reply is allowed we should check if this message is not a duplicate global $DB, $current_User; // Get last message of current user in this thread $SQL = new SQL(); $SQL->SELECT('msg_text'); $SQL->FROM('T_messaging__message'); $SQL->WHERE('msg_thread_ID = ' . $this->Thread->ID); $SQL->WHERE_and('msg_author_user_ID = ' . $current_User->ID); $SQL->ORDER_BY('msg_ID DESC'); $last_message = $DB->get_var($SQL->get()); if ($last_message == $msg_text) { param_error('msg_text', T_('It seems you tried to send the same message twice. We only kept one copy.')); } } } return !param_errors_detected(); }
/** * Load data from Request form fields. * @return boolean true if loaded data seems valid. */ function load_from_Request() { global $thrd_recipients, $thrd_recipients_array; // Resipients $this->set_string_from_param('recipients', empty($thrd_recipients_array) ? true : false); // Title param('thrd_title', 'string'); param_check_not_empty('thrd_title', T_('Please enter a subject')); $this->set_from_Request('title', 'thrd_title'); // Message param_check_not_empty('msg_text', T_('Please enter a message')); $this->param_check__recipients('thrd_recipients', $thrd_recipients, $thrd_recipients_array); return !param_errors_detected(); }
* 1) 'file' * 2) 'import' */ param('action', 'string'); if (!empty($action)) { // Try to obtain some serious time to do some serious processing (15 minutes) set_max_execution_time(900); // Turn off the output buffering to do the correct work of the function flush() @ini_set('output_buffering', 'off'); } switch ($action) { case 'import': // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('wpxml'); $wp_blog_ID = param('wp_blog_ID', 'integer', 0); param_check_not_empty('wp_blog_ID', T_('Please select a blog!')); // XML File $xml_file = param('wp_file', 'string', ''); if (empty($xml_file)) { // File is not selected param_error('wp_file', T_('Please select file to import.')); } else { if (!preg_match('/\\.(xml|txt|zip)$/i', $xml_file)) { // Extension is incorrect param_error('wp_file', sprintf(T_('«%s» has an unrecognized extension.'), $xml_file)); } } if (param_errors_detected()) { // Stop import if errors exist $action = 'file'; break;
/** * Set a string parameter from a Request form value. * * @param string Dataobject parameter name * @param boolean true to set to NULL if empty string value * @param string name of function used to clean up input * @param string name of fucntion used to validate input (TODO) * @return boolean true, if value is required */ function set_string_from_param($parname, $required = false, $cleanup_function = NULL, $validation_function = NULL, $error_message = NULL) { $var = $this->dbprefix . $parname; $value = param($var, 'string'); if (!empty($cleanup_function)) { // We want to apply a cleanup function: $GLOBALS[$var] = $value = $cleanup_function($value); } if ($required) { param_check_not_empty($var); } if ($validation_function != NULL) { param_validate($var, $validation_function, $required, $error_message); } return $this->set($parname, $value, !$required); }
if ($users_numbers['newsletter'] == 0) { // No users for newsletter $Messages->add(T_('No found active accounts which accept newsletter email. Please try to change the filter of users list.'), 'note'); } param_action(); /* * Perform actions: */ switch ($action) { case 'preview': // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('newsletter'); param('title', 'string'); param_check_not_empty('title', T_('Please enter a title.')); param('message', 'text'); param_check_not_empty('message', T_('Please enter a message.')); $Session->set('newsletter_title', $title); $Session->set('newsletter_message', $message); $Session->dbsave(); if ($Messages->has_errors()) { // Errors header_redirect($admin_url . '?ctrl=newsletter'); } break; case 'send': // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('newsletter'); $Messages->add(T_('Newsletter is sending now, please see a report below...'), 'success'); break; } $AdminUI->breadcrumbpath_init(false);
/** * Load data from Request form fields. * * @param array groups of params to load * @return boolean true if loaded data seems valid. */ function load_from_Request($groups = array()) { global $Messages, $default_locale, $DB; /** * @var User */ global $current_User; // Load collection settings and clear update cascade array $this->load_CollectionSettings(); if (param('blog_name', 'string', NULL) !== NULL) { // General params: $this->set_from_Request('name'); $this->set('shortname', param('blog_shortname', 'string', true)); // Language / locale: if (param('blog_locale', 'string', NULL) !== NULL) { // These settings can be hidden when only one locale is enaled in the system $this->set_from_Request('locale'); $this->set_setting('locale_source', param('blog_locale_source', 'string', 'blog')); $this->set_setting('post_locale_source', param('blog_post_locale_source', 'string', 'post')); } // Collection permissions: $this->set('advanced_perms', param('advanced_perms', 'integer', 0)); $this->set_setting('allow_access', param('blog_allow_access', 'string', '')); if ($this->get_setting('allow_access') == 'users' || $this->get_setting('allow_access') == 'members') { // Disable site maps, feeds and ping plugins when access is restricted on this blog $this->set_setting('enable_sitemaps', 0); $this->set_setting('feed_content', 'none'); $this->set_setting('ping_plugins', ''); } // Lists of collections: $this->set('order', param('blog_order', 'integer')); $this->set('in_bloglist', param('blog_in_bloglist', 'string', 'public')); $this->set('favorite', param('favorite', 'integer', 0)); } if (param('archive_links', 'string', NULL) !== NULL) { // Archive link type: $this->set_setting('archive_links', get_param('archive_links')); $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true); } if (param('chapter_links', 'string', NULL) !== NULL) { // Chapter link type: $this->set_setting('chapter_links', get_param('chapter_links')); } if (param('category_prefix', 'string', NULL) !== NULL) { $category_prefix = get_param('category_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) { param_error('category_prefix', T_('Invalid category prefix.')); } $this->set_setting('category_prefix', $category_prefix); } if (param('atom_redirect', 'string', NULL) !== NULL) { param_check_url('atom_redirect', 'commenting'); $this->set_setting('atom_redirect', get_param('atom_redirect')); param('rss2_redirect', 'string', NULL); param_check_url('rss2_redirect', 'commenting'); $this->set_setting('rss2_redirect', get_param('rss2_redirect')); } if (param('image_size', 'string', NULL) !== NULL) { $this->set_setting('image_size', get_param('image_size')); } if (param('tag_links', 'string', NULL) !== NULL) { // Tag page link type: $this->set_setting('tag_links', get_param('tag_links')); } if (param('tag_prefix', 'string', NULL) !== NULL) { $tag_prefix = get_param('tag_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) { param_error('tag_prefix', T_('Invalid tag prefix.')); } $this->set_setting('tag_prefix', $tag_prefix); } // Default to "tag", if "prefix-only" is used, but no tag_prefix was provided. if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) { $this->set_setting('tag_prefix', 'tag'); } // Use rel="tag" attribute? (checkbox) $this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0)); if (param('chapter_content', 'string', NULL) !== NULL) { // What kind of content on chapter pages? $this->set_setting('chapter_content', get_param('chapter_content')); } if (param('tag_content', 'string', NULL) !== NULL) { // What kind of content on tags pages? $this->set_setting('tag_content', get_param('tag_content')); } if (param('archive_content', 'string', NULL) !== NULL) { // What kind of content on archive pages? $this->set_setting('archive_content', get_param('archive_content')); } if (param('filtered_content', 'string', NULL) !== NULL) { // What kind of content on filtered pages? $this->set_setting('filtered_content', get_param('filtered_content')); } if (param('main_content', 'string', NULL) !== NULL) { // What kind of content on main pages? $this->set_setting('main_content', get_param('main_content')); } // Chapter posts per page: $this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true); // Tag posts per page: $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true); if (param('single_links', 'string', NULL) !== NULL) { // Single post link type: $this->set_setting('single_links', get_param('single_links')); } if (param('slug_limit', 'integer', NULL) !== NULL) { // Limit slug length: $this->set_setting('slug_limit', get_param('slug_limit')); } if (param('normal_skin_ID', 'integer', NULL) !== NULL) { // Normal skin ID: $this->set_setting('normal_skin_ID', get_param('normal_skin_ID')); } if (param('mobile_skin_ID', 'integer', NULL) !== NULL) { // Mobile skin ID: if (get_param('mobile_skin_ID') == 0) { // Don't store this empty setting in DB $this->delete_setting('mobile_skin_ID'); } else { // Set mobile skin $this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID')); } } if (param('tablet_skin_ID', 'integer', NULL) !== NULL) { // Tablet skin ID: if (get_param('tablet_skin_ID') == 0) { // Don't store this empty setting in DB $this->delete_setting('tablet_skin_ID'); } else { // Set tablet skin $this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID')); } } if (param('archives_sort_order', 'string', NULL) !== NULL) { // Archive sorting $this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false)); } if (param('download_delay', 'integer', NULL) !== NULL) { // Download delay param_check_range('download_delay', 0, 10, T_('Download delay must be numeric (0-10).')); $this->set_setting('download_delay', get_param('download_delay')); } if (param('feed_content', 'string', NULL) !== NULL) { // How much content in feeds? $this->set_setting('feed_content', get_param('feed_content')); param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.')); $this->set_setting('posts_per_feed', get_param('posts_per_feed')); } if (param('comment_feed_content', 'string', NULL) !== NULL) { // How much content in comment feeds? $this->set_setting('comment_feed_content', get_param('comment_feed_content')); param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.')); $this->set_setting('comments_per_feed', get_param('comments_per_feed')); } if (param('blog_shortdesc', 'string', NULL) !== NULL) { // Description: $this->set_from_Request('shortdesc'); } if (param('blog_keywords', 'string', NULL) !== NULL) { // Keywords: $this->set_from_Request('keywords'); } if (param('blog_tagline', 'html', NULL) !== NULL) { // HTML tagline: param_check_html('blog_tagline', T_('Invalid tagline')); $this->set('tagline', get_param('blog_tagline')); } if (param('blog_longdesc', 'html', NULL) !== NULL) { // HTML long description: param_check_html('blog_longdesc', T_('Invalid long description')); $this->set('longdesc', get_param('blog_longdesc')); } if (param('blog_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('blog_footer_text', T_('Invalid blog footer')); $this->set_setting('blog_footer_text', get_param('blog_footer_text')); } if (param('single_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('single_item_footer_text', T_('Invalid single post footer')); $this->set_setting('single_item_footer_text', get_param('single_item_footer_text')); } if (param('xml_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('xml_item_footer_text', T_('Invalid RSS footer')); $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text')); } if (param('blog_notes', 'html', NULL) !== NULL) { // HTML notes: param_check_html('blog_notes', T_('Invalid Blog Notes')); $this->set('notes', get_param('blog_notes')); param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.')); $this->set_setting('max_footer_credits', get_param('max_footer_credits')); } if (in_array('pings', $groups)) { // we want to load the ping checkboxes: $blog_ping_plugins = param('blog_ping_plugins', 'array:string', array()); $blog_ping_plugins = array_unique($blog_ping_plugins); $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins)); } if (in_array('authors', $groups)) { // we want to load the workflow & permissions params $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0)); } if (in_array('home', $groups)) { // we want to load the front page params: $front_disp = param('front_disp', 'string', ''); $this->set_setting('front_disp', $front_disp); $front_post_ID = param('front_post_ID', 'integer', 0); if ($front_disp == 'page') { // Post ID must be required param_check_not_empty('front_post_ID', T_('Please enter a specific post ID')); } $this->set_setting('front_post_ID', $front_post_ID); } if (in_array('features', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL)); $this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL)); $this->set_setting('default_post_status', param('default_post_status', 'string', NULL)); $this->set_setting('post_categories', param('post_categories', 'string', NULL)); $this->set_setting('post_navigation', param('post_navigation', 'string', NULL)); // Show x days or x posts?: $this->set_setting('what_to_show', param('what_to_show', 'string', '')); param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.')); $this->set_setting('posts_per_page', get_param('posts_per_page')); $this->set_setting('orderby', param('orderby', 'string', true)); $this->set_setting('orderdir', param('orderdir', 'string', true)); // Front office statuses $this->load_inskin_statuses('post'); // Time frame $this->set_setting('timestamp_min', param('timestamp_min', 'string', '')); $this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration')); $this->set_setting('timestamp_max', param('timestamp_max', 'string', '')); $this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration')); // call modules update_collection_features on this blog modules_call_method('update_collection_features', array('edited_Blog' => &$this)); // load post moderation statuses $moderation_statuses = get_visibility_statuses('moderation'); $post_moderation_statuses = array(); foreach ($moderation_statuses as $status) { if (param('post_notif_' . $status, 'integer', 0)) { $post_moderation_statuses[] = $status; } } $this->set_setting('post_moderation_statuses', implode(',', $post_moderation_statuses)); } if (in_array('comments', $groups)) { // we want to load the comments settings: // load moderation statuses $moderation_statuses = get_visibility_statuses('moderation'); $blog_moderation_statuses = array(); foreach ($moderation_statuses as $status) { if (param('notif_' . $status, 'integer', 0)) { $blog_moderation_statuses[] = $status; } } $this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses)); $this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire')); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); $this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0)); $this->set_setting('comments_register', param('comments_register', 'integer', 0)); } if (in_array('other', $groups)) { // we want to load the other settings: // Search results: param_integer_range('search_per_page', 1, 9999, T_('Number of search results per page must be between %d and %d.')); $this->set_setting('search_per_page', get_param('search_per_page')); // Latest comments : param_integer_range('latest_comments_num', 1, 9999, T_('Number of shown comments must be between %d and %d.')); $this->set_setting('latest_comments_num', get_param('latest_comments_num')); // User directory: $this->set_setting('image_size_user_list', param('image_size_user_list', 'string')); // Messaging pages: $this->set_setting('image_size_messaging', param('image_size_messaging', 'string')); // Archive pages: $this->set_setting('archive_mode', param('archive_mode', 'string', true)); } if (in_array('more', $groups)) { // we want to load more settings: // Tracking: $this->set_setting('track_unread_content', param('track_unread_content', 'integer', 0)); // Subscriptions: $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0)); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); // Sitemaps: $this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0)); } if (param('allow_comments', 'string', NULL) !== NULL) { // Feedback options: $this->set_setting('allow_comments', param('allow_comments', 'string', 'any')); $this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any')); $new_feedback_status = param('new_feedback_status', 'string', 'draft'); if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can set this setting to 'Public' $this->set_setting('new_feedback_status', $new_feedback_status); } $this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0')); $this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0')); $this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered')); $this->set_setting('max_attachments', param('max_attachments', 'integer', '')); $this->set_setting('autocomplete_usernames', param('autocomplete_usernames', 'integer', '')); $this->set_setting('display_rating_summary', param('display_rating_summary', 'string', '0')); $this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never')); $this->set_setting('rating_question', param('rating_question', 'text')); $this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0')); $blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0); if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can turn ON this setting $this->set('allowtrackbacks', $blog_allowtrackbacks); } $this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC')); // call modules update_collection_comments on this blog modules_call_method('update_collection_comments', array('edited_Blog' => &$this)); $threaded_comments = param('threaded_comments', 'integer', 0); $this->set_setting('threaded_comments', $threaded_comments); $this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0)); param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.')); $this->set_setting('comments_per_page', get_param('comments_per_page')); $this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0)); $this->set_setting('comments_latest', param('comments_latest', 'integer', 0)); // load blog front office comment statuses $this->load_inskin_statuses('comment'); } if (in_array('seo', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0)); $this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0)); $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0)); $this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0)); $this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0)); $this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0)); $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0)); $this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0)); $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0)); $this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0)); $this->set_setting('default_noindex', param('default_noindex', 'integer', 0)); $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0)); $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0)); $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0)); $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0)); $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0)); $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0)); $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0)); $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0)); $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0)); $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0)); $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0)); $this->set_setting('special_noindex', param('special_noindex', 'integer', 0)); $this->set_setting('title_link_type', param('title_link_type', 'string', '')); $this->set_setting('permalinks', param('permalinks', 'string', '')); $this->set_setting('404_response', param('404_response', 'string', '')); $this->set_setting('help_link', param('help_link', 'string', '')); $this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0)); $this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0)); $this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0)); $this->set_setting('tags_open_graph', param('tags_open_graph', 'integer', 0)); $this->set_setting('download_noindex', param('download_noindex', 'integer', 0)); $this->set_setting('download_nofollowto', param('download_nofollowto', 'integer', 0)); } /* * ADVANCED ADMIN SETTINGS */ if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) { // We have permission to edit advanced admin settings: if (in_array('cache', $groups)) { // we want to load the cache params: $this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0)); $this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0)); $this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0)); } if (in_array('styles', $groups)) { // we want to load the styles params: $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0)); $this->set('allowusercss', param('blog_allowusercss', 'integer', 0)); } if (in_array('login', $groups)) { // we want to load the login params: if (!get_setting_Blog('login_blog_ID')) { // Update this only when no blog is defined for login/registration $this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0)); } $this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0)); } if (param('blog_head_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_head_includes', T_('Invalid Custom meta tag/css section.'), '#', 'head_extension'); $this->set_setting('head_includes', get_param('blog_head_includes')); } if (param('blog_footer_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_footer_includes', T_('Invalid Custom javascript section')); $this->set_setting('footer_includes', get_param('blog_footer_includes')); } if (param('owner_login', 'string', NULL) !== NULL) { // Permissions: $UserCache =& get_UserCache(); $owner_User =& $UserCache->get_by_login(get_param('owner_login')); if (empty($owner_User)) { param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login'))); } else { $this->set('owner_user_ID', $owner_User->ID); $this->owner_User =& $owner_User; } } if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) { // check urlname if (param_check_not_empty('blog_urlname', T_('You must provide an URL collection name!'))) { if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) { param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*) FROM T_blogs WHERE blog_urlname = ' . $DB->quote($blog_urlname) . ' AND blog_ID <> ' . $this->ID)) { // urlname is already in use param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another collection. Please choose another name.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname)) { // Set new urlname and save old media dir in order to rename folder to new $old_media_dir = $this->get_media_dir(false); $this->set_from_Request('urlname'); } } } if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) { // Blog URL parameters: // Note: We must avoid to set an invalid url, because the new blog url will be displayed in the evobar even if it was not saved $allow_new_access_type = true; if ($access_type == 'absolute') { $blog_siteurl = param('blog_siteurl_absolute', 'string', true); if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) { // It looks like valid absolute URL, so we may update the blog siteurl $this->set('siteurl', $blog_siteurl); } else { // It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors $allow_new_access_type = false; // If site url is not updated do not allow access_type update either $Messages->add(T_('Collection Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '«' . htmlspecialchars($blog_siteurl) . '»') . '. ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error'); } } elseif ($access_type == 'relative') { // relative siteurl $blog_siteurl = param('blog_siteurl_relative', 'string', true); if (preg_match('#^https?://#', $blog_siteurl)) { $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error'); } $this->set('siteurl', $blog_siteurl); } else { $this->set('siteurl', ''); } if ($allow_new_access_type) { // The received siteurl value was correct, may update the access_type value $this->set('access_type', $access_type); } } if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) { // Aggregate list: (can be '*') $aggregate_coll_IDs = get_param('aggregate_coll_IDs'); if ($aggregate_coll_IDs != '*') { // Sanitize the string $aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs); } // fp> TODO: check perms on each aggregated blog (if changed) // fp> TODO: better interface if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) { param_error('aggregate_coll_IDs', T_('Invalid aggregate collection ID list!')); } $this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs); } $media_location = param('blog_media_location', 'string', NULL); if ($media_location !== NULL) { // Media files location: $old_media_dir = $this->get_media_dir(false); $old_media_location = $this->get('media_location'); $this->set_from_Request('media_location'); $this->set_media_subdir(param('blog_media_subdir', 'string', '')); $this->set_media_fullpath(param('blog_media_fullpath', 'string', '')); $this->set_media_url(param('blog_media_url', 'string', '')); // check params switch ($this->get('media_location')) { case 'custom': // custom path and URL global $demo_mode, $media_path; if ($this->get('media_fullpath') == '') { param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.')); } if (!preg_match('#^https?://#', $this->get('media_url'))) { param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!')); } if ($demo_mode) { $canonical_fullpath = get_canonical_path($this->get('media_fullpath')); if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) { param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.'); } } break; case 'subdir': global $media_path; if ($this->get('media_subdir') == '') { param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.')); } else { // Test if it's below $media_path (subdir!) $canonical_path = get_canonical_path($media_path . $this->get('media_subdir')); if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir')))); } else { // Validate if it's a valid directory name: $subdir = no_trailing_slash(substr($canonical_path, strlen($media_path))); if ($error = validate_dirname($subdir)) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error); syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $subdir . '</b>'), 'warning', 'file'); } } } break; } } if (!param_errors_detected() && !empty($old_media_dir)) { // No error were detected before and possibly the media directory path was updated, check if it can be managed $this->check_media_dir_change($old_media_dir, isset($old_media_location) ? $old_media_location : NULL); } } return !param_errors_detected(); }
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { // Category param('goal_gcat_ID', 'integer', true); param_check_not_empty('goal_gcat_ID', T_('Please select a category.')); $this->set_from_Request('gcat_ID'); // Name $this->set_string_from_param('name', true); // Key $this->set_string_from_param('key', true); // Temporary Redirection URL: $this->set_string_from_param('temp_redir_url'); // Normal Redirection URL: param('goal_redir_url', 'string'); if ($this->get('temp_redir_url') != '') { // Normal Redirection URL is required when Temporary Redirection URL is not empty param_check_not_empty('goal_redir_url', T_('Please enter Normal Redirection URL.')); } $this->set_from_Request('redir_url'); if ($this->get('temp_redir_url') != '' && $this->get('temp_redir_url') == $this->get('redir_url')) { // Compare normal and temp urls param_error('goal_temp_redir_url', T_('Temporary Redirection URL should not be equal to Normal Redirection URL')); param_error('goal_redir_url', NULL, ''); } // Temporary Start $temp_start_date = param_date('goal_temp_start_date', T_('Please enter a valid date.'), false); if (!empty($temp_start_date)) { $temp_start_time = param('goal_temp_start_time', 'string'); $temp_start_time = empty($temp_start_time) ? '00:00:00' : param_time('goal_temp_start_time'); $this->set('temp_start_ts', form_date($temp_start_date, $temp_start_time)); } else { $this->set('temp_start_ts', NULL); } // Temporary End $temp_end_date = param_date('goal_temp_end_date', T_('Please enter a valid date.'), false); if (!empty($temp_end_date)) { $temp_end_time = param('goal_temp_end_time', 'string'); $temp_end_time = empty($temp_end_time) ? '00:00:00' : param_time('goal_temp_end_time'); $this->set('temp_end_ts', form_date($temp_end_date, $temp_end_time)); } else { $this->set('temp_end_ts', NULL); } if ($this->get('temp_start_ts') !== NULL && $this->get('temp_end_ts') !== NULL && strtotime($this->get('temp_start_ts')) >= strtotime($this->get('temp_end_ts'))) { // Compare Start and End dates param_error('goal_temp_start_date', NULL, ''); param_error('goal_temp_start_time', NULL, ''); param_error('goal_temp_end_date', NULL, ''); param_error('goal_temp_end_time', T_('Temporary Start Date/Time should not be greater than Temporary End Date/Time')); } // Default value: param('goal_default_value', 'string'); param_check_decimal('goal_default_value', T_('Default value must be a number.')); $this->set_from_Request('default_value', 'goal_default_value', true); // Notes param('goal_notes', 'text'); $this->set_from_Request('notes', 'goal_notes'); return !param_errors_detected(); }
/** * Load data from Request form fields. * * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set). * * @param boolean true if we are returning to edit mode (new, switchtab...) * @return boolean true if loaded data seems valid. */ function load_from_Request($editing = false, $creating = false) { global $default_locale, $current_User, $localtimenow; global $posttypes_reserved_IDs, $item_typ_ID; // LOCALE: if (param('post_locale', 'string', NULL) !== NULL) { $this->set_from_Request('locale'); } // POST TYPE: $item_typ_ID = get_param('item_typ_ID'); if (empty($item_typ_ID)) { // Try to get this from request if it has been not initialized by controller: $item_typ_ID = param('item_typ_ID', 'integer', NULL); } if (!empty($item_typ_ID)) { // Set new post type ID only if it is defined on request: $this->set('ityp_ID', $item_typ_ID); } // URL associated with Item: $post_url = param('post_url', 'string', NULL); if ($post_url !== NULL) { param_check_url('post_url', 'posting', ''); $this->set_from_Request('url'); } if (empty($post_url) && $this->get_type_setting('use_url') == 'required') { // URL must be entered param_check_not_empty('post_url', T_('Please provide a "Link To" URL.'), ''); } // Item parent ID: $post_parent_ID = param('post_parent_ID', 'integer', NULL); if ($post_parent_ID !== NULL) { // If item parent ID is entered: $ItemCache =& get_ItemCache(); if ($ItemCache->get_by_ID($post_parent_ID, false, false)) { // Save only ID of existing item: $this->set_from_Request('parent_ID'); } else { // Display an error of the entered item parent ID is incorrect: param_error('post_parent_ID', T_('The parent ID is not a correct Item ID.')); } } if (empty($post_parent_ID)) { // If empty parent ID is entered: if ($this->get_type_setting('use_parent') == 'required') { // Item parent ID must be entered: param_check_not_empty('post_parent_ID', T_('Please provide a parent ID.'), ''); } else { // Remove parent ID: $this->set_from_Request('parent_ID'); } } if ($this->status == 'redirected' && empty($this->url)) { // Note: post_url is not part of the simple form, so this message can be a little bit awkward there param_error('post_url', T_('If you want to redirect this post, you must specify an URL!') . ' (' . T_('Advanced properties panel') . ')', T_('If you want to redirect this post, you must specify an URL!')); } // ISSUE DATE / TIMESTAMP: $this->load_Blog(); if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) { // Allow to update timestamp fields only if user has a permission to edit such fields // and also if user has an access to back-office $item_dateset = param('item_dateset', 'integer', NULL); if ($item_dateset !== NULL) { $this->set('dateset', $item_dateset); if ($editing || $this->dateset == 1) { // We can use user date: if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) { // only set it, if a (valid) date and time was given: $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time'))); // TODO: cleanup... } } elseif ($this->dateset == 0) { // Set date to NOW: $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow)); } } } // DEADLINE: if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) { $this->set_from_Request('datedeadline', 'item_deadline', true); } // SLUG: if (param('post_urltitle', 'string', NULL) !== NULL) { $this->set_from_Request('urltitle'); } // <title> TAG: $titletag = param('titletag', 'string', NULL); if ($titletag !== NULL) { $this->set_from_Request('titletag', 'titletag'); } if (empty($titletag) && $this->get_type_setting('use_title_tag') == 'required') { // Title tag must be entered param_check_not_empty('titletag', T_('Please provide a title tag.'), ''); } // <meta> DESC: $metadesc = param('metadesc', 'string', NULL); if ($metadesc !== NULL) { $this->set_setting('metadesc', get_param('metadesc')); } if (empty($metadesc) && $this->get_type_setting('use_meta_desc') == 'required') { // Meta description must be entered param_check_not_empty('metadesc', T_('Please provide a meta description.'), ''); } // <meta> KEYWORDS: $metakeywords = param('metakeywords', 'string', NULL); if ($metakeywords !== NULL) { $this->set_setting('metakeywords', get_param('metakeywords')); } if (empty($metakeywords) && $this->get_type_setting('use_meta_keywds') == 'required') { // Meta keywords must be entered param_check_not_empty('metakeywords', T_('Please provide the meta keywords.'), ''); } // TAGS: if ($current_User->check_perm('admin', 'restricted')) { // User should has an access to back-office to edit tags $item_tags = param('item_tags', 'string', NULL); if ($item_tags !== NULL) { $this->set_tags_from_string(get_param('item_tags')); // Update setting 'suggest_item_tags' of the current User global $UserSettings; $UserSettings->set('suggest_item_tags', param('suggest_item_tags', 'integer', 0)); $UserSettings->dbupdate(); } if (empty($item_tags) && $this->get_type_setting('use_tags') == 'required') { // Tags must be entered param_check_not_empty('item_tags', T_('Please provide at least one tag.'), ''); } } // WORKFLOW stuff: param('item_st_ID', 'integer', NULL); $this->set_from_Request('pst_ID', 'item_st_ID', true); $item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL); $item_assigned_user_login = param('item_assigned_user_login', 'string', NULL); $this->assign_to($item_assigned_user_ID, $item_assigned_user_login); $item_priority = param('item_priority', 'integer', NULL); if ($item_priority !== NULL) { // Set task priority only if it is gone from form $this->set_from_Request('priority', 'item_priority', true); } // FEATURED checkbox: $this->set('featured', param('item_featured', 'integer', 0), false); // HIDE TEASER checkbox: $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0)); $goal_ID = param('goal_ID', 'integer', NULL); if ($goal_ID !== NULL) { // Goal ID $this->set_setting('goal_ID', $goal_ID, true); } // ORDER: param('item_order', 'double', NULL); $this->set_from_Request('order', 'item_order', true); // OWNER: $this->creator_user_login = param('item_owner_login', 'string', NULL); if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) { // only admins can change the owner.. if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) { $this->set_creator_by_login($this->creator_user_login); } } // LOCATION COORDINATES: if ($this->get_type_setting('use_coordinates') != 'never') { // location coordinates are enabled, save map settings param('item_latitude', 'double', NULL); // get par value $this->set_setting('latitude', get_param('item_latitude'), true); param('item_longitude', 'double', NULL); // get par value $this->set_setting('longitude', get_param('item_longitude'), true); param('google_map_zoom', 'integer', NULL); // get par value $this->set_setting('map_zoom', get_param('google_map_zoom'), true); param('google_map_type', 'string', NULL); // get par value $this->set_setting('map_type', get_param('google_map_type'), true); if ($this->get_type_setting('use_coordinates') == 'required') { // The location coordinates are required param_check_not_empty('item_latitude', T_('Please provide a latitude.'), ''); param_check_not_empty('item_longitude', T_('Please provide a longitude.'), ''); } } // CUSTOM FIELDS: $custom_fields = $this->get_type_custom_fields(); foreach ($custom_fields as $custom_field) { // update each custom field $param_name = 'item_' . $custom_field['type'] . '_' . $custom_field['ID']; if (isset_param($param_name)) { // param is set $param_type = $custom_field['type'] == 'varchar' ? 'string' : $custom_field['type']; param($param_name, $param_type, NULL); // get par value $custom_field_make_null = $custom_field['type'] != 'double'; // store '0' values in DB for numeric fields $this->set_setting('custom_' . $custom_field['type'] . '_' . $custom_field['ID'], get_param($param_name), $custom_field_make_null); } } // COMMENTS: if ($this->allow_comment_statuses()) { // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and by current post type $post_comment_status = param('post_comment_status', 'string', 'open'); if (!empty($post_comment_status)) { // 'open' or 'closed' or ... $this->set_from_Request('comment_status'); } } // EXPIRY DELAY: $expiry_delay = param_duration('expiry_delay'); if (empty($expiry_delay)) { // Check if we have 'expiry_delay' param set as string from simple or mass form $expiry_delay = param('expiry_delay', 'string', NULL); } if (empty($expiry_delay) && $this->get_type_setting('use_comment_expiration') == 'required') { // Comment expiration must be entered param_check_not_empty('expiry_delay', T_('Please provide a comment expiration delay.'), ''); } $this->set_setting('comment_expiry_delay', $expiry_delay, true); // EXTRA PARAMS FROM MODULES: modules_call_method('update_item_settings', array('edited_Item' => $this)); // RENDERERS: if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) global $Plugins; $renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Item' => &$this)); $this->set('renderers', $renderers); } else { $renderers = $this->get_renderers_validated(); } // CONTENT + TITLE: if ($this->get_type_setting('allow_html')) { // HTML is allowed for this post, we'll accept HTML tags: $text_format = 'html'; } else { // HTML is disallowed for this post, we'll encode all special chars: $text_format = 'htmlspecialchars'; } $editor_code = param('editor_code', 'string', NULL); if ($editor_code) { // Update item editor code if it was explicitly set $this->set_setting('editor_code', $editor_code); } $content = param('content', $text_format, NULL); if ($content !== NULL) { // Never allow html content on post titles: (fp> probably so as to not mess up backoffice and all sorts of tools) param('post_title', 'htmlspecialchars', NULL); // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Plugins_admin(); $params = array('object_type' => 'Item', 'object' => &$this, 'object_Blog' => &$this->Blog); $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params); // Title checking: $use_title = $this->get_type_setting('use_title'); if ((!$editing || $creating) && $use_title == 'required') { param_check_not_empty('post_title', T_('Please provide a title.'), ''); } // Format raw HTML input to cleaned up and validated HTML: param_check_html('content', T_('Invalid content.')); $content = prepare_item_content(get_param('content')); $this->set('content', $content); $this->set('title', get_param('post_title')); } if (empty($content) && $this->get_type_setting('use_text') == 'required') { // Content must be entered param_check_not_empty('content', T_('Please enter some text.'), ''); } // EXCERPT: (must come after content (to handle excerpt_autogenerated)) $post_excerpt = param('post_excerpt', 'text', NULL); if ($post_excerpt !== NULL && $post_excerpt != $this->excerpt) { $this->set('excerpt_autogenerated', 0); // Set this to the '0' for saving a field 'excerpt' from a request $this->set_from_Request('excerpt'); } if (empty($post_excerpt) && $this->get_type_setting('use_excerpt') == 'required') { // Content must be entered param_check_not_empty('post_excerpt', T_('Please provide an excerpt.'), ''); } // LOCATION (COUNTRY -> CITY): load_funcs('regional/model/_regional.funcs.php'); // Check if this item has a special post type. Location is not required for special posts. $not_special_post = !$this->is_special(); if ($this->country_visible()) { // Save country $country_ID = param('item_ctry_ID', 'integer', 0); $country_is_required = $this->get_type_setting('use_country') == 'required' && $not_special_post && countries_exist(); param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required); $this->set_from_Request('ctry_ID', 'item_ctry_ID', true); } if ($this->region_visible()) { // Save region $region_ID = param('item_rgn_ID', 'integer', 0); $region_is_required = $this->get_type_setting('use_region') == 'required' && $not_special_post && regions_exist($country_ID); param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required); $this->set_from_Request('rgn_ID', 'item_rgn_ID', true); } if ($this->subregion_visible()) { // Save subregion $subregion_ID = param('item_subrg_ID', 'integer', 0); $subregion_is_required = $this->get_type_setting('use_sub_region') == 'required' && $not_special_post && subregions_exist($region_ID); param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required); $this->set_from_Request('subrg_ID', 'item_subrg_ID', true); } if ($this->city_visible()) { // Save city param('item_city_ID', 'integer', 0); $city_is_required = $this->get_type_setting('use_city') == 'required' && $not_special_post && cities_exist($country_ID, $region_ID, $subregion_ID); param_check_number('item_city_ID', T_('Please select a city'), $city_is_required); $this->set_from_Request('city_ID', 'item_city_ID', true); } return !param_errors_detected(); }
$new_Group->set('ID', 0); $edited_Group =& $new_Group; } else { // We use an empty group: $edited_Group =& new Group(); } break; case 'groupupdate': if (empty($edited_Group) || !is_object($edited_Group)) { $Messages->add('No group set!'); // Needs no translation, should be prevented by UI. $action = 'list'; break; } param('edited_grp_name', 'string'); param_check_not_empty('edited_grp_name', T_('You must provide a group name!')); // check if the group name already exists for another group $query = 'SELECT grp_ID FROM T_groups WHERE grp_name = ' . $DB->quote($edited_grp_name) . ' AND grp_ID != ' . $edited_Group->ID; if ($q = $DB->get_var($query)) { param_error('edited_grp_name', sprintf(T_('This group name already exists! Do you want to <a %s>edit the existing group</a>?'), 'href="?ctrl=users&grp_ID=' . $q . '"')); } $edited_Group->set('name', $edited_grp_name); $edited_Group->set('perm_blogs', param('edited_grp_perm_blogs', 'string', true)); $edited_Group->set('perm_bypass_antispam', param('apply_antispam', 'integer', 0) ? 0 : 1); $edited_Group->set('perm_xhtmlvalidation', param('perm_xhtmlvalidation', 'string', true)); $edited_Group->set('perm_xhtmlvalidation_xmlrpc', param('perm_xhtmlvalidation_xmlrpc', 'string', true)); $edited_Group->set('perm_xhtml_css_tweaks', param('prevent_css_tweaks', 'integer', 0) ? 0 : 1); $edited_Group->set('perm_xhtml_iframes', param('prevent_iframes', 'integer', 0) ? 0 : 1); $edited_Group->set('perm_xhtml_javascript', param('prevent_javascript', 'integer', 0) ? 0 : 1);
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { $new_thread = empty($this->thread_ID); // Text // WARNING: the messages may contain MALICIOUS HTML and javascript snippets. They must ALWAYS be ESCAPED prior to display! param('msg_text', 'html'); if (!$new_thread) { param_check_not_empty('msg_text'); } $this->set('text', get_param('msg_text')); // Thread if ($new_thread) { $this->Thread->load_from_Request(); } else { // this is a reply to an existing conversation, check if current User is allowed to reply $this->get_Thread(); $this->Thread->check_allow_reply(); } return !param_errors_detected(); }
// Item of new reply comment is not same $Messages->add(T_('The ID of the parent comment must belong to the same post.'), 'error'); } } else { // Deny wrong comment ID $in_reply_to_cmt_ID = NULL; } $edited_Comment->set('in_reply_to_cmt_ID', $in_reply_to_cmt_ID, true); } // Trigger event: a Plugin could add a $category="error" message here.. // This must get triggered before any internal validation and must pass all relevant params. // The OpenID plugin will validate a given OpenID here (via redirect and coming back here). $Plugins->trigger_event('CommentFormSent', array('dont_remove_pre' => true, 'comment_item_ID' => $edited_Comment_Item->ID, 'comment' => &$content, 'renderers' => $edited_Comment->get_renderers())); param_check_html('content', T_('Invalid comment text.')); // Check this is backoffice content (NOT with comment rules) param_check_not_empty('content', T_('Empty comment content is not allowed.')); $edited_Comment->set('content', get_param('content')); if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $Blog->ID)) { // We use user date param_date('comment_issue_date', T_('Please enter a valid comment date.'), true); if (strlen(get_param('comment_issue_date'))) { // only set it, if a date was given: param_time('comment_issue_time'); $edited_Comment->set('date', form_date(get_param('comment_issue_date'), get_param('comment_issue_time'))); // TODO: cleanup... } } param('comment_rating', 'integer', NULL); $edited_Comment->set_from_Request('rating'); $comment_status = param('comment_status', 'string', NULL); if ($action == 'update_publish') {
/** * Load data from Request form fields. * * @param array groups of params to load * @return boolean true if loaded data seems valid. */ function load_from_Request($groups = array()) { global $Messages, $default_locale, $DB; /** * @var User */ global $current_User; // Load collection settings and clear update cascade array $this->load_CollectionSettings(); $this->CollectionSettings->clear_update_cascade(); if (param('blog_name', 'string', NULL) !== NULL) { // General params: $this->set_from_Request('name'); $this->set('shortname', param('blog_shortname', 'string', true)); $this->set('locale', param('blog_locale', 'string', $default_locale)); } if (param('archive_links', 'string', NULL) !== NULL) { // Archive link type: $this->set_setting('archive_links', get_param('archive_links')); $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true); } if (param('chapter_links', 'string', NULL) !== NULL) { // Chapter link type: $this->set_setting('chapter_links', get_param('chapter_links')); } if (param('category_prefix', 'string', NULL) !== NULL) { $category_prefix = get_param('category_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) { param_error('category_prefix', T_('Invalid category prefix.')); } $this->set_setting('category_prefix', $category_prefix); } if (param('atom_redirect', 'string', NULL) !== NULL) { param_check_url('atom_redirect', 'commenting'); $this->set_setting('atom_redirect', get_param('atom_redirect')); param('rss2_redirect', 'string', NULL); param_check_url('rss2_redirect', 'commenting'); $this->set_setting('rss2_redirect', get_param('rss2_redirect')); } if (param('image_size', 'string', NULL) !== NULL) { $this->set_setting('image_size', get_param('image_size')); } if (param('tag_links', 'string', NULL) !== NULL) { // Tag page link type: $this->set_setting('tag_links', get_param('tag_links')); } if (param('tag_prefix', 'string', NULL) !== NULL) { $tag_prefix = get_param('tag_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) { param_error('tag_prefix', T_('Invalid tag prefix.')); } $this->set_setting('tag_prefix', $tag_prefix); } // Default to "tag", if "prefix-only" is used, but no tag_prefix was provided. if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) { $this->set_setting('tag_prefix', 'tag'); } // Use rel="tag" attribute? (checkbox) $this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0)); if (param('chapter_content', 'string', NULL) !== NULL) { // What kind of content on chapter pages? $this->set_setting('chapter_content', get_param('chapter_content')); } if (param('tag_content', 'string', NULL) !== NULL) { // What kind of content on tags pages? $this->set_setting('tag_content', get_param('tag_content')); } if (param('archive_content', 'string', NULL) !== NULL) { // What kind of content on archive pages? $this->set_setting('archive_content', get_param('archive_content')); } if (param('filtered_content', 'string', NULL) !== NULL) { // What kind of content on filtered pages? $this->set_setting('filtered_content', get_param('filtered_content')); } if (param('main_content', 'string', NULL) !== NULL) { // What kind of content on main pages? $this->set_setting('main_content', get_param('main_content')); } // Chapter posts per page: $this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true); // Tag posts per page: $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true); if (param('single_links', 'string', NULL) !== NULL) { // Single post link type: $this->set_setting('single_links', get_param('single_links')); } if (param('slug_limit', 'integer', NULL) !== NULL) { // Limit slug length: $this->set_setting('slug_limit', get_param('slug_limit')); } if (param('normal_skin_ID', 'integer', NULL) !== NULL) { // Default blog: $this->set_setting('normal_skin_ID', get_param('normal_skin_ID')); } if (param('mobile_skin_ID', 'integer', NULL) !== NULL) { // Default blog: $this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID')); } if (param('tablet_skin_ID', 'integer', NULL) !== NULL) { // Default blog: $this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID')); } if (param('archives_sort_order', 'string', NULL) !== NULL) { $this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false)); } if (param('feed_content', 'string', NULL) !== NULL) { // How much content in feeds? $this->set_setting('feed_content', get_param('feed_content')); param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.')); $this->set_setting('posts_per_feed', get_param('posts_per_feed')); } if (param('comment_feed_content', 'string', NULL) !== NULL) { // How much content in comment feeds? $this->set_setting('comment_feed_content', get_param('comment_feed_content')); param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.')); $this->set_setting('comments_per_feed', get_param('comments_per_feed')); } if (param('require_title', 'string', NULL) !== NULL) { // Title for items required? $this->set_setting('require_title', get_param('require_title')); } if (param('blog_description', 'string', NULL) !== NULL) { // Description: $this->set_from_Request('shortdesc', 'blog_description'); } if (param('blog_keywords', 'string', NULL) !== NULL) { // Keywords: $this->set_from_Request('keywords'); } if (param('blog_tagline', 'html', NULL) !== NULL) { // HTML tagline: param_check_html('blog_tagline', T_('Invalid tagline')); $this->set('tagline', get_param('blog_tagline')); } if (param('blog_longdesc', 'html', NULL) !== NULL) { // HTML long description: param_check_html('blog_longdesc', T_('Invalid long description')); $this->set('longdesc', get_param('blog_longdesc')); } if (param('blog_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('blog_footer_text', T_('Invalid blog footer')); $this->set_setting('blog_footer_text', get_param('blog_footer_text')); } if (param('single_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('single_item_footer_text', T_('Invalid single post footer')); $this->set_setting('single_item_footer_text', get_param('single_item_footer_text')); } if (param('xml_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('xml_item_footer_text', T_('Invalid RSS footer')); $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text')); } if (param('blog_notes', 'html', NULL) !== NULL) { // HTML notes: param_check_html('blog_notes', T_('Invalid Blog Notes')); $this->set('notes', get_param('blog_notes')); param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.')); $this->set_setting('max_footer_credits', get_param('max_footer_credits')); } if (in_array('pings', $groups)) { // we want to load the ping checkboxes: $blog_ping_plugins = param('blog_ping_plugins', 'array/string', array()); $blog_ping_plugins = array_unique($blog_ping_plugins); $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins)); } if (in_array('authors', $groups)) { // we want to load the multiple authors params $this->set('advanced_perms', param('advanced_perms', 'integer', 0)); $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0)); } if (in_array('features', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('allow_html_post', param('allow_html_post', 'integer', 0)); $this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL)); $this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL)); $this->set_setting('default_post_status', param('default_post_status', 'string', NULL)); $this->set_setting('post_categories', param('post_categories', 'string', NULL)); $this->set_setting('post_navigation', param('post_navigation', 'string', NULL)); // Show x days or x posts?: $this->set_setting('what_to_show', param('what_to_show', 'string', '')); param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.')); $this->set_setting('posts_per_page', get_param('posts_per_page')); $this->set_setting('orderby', param('orderby', 'string', true)); $this->set_setting('orderdir', param('orderdir', 'string', true)); // Time frame $this->set_setting('timestamp_min', param('timestamp_min', 'string', '')); $this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration')); $this->set_setting('timestamp_max', param('timestamp_max', 'string', '')); $this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration')); // Location $location_country = param('location_country', 'string', 'hidden'); $location_region = param('location_region', 'string', 'hidden'); $location_subregion = param('location_subregion', 'string', 'hidden'); $location_city = param('location_city', 'string', 'hidden'); if ($location_city == 'required') { // If city is required - all location fields also are required $location_country = $location_region = $location_subregion = 'required'; } else { if ($location_subregion == 'required') { // If subregion is required - country & region fields also are required $location_country = $location_region = 'required'; } else { if ($location_region == 'required') { // If region is required - country field also is required $location_country = 'required'; } } } $this->set_setting('location_country', $location_country); $this->set_setting('location_region', $location_region); $this->set_setting('location_subregion', $location_subregion); $this->set_setting('location_city', $location_city); // Set to show Latitude & Longitude params for this blog items $this->set_setting('show_location_coordinates', param('show_location_coordinates', 'integer', 0)); // Load custom double & varchar fields $custom_field_names = array(); $this->load_custom_fields('double', $update_cascade_query, $custom_field_names); $this->load_custom_fields('varchar', $update_cascade_query, $custom_field_names); if (!empty($update_cascade_query)) { // Some custom fields were deleted and these fields must be deleted from the item settings table also. Add required query. $this->CollectionSettings->add_update_cascade($update_cascade_query); } // call modules update_collection_features on this blog modules_call_method('update_collection_features', array('edited_Blog' => &$this)); } if (in_array('comments', $groups)) { // we want to load the workflow checkboxes: // load moderation statuses $moderation_statuses = get_visibility_statuses('moderation'); $blog_moderation_statuses = array(); foreach ($moderation_statuses as $status) { if (param('notif_' . $status, 'integer', 0)) { $blog_moderation_statuses[] = $status; } } $this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses)); $this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire')); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); $this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0)); $this->set_setting('comments_register', param('comments_register', 'integer', 0)); } if (in_array('other', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0)); $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0)); $this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0)); // Public blog list $this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0)); $this->set_setting('image_size_user_list', param('image_size_user_list', 'string')); $this->set_setting('image_size_messaging', param('image_size_messaging', 'string')); $this->set_setting('archive_mode', param('archive_mode', 'string', true)); } if (param('allow_comments', 'string', NULL) !== NULL) { // Feedback options: $this->set_setting('allow_comments', param('allow_comments', 'string', 'any')); $this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any')); $new_feedback_status = param('new_feedback_status', 'string', 'draft'); if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can set this setting to 'Public' $this->set_setting('new_feedback_status', $new_feedback_status); } $this->set_setting('disable_comments_bypost', param('disable_comments_bypost', 'string', '0')); $this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0')); $this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0')); $this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered')); $this->set_setting('max_attachments', param('max_attachments', 'integer', '')); $this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never')); $this->set_setting('rating_question', param('rating_question', 'text')); $this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0')); $blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0); if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) { // Only admin can turn ON this setting $this->set('allowtrackbacks', $blog_allowtrackbacks); } $this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC')); // call modules update_collection_comments on this blog modules_call_method('update_collection_comments', array('edited_Blog' => &$this)); $threaded_comments = param('threaded_comments', 'integer', 0); $this->set_setting('threaded_comments', $threaded_comments); $this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0)); param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.')); $this->set_setting('comments_per_page', get_param('comments_per_page')); $this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0)); $this->set_setting('comments_latest', param('comments_latest', 'integer', 0)); } if (in_array('seo', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0)); $this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0)); $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0)); $this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0)); $this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0)); $this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0)); $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0)); $this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0)); $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0)); $this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0)); $this->set_setting('default_noindex', param('default_noindex', 'integer', 0)); $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0)); $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0)); $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0)); $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0)); $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0)); $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0)); $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0)); $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0)); $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0)); $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0)); $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0)); $this->set_setting('special_noindex', param('special_noindex', 'integer', 0)); $this->set_setting('title_link_type', param('title_link_type', 'string', '')); $this->set_setting('permalinks', param('permalinks', 'string', '')); $this->set_setting('404_response', param('404_response', 'string', '')); $this->set_setting('help_link', param('help_link', 'string', '')); $this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0)); $this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0)); $this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0)); } /* * ADVANCED ADMIN SETTINGS */ if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) { // We have permission to edit advanced admin settings: if (in_array('cache', $groups)) { // we want to load the cache params: $this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0)); $this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0)); $this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0)); } if (in_array('styles', $groups)) { // we want to load the styles params: $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0)); $this->set('allowusercss', param('blog_allowusercss', 'integer', 0)); } if (in_array('login', $groups)) { // we want to load the login params: $this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0)); $this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0)); } if (param('blog_head_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_head_includes', T_('Invalid Custom meta section')); $this->set_setting('head_includes', get_param('blog_head_includes')); } if (param('blog_footer_includes', 'html', NULL) !== NULL) { // HTML header includes: param_check_html('blog_footer_includes', T_('Invalid Custom javascript section')); $this->set_setting('footer_includes', get_param('blog_footer_includes')); } if (param('owner_login', 'string', NULL) !== NULL) { // Permissions: $UserCache =& get_UserCache(); $owner_User =& $UserCache->get_by_login(get_param('owner_login')); if (empty($owner_User)) { param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login'))); } else { $this->set('owner_user_ID', $owner_User->ID); $this->owner_User =& $owner_User; } } if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) { // check urlname if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) { if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) { param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*) FROM T_blogs WHERE blog_urlname = ' . $DB->quote($blog_urlname) . ' AND blog_ID <> ' . $this->ID)) { // urlname is already in use param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another blog. Please choose another name.'), "«{$blog_urlname}»")); $blog_urlname = NULL; } if (isset($blog_urlname)) { $this->set_from_Request('urlname'); } } } if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) { // Blog URL parameters: $this->set('access_type', $access_type); if ($access_type == 'absolute') { $blog_siteurl = param('blog_siteurl_absolute', 'string', true); if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) { // It looks like valid absolute URL, so we may update the blog siteurl $this->set('siteurl', $blog_siteurl); } else { // It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors $Messages->add(T_('Blog Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '«' . htmlspecialchars($blog_siteurl) . '»') . ' ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error'); } } elseif ($access_type == 'relative') { // relative siteurl $blog_siteurl = param('blog_siteurl_relative', 'string', true); if (preg_match('#^https?://#', $blog_siteurl)) { $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error'); } $this->set('siteurl', $blog_siteurl); } else { $this->set('siteurl', ''); } } if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) { // Aggregate list: (can be '*') $aggregate_coll_IDs = get_param('aggregate_coll_IDs'); if ($aggregate_coll_IDs != '*') { // Sanitize the string $aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs); } // fp> TODO: check perms on each aggregated blog (if changed) // fp> TODO: better interface if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) { param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!')); } $this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs); } if (param('blog_media_location', 'string', NULL) !== NULL) { // Media files location: $this->set_from_Request('media_location'); $this->set_media_subdir(param('blog_media_subdir', 'string', '')); $this->set_media_fullpath(param('blog_media_fullpath', 'string', '')); $this->set_media_url(param('blog_media_url', 'string', '')); // check params switch ($this->get('media_location')) { case 'custom': // custom path and URL global $demo_mode, $media_path; if ($this->get('media_fullpath') == '') { param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.')); } if (!preg_match('#^https?://#', $this->get('media_url'))) { param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!')); } if ($demo_mode) { $canonical_fullpath = get_canonical_path($this->get('media_fullpath')); if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) { param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.'); } } break; case 'subdir': global $media_path; if ($this->get('media_subdir') == '') { param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.')); } else { // Test if it's below $media_path (subdir!) $canonical_path = get_canonical_path($media_path . $this->get('media_subdir')); if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir')))); } else { // Validate if it's a valid directory name: $subdir = no_trailing_slash(substr($canonical_path, strlen($media_path))); if ($error = validate_dirname($subdir)) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error); } } } break; } } } return !param_errors_detected(); }
break; } $block_item_Widget = new Widget('block_item'); $block_item_Widget->title = T_('Exporting package from SVN...'); $block_item_Widget->disp_template_replaced('block_start'); $svn_url = param('svn_url', 'string', ''); $svn_folder = param('svn_folder', 'string', '/'); $svn_user = param('svn_user', 'string', false); $svn_password = param('svn_password', 'string', false); $svn_revision = param('svn_revision', 'integer'); $UserSettings->set('svn_upgrade_url', $svn_url); $UserSettings->set('svn_upgrade_folder', $svn_folder); $UserSettings->set('svn_upgrade_user', $svn_user); $UserSettings->set('svn_upgrade_revision', $svn_revision); $UserSettings->dbupdate(); $success = param_check_not_empty('svn_url', T_('Please enter the URL of repository')); $success = $success && param_check_regexp('svn_folder', '#/blogs/$#', T_('A correct SVN folder path must ends with "/blogs/')); if (!$success) { $action = 'start'; break; } $success = prepare_maintenance_dir($upgrade_path, true); if ($success) { // Set maximum execution time set_max_execution_time(2400); // 60 minutes load_class('_ext/phpsvnclient/phpsvnclient.php', 'phpsvnclient'); $phpsvnclient = new phpsvnclient($svn_url, $svn_user, $svn_password); // Get an error if it was during connecting to svn server $svn_error = $phpsvnclient->getError(); if (!empty($svn_error) || $phpsvnclient->getVersion() < 1) {
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { // Group $old_group_ID = $this->ufgp_ID; // Save old group ID to know if it was changed param_string_not_empty('ufdf_ufgp_ID', T_('Please select a group.')); $this->set_from_Request('ufgp_ID'); // Type param_string_not_empty('ufdf_type', T_('Please enter a type.')); $this->set_from_Request('type'); // Code $code = param('ufdf_code', 'string'); param_check_not_empty('ufdf_code', T_('Please provide a code to uniquely identify this field.')); param_check_regexp('ufdf_code', '#^[a-z0-9_]{1,20}$#', T_('The field code must contain only lowercase letters, digits or the "_" sign. 20 characters max.')); $this->set_from_Request('code'); // Name param_string_not_empty('ufdf_name', T_('Please enter a name.')); $this->set_from_Request('name'); // Icon name param('ufdf_icon_name', 'string'); $this->set_from_Request('icon_name', 'ufdf_icon_name', true); // Options if (param('ufdf_type', 'string') == 'list') { // Save 'Options' only for Field type == 'Option list' $ufdf_options = param('ufdf_options', 'text'); if (count(explode("\n", $ufdf_options)) < 2) { // We don't want save an option list with one item param_error('ufdf_options', T_('Please enter at least 2 options on 2 different lines.')); } elseif (utf8_strlen($ufdf_options) > 255) { // This may not happen in normal circumstances because the textarea max length is set to 255 chars // This extra check is for the case if js is not enabled or someone would try to directly edit the html param_error('ufdf_options', T_('"Options" field content can not be longer than 255 symbols.')); } $this->set('options', $ufdf_options); } // Required param_string_not_empty('ufdf_required', 'Please select Hidden, Optional, Recommended or Required.'); $this->set_from_Request('required'); // Duplicated param_string_not_empty('ufdf_duplicated', 'Please select Forbidden, Allowed or List style.'); $this->set_from_Request('duplicated'); // Order if ($old_group_ID != $this->ufgp_ID) { // Group is changing, set order as last $this->set('order', $this->get_last_order($this->ufgp_ID)); } // Suggest if (param('ufdf_type', 'string') == 'word') { // Save 'Suggest values' only for Field type == 'Single word' param('ufdf_suggest', 'integer', 0); $this->set_from_Request('suggest'); } // Bubbletip param('ufdf_bubbletip', 'text', ''); $this->set_from_Request('bubbletip', NULL, true); if (!param_errors_detected()) { // Field code must be unique, Check it only when no errors on the form if ($field_ID = $this->dbexists('ufdf_code', $this->get('code'))) { // We have a duplicate entry: param_error('ufdf_code', sprintf(T_('Another user field already uses this code. Do you want to <a %s>edit the existing user field</a>?'), 'href="?ctrl=userfields&action=edit&ufdf_ID=' . $field_ID . '"')); } } return !param_errors_detected(); }
*/ switch ($action) { case 'nil': // Do nothing break; case 'edit': $AdminUI->title = $AdminUI->title_titlearea = T_('Editing comment') . ' #' . $edited_Comment->ID; break; case 'update': // fp> TODO: $edited_Comment->load_from_Request( true ); if (!$edited_Comment->get_author_User()) { // If this is not a member comment param('newcomment_author', 'string', true); param('newcomment_author_email', 'string'); param('newcomment_author_url', 'string'); param_check_not_empty('newcomment_author', T_('Please enter and author name.'), ''); $edited_Comment->set('author', $newcomment_author); param_check_email('newcomment_author_email', false); $edited_Comment->set('author_email', $newcomment_author_email); param_check_url('newcomment_author_url', 'posting', ''); // Give posting permissions here $edited_Comment->set('author_url', $newcomment_author_url); } // Content: param('content', 'html'); param('post_autobr', 'integer', $comments_use_autobr == 'always' ? 1 : 0); param_check_html('content', T_('Invalid comment text.'), '#', $post_autobr); // Check this is backoffice content (NOT with comment rules) $edited_Comment->set('content', get_param('content')); if ($current_User->check_perm('edit_timestamp')) { // We use user date
/** * Load data from Request form fields. * * @param array groups of params to load * @return boolean true if loaded data seems valid. */ function load_from_Request($groups = array()) { global $Messages, $default_locale, $DB; /** * @var User */ global $current_User; if (param('blog_name', 'string', NULL) !== NULL) { // General params: $this->set_from_Request('name'); $this->set('shortname', param('blog_shortname', 'string', true)); $this->set('locale', param('blog_locale', 'string', $default_locale)); } if (param('archive_links', 'string', NULL) !== NULL) { // Archive link type: $this->set_setting('archive_links', get_param('archive_links')); $this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true); } if (param('chapter_links', 'string', NULL) !== NULL) { // Chapter link type: $this->set_setting('chapter_links', get_param('chapter_links')); } if (param('category_prefix', 'string', NULL) !== NULL) { $category_prefix = get_param('category_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) { param_error('category_prefix', T_('Invalid category prefix.')); } $this->set_setting('category_prefix', $category_prefix); } if (param('tag_links', 'string', NULL) !== NULL) { // Tag page link type: $this->set_setting('tag_links', get_param('tag_links')); } if (param('tag_prefix', 'string', NULL) !== NULL) { $category_prefix = get_param('tag_prefix'); if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) { param_error('tag_prefix', T_('Invalid category prefix.')); } $this->set_setting('tag_prefix', $category_prefix); } if (param('chapter_posts_per_page', 'integer', NULL) !== NULL) { // Chapter link type: $this->set_setting('chapter_posts_per_page', get_param('chapter_posts_per_page'), true); $this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true); } if (param('single_links', 'string', NULL) !== NULL) { // Single post link type: $this->set_setting('single_links', get_param('single_links')); } if (param('blog_skin_ID', 'integer', NULL) !== NULL) { // Default blog: $this->set_from_Request('skin_ID'); } if (param('what_to_show', 'string', NULL) !== NULL) { // Show x days or x posts?: $this->set_setting('what_to_show', get_param('what_to_show')); param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.')); $this->set_setting('posts_per_page', get_param('posts_per_page')); $this->set_setting('archive_mode', param('archive_mode', 'string', true)); $this->set_setting('orderby', param('orderby', 'string', true)); $this->set_setting('orderdir', param('orderdir', 'string', true)); } if (param('feed_content', 'string', NULL) !== NULL) { // How much content in feeds? $this->set_setting('feed_content', get_param('feed_content')); param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.')); $this->set_setting('posts_per_feed', get_param('posts_per_feed')); } if (param('blog_description', 'string', NULL) !== NULL) { // Description: $this->set_from_Request('shortdesc', 'blog_description'); } if (param('blog_keywords', 'string', NULL) !== NULL) { // Keywords: $this->set_from_Request('keywords'); } if (param('blog_tagline', 'html', NULL) !== NULL) { // HTML tagline: param_check_html('blog_tagline', T_('Invalid tagline')); $this->set('tagline', get_param('blog_tagline')); } if (param('blog_longdesc', 'html', NULL) !== NULL) { // HTML long description: param_check_html('blog_longdesc', T_('Invalid long description')); $this->set('longdesc', get_param('blog_longdesc')); } if (param('blog_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('blog_footer_text', T_('Invalid blog footer')); $this->set_setting('blog_footer_text', get_param('blog_footer_text')); } if (param('single_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('single_item_footer_text', T_('Invalid single post footer')); $this->set_setting('single_item_footer_text', get_param('single_item_footer_text')); } if (param('xml_item_footer_text', 'html', NULL) !== NULL) { // Blog footer: param_check_html('xml_item_footer_text', T_('Invalid RSS footer')); $this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text')); } if (param('blog_notes', 'html', NULL) !== NULL) { // HTML notes: param_check_html('blog_notes', T_('Invalid Blog Notes')); $this->set('notes', get_param('blog_notes')); } if (in_array('pings', $groups)) { // we want to load the ping checkboxes: $blog_ping_plugins = param('blog_ping_plugins', 'array', array()); $blog_ping_plugins = array_unique($blog_ping_plugins); $this->set_setting('ping_plugins', implode(',', $blog_ping_plugins)); } if (in_array('features', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0)); $this->set('advanced_perms', param('advanced_perms', 'integer', 0)); $this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0)); $this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0)); $this->set('allowusercss', param('blog_allowusercss', 'integer', 0)); } if (param('blog_allowcomments', 'string', NULL) !== NULL) { // Feedback options: $this->set_from_Request('allowcomments'); $this->set_setting('new_feedback_status', param('new_feedback_status', 'string', 'draft')); $this->set_setting('allow_rating', param('allow_rating', 'string', 'never')); $this->set('allowtrackbacks', param('blog_allowtrackbacks', 'integer', 0)); // Public blog list $this->set('in_bloglist', param('blog_in_bloglist', 'integer', 0)); } if (in_array('seo', $groups)) { // we want to load the workflow checkboxes: $this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0)); $this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0)); $this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0)); $this->set_setting('default_noindex', param('default_noindex', 'integer', 0)); $this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0)); $this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0)); $this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0)); $this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0)); $this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0)); $this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0)); $this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0)); $this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0)); $this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0)); $this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0)); $this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0)); $this->set_setting('special_noindex', param('special_noindex', 'integer', 0)); $this->set_setting('title_link_type', param('title_link_type', 'string', '')); $this->set_setting('permalinks', param('permalinks', 'string', '')); } /* * ADVANCED ADMIN SETTINGS */ if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) { // We have permission to edit advanced admin settings: if (param('owner_login', 'string', NULL) !== NULL) { // Permissions: $UserCache =& get_Cache('UserCache'); $owner_User =& $UserCache->get_by_login(get_param('owner_login'), false, false); if (empty($owner_User)) { param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login'))); } else { $this->set('owner_user_ID', $owner_User->ID); $this->owner_User =& $owner_User; } } if (param('blog_urlname', 'string', NULL) !== NULL) { // check urlname if (param_check_not_empty('blog_urlname', T_('You must provide an URL blog name!'))) { $this->set_from_Request('urlname'); if (!preg_match('|^[A-Za-z0-9\\-]+$|', $this->urlname)) { param_error('blog_urlname', T_('The url name is invalid.')); } if ($DB->get_var('SELECT COUNT(*) FROM T_blogs WHERE blog_urlname = ' . $DB->quote($this->get('urlname')) . ' AND blog_ID <> ' . $this->ID)) { // urlname is already in use param_error('blog_urlname', T_('This URL name is already in use by another blog. Please choose another name.')); } } } if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) { // Blog URL parameters: $this->set('access_type', $access_type); if ($access_type == 'absolute') { $blog_siteurl = param('blog_siteurl_absolute', 'string', true); if (!preg_match('#^https?://.+#', $blog_siteurl)) { $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'), 'error'); } $this->set('siteurl', $blog_siteurl); } elseif ($access_type == 'relative') { // relative siteurl $blog_siteurl = param('blog_siteurl_relative', 'string', true); if (preg_match('#^https?://#', $blog_siteurl)) { $Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error'); } $this->set('siteurl', $blog_siteurl); } else { $this->set('siteurl', ''); } } if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) { // Aggregate list: // fp> TODO: check perms on each aggregated blog (if changed) // fp> TODO: better interface if (!preg_match('#^([0-9]+(,[0-9]+)*)?$#', get_param('aggregate_coll_IDs'))) { param_error('aggregate_coll_IDs', T_('Invalid aggregate blog ID list!')); } $this->set_setting('aggregate_coll_IDs', get_param('aggregate_coll_IDs')); } if (param('source_file', 'string', NULL) !== NULL) { // Static file: $this->set_setting('source_file', get_param('source_file')); $this->set_setting('static_file', param('static_file', 'string', '')); } if (param('blog_media_location', 'string', NULL) !== NULL) { // Media files location: $this->set_from_Request('media_location'); $this->set_media_subdir(param('blog_media_subdir', 'string', '')); $this->set_media_fullpath(param('blog_media_fullpath', 'string', '')); $this->set_media_url(param('blog_media_url', 'string', '')); // check params switch ($this->get('media_location')) { case 'custom': // custom path and URL global $demo_mode, $media_path; if ($this->get('media_fullpath') == '') { param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.')); } if (!preg_match('#^https?://#', $this->get('media_url'))) { param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!')); } if ($demo_mode) { $canonical_fullpath = get_canonical_path($this->get('media_fullpath')); if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) { param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.'); } } break; case 'subdir': global $media_path; if ($this->get('media_subdir') == '') { param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.')); } else { // Test if it's below $media_path (subdir!) $canonical_path = get_canonical_path($media_path . $this->get('media_subdir')); if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir')))); } else { // Validate if it's a valid directory name: $subdir = substr($canonical_path, strlen($media_path)); if ($error = validate_dirname($subdir)) { param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error); } } } break; } } } return !param_errors_detected(); }
$Messages->add(T_('Category ordering has been changed.'), 'success'); header_redirect(param('redirect_to', 'url', '?ctrl=chapters&blog=' . $edited_Blog->ID), 303); // Will EXIT break; } break; case 'update_type': // Update DB: // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('collection'); // Check permissions: $current_User->check_perm('blog_properties', 'edit', true, $blog); $update_redirect_url = '?ctrl=coll_settings&tab=' . $tab . '&blog=' . $blog; param('reset', 'boolean', ''); param('type', 'string', ''); param_check_not_empty('type', T_('Please select a type')); if (param_errors_detected()) { $action = 'type'; break; } if ($reset) { // Reset all settings // Remove previous widgets, plugin and skin settings $DB->query('DELETE FROM T_widget WHERE wi_coll_ID = ' . $DB->quote($edited_Blog->ID)); $DB->query('DELETE FROM T_coll_settings WHERE cset_coll_ID = ' . $DB->quote($edited_Blog->ID) . ' AND ( cset_name LIKE "skin%" OR cset_name LIKE "plugin%" )'); // ADD DEFAULT WIDGETS: load_funcs('widgets/_widgets.funcs.php'); insert_basic_widgets($edited_Blog->ID, false, $type); }
/** * Validate variable * * @param string param name * @param string validator function name * @param boolean true if variable value can't be empty * @param custom error message * @return boolean true if OK */ function param_validate($variable, $validator, $required = false, $custom_msg = NULL) { /* Tblue> Note: is_callable() does not check whether a function is * disabled (http://www.php.net/manual/en/function.is-callable.php#79151). */ if (!is_callable($validator)) { debug_die('Validator function ' . $validator . '() is not callable!'); } if (!isset($GLOBALS[$variable])) { // Variable not set, we cannot handle this using the validator function... if ($required) { // Add error: param_check_not_empty($variable, $custom_msg); return false; } return true; } if ($GLOBALS[$variable] === '' && !$required) { // Variable is empty or not set. That's fine since it isn't required: return true; } $msg = $validator($GLOBALS[$variable]); if (!empty($msg)) { if (!empty($custom_msg)) { $msg = $custom_msg; } param_error($variable, $msg); return false; } return true; }
/** * @param string param name * @param string error message * @param string|NULL error message for form field ($err_msg gets used if === NULL). * @return boolean true if OK */ function param_string_not_empty($var, $err_msg, $field_err_msg = NULL) { param($var, 'string', true); return param_check_not_empty($var, $err_msg, $field_err_msg); }
case 'createlocale': // CREATE/EDIT locale // Check that this action request is not a CSRF hacked request: $Session->assert_received_crumb('locales'); // Check permission: $current_User->check_perm('options', 'edit', true); param('newloc_locale', 'string', true); param_check_regexp('newloc_locale', '/^[a-z]{2,3}-[A-Z]{2}.*$/', T_('Please use valid locale format.')); param('newloc_enabled', 'integer', 0); param('newloc_name', 'string', true); param('newloc_datefmt', 'string', true); param_check_not_empty('newloc_datefmt', T_('Date format cannot be empty.')); param('newloc_timefmt', 'string', true); param_check_not_empty('newloc_timefmt', T_('Time format cannot be empty.')); param('newloc_shorttimefmt', 'string', true); param_check_not_empty('newloc_shorttimefmt', T_('Short time format cannot be empty.')); param('newloc_startofweek', 'integer', 0); param('newloc_priority', 'integer', 1); param_check_range('newloc_priority', 1, 255, T_('Priority must be numeric (1-255).')); param('newloc_messages', 'string', true); param('newloc_transliteration_map', 'string', true); if (param_errors_detected()) { // Don't save locale if errors exist $action = 'edit'; break; } if ($action == 'updatelocale') { param('oldloc_locale', 'string', true); if ($DB->get_var('SELECT loc_locale FROM T_locales WHERE loc_locale = ' . $DB->quote($oldloc_locale))) { // old locale exists in DB if ($oldloc_locale != $newloc_locale) {
/** * Load data from Request form fields. * * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set). * * @param boolean true if we are returning to edit mode (new, switchtab...) * @return boolean true if loaded data seems valid. */ function load_from_Request($editing = false, $creating = false) { global $default_locale, $current_User, $localtimenow; global $posttypes_reserved_IDs, $item_typ_ID; // LOCALE: if (param('post_locale', 'string', NULL) !== NULL) { $this->set_from_Request('locale'); } // TYPE: if (param('post_type', 'string', NULL) !== NULL) { // Set type ID from request type code, happens when e.g. we add an intro from manual skin by url: /blog6.php?disp=edit&cat=25&post_type=intro-cat $this->set('ptyp_ID', get_item_type_ID(get_param('post_type'))); } elseif (param('item_typ_ID', 'integer', NULL) !== NULL) { // fp> when does this happen? // yura>fp: this happens on submit expert form $this->set_from_Request('ptyp_ID', 'item_typ_ID'); if (in_array($item_typ_ID, $posttypes_reserved_IDs)) { param_error('item_typ_ID', T_('This post type is reserved and cannot be used. Please choose another one.'), ''); } } // URL associated with Item: if (param('post_url', 'string', NULL) !== NULL) { param_check_url('post_url', 'posting', ''); $this->set_from_Request('url'); } if ($this->status == 'redirected' && empty($this->url)) { // Note: post_url is not part of the simple form, so this message can be a little bit awkward there param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)')); } // ISSUE DATE / TIMESTAMP: $this->load_Blog(); if ($current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) { $this->set('dateset', param('item_dateset', 'integer', 0)); if ($editing || $this->dateset == 1) { // We can use user date: if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) { // only set it, if a (valid) date and time was given: $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time'))); // TODO: cleanup... } } elseif ($this->dateset == 0) { // Set date to NOW: $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow)); } } // DEADLINE: if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) { $this->set_from_Request('datedeadline', 'item_deadline', true); } // SLUG: if (param('post_urltitle', 'string', NULL) !== NULL) { $this->set_from_Request('urltitle'); } // <title> TAG: if (param('titletag', 'string', NULL) !== NULL) { $this->set_from_Request('titletag', 'titletag'); } // <meta> DESC: if (param('metadesc', 'string', NULL) !== NULL) { $this->set_setting('post_metadesc', get_param('metadesc')); } // <meta> KEYWORDS: if (param('custom_headers', 'string', NULL) !== NULL) { $this->set_setting('post_custom_headers', get_param('custom_headers')); } // TAGS: if (param('item_tags', 'string', NULL) !== NULL) { $this->set_tags_from_string(get_param('item_tags')); // pre_dump( $this->tags ); } // WORKFLOW stuff: param('item_st_ID', 'integer', NULL); $this->set_from_Request('pst_ID', 'item_st_ID', true); param('item_assigned_user_ID', 'integer', NULL); $this->assign_to(get_param('item_assigned_user_ID')); param('item_priority', 'integer', NULL); $this->set_from_Request('priority', 'item_priority', true); // FEATURED checkbox: $this->set('featured', param('item_featured', 'integer', 0), false); // HIDE TEASER checkbox: $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0)); // ORDER: param('item_order', 'double', NULL); $this->set_from_Request('order', 'item_order', true); // OWNER: $this->creator_user_login = param('item_owner_login', 'string', NULL); if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) { // only admins can change the owner.. if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) { $this->set_creator_by_login($this->creator_user_login); } } // LOCATION COORDINATES: if ($this->Blog->get_setting('show_location_coordinates')) { // location coordinates are enabled, save map settings param('item_latitude', 'double', NULL); // get par value $this->set_setting('latitude', get_param('item_latitude'), true); param('item_longitude', 'double', NULL); // get par value $this->set_setting('longitude', get_param('item_longitude'), true); param('google_map_zoom', 'integer', NULL); // get par value $this->set_setting('map_zoom', get_param('google_map_zoom'), true); param('google_map_type', 'string', NULL); // get par value $this->set_setting('map_type', get_param('google_map_type'), true); } // CUSTOM FIELDS: foreach (array('double', 'varchar') as $type) { $field_count = $this->Blog->get_setting('count_custom_' . $type); for ($i = 1; $i <= $field_count; $i++) { // update each custom field $field_guid = $this->Blog->get_setting('custom_' . $type . $i); $param_name = 'item_' . $type . '_' . $field_guid; if (isset_param($param_name)) { // param is set $param_type = $type == 'varchar' ? 'string' : $type; param($param_name, $param_type, NULL); // get par value $custom_field_make_null = $type != 'double'; // store '0' values in DB for numeric fields $this->set_setting('custom_' . $type . '_' . $field_guid, get_param($param_name), $custom_field_make_null); } } } // COMMENTS: if ($this->Blog->get_setting('allow_comments') != 'never' && $this->Blog->get_setting('disable_comments_bypost')) { // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and disable_comments_bypost is enabled): $post_comment_status = param('post_comment_status', 'string', 'open'); if (!empty($post_comment_status)) { // 'open' or 'closed' or ... $this->set_from_Request('comment_status'); } } // EXPIRY DELAY: $expiry_delay = param_duration('expiry_delay'); if (empty($expiry_delay)) { // Check if we have 'expiry_delay' param set as string from simple or mass form $expiry_delay = param('expiry_delay', 'string', NULL); } $this->set_setting('post_expiry_delay', $expiry_delay, true); // EXTRA PARAMS FROM MODULES: modules_call_method('update_item_settings', array('edited_Item' => $this)); // RENDERERS: if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) global $Plugins; $renderers = $Plugins->validate_renderer_list(param('renderers', 'array/string', array()), array('Item' => &$this)); $this->set('renderers', $renderers); } else { $renderers = $this->get_renderers_validated(); } // CONTENT + TITLE: if ($this->Blog->get_setting('allow_html_post')) { // HTML is allowed for this post, we'll accept HTML tags: $text_format = 'html'; } else { // HTML is disallowed for this post, we'll encode all special chars: $text_format = 'htmlspecialchars'; } if (param('content', $text_format, NULL) !== NULL) { // Never allow html content on post titles: (fp> probably so as to not mess up backoffice and all sorts of tools) param('post_title', 'htmlspecialchars', NULL); // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Plugins_admin(); $params = array('object_type' => 'Item', 'object_Blog' => &$this->Blog); $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params); // Title checking: $require_title = $this->Blog->get_setting('require_title'); if ((!$editing || $creating) && $require_title == 'required') { param_check_not_empty('post_title', T_('Please provide a title.'), ''); } // Format raw HTML input to cleaned up and validated HTML: param_check_html('content', T_('Invalid content.')); $this->set('content', get_param('content')); $this->set('title', get_param('post_title')); } // EXCERPT: (must come after content (to handle excerpt_autogenerated)) if (param('post_excerpt', 'text', NULL) !== NULL) { $this->set('excerpt_autogenerated', 0); // Set this to the '0' for saving a field 'excerpt' from a request $this->set_from_Request('excerpt'); } // LOCATION (COUNTRY -> CITY): load_funcs('regional/model/_regional.funcs.php'); if ($this->Blog->country_visible()) { // Save country $country_ID = param('item_ctry_ID', 'integer', 0); $country_is_required = $this->Blog->get_setting('location_country') == 'required' && countries_exist() && !$this->is_special(); param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required); $this->set_from_Request('ctry_ID', 'item_ctry_ID', true); } if ($this->Blog->region_visible()) { // Save region $region_ID = param('item_rgn_ID', 'integer', 0); $region_is_required = $this->Blog->get_setting('location_region') == 'required' && regions_exist($country_ID) && !$this->is_special(); param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required); $this->set_from_Request('rgn_ID', 'item_rgn_ID', true); } if ($this->Blog->subregion_visible()) { // Save subregion $subregion_ID = param('item_subrg_ID', 'integer', 0); $subregion_is_required = $this->Blog->get_setting('location_subregion') == 'required' && subregions_exist($region_ID) && !$this->is_special(); param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required); $this->set_from_Request('subrg_ID', 'item_subrg_ID', true); } if ($this->Blog->city_visible()) { // Save city param('item_city_ID', 'integer', 0); $city_is_required = $this->Blog->get_setting('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID) && !$this->is_special(); param_check_number('item_city_ID', T_('Please select a city'), $city_is_required); $this->set_from_Request('city_ID', 'item_city_ID', true); } return !param_errors_detected(); }