setOption('watermark_w_offset', sanitize($_POST['watermark_w_offset'], 3));
setOption('image_cache_suffix', sanitize($_POST['image_cache_suffix']));
$imageplugins = array_unique($_zp_extra_filetypes);
$imageplugins[] = 'Image';
foreach ($imageplugins as $plugin) {
$opt = $plugin . '_watermark';
if (isset($_POST[$opt])) {
$new = sanitize($_POST[$opt], 3);
setOption($opt, $new);
}
}
setOption('full_image_quality', sanitize($_POST['full_image_quality'], 3));
setOption('cache_full_image', (int) isset($_POST['cache_full_image']));
setOption('protect_full_image', sanitize($_POST['protect_full_image'], 3));
setOption('imageProcessorConcurrency', $_POST['imageProcessorConcurrency']);
$notify = processCredentials('protected_image');
setOption('secure_image_processor', (int) isset($_POST['secure_image_processor']));
if (isset($_POST['protected_image_cache'])) {
setOption('protected_image_cache', 1);
copy(SERVERPATH . '/' . ZENFOLDER . '/cacheprotect', SERVERPATH . '/' . CACHEFOLDER . '/.htaccess');
@chmod(SERVERPATH . '/' . CACHEFOLDER . '/.htaccess', 0444);
} else {
@chmod(SERVERPATH . '/' . CACHEFOLDER . '/.htaccess', 0777);
@unlink(SERVERPATH . '/' . CACHEFOLDER . '/.htaccess');
setOption('protected_image_cache', 0);
}
setOption('hotlink_protection', (int) isset($_POST['hotlink_protection']));
setOption('use_lock_image', (int) isset($_POST['use_lock_image']));
$st = sanitize($_POST['image_sorttype'], 3);
if ($st == 'custom') {
$st = unQuote(strtolower(sanitize($_POST['customimagesort'], 3)));
static function handleOptionSave($themename, $themealbum)
{
$notify = processCredentials('downloadList', '_downloadList');
if ($notify == '?mismatch=user') {
return '&custom=' . gettext('You must supply a password for the DownloadList user');
} else {
if ($notify) {
return '&custom=' . gettext('Your DownloadList passwords were empty or did not match');
}
}
return false;
}
/**
* processes the post from the above
* @param int $index the index of the entry in mass edit or 0 if single album
* @param object $album the album object
* @param string $redirectto used to redirect page refresh on move/copy/rename
* @return string error flag if passwords don't match
* @since 1.1.3
*/
function processAlbumEdit($index, &$album, &$redirectto)
{
$redirectto = NULL;
// no redirection required
if ($index == 0) {
$prefix = $suffix = '';
} else {
$prefix = "{$index}-";
$suffix = "_{$index}";
}
$notify = '';
$album->setTitle(process_language_string_save($prefix . 'albumtitle', 2));
$album->setDesc(process_language_string_save($prefix . 'albumdesc', EDITOR_SANITIZE_LEVEL));
if (isset($_POST['tag_list_tags_' . $prefix])) {
$tags = sanitize($_POST['tag_list_tags_' . $prefix]);
} else {
$tags = array();
}
$tags = array_unique($tags);
$album->setTags($tags);
if (isset($_POST[$prefix . 'thumb'])) {
$album->setThumb(sanitize($_POST[$prefix . 'thumb']));
}
$album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments']));
$sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3));
if ($sorttype == 'custom') {
$sorttype = unquote(strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3)));
}
$album->setSortType($sorttype);
if ($sorttype == 'manual' || $sorttype == 'random') {
$album->setSortDirection(false, 'image');
} else {
if (empty($sorttype)) {
$direction = false;
} else {
$direction = isset($_POST[$prefix . 'image_sortdirection']);
}
$album->setSortDirection($direction, 'image');
}
$sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3));
if ($sorttype == 'custom') {
$sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3));
}
$album->setSortType($sorttype, 'album');
if ($sorttype == 'manual' || $sorttype == 'random') {
$album->setSortDirection(false, 'album');
} else {
$album->setSortDirection(isset($_POST[$prefix . 'album_sortdirection']), 'album');
}
if (isset($_POST['reset_hitcounter' . $prefix])) {
$album->set('hitcounter', 0);
}
if (isset($_POST[$prefix . 'reset_rating'])) {
$album->set('total_value', 0);
$album->set('total_votes', 0);
$album->set('used_ips', 0);
}
$pubdate = $album->setPublishDate(sanitize($_POST['publishdate-' . $prefix]));
$album->setExpireDate(sanitize($_POST['expirationdate-' . $prefix]));
$fail = '';
processCredentials($album, $suffix);
$oldtheme = $album->getAlbumTheme();
if (isset($_POST[$prefix . 'album_theme'])) {
$newtheme = sanitize($_POST[$prefix . 'album_theme']);
if ($oldtheme != $newtheme) {
$album->setAlbumTheme($newtheme);
}
}
if (isset($_POST[$prefix . 'album_watermark'])) {
$album->setWatermark(sanitize($_POST[$prefix . 'album_watermark'], 3));
$album->setWatermarkThumb(sanitize($_POST[$prefix . 'album_watermark_thumb'], 3));
}
$album->setShow(isset($_POST[$prefix . 'Published']));
zp_apply_filter('save_album_custom_data', NULL, $prefix, $album);
zp_apply_filter('save_album_utilities_data', $album, $prefix);
$album->save();
// Move/Copy/Rename the album after saving.
$movecopyrename_action = '';
if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) {
$movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3);
}
if ($movecopyrename_action == 'delete') {
$dest = dirname($album->name);
if ($album->remove()) {
if ($dest == '/' || $dest == '.') {
$dest = '';
}
$redirectto = $dest;
} else {
$notify = "&mcrerr=7";
}
}
if ($movecopyrename_action == 'move') {
$dest = sanitize_path($_POST['a' . $prefix . '-albumselect']);
// Append the album name.
$dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name));
if ($dest && $dest != $album->name) {
if ($suffix = $album->isDynamic()) {
// be sure there is a .alb suffix
if (substr($dest, -4) != '.' . $suffix) {
$dest .= '.' . suffix;
}
}
if ($e = $album->move($dest)) {
$notify = "&mcrerr=" . $e;
} else {
$redirectto = $dest;
}
} else {
// Cannot move album to same album.
$notify = "&mcrerr=3";
}
} else {
if ($movecopyrename_action == 'copy') {
$dest = sanitize_path($_POST['a' . $prefix . '-albumselect']);
if ($dest && $dest != $album->name) {
if ($e = $album->copy($dest)) {
$notify = "&mcrerr=" . $e;
}
} else {
// Cannot copy album to existing album.
// Or, copy with rename?
$notify = '&mcrerr=3';
}
} else {
if ($movecopyrename_action == 'rename') {
$renameto = sanitize_path($_POST['a' . $prefix . '-renameto']);
$renameto = str_replace(array('/', '\\'), '', $renameto);
if (dirname($album->name) != '.') {
$renameto = dirname($album->name) . '/' . $renameto;
}
if ($renameto != $album->name) {
if ($suffix = $album->isDynamic()) {
// be sure there is a .alb suffix
if (substr($renameto, -4) != '.' . $suffix) {
$renameto .= '.' . $suffix;
}
}
if ($e = $album->rename($renameto)) {
$notify = "&mcrerr=" . $e;
} else {
$redirectto = $renameto;
}
} else {
$notify = "&mcrerr=3";
}
}
}
}
return $notify;
}
/**
* Updates or adds a category
*
* @param array $reports the results display
* @param bool $newcategory true if a new article
*
*/
function updateCategory(&$reports, $newcategory = false)
{
$date = date('Y-m-d_H-i-s');
$id = sanitize_numeric($_POST['id']);
$permalink = getcheckboxState('permalink');
$title = process_language_string_save("title", 2);
$desc = process_language_string_save("desc", EDITOR_SANITIZE_LEVEL);
$custom = process_language_string_save("custom_data", 1);
if ($newcategory) {
$titlelink = seoFriendly(get_language_string($title));
if (empty($titlelink)) {
$titlelink = seoFriendly($date);
}
$sql = 'SELECT `id` FROM ' . prefix('news_categories') . ' WHERE `titlelink`=' . db_quote($titlelink);
$rslt = query_single_row($sql, false);
if ($rslt) {
//already exists
$time = explode(' ', microtime());
$titlelink = $titlelink . '_' . ($time[1] + $time[0]);
$reports[] = "<p class='warningbox fade-message'>" . gettext('Duplicate category title') . '</p>';
}
$oldtitlelink = $titlelink;
} else {
$titlelink = $oldtitlelink = sanitize($_POST['titlelink-old'], 3);
if (getcheckboxState('edittitlelink')) {
$titlelink = sanitize($_POST['titlelink'], 3);
if (empty($titlelink)) {
$titlelink = seoFriendly(get_language_string($title));
if (empty($titlelink)) {
$titlelink = seoFriendly($date);
}
}
} else {
if (!$permalink) {
// allow the link to change
$link = seoFriendly(get_language_string($title));
if (!empty($link)) {
$titlelink = $link;
}
}
}
}
$titleok = true;
if ($titlelink != $oldtitlelink) {
// title link change must be reflected in DB before any other updates
$titleok = query('UPDATE ' . prefix('news_categories') . ' SET `titlelink`=' . db_quote($titlelink) . ' WHERE `id`=' . $id, false);
if (!$titleok) {
$titlelink = $oldtitlelink;
// force old link so data gets saved
} else {
SearchEngine::clearSearchCache();
}
}
//update category
$show = getcheckboxState('show');
$cat = new ZenpageCategory($titlelink, true);
$notice = processCredentials($cat);
$cat->setPermalink(getcheckboxState('permalink'));
$cat->set('title', $title);
$cat->setDesc($desc);
$cat->setCustomData(zp_apply_filter('save_category_custom_data', $custom, $cat));
$cat->setShow($show);
if (getcheckboxState('resethitcounter')) {
$cat->set('hitcounter', 0);
}
if (getcheckboxState('reset_rating')) {
$cat->set('total_value', 0);
$cat->set('total_votes', 0);
$cat->set('used_ips', 0);
}
if ($newcategory) {
$msg = zp_apply_filter('new_category', '', $cat);
if (empty($title)) {
$reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("Category <em>%s</em> added but you need to give it a <strong>title</strong> before publishing!"), $titlelink) . '</p>';
} else {
if ($notice == '?mismatch=user') {
$reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>';
} else {
if ($notice) {
$reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>';
} else {
$reports[] = "<p class='messagebox fade-message'>" . sprintf(gettext("Category <em>%s</em> added"), $titlelink) . '</p>';
}
}
}
} else {
$msg = zp_apply_filter('update_category', '', $cat, $oldtitlelink);
if ($titleok) {
if (empty($titlelink) or empty($title)) {
$reports[] = "<p class='errorbox fade-message'>" . gettext("You forgot to give your category a <strong>title or titlelink</strong>!") . "</p>";
} else {
if ($notice == '?mismatch=user') {
$reports[] = "<p class='errorbox fade-message'>" . gettext('You must supply a password for the Protected Category user') . '</p>';
} else {
if ($notice) {
$reports[] = "<p class='errorbox fade-message'>" . gettext('Your passwords were empty or did not match') . '</p>';
} else {
$reports[] = "<p class='messagebox fade-message'>" . gettext("Category updated!") . "</p>";
}
}
}
} else {
$reports[] = "<p class='errorbox fade-message'>" . sprintf(gettext("A category with the title/titlelink <em>%s</em> already exists!"), html_encode($cat->getTitle())) . "</p>";
}
}
$cat->save();
if ($msg) {
$reports[] = $msg;
}
return $cat;
}
