/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { global $Messages, $localtimenow; // Group ID param('ivc_grp_ID', 'integer'); param_check_not_empty('ivc_grp_ID', T_('Please select a group')); $this->set_from_Request('grp_ID', 'ivc_grp_ID', true); // Code param('ivc_code', 'string'); param_check_not_empty('ivc_code', T_('You must provide an invitation code!')); param_check_regexp('ivc_code', '#^[A-Za-z0-9\\-_]{3,32}$#', T_('Invitation code must be from 3 to 32 letters, digits or signs "-", "_".')); $this->set_from_Request('code', 'ivc_code'); // Expire date if (param_date('ivc_expire_date', T_('Please enter a valid date.'), true) && param_time('ivc_expire_time')) { // If date and time were both correct we may set the 'expire_ts' value $this->set('expire_ts', form_date(get_param('ivc_expire_date'), get_param('ivc_expire_time'))); } // Source param('ivc_source', 'string'); $this->set_from_Request('source', 'ivc_source', true); if (mysql2timestamp($this->get('expire_ts')) < $localtimenow) { // Display a warning if date is expired $Messages->add($this->ID == 0 ? T_('Note: The newly created invitation code is already expired') : T_('Note: The updated invitation code is already expired'), 'warning'); } return !param_errors_detected(); }
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request($cron_job_names = array(), $cron_job_params = array()) { if ($this->ID > 0 || get_param('ctsk_ID') > 0) { // Update or copy cron job $cjob_name = param('cjob_name', 'string', true); param_check_not_empty('cjob_name', T_('Please enter job name')); } else { // Create new cron job $cjob_type = param('cjob_type', 'string', true); if (!isset($cron_job_params[$cjob_type])) { // This cron job type doesn't exist, so this is an invalid state debug_die('Invalid job type received'); $cjob_name = ''; } else { $cjob_name = $cron_job_names[$cjob_type]; } } // start datetime: param_date('cjob_date', T_('Please enter a valid date.'), true); param_time('cjob_time'); $this->set('start_datetime', form_date(get_param('cjob_date'), get_param('cjob_time'))); // repeat after: $cjob_repeat_after = param_duration('cjob_repeat_after'); if ($cjob_repeat_after == 0) { $cjob_repeat_after = NULL; } $this->set('repeat_after', $cjob_repeat_after); // name: if (!empty($cjob_name) && $cjob_name != $this->get('name')) { $this->set('name', $cjob_name); } if ($this->ID == 0 && get_param('ctsk_ID') == 0) { // Set these params only on creating and copying actions // controller: $this->set('controller', $cron_job_params[$cjob_type]['ctrl']); // params: $this->set('params', $cron_job_params[$cjob_type]['params']); } return !param_errors_detected(); }
* @package admin */ if (!defined('EVO_MAIN_INIT')) { die('Please, do not access this page directly.'); } global $blog, $admin_url, $UserSettings; global $datestartinput, $datestart, $datestopinput, $datestop, $email; if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput))); memorize_param('datestartinput', 'string', NULL, empty($datestartinput) ? NULL : date(locale_datefmt(), strtotime($datestartinput))); } else { // We may have an automated param transmission date: param('datestart', 'string', '', true); } if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput))); memorize_param('datestopinput', 'string', NULL, empty($datestopinput) ? NULL : date(locale_datefmt(), strtotime($datestopinput))); } else { // We may have an automated param transmission date: param('datestop', 'string', '', true); } param('email', 'string', '', true); // Create result set: $SQL = new SQL(); $SQL->SELECT('SQL_NO_CACHE emlog_ID, emlog_timestamp, emlog_user_ID, emlog_to, emlog_result, emlog_subject'); $SQL->FROM('T_email__log'); $count_SQL = new SQL(); $count_SQL->SELECT('SQL_NO_CACHE COUNT(emlog_ID)'); $count_SQL->FROM('T_email__log');
/** * We want to preview a single post, we are going to fake a lot of things... */ function preview_from_request() { global $current_User; if (empty($current_User)) { // dh> only logged in user's can preview. Alternatively we need those checks where $current_User gets used below. return; } global $DB, $localtimenow, $Messages, $BlogCache; global $Plugins; if ($this->Blog->get_setting('allow_html_post')) { // HTML is allowed for this post $text_format = 'html'; } else { // HTML is disallowed for this post $text_format = 'htmlspecialchars'; } $preview_userid = param('preview_userid', 'integer', true); $post_status = param('post_status', 'string', true); $post_locale = param('post_locale', 'string', $current_User->locale); $content = param('content', $text_format, true); $post_title = param('post_title', $text_format, true); $post_titletag = param('titletag', 'string', true); $post_excerpt = param('post_excerpt', 'string', true); $post_url = param('post_url', 'string', ''); check_categories_nosave($post_category, $post_extracats); $post_views = param('post_views', 'integer', 0); $renderers = param('renderers', 'array/string', array('default')); if (!is_array($renderers)) { // dh> workaround for param() bug. See rev 1.93 of /inc/_misc/_misc.funcs.php $renderers = array('default'); } if ($post_category == 0) { $post_category = $this->Blog->get_default_cat_ID(); } $comment_Blog =& $BlogCache->get_by_ID(get_catblog($post_category)); if ($comment_Blog->get_setting('allow_comments') != 'never' && $comment_Blog->get_setting('disable_comments_bypost')) { // param is required $post_comment_status = param('post_comment_status', 'string', true); } else { $post_comment_status = $comment_Blog->get_setting('allow_comments'); } // Get issue date, using the user's locale (because it's entered like this in the form): locale_temp_switch($current_User->locale); param_date('item_issue_date', T_('Please enter a valid issue date.'), false); // TODO: dh> get_param() is always true here, also on invalid dates: if (strlen(get_param('item_issue_date'))) { // only set it, if a date was given: param_time('item_issue_time'); $item_issue_date = form_date(get_param('item_issue_date'), get_param('item_issue_time')); // TODO: cleanup... } else { $item_issue_date = date('Y-m-d H:i:s', $localtimenow); } locale_restore_previous(); $item_typ_ID = param('item_typ_ID', 'integer', NULL); $item_st_ID = param('item_st_ID', 'integer', NULL); $item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL); $item_deadline = param('item_deadline', 'string', NULL); $item_priority = param('item_priority', 'integer', NULL); // QUESTION: can this be also empty/NULL? // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Plugins_admin(); $params = array('object_type' => 'Item', 'object_Blog' => &$comment_Blog); $Plugins_admin->filter_contents($post_title, $content, $renderers, $params); $post_title = format_to_post($post_title); $content = format_to_post($content); $post_ID = param('post_ID', 'integer', 0); $this->sql = "SELECT\n\t\t\t{$post_ID} AS post_ID,\n\t\t\t{$preview_userid} AS post_creator_user_ID,\n\t\t\t{$preview_userid} AS post_lastedit_user_ID,\n\t\t\t'{$item_issue_date}' AS post_datestart,\n\t\t\t'{$item_issue_date}' AS post_datecreated,\n\t\t\t'{$item_issue_date}' AS post_datemodified,\n\t\t\t'{$item_issue_date}' AS post_last_touched_ts,\n\t\t\t0 AS post_dateset,\n\t\t\t'" . $DB->escape($post_status) . "' AS post_status,\n\t\t\t'" . $DB->escape($post_locale) . "' AS post_locale,\n\t\t\t'" . $DB->escape($content) . "' AS post_content,\n\t\t\t'" . $DB->escape($post_title) . "' AS post_title,\n\t\t\t'" . $DB->escape($post_titletag) . "' AS post_titletag,\n\t\t\t'" . $DB->escape($post_excerpt) . "' AS post_excerpt,\n\t\t\tNULL AS post_excerpt_autogenerated,\n\t\t\tNULL AS post_urltitle,\n\t\t\tNULL AS post_canonical_slug_ID,\n\t\t\tNULL AS post_tiny_slug_ID,\n\t\t\t'" . $DB->escape($post_url) . "' AS post_url,\n\t\t\t{$post_category} AS post_main_cat_ID,\n\t\t\t{$post_views} AS post_views,\n\t\t\t'' AS post_flags,\n\t\t\t'noreq' AS post_notifications_status,\n\t\t\tNULL AS post_notifications_ctsk_ID,\n\t\t\t" . bpost_count_words($content) . " AS post_wordcount,\n\t\t\t" . $DB->quote($post_comment_status) . " AS post_comment_status,\n\t\t\t'" . $DB->escape(implode('.', $renderers)) . "' AS post_renderers,\n\t\t\t" . $DB->quote($item_assigned_user_ID) . " AS post_assigned_user_ID,\n\t\t\t" . $DB->quote($item_typ_ID) . " AS post_ptyp_ID,\n\t\t\t" . $DB->quote($item_st_ID) . " AS post_pst_ID,\n\t\t\t" . $DB->quote($item_deadline) . " AS post_datedeadline,\n\t\t\t" . $DB->quote($item_priority) . " AS post_priority,"; $this->sql .= $DB->quote(param('item_order', 'double', NULL)) . ' AS post_order' . ",\n" . $DB->quote(param('item_featured', 'integer', NULL)) . ' AS post_featured' . "\n"; $this->total_rows = 1; $this->total_pages = 1; $this->page = 1; // ATTENTION: we skip the parent on purpose here!! fp> refactor DataObjectList2::query(false, false, false, 'PREVIEW QUERY'); $Item =& $this->Cache->instantiate($this->rows[0]); // set Item settings $Item->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0)); $Item->set_setting('post_metadesc', param('metadesc', 'string', true)); $Item->set_setting('post_custom_headers', param('custom_headers', 'string', true)); // set custom Item settings foreach (array('double', 'varchar') as $type) { $count_custom_field = $comment_Blog->get_setting('count_custom_' . $type); $param_type = $type == 'varchar' ? 'string' : $type; for ($i = 1; $i <= $count_custom_field; $i++) { // For each custom double field: $field_guid = $comment_Blog->get_setting('custom_' . $type . $i); $Item->set_setting('custom_' . $type . '_' . $field_guid, param('item_' . $type . '_' . $field_guid, $param_type, NULL)); } } // Trigger plugin event, allowing to manipulate or validate the item before it gets previewed $Plugins->trigger_event('AppendItemPreviewTransact', array('Item' => &$Item)); if ($Messages->has_errors()) { $errcontent = $Messages->display(T_('Invalid post, please correct these errors:'), '', false); $Item->content = $errcontent . "\n<hr />\n" . $content; } // little funky fix for IEwin, rawk on that code global $Hit; if ($Hit->is_winIE() && !isset($IEWin_bookmarklet_fix)) { // QUESTION: Is this still needed? What about $IEWin_bookmarklet_fix? (blueyed) $Item->content = preg_replace('/\\%u([0-9A-F]{4,4})/e', "'&#'.base_convert('\\1',16,10). ';'", $Item->content); } }
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { global $Messages; $aipr_status = param('aipr_status', 'string', true); $this->set('status', $aipr_status, true); $aipr_IPv4start = param('aipr_IPv4start', 'string', true); param_check_regexp('aipr_IPv4start', '#^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$#i', T_('Please enter a correct IP range start')); $aipr_IPv4start = ip2int($aipr_IPv4start); $this->set('IPv4start', $aipr_IPv4start); $aipr_IPv4end = param('aipr_IPv4end', 'string', true); param_check_regexp('aipr_IPv4end', '#^\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}$#i', T_('Please enter a correct IP range end')); $aipr_IPv4end = ip2int($aipr_IPv4end); $this->set('IPv4end', $aipr_IPv4end); // start timestamp: param_date('aipr_IP_timestamp', T_('Please enter a valid Date.'), true); $this->set('IP_datetime', form_date(get_param('aipr_IP_timestamp'))); if ($aipr_IPv4start > $aipr_IPv4end) { $Messages->add(T_('IP range start must be less than IP range end'), 'error'); } if (!param_errors_detected()) { // Check IPs for inside in other ranges if ($ip_range = get_ip_range($aipr_IPv4start, $aipr_IPv4end, $this->ID)) { $admin_url; $Messages->add(sprintf(T_('IP range already exists with params: %s - <a %s>Edit this range</a>'), int2ip($ip_range->aipr_IPv4start) . ' - ' . int2ip($ip_range->aipr_IPv4end), 'href="' . $admin_url . '?ctrl=antispam&tab3=ipranges&action=iprange_edit&iprange_ID=' . $ip_range->aipr_ID . '"'), 'error'); } } return !param_errors_detected(); }
case 'new': // Check that we have permission to edit options: $current_User->check_perm('options', 'edit', true, NULL); break; case 'create': // Check that we have permission to edit options: $current_User->check_perm('options', 'edit', true, NULL); // CREATE OBJECT: load_class('/cron/model/_cronjob.class.php'); $edited_Cronjob =& new Cronjob(); $cjob_type = param('cjob_type', 'string', true); if (!isset($cron_job_params[$cjob_type])) { param_error('cjob_type', T_('Invalid job type')); } // start datetime: param_date('cjob_date', T_('Please enter a valid date.'), true); param_time('cjob_time'); $edited_Cronjob->set('start_datetime', form_date(get_param('cjob_date'), get_param('cjob_time'))); // repeat after: $cjob_repeat_after_days = param('cjob_repeat_after_days', 'integer', 0); $cjob_repeat_after_hours = param('cjob_repeat_after_hours', 'integer', 0); $cjob_repeat_after_minutes = param('cjob_repeat_after_minutes', 'integer', 0); $cjob_repeat_after = (($cjob_repeat_after_days * 24 + $cjob_repeat_after_hours) * 60 + $cjob_repeat_after_minutes) * 60; // seconds if ($cjob_repeat_after == 0) { $cjob_repeat_after = NULL; } $edited_Cronjob->set('repeat_after', $cjob_repeat_after); // name: $edited_Cronjob->set('name', $cron_job_names[$cjob_type]); // controller:
/** * Load data from Request form fields. * * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set). * * @param boolean true if we are returning to edit mode (new, switchtab...) * @return boolean true if loaded data seems valid. */ function load_from_Request($editing = false, $creating = false) { global $default_locale, $current_User, $localtimenow; global $posttypes_reserved_IDs, $item_typ_ID; // LOCALE: if (param('post_locale', 'string', NULL) !== NULL) { $this->set_from_Request('locale'); } // POST TYPE: $item_typ_ID = get_param('item_typ_ID'); if (empty($item_typ_ID)) { // Try to get this from request if it has been not initialized by controller: $item_typ_ID = param('item_typ_ID', 'integer', NULL); } if (!empty($item_typ_ID)) { // Set new post type ID only if it is defined on request: $this->set('ityp_ID', $item_typ_ID); } // URL associated with Item: $post_url = param('post_url', 'string', NULL); if ($post_url !== NULL) { param_check_url('post_url', 'posting', ''); $this->set_from_Request('url'); } if (empty($post_url) && $this->get_type_setting('use_url') == 'required') { // URL must be entered param_check_not_empty('post_url', T_('Please provide a "Link To" URL.'), ''); } // Item parent ID: $post_parent_ID = param('post_parent_ID', 'integer', NULL); if ($post_parent_ID !== NULL) { // If item parent ID is entered: $ItemCache =& get_ItemCache(); if ($ItemCache->get_by_ID($post_parent_ID, false, false)) { // Save only ID of existing item: $this->set_from_Request('parent_ID'); } else { // Display an error of the entered item parent ID is incorrect: param_error('post_parent_ID', T_('The parent ID is not a correct Item ID.')); } } if (empty($post_parent_ID)) { // If empty parent ID is entered: if ($this->get_type_setting('use_parent') == 'required') { // Item parent ID must be entered: param_check_not_empty('post_parent_ID', T_('Please provide a parent ID.'), ''); } else { // Remove parent ID: $this->set_from_Request('parent_ID'); } } if ($this->status == 'redirected' && empty($this->url)) { // Note: post_url is not part of the simple form, so this message can be a little bit awkward there param_error('post_url', T_('If you want to redirect this post, you must specify an URL!') . ' (' . T_('Advanced properties panel') . ')', T_('If you want to redirect this post, you must specify an URL!')); } // ISSUE DATE / TIMESTAMP: $this->load_Blog(); if ($current_User->check_perm('admin', 'restricted') && $current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) { // Allow to update timestamp fields only if user has a permission to edit such fields // and also if user has an access to back-office $item_dateset = param('item_dateset', 'integer', NULL); if ($item_dateset !== NULL) { $this->set('dateset', $item_dateset); if ($editing || $this->dateset == 1) { // We can use user date: if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) { // only set it, if a (valid) date and time was given: $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time'))); // TODO: cleanup... } } elseif ($this->dateset == 0) { // Set date to NOW: $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow)); } } } // DEADLINE: if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) { $this->set_from_Request('datedeadline', 'item_deadline', true); } // SLUG: if (param('post_urltitle', 'string', NULL) !== NULL) { $this->set_from_Request('urltitle'); } // <title> TAG: $titletag = param('titletag', 'string', NULL); if ($titletag !== NULL) { $this->set_from_Request('titletag', 'titletag'); } if (empty($titletag) && $this->get_type_setting('use_title_tag') == 'required') { // Title tag must be entered param_check_not_empty('titletag', T_('Please provide a title tag.'), ''); } // <meta> DESC: $metadesc = param('metadesc', 'string', NULL); if ($metadesc !== NULL) { $this->set_setting('metadesc', get_param('metadesc')); } if (empty($metadesc) && $this->get_type_setting('use_meta_desc') == 'required') { // Meta description must be entered param_check_not_empty('metadesc', T_('Please provide a meta description.'), ''); } // <meta> KEYWORDS: $metakeywords = param('metakeywords', 'string', NULL); if ($metakeywords !== NULL) { $this->set_setting('metakeywords', get_param('metakeywords')); } if (empty($metakeywords) && $this->get_type_setting('use_meta_keywds') == 'required') { // Meta keywords must be entered param_check_not_empty('metakeywords', T_('Please provide the meta keywords.'), ''); } // TAGS: if ($current_User->check_perm('admin', 'restricted')) { // User should has an access to back-office to edit tags $item_tags = param('item_tags', 'string', NULL); if ($item_tags !== NULL) { $this->set_tags_from_string(get_param('item_tags')); // Update setting 'suggest_item_tags' of the current User global $UserSettings; $UserSettings->set('suggest_item_tags', param('suggest_item_tags', 'integer', 0)); $UserSettings->dbupdate(); } if (empty($item_tags) && $this->get_type_setting('use_tags') == 'required') { // Tags must be entered param_check_not_empty('item_tags', T_('Please provide at least one tag.'), ''); } } // WORKFLOW stuff: param('item_st_ID', 'integer', NULL); $this->set_from_Request('pst_ID', 'item_st_ID', true); $item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL); $item_assigned_user_login = param('item_assigned_user_login', 'string', NULL); $this->assign_to($item_assigned_user_ID, $item_assigned_user_login); $item_priority = param('item_priority', 'integer', NULL); if ($item_priority !== NULL) { // Set task priority only if it is gone from form $this->set_from_Request('priority', 'item_priority', true); } // FEATURED checkbox: $this->set('featured', param('item_featured', 'integer', 0), false); // HIDE TEASER checkbox: $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0)); $goal_ID = param('goal_ID', 'integer', NULL); if ($goal_ID !== NULL) { // Goal ID $this->set_setting('goal_ID', $goal_ID, true); } // ORDER: param('item_order', 'double', NULL); $this->set_from_Request('order', 'item_order', true); // OWNER: $this->creator_user_login = param('item_owner_login', 'string', NULL); if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) { // only admins can change the owner.. if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) { $this->set_creator_by_login($this->creator_user_login); } } // LOCATION COORDINATES: if ($this->get_type_setting('use_coordinates') != 'never') { // location coordinates are enabled, save map settings param('item_latitude', 'double', NULL); // get par value $this->set_setting('latitude', get_param('item_latitude'), true); param('item_longitude', 'double', NULL); // get par value $this->set_setting('longitude', get_param('item_longitude'), true); param('google_map_zoom', 'integer', NULL); // get par value $this->set_setting('map_zoom', get_param('google_map_zoom'), true); param('google_map_type', 'string', NULL); // get par value $this->set_setting('map_type', get_param('google_map_type'), true); if ($this->get_type_setting('use_coordinates') == 'required') { // The location coordinates are required param_check_not_empty('item_latitude', T_('Please provide a latitude.'), ''); param_check_not_empty('item_longitude', T_('Please provide a longitude.'), ''); } } // CUSTOM FIELDS: $custom_fields = $this->get_type_custom_fields(); foreach ($custom_fields as $custom_field) { // update each custom field $param_name = 'item_' . $custom_field['type'] . '_' . $custom_field['ID']; if (isset_param($param_name)) { // param is set $param_type = $custom_field['type'] == 'varchar' ? 'string' : $custom_field['type']; param($param_name, $param_type, NULL); // get par value $custom_field_make_null = $custom_field['type'] != 'double'; // store '0' values in DB for numeric fields $this->set_setting('custom_' . $custom_field['type'] . '_' . $custom_field['ID'], get_param($param_name), $custom_field_make_null); } } // COMMENTS: if ($this->allow_comment_statuses()) { // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and by current post type $post_comment_status = param('post_comment_status', 'string', 'open'); if (!empty($post_comment_status)) { // 'open' or 'closed' or ... $this->set_from_Request('comment_status'); } } // EXPIRY DELAY: $expiry_delay = param_duration('expiry_delay'); if (empty($expiry_delay)) { // Check if we have 'expiry_delay' param set as string from simple or mass form $expiry_delay = param('expiry_delay', 'string', NULL); } if (empty($expiry_delay) && $this->get_type_setting('use_comment_expiration') == 'required') { // Comment expiration must be entered param_check_not_empty('expiry_delay', T_('Please provide a comment expiration delay.'), ''); } $this->set_setting('comment_expiry_delay', $expiry_delay, true); // EXTRA PARAMS FROM MODULES: modules_call_method('update_item_settings', array('edited_Item' => $this)); // RENDERERS: if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) global $Plugins; $renderers = $Plugins->validate_renderer_list(param('renderers', 'array:string', array()), array('Item' => &$this)); $this->set('renderers', $renderers); } else { $renderers = $this->get_renderers_validated(); } // CONTENT + TITLE: if ($this->get_type_setting('allow_html')) { // HTML is allowed for this post, we'll accept HTML tags: $text_format = 'html'; } else { // HTML is disallowed for this post, we'll encode all special chars: $text_format = 'htmlspecialchars'; } $editor_code = param('editor_code', 'string', NULL); if ($editor_code) { // Update item editor code if it was explicitly set $this->set_setting('editor_code', $editor_code); } $content = param('content', $text_format, NULL); if ($content !== NULL) { // Never allow html content on post titles: (fp> probably so as to not mess up backoffice and all sorts of tools) param('post_title', 'htmlspecialchars', NULL); // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Plugins_admin(); $params = array('object_type' => 'Item', 'object' => &$this, 'object_Blog' => &$this->Blog); $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params); // Title checking: $use_title = $this->get_type_setting('use_title'); if ((!$editing || $creating) && $use_title == 'required') { param_check_not_empty('post_title', T_('Please provide a title.'), ''); } // Format raw HTML input to cleaned up and validated HTML: param_check_html('content', T_('Invalid content.')); $content = prepare_item_content(get_param('content')); $this->set('content', $content); $this->set('title', get_param('post_title')); } if (empty($content) && $this->get_type_setting('use_text') == 'required') { // Content must be entered param_check_not_empty('content', T_('Please enter some text.'), ''); } // EXCERPT: (must come after content (to handle excerpt_autogenerated)) $post_excerpt = param('post_excerpt', 'text', NULL); if ($post_excerpt !== NULL && $post_excerpt != $this->excerpt) { $this->set('excerpt_autogenerated', 0); // Set this to the '0' for saving a field 'excerpt' from a request $this->set_from_Request('excerpt'); } if (empty($post_excerpt) && $this->get_type_setting('use_excerpt') == 'required') { // Content must be entered param_check_not_empty('post_excerpt', T_('Please provide an excerpt.'), ''); } // LOCATION (COUNTRY -> CITY): load_funcs('regional/model/_regional.funcs.php'); // Check if this item has a special post type. Location is not required for special posts. $not_special_post = !$this->is_special(); if ($this->country_visible()) { // Save country $country_ID = param('item_ctry_ID', 'integer', 0); $country_is_required = $this->get_type_setting('use_country') == 'required' && $not_special_post && countries_exist(); param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required); $this->set_from_Request('ctry_ID', 'item_ctry_ID', true); } if ($this->region_visible()) { // Save region $region_ID = param('item_rgn_ID', 'integer', 0); $region_is_required = $this->get_type_setting('use_region') == 'required' && $not_special_post && regions_exist($country_ID); param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required); $this->set_from_Request('rgn_ID', 'item_rgn_ID', true); } if ($this->subregion_visible()) { // Save subregion $subregion_ID = param('item_subrg_ID', 'integer', 0); $subregion_is_required = $this->get_type_setting('use_sub_region') == 'required' && $not_special_post && subregions_exist($region_ID); param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required); $this->set_from_Request('subrg_ID', 'item_subrg_ID', true); } if ($this->city_visible()) { // Save city param('item_city_ID', 'integer', 0); $city_is_required = $this->get_type_setting('use_city') == 'required' && $not_special_post && cities_exist($country_ID, $region_ID, $subregion_ID); param_check_number('item_city_ID', T_('Please select a city'), $city_is_required); $this->set_from_Request('city_ID', 'item_city_ID', true); } return !param_errors_detected(); }
/** * Load data from Request form fields. * * @return boolean true if loaded data seems valid. */ function load_from_Request() { // Category param('goal_gcat_ID', 'integer', true); param_check_not_empty('goal_gcat_ID', T_('Please select a category.')); $this->set_from_Request('gcat_ID'); // Name $this->set_string_from_param('name', true); // Key $this->set_string_from_param('key', true); // Temporary Redirection URL: $this->set_string_from_param('temp_redir_url'); // Normal Redirection URL: param('goal_redir_url', 'string'); if ($this->get('temp_redir_url') != '') { // Normal Redirection URL is required when Temporary Redirection URL is not empty param_check_not_empty('goal_redir_url', T_('Please enter Normal Redirection URL.')); } $this->set_from_Request('redir_url'); if ($this->get('temp_redir_url') != '' && $this->get('temp_redir_url') == $this->get('redir_url')) { // Compare normal and temp urls param_error('goal_temp_redir_url', T_('Temporary Redirection URL should not be equal to Normal Redirection URL')); param_error('goal_redir_url', NULL, ''); } // Temporary Start $temp_start_date = param_date('goal_temp_start_date', T_('Please enter a valid date.'), false); if (!empty($temp_start_date)) { $temp_start_time = param('goal_temp_start_time', 'string'); $temp_start_time = empty($temp_start_time) ? '00:00:00' : param_time('goal_temp_start_time'); $this->set('temp_start_ts', form_date($temp_start_date, $temp_start_time)); } else { $this->set('temp_start_ts', NULL); } // Temporary End $temp_end_date = param_date('goal_temp_end_date', T_('Please enter a valid date.'), false); if (!empty($temp_end_date)) { $temp_end_time = param('goal_temp_end_time', 'string'); $temp_end_time = empty($temp_end_time) ? '00:00:00' : param_time('goal_temp_end_time'); $this->set('temp_end_ts', form_date($temp_end_date, $temp_end_time)); } else { $this->set('temp_end_ts', NULL); } if ($this->get('temp_start_ts') !== NULL && $this->get('temp_end_ts') !== NULL && strtotime($this->get('temp_start_ts')) >= strtotime($this->get('temp_end_ts'))) { // Compare Start and End dates param_error('goal_temp_start_date', NULL, ''); param_error('goal_temp_start_time', NULL, ''); param_error('goal_temp_end_date', NULL, ''); param_error('goal_temp_end_time', T_('Temporary Start Date/Time should not be greater than Temporary End Date/Time')); } // Default value: param('goal_default_value', 'string'); param_check_decimal('goal_default_value', T_('Default value must be a number.')); $this->set_from_Request('default_value', 'goal_default_value', true); // Notes param('goal_notes', 'text'); $this->set_from_Request('notes', 'goal_notes'); return !param_errors_detected(); }
$edited_Comment->set('author', $newcomment_author); param_check_email('newcomment_author_email', false); $edited_Comment->set('author_email', $newcomment_author_email); param_check_url('newcomment_author_url', 'posting', ''); // Give posting permissions here $edited_Comment->set('author_url', $newcomment_author_url); } // Content: param('content', 'html'); param('post_autobr', 'integer', $comments_use_autobr == 'always' ? 1 : 0); param_check_html('content', T_('Invalid comment text.'), '#', $post_autobr); // Check this is backoffice content (NOT with comment rules) $edited_Comment->set('content', get_param('content')); if ($current_User->check_perm('edit_timestamp')) { // We use user date param_date('comment_issue_date', T_('Please enter a valid comment date.'), true); if (strlen(get_param('comment_issue_date'))) { // only set it, if a date was given: param_time('comment_issue_time'); $edited_Comment->set('date', form_date(get_param('comment_issue_date'), get_param('comment_issue_time'))); // TODO: cleanup... } } param('comment_rating', 'integer', NULL); $edited_Comment->set_from_Request('rating'); param('comment_status', 'string', 'published'); $edited_Comment->set_from_Request('status'); param('comment_nofollow', 'integer', 0); $edited_Comment->set_from_Request('nofollow'); if ($Messages->count('error')) { // There have been some validation errors:
/** * Load data from Request form fields. * * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set). * * @param boolean true to force edit date (as long as perms permit) * @return boolean true if loaded data seems valid. */ function load_from_Request($force_edit_date = false) { global $default_locale, $current_User; if (param('post_locale', 'string', NULL) !== NULL) { $this->set_from_Request('locale'); } if (param('item_typ_ID', 'integer', NULL) !== NULL) { $this->set_from_Request('ptyp_ID', 'item_typ_ID'); } if (param('post_url', 'string', NULL) !== NULL) { param_check_url('post_url', 'posting', ''); $this->set_from_Request('url'); } // Note: post_url is not part of the simple form, so this message can be a little bit awkward there if ($this->status == 'redirected' && empty($this->url)) { param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)')); } if (($force_edit_date || param('edit_date', 'integer', 0)) && $current_User->check_perm('edit_timestamp')) { // We can use user date: param_date('item_issue_date', T_('Please enter a valid issue date.'), $force_edit_date); if (strlen(get_param('item_issue_date'))) { // only set it, if a date was given: param_time('item_issue_time'); $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time'))); // TODO: cleanup... } } if (param('post_excerpt', 'string', NULL) !== NULL) { $this->set_from_Request('excerpt'); } if (param('post_urltitle', 'string', NULL) !== NULL) { $this->set_from_Request('urltitle'); } if (param('item_tags', 'string', NULL) !== NULL) { $this->set_tags_from_string(get_param('item_tags')); // pre_dump( $this->tags ); } // Workflow stuff: if (param('item_st_ID', 'integer', NULL) !== NULL) { $this->set_from_Request('pst_ID', 'item_st_ID'); } if (param('item_assigned_user_ID', 'integer', NULL) !== NULL) { $this->assign_to(get_param('item_assigned_user_ID')); } if (param('item_priority', 'integer', NULL) !== NULL) { $this->set_from_Request('priority', 'item_priority', true); } if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) { $this->set_from_Request('datedeadline', 'item_deadline', true); } // Allow comments for this item (only if set to "post_by_post" for the Blog): $this->load_Blog(); if ($this->Blog->allowcomments == 'post_by_post') { if (param('post_comment_status', 'string', 'open') !== NULL) { // 'open' or 'closed' or ... $this->set_from_Request('comment_status'); } } if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) $Plugins_admin =& get_Cache('Plugins_admin'); $renderers = $Plugins_admin->validate_renderer_list(param('renderers', 'array', array())); $this->set('renderers', $renderers); } else { $renderers = $this->get_renderers_validated(); } if (param('content', 'html', NULL) !== NULL) { param('post_title', 'html', NULL); // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Cache('Plugins_admin'); $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers); // Format raw HTML input to cleaned up and validated HTML: param_check_html('post_title', T_('Invalid title.'), ''); $this->set('title', get_param('post_title')); param_check_html('content', T_('Invalid content.')); $this->set('content', get_param('content')); } return !param_errors_detected(); }
/** * Display hits results table */ function hits_results_block($params = array()) { if (!is_logged_in()) { // Only logged in users can access to this function return; } global $current_User; if (!$current_User->check_perm('stats', 'view')) { // Current user has no permission to view all stats (aggregated stats) return; } /** * View funcs */ load_funcs('sessions/views/_stats_view.funcs.php'); global $blog, $admin_url, $rsc_url; global $Session, $UserSettings, $DB; global $datestartinput, $datestart, $datestopinput, $datestop; global $preset_referer_type, $preset_agent_type; $tab = param('tab', 'string', 'summary', true); $tab3 = param('tab3', 'string', '', true); switch ($tab) { case 'other': $preset_results_title = T_('Direct browser hits'); $preset_referer_type = 'direct'; $preset_agent_type = 'browser'; $preset_filter_all_url = '?ctrl=stats&tab=referers&blog=' . $blog; $hide_columns = 'referer'; break; case 'referers': $preset_results_title = T_('Refered browser hits'); $preset_referer_type = 'referer'; $preset_agent_type = 'browser'; $preset_filter_all_url = '?ctrl=stats&tab=referers&blog=' . $blog; break; case 'refsearches': if ($tab3 == 'hits') { $preset_results_title = T_('Search hits'); $preset_referer_type = 'search'; $preset_agent_type = 'browser'; $preset_filter_all_url = '?ctrl=stats&tab=refsearches&tab3=hits&blog=' . $blog; } break; } if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput))); } else { // We may have an automated param transmission date: param('datestart', 'string', '', true); } if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) { // We have a user provided localized date: memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput))); } else { // We may have an automated param transmission date: param('datestop', 'string', '', true); } $exclude = param('exclude', 'integer', 0, true); $sess_ID = param('sess_ID', 'integer', NULL, true); $remote_IP = param('remote_IP', 'string', NULL, true); $referer_type = isset($preset_referer_type) ? $preset_referer_type : param('referer_type', 'string', NULL, true); $agent_type = isset($preset_agent_type) ? $preset_agent_type : param('agent_type', 'string', NULL, true); $device = param('device', 'string', NULL, true); $hit_type = param('hit_type', 'string', NULL, true); $reqURI = param('reqURI', 'string', NULL, true); // Create result set: $SQL = new SQL(); $SQL->SELECT('SQL_NO_CACHE hit_ID, sess_ID, sess_device, hit_datetime, hit_type, hit_referer_type, hit_uri, hit_disp, hit_ctrl, hit_action, hit_blog_ID, hit_referer, hit_remote_addr,' . 'user_login, hit_agent_type, blog_shortname, dom_name, goal_name, hit_keyphrase, hit_serprank, hit_response_code'); $SQL->FROM('T_hitlog LEFT JOIN T_basedomains ON dom_ID = hit_referer_dom_ID' . ' LEFT JOIN T_sessions ON hit_sess_ID = sess_ID' . ' LEFT JOIN T_blogs ON hit_blog_ID = blog_ID' . ' LEFT JOIN T_users ON sess_user_ID = user_ID' . ' LEFT JOIN T_track__goalhit ON hit_ID = ghit_hit_ID' . ' LEFT JOIN T_track__goal ON ghit_goal_ID = goal_ID'); $CountSQL = new SQL(); $CountSQL->SELECT('SQL_NO_CACHE COUNT(hit_ID)'); $CountSQL->FROM('T_hitlog'); $operator = $exclude ? ' <> ' : ' = '; if (!empty($sess_ID)) { // We want to filter on the session ID: $filter = 'hit_sess_ID' . $operator . $sess_ID; $SQL->WHERE($filter); $CountSQL->WHERE($filter); } elseif (!empty($remote_IP)) { // We want to filter on the goal name: $filter = 'hit_remote_addr' . $operator . $DB->quote($remote_IP); $SQL->WHERE($filter); $CountSQL->WHERE($filter); } if (!empty($referer_type)) { $filter = 'hit_referer_type = ' . $DB->quote($referer_type); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } if (!empty($agent_type)) { $filter = 'hit_agent_type = ' . $DB->quote($agent_type); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } if (!empty($device)) { if ($device == 'other') { // Unknown device $device = ''; } $filter = 'sess_device = ' . $DB->quote($device); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); $CountSQL->FROM_add('LEFT JOIN T_sessions ON hit_sess_ID = sess_ID'); } if (!empty($hit_type)) { $filter = 'hit_type = ' . $DB->quote($hit_type); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } if (!empty($reqURI)) { $filter = 'hit_uri LIKE ' . $DB->quote($reqURI); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } if (!empty($datestart)) { $SQL->WHERE_and('hit_datetime >= ' . $DB->quote($datestart . ' 00:00:00')); $CountSQL->WHERE_and('hit_datetime >= ' . $DB->quote($datestart . ' 00:00:00')); } if (!empty($datestop)) { $SQL->WHERE_and('hit_datetime <= ' . $DB->quote($datestop . ' 23:59:59')); $CountSQL->WHERE_and('hit_datetime <= ' . $DB->quote($datestop . ' 23:59:59')); } if (!empty($blog)) { $filter = 'hit_blog_ID = ' . $DB->escape($blog); $SQL->WHERE_and($filter); $CountSQL->WHERE_and($filter); } $resuts_param_prefix = 'hits_'; if (!empty($preset_referer_type)) { $resuts_param_prefix = substr($preset_referer_type, 0, 8) . '_' . $resuts_param_prefix; } $Results = new Results($SQL->get(), $resuts_param_prefix, '--D', $UserSettings->get('results_per_page'), $CountSQL->get()); // Initialize Results object hits_results($Results); if (is_ajax_content()) { // init results param by template name if (!isset($params['skin_type']) || !isset($params['skin_name'])) { debug_die('Invalid ajax results request!'); } $Results->init_params_by_skin($params['skin_type'], $params['skin_name']); } // Display results: $Results->display(); if (!is_ajax_content()) { // Create this hidden div to get a function name for AJAX request echo '<div id="' . $resuts_param_prefix . 'ajax_callback" style="display:none">' . __FUNCTION__ . '</div>'; } }
/** * We want to preview a single post, we are going to fake a lot of things... */ function preview_from_request() { global $current_User; if (empty($current_User)) { // dh> only logged in user's can preview. Alternatively we need those checks where $current_User gets used below. return; } global $DB, $localtimenow, $Messages, $BlogCache; global $Plugins; $preview_userid = param('preview_userid', 'integer', true); $post_status = param('post_status', 'string', true); $post_locale = param('post_locale', 'string', $current_User->locale); $content = param('content', 'html', true); $post_title = param('post_title', 'html', true); $post_excerpt = param('post_excerpt', 'string', true); $post_url = param('post_url', 'string', ''); $post_category = param('post_category', 'integer', true); $post_views = param('post_views', 'integer', 0); $renderers = param('renderers', 'array', array('default')); if (!is_array($renderers)) { // dh> workaround for param() bug. See rev 1.93 of /inc/_misc/_misc.funcs.php $renderers = array('default'); } $comment_Blog =& $BlogCache->get_by_ID(get_catblog($post_category)); if ($comment_Blog->allowcomments == 'post_by_post') { // param is required $post_comment_status = param('post_comment_status', 'string', true); } else { $post_comment_status = $comment_Blog->allowcomments; } // Get issue date, using the user's locale (because it's entered like this in the form): locale_temp_switch($current_User->locale); param_date('item_issue_date', T_('Please enter a valid issue date.'), false); // TODO: dh> get_param() is always true here, also on invalid dates: if (strlen(get_param('item_issue_date'))) { // only set it, if a date was given: param_time('item_issue_time'); $item_issue_date = form_date(get_param('item_issue_date'), get_param('item_issue_time')); // TODO: cleanup... } else { $item_issue_date = date('Y-m-d H:i:s', $localtimenow); } locale_restore_previous(); if (!($item_typ_ID = param('item_typ_ID', 'integer', NULL))) { $item_typ_ID = NULL; } if (!($item_st_ID = param('item_st_ID', 'integer', NULL))) { $item_st_ID = NULL; } if (!($item_assigned_user_ID = param('item_assigned_user_ID', 'integer', NULL))) { $item_assigned_user_ID = NULL; } if (!($item_deadline = param('item_deadline', 'string', NULL))) { $item_deadline = NULL; } $item_priority = param('item_priority', 'integer', NULL); // QUESTION: can this be also empty/NULL? // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Cache('Plugins_admin'); $Plugins_admin->filter_contents($post_title, $content, $renderers); $post_title = format_to_post($post_title); $content = format_to_post($content); $this->sql = "SELECT\r\n\t\t\t0 AS post_ID,\r\n\t\t\t{$preview_userid} AS post_creator_user_ID,\r\n\t\t\t{$preview_userid} AS post_lastedit_user_ID,\r\n\t\t\t'{$item_issue_date}' AS post_datestart,\r\n\t\t\t'{$item_issue_date}' AS post_datecreated,\r\n\t\t\t'{$item_issue_date}' AS post_datemodified,\r\n\t\t\t'" . $DB->escape($post_status) . "' AS post_status,\r\n\t\t\t'" . $DB->escape($post_locale) . "' AS post_locale,\r\n\t\t\t'" . $DB->escape($content) . "' AS post_content,\r\n\t\t\t'" . $DB->escape($post_title) . "' AS post_title,\r\n\t\t\t'" . $DB->escape($post_excerpt) . "' AS post_excerpt,\r\n\t\t\tNULL AS post_urltitle,\r\n\t\t\t'" . $DB->escape($post_url) . "' AS post_url,\r\n\t\t\t{$post_category} AS post_main_cat_ID,\r\n\t\t\t{$post_views} AS post_views,\r\n\t\t\t'' AS post_flags,\r\n\t\t\t'noreq' AS post_notifications_status,\r\n\t\t\tNULL AS post_notifications_ctsk_ID,\r\n\t\t\t" . bpost_count_words($content) . " AS post_wordcount,\r\n\t\t\t" . $DB->quote($post_comment_status) . " AS post_comment_status,\r\n\t\t\t'" . $DB->escape(implode('.', $renderers)) . "' AS post_renderers,\r\n\t\t\t" . $DB->quote($item_assigned_user_ID) . " AS post_assigned_user_ID,\r\n\t\t\t" . $DB->quote($item_typ_ID) . " AS post_ptyp_ID,\r\n\t\t\t" . $DB->quote($item_st_ID) . " AS post_pst_ID,\r\n\t\t\t" . $DB->quote($item_deadline) . " AS post_datedeadline,\r\n\t\t\t" . $DB->quote($item_priority) . " AS post_priority"; $this->total_rows = 1; $this->total_pages = 1; $this->page = 1; // ATTENTION: we skip the parent on purpose here!! fp> refactor DataObjectList2::query(false, false, false, 'PREVIEW QUERY'); $Item =& $this->Cache->instantiate($this->rows[0]); // Trigger plugin event, allowing to manipulate or validate the item before it gets previewed $Plugins->trigger_event('AppendItemPreviewTransact', array('Item' => &$Item)); if ($errcontent = $Messages->display(T_('Invalid post, please correct these errors:'), '', false, 'error')) { $Item->content = $errcontent . "\n<hr />\n" . $content; } // little funky fix for IEwin, rawk on that code global $Hit; if ($Hit->is_winIE && !isset($IEWin_bookmarklet_fix)) { // QUESTION: Is this still needed? What about $IEWin_bookmarklet_fix? (blueyed) $Item->content = preg_replace('/\\%u([0-9A-F]{4,4})/e', "'&#'.base_convert('\\1',16,10). ';'", $Item->content); } }
/** * Load data from Request form fields. * * This requires the blog (e.g. {@link $blog_ID} or {@link $main_cat_ID} to be set). * * @param boolean true if we are returning to edit mode (new, switchtab...) * @return boolean true if loaded data seems valid. */ function load_from_Request($editing = false, $creating = false) { global $default_locale, $current_User, $localtimenow; global $posttypes_reserved_IDs, $item_typ_ID; // LOCALE: if (param('post_locale', 'string', NULL) !== NULL) { $this->set_from_Request('locale'); } // TYPE: if (param('post_type', 'string', NULL) !== NULL) { // Set type ID from request type code, happens when e.g. we add an intro from manual skin by url: /blog6.php?disp=edit&cat=25&post_type=intro-cat $this->set('ptyp_ID', get_item_type_ID(get_param('post_type'))); } elseif (param('item_typ_ID', 'integer', NULL) !== NULL) { // fp> when does this happen? // yura>fp: this happens on submit expert form $this->set_from_Request('ptyp_ID', 'item_typ_ID'); if (in_array($item_typ_ID, $posttypes_reserved_IDs)) { param_error('item_typ_ID', T_('This post type is reserved and cannot be used. Please choose another one.'), ''); } } // URL associated with Item: if (param('post_url', 'string', NULL) !== NULL) { param_check_url('post_url', 'posting', ''); $this->set_from_Request('url'); } if ($this->status == 'redirected' && empty($this->url)) { // Note: post_url is not part of the simple form, so this message can be a little bit awkward there param_error('post_url', T_('If you want to redirect this post, you must specify an URL! (Expert mode)')); } // ISSUE DATE / TIMESTAMP: $this->load_Blog(); if ($current_User->check_perm('blog_edit_ts', 'edit', false, $this->Blog->ID)) { $this->set('dateset', param('item_dateset', 'integer', 0)); if ($editing || $this->dateset == 1) { // We can use user date: if (param_date('item_issue_date', T_('Please enter a valid issue date.'), true) && param_time('item_issue_time')) { // only set it, if a (valid) date and time was given: $this->set('issue_date', form_date(get_param('item_issue_date'), get_param('item_issue_time'))); // TODO: cleanup... } } elseif ($this->dateset == 0) { // Set date to NOW: $this->set('issue_date', date('Y-m-d H:i:s', $localtimenow)); } } // DEADLINE: if (param_date('item_deadline', T_('Please enter a valid deadline.'), false, NULL) !== NULL) { $this->set_from_Request('datedeadline', 'item_deadline', true); } // SLUG: if (param('post_urltitle', 'string', NULL) !== NULL) { $this->set_from_Request('urltitle'); } // <title> TAG: if (param('titletag', 'string', NULL) !== NULL) { $this->set_from_Request('titletag', 'titletag'); } // <meta> DESC: if (param('metadesc', 'string', NULL) !== NULL) { $this->set_setting('post_metadesc', get_param('metadesc')); } // <meta> KEYWORDS: if (param('custom_headers', 'string', NULL) !== NULL) { $this->set_setting('post_custom_headers', get_param('custom_headers')); } // TAGS: if (param('item_tags', 'string', NULL) !== NULL) { $this->set_tags_from_string(get_param('item_tags')); // pre_dump( $this->tags ); } // WORKFLOW stuff: param('item_st_ID', 'integer', NULL); $this->set_from_Request('pst_ID', 'item_st_ID', true); param('item_assigned_user_ID', 'integer', NULL); $this->assign_to(get_param('item_assigned_user_ID')); param('item_priority', 'integer', NULL); $this->set_from_Request('priority', 'item_priority', true); // FEATURED checkbox: $this->set('featured', param('item_featured', 'integer', 0), false); // HIDE TEASER checkbox: $this->set_setting('hide_teaser', param('item_hideteaser', 'integer', 0)); // ORDER: param('item_order', 'double', NULL); $this->set_from_Request('order', 'item_order', true); // OWNER: $this->creator_user_login = param('item_owner_login', 'string', NULL); if ($current_User->check_perm('users', 'edit') && param('item_owner_login_displayed', 'string', NULL) !== NULL) { // only admins can change the owner.. if (param_check_not_empty('item_owner_login', T_('Please enter valid owner login.')) && param_check_login('item_owner_login', true)) { $this->set_creator_by_login($this->creator_user_login); } } // LOCATION COORDINATES: if ($this->Blog->get_setting('show_location_coordinates')) { // location coordinates are enabled, save map settings param('item_latitude', 'double', NULL); // get par value $this->set_setting('latitude', get_param('item_latitude'), true); param('item_longitude', 'double', NULL); // get par value $this->set_setting('longitude', get_param('item_longitude'), true); param('google_map_zoom', 'integer', NULL); // get par value $this->set_setting('map_zoom', get_param('google_map_zoom'), true); param('google_map_type', 'string', NULL); // get par value $this->set_setting('map_type', get_param('google_map_type'), true); } // CUSTOM FIELDS: foreach (array('double', 'varchar') as $type) { $field_count = $this->Blog->get_setting('count_custom_' . $type); for ($i = 1; $i <= $field_count; $i++) { // update each custom field $field_guid = $this->Blog->get_setting('custom_' . $type . $i); $param_name = 'item_' . $type . '_' . $field_guid; if (isset_param($param_name)) { // param is set $param_type = $type == 'varchar' ? 'string' : $type; param($param_name, $param_type, NULL); // get par value $custom_field_make_null = $type != 'double'; // store '0' values in DB for numeric fields $this->set_setting('custom_' . $type . '_' . $field_guid, get_param($param_name), $custom_field_make_null); } } } // COMMENTS: if ($this->Blog->get_setting('allow_comments') != 'never' && $this->Blog->get_setting('disable_comments_bypost')) { // Save status of "Allow comments for this item" (only if comments are allowed in this blog, and disable_comments_bypost is enabled): $post_comment_status = param('post_comment_status', 'string', 'open'); if (!empty($post_comment_status)) { // 'open' or 'closed' or ... $this->set_from_Request('comment_status'); } } // EXPIRY DELAY: $expiry_delay = param_duration('expiry_delay'); if (empty($expiry_delay)) { // Check if we have 'expiry_delay' param set as string from simple or mass form $expiry_delay = param('expiry_delay', 'string', NULL); } $this->set_setting('post_expiry_delay', $expiry_delay, true); // EXTRA PARAMS FROM MODULES: modules_call_method('update_item_settings', array('edited_Item' => $this)); // RENDERERS: if (param('renderers_displayed', 'integer', 0)) { // use "renderers" value only if it has been displayed (may be empty) global $Plugins; $renderers = $Plugins->validate_renderer_list(param('renderers', 'array/string', array()), array('Item' => &$this)); $this->set('renderers', $renderers); } else { $renderers = $this->get_renderers_validated(); } // CONTENT + TITLE: if ($this->Blog->get_setting('allow_html_post')) { // HTML is allowed for this post, we'll accept HTML tags: $text_format = 'html'; } else { // HTML is disallowed for this post, we'll encode all special chars: $text_format = 'htmlspecialchars'; } if (param('content', $text_format, NULL) !== NULL) { // Never allow html content on post titles: (fp> probably so as to not mess up backoffice and all sorts of tools) param('post_title', 'htmlspecialchars', NULL); // Do some optional filtering on the content // Typically stuff that will help the content to validate // Useful for code display. // Will probably be used for validation also. $Plugins_admin =& get_Plugins_admin(); $params = array('object_type' => 'Item', 'object_Blog' => &$this->Blog); $Plugins_admin->filter_contents($GLOBALS['post_title'], $GLOBALS['content'], $renderers, $params); // Title checking: $require_title = $this->Blog->get_setting('require_title'); if ((!$editing || $creating) && $require_title == 'required') { param_check_not_empty('post_title', T_('Please provide a title.'), ''); } // Format raw HTML input to cleaned up and validated HTML: param_check_html('content', T_('Invalid content.')); $this->set('content', get_param('content')); $this->set('title', get_param('post_title')); } // EXCERPT: (must come after content (to handle excerpt_autogenerated)) if (param('post_excerpt', 'text', NULL) !== NULL) { $this->set('excerpt_autogenerated', 0); // Set this to the '0' for saving a field 'excerpt' from a request $this->set_from_Request('excerpt'); } // LOCATION (COUNTRY -> CITY): load_funcs('regional/model/_regional.funcs.php'); if ($this->Blog->country_visible()) { // Save country $country_ID = param('item_ctry_ID', 'integer', 0); $country_is_required = $this->Blog->get_setting('location_country') == 'required' && countries_exist() && !$this->is_special(); param_check_number('item_ctry_ID', T_('Please select a country'), $country_is_required); $this->set_from_Request('ctry_ID', 'item_ctry_ID', true); } if ($this->Blog->region_visible()) { // Save region $region_ID = param('item_rgn_ID', 'integer', 0); $region_is_required = $this->Blog->get_setting('location_region') == 'required' && regions_exist($country_ID) && !$this->is_special(); param_check_number('item_rgn_ID', T_('Please select a region'), $region_is_required); $this->set_from_Request('rgn_ID', 'item_rgn_ID', true); } if ($this->Blog->subregion_visible()) { // Save subregion $subregion_ID = param('item_subrg_ID', 'integer', 0); $subregion_is_required = $this->Blog->get_setting('location_subregion') == 'required' && subregions_exist($region_ID) && !$this->is_special(); param_check_number('item_subrg_ID', T_('Please select a sub-region'), $subregion_is_required); $this->set_from_Request('subrg_ID', 'item_subrg_ID', true); } if ($this->Blog->city_visible()) { // Save city param('item_city_ID', 'integer', 0); $city_is_required = $this->Blog->get_setting('location_city') == 'required' && cities_exist($country_ID, $region_ID, $subregion_ID) && !$this->is_special(); param_check_number('item_city_ID', T_('Please select a city'), $city_is_required); $this->set_from_Request('city_ID', 'item_city_ID', true); } return !param_errors_detected(); }