if (!in_array('thumb_w', $cols)) { safe_alter('txp_image', "ADD thumb_w int(8) NOT NULL DEFAULT 0"); } if (!in_array('thumb_h', $cols)) { safe_alter('txp_image', "ADD thumb_h int(8) NOT NULL DEFAULT 0"); } // Plugin flags. $cols = getThings('DESCRIBE `' . PFX . 'txp_plugin`'); if (!in_array('flags', $cols)) { safe_alter('txp_plugin', "ADD flags SMALLINT UNSIGNED NOT NULL DEFAULT 0"); } // Default theme. if (!safe_field("name", 'txp_prefs', "name = 'theme_name'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'theme_name', val = 'classic', type = '1', event = 'admin', html = 'themename', position = '160'"); } safe_alter('txp_plugin', "MODIFY code MEDIUMTEXT NOT NULL"); safe_alter('txp_plugin', "MODIFY code_restore MEDIUMTEXT NOT NULL"); safe_alter('txp_prefs', "MODIFY val TEXT NOT NULL"); // Add author column to files and links, boldy assuming that the publisher in // charge of updating this site is the author of any existing content items. foreach (array('txp_file', 'txp_link') as $table) { $cols = getThings("DESCRIBE `" . PFX . $table . "`"); if (!in_array('author', $cols)) { safe_alter($table, "ADD author varchar(64) NOT NULL DEFAULT ''"); safe_create_index($table, 'author', 'author_idx'); safe_update($table, "author = '" . doSlash($txp_user) . "'", "1 = 1"); } } // Add indices on author columns. safe_create_index('textpattern', 'AuthorID', 'author_idx'); safe_create_index('txp_image', 'author', 'author_idx');
<?php /* $HeadURL$ $LastChangedRevision$ */ safe_upgrade_table('textpattern', array('markup_body' => 'varchar(32)', 'markup_excerpt' => 'varchar(32)')); // user-specific preferences safe_upgrade_table('txp_prefs_user', array('id' => DB_AUTOINC . ' PRIMARY KEY', 'user' => "varchar(64) NOT NULL default ''", 'name' => "varchar(255) NOT NULL default ''", 'val' => "varchar(255) NOT NULL default ''")); // unique index on user+name safe_upgrade_index('txp_prefs_user', 'user_idx', 'unique', 'user, name'); if (!safe_column_exists('txp_section', 'id')) { safe_alter('txp_section', 'drop primary key'); } safe_upgrade_table('txp_section', array('id' => DB_AUTOINC . ' PRIMARY KEY', 'path' => "varchar(255) not null default ''", 'parent' => 'INT', 'lft' => 'INT not null default 0', 'rgt' => 'INT not null default 0', 'inherit' => 'SMALLINT not null default 0')); safe_update('txp_section', 'path=name', "path=''"); // shortname has to be unique within a parent if (!safe_index_exists('txp_section', 'parent_idx')) { safe_upgrade_index('txp_section', 'parent_idx', 'unique', 'parent,name'); } #if (!safe_index_exists('txp_section', 'path_idx')) # safe_upgrade_index('txp_section', 'path_idx', 'unique', 'path'); safe_update('txp_section', 'parent=0', "name='default'"); $root_id = safe_field('id', 'txp_section', "name='default'"); safe_update('txp_section', "parent='" . $root_id . "'", "parent IS NULL"); include_once txpath . '/lib/txplib_tree.php'; tree_rebuild('txp_section', $root_id, 1); // <txp:message /> is dropped safe_update('txp_form', "Form = REPLACE(Form, '<txp:message', '<txp:comment_message')", "1 = 1"); // Expiry datetime for articles safe_upgrade_table('textpattern', array('Expires' => "datetime NOT NULL default '0000-00-00 00:00:00' after `Posted`"));
* * This file is part of Textpattern. * * Textpattern is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation, version 2. * * Textpattern is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Textpattern. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('TXP_UPDATE')) { exit("Nothing here. You can't access this file directly."); } // Updates comment email length. safe_alter('txp_discuss', "MODIFY email VARCHAR(254) NOT NULL DEFAULT ''"); // Store IPv6 properly in logs. safe_alter('txp_log', "MODIFY ip VARCHAR(45) NOT NULL DEFAULT ''"); // Save sections correctly in articles. safe_alter('textpattern', "MODIFY Section VARCHAR(255) NOT NULL DEFAULT ''"); // Ensure all memory-mappable columns have defaults safe_alter('txp_form', "MODIFY name VARCHAR(64) NOT NULL DEFAULT ''"); safe_alter('txp_page', "MODIFY name VARCHAR(128) NOT NULL DEFAULT ''"); safe_alter('txp_prefs', "MODIFY prefs_id INT NOT NULL DEFAULT '1'"); safe_alter('txp_prefs', "MODIFY name VARCHAR(255) NOT NULL DEFAULT ''"); safe_alter('txp_section', "MODIFY name VARCHAR(128) NOT NULL DEFAULT ''");
<?php /* $HeadURL: https://textpattern.googlecode.com/svn/releases/4.5.7/source/textpattern/update/_to_4.3.0.php $ $LastChangedRevision: 4011 $ */ if (!defined('TXP_UPDATE')) { exit("Nothing here. You can't access this file directly."); } // Raw CSS is now the only option safe_delete('txp_prefs', "event='css' and name='edit_raw_css_by_default'"); $rs = getRows('select name,css from `' . PFX . 'txp_css`'); foreach ($rs as $row) { if (preg_match('%^[a-zA-Z0-9/+]*={0,2}$%', $row['css'])) { // Data is still base64 encoded safe_update('txp_css', "css = '" . doSlash(base64_decode($row['css'])) . "'", "name = '" . doSlash($row['name']) . "'"); } } // add column for file title $cols = getThings('describe `' . PFX . 'txp_file`'); if (!in_array('title', $cols)) { safe_alter('txp_file', "ADD `title` VARCHAR( 255 ) NULL AFTER `filename`"); }
safe_alter('txp_plugin', "ADD load_order TINYINT UNSIGNED NOT NULL DEFAULT 5"); } # Enable XML-RPC server? if (!safe_field('name', 'txp_prefs', "name = 'enable_xmlrpc_server'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'enable_xmlrpc_server', val = 0, type = 1, event = 'admin', html = 'yesnoradio', position = 130"); } if (!safe_field('name', 'txp_prefs', "name = 'smtp_from'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'smtp_from', val = '', type = 1, event = 'admin', position = 110"); } if (!safe_field('val', 'txp_prefs', "name='author_list_pageby'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'author_list_pageby', val = 25, type = 2"); } # Expiry datetime for articles $txp = getThings('describe `' . PFX . 'textpattern`'); if (!in_array('Expires', $txp)) { safe_alter("textpattern", "add `Expires` datetime NOT NULL default '0000-00-00 00:00:00' after `Posted`"); } $has_expires_idx = 0; $rs = getRows('show index from `' . PFX . 'textpattern`'); foreach ($rs as $row) { if ($row['Key_name'] == 'Expires_idx') { $has_expires_idx = 1; } } if (!$has_expires_idx) { safe_query('alter ignore table `' . PFX . 'textpattern` add index Expires_idx(Expires)'); } # Publish expired articles, or return 410? if (!safe_field('name', 'txp_prefs', "name = 'publish_expired_articles'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'publish_expired_articles', val = '0', type = '1', event='publish', html='yesnoradio', position='130'"); }
safe_alter('txp_file', "ADD modified DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00'"); $update_files = 1; } if (!in_array('created', $txpfile)) { safe_alter('txp_file', "ADD created DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00'"); $update_files = 1; } if (!in_array('size', $txpfile)) { safe_alter('txp_file', "ADD size BIGINT"); $update_files = 1; } if (!in_array('downloads', $txpfile)) { safe_alter('txp_file', "ADD downloads INT DEFAULT '0' NOT NULL"); } if (array_intersect(array('modified', 'created'), $txpfile)) { safe_alter('txp_file', "\n MODIFY modified DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',\n MODIFY created DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00'"); } // Copy existing file timestamps into the new database columns. if ($update_files) { $prefs = get_prefs(); $rs = safe_rows("*", 'txp_file', "1 = 1"); foreach ($rs as $row) { $path = build_file_path(@$prefs['file_base_path'], @$row['filename']); if ($path and $stat = @stat($path)) { safe_update('txp_file', "created = '" . strftime('%Y-%m-%d %H:%M:%S', $stat['ctime']) . "', modified = '" . strftime('%Y-%m-%d %H:%M:%S', $stat['mtime']) . "', size = '" . doSlash(sprintf('%u', $stat['size'])) . "'", "id = '" . doSlash($row['id']) . "'"); } } } safe_update('textpattern', "Keywords = TRIM(BOTH ',' FROM \n REPLACE(\n REPLACE(\n REPLACE(\n REPLACE(\n REPLACE(\n REPLACE(\n REPLACE(\n REPLACE(\n REPLACE(\n REPLACE(\n REPLACE(Keywords, '\n', ','),\n '\r', ','),\n '\t', ','),\n ' ', ' '),\n ' ', ' '),\n ' ', ' '),\n ' ,', ','),\n ', ', ','),\n ',,,,', ','),\n ',,', ','),\n ',,', ',')\n )", "Keywords != ''"); // Shift preferences to more intuitive spots. // Give positions, leave enough room for later additions.
safe_alter('txp_section', "MODIFY page VARCHAR(255) NOT NULL default '', MODIFY css VARCHAR(255) NOT NULL default ''"); // Save sections correctly in articles. safe_alter('textpattern', "MODIFY Section VARCHAR(255) NOT NULL default ''"); safe_alter('txp_section', "MODIFY name VARCHAR(255) NOT NULL"); // Plugins can have longer version numbers. safe_alter('txp_plugin', "MODIFY version VARCHAR(255) NOT NULL DEFAULT '1.0'"); // Translation strings should allow more than 255 characters. safe_alter('txp_lang', "MODIFY data TEXT"); // Add meta description to articles... $cols = getThings('describe `' . PFX . 'textpattern`'); if (!in_array('description', $cols)) { safe_alter('textpattern', "ADD description VARCHAR(255) NOT NULL DEFAULT '' AFTER Keywords"); } // ... categories... $cols = getThings('describe `' . PFX . 'txp_category`'); if (!in_array('description', $cols)) { safe_alter('txp_category', "ADD description VARCHAR(255) NOT NULL DEFAULT '' AFTER title"); } // ... and sections. $cols = getThings('describe `' . PFX . 'txp_section`'); if (!in_array('description', $cols)) { safe_alter('txp_section', "ADD description VARCHAR(255) NOT NULL DEFAULT '' AFTER css"); } // Remove textpattern.com ping pref. if (safe_field('name', 'txp_prefs', "name = 'ping_textpattern_com'")) { safe_delete('txp_prefs', "name = 'ping_textpattern_com'"); } // Add default publishing status pref. if (!get_pref('default_publish_status')) { set_pref('default_publish_status', STATUS_LIVE, 'publish', PREF_CORE, 'defaultPublishStatus', 15, PREF_PRIVATE); }
* * This file is part of Textpattern. * * Textpattern is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation, version 2. * * Textpattern is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Textpattern. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('TXP_UPDATE')) { exit("Nothing here. You can't access this file directly."); } // Updates comment email length. safe_alter('txp_discuss', "MODIFY email VARCHAR(254) NOT NULL default ''"); // Store IPv6 properly in logs. safe_alter('txp_log', "MODIFY ip VARCHAR(45) NOT NULL default ''"); // Save sections correctly in articles. safe_alter('textpattern', "MODIFY Section VARCHAR(128) NOT NULL default ''"); // Ensure all memory-mappable columns have defaults safe_alter('txp_form', "MODIFY `name` VARCHAR(64) NOT NULL default ''"); safe_alter('txp_page', "MODIFY `name` VARCHAR(128) NOT NULL default ''"); safe_alter('txp_prefs', "MODIFY `prefs_id` INT(11) NOT NULL default '1'"); safe_alter('txp_prefs', "MODIFY `name` VARCHAR(255) NOT NULL default ''"); safe_alter('txp_section', "MODIFY `name` VARCHAR(128) NOT NULL default ''");
function image_replace() { global $txpcfg, $extensions, $txp_user, $img_dir, $path_from_root; extract($txpcfg); $id = gps('id'); $file = $_FILES['thefile']['tmp_name']; $name = $_FILES['thefile']['name']; list($w, $h, $extension) = getimagesize($file); if ($extensions[$extension]) { $ext = $extensions[$extension]; $name = substr($name, 0, strrpos($name, '.')); $name .= $ext; $name2db = doSlash($name); $rs = safe_update("txp_image", "w = '{$w}',\n\t\t\t\t h = '{$h}',\n\t\t\t\t ext = '{$ext}',\n\t\t\t\t `name` = '{$name2db}',\n\t\t\t\t `date` = now(),\n\t\t\t\t author = '{$txp_user}'", "id = {$id}\n\t\t\t"); if (!$rs) { image_list('there was a problem saving image data'); } else { $newpath = $doc_root . $path_from_root . $img_dir . '/' . $id . $ext; $newpath = str_replace('//', '/', $newpath); if (move_uploaded_file($file, $newpath) == false) { safe_delete("txp_image", "id='{$id}'"); safe_alter("txp_image", "auto_increment={$id}"); image_list($newpath . sp . gTxt('upload_dir_perms')); } else { chmod($newpath, 0755); image_edit(messenger('image', $name, 'uploaded'), $id); } } } else { image_list(gTxt('only_graphic_files_allowed')); } }
function file_insert() { global $txpcfg, $extensions, $txp_user, $file_base_path, $file_max_upload_size; extract($txpcfg); extract(doSlash(gpsa(array('category', 'permissions', 'description')))); $name = file_get_uploaded_name(); $file = file_get_uploaded(); if ($file === false) { // could not get uploaded file file_list(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg(@$_FILES['file']['error'])); return; } if ($file_max_upload_size < filesize($file)) { unlink($file); file_list(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg(UPLOAD_ERR_FORM_SIZE)); return; } if (!is_file(build_file_path($file_base_path, $name))) { $id = file_db_add($name, $category, $permissions, $description); if (!$id) { file_list(gTxt('file_upload_failed') . ' (db_add)'); } else { $id = assert_int($id); $newpath = build_file_path($file_base_path, trim($name)); if (!shift_uploaded_file($file, $newpath)) { safe_delete("txp_file", "id = {$id}"); safe_alter("txp_file", "auto_increment={$id}"); if (isset($GLOBALS['ID'])) { unset($GLOBALS['ID']); } file_list($newpath . ' ' . gTxt('upload_dir_perms')); // clean up file } else { file_set_perm($newpath); $message = gTxt('file_uploaded', array('{name}' => $name)); file_edit($message, $id); } } } else { $message = gTxt('file_already_exists', array('{name}' => $name)); file_list($message); } }
function mem_self_register_install() { global $mem_self; extract(doSlash(gpsa(array('admin_email', 'admin_name', 'new_user_priv', 'use_ign_db', 'add_address', 'add_phone')))); if (!isset($new_user_priv) || empty($new_user_priv)) { $new_user_priv = '0'; } $log = array(); if (!($rs = safe_field('val,html', 'txp_prefs', "name='mem_self_use_ign_db'"))) { if (set_pref('mem_self_use_ign_db', $use_ign_db, 'self_reg', 1, 0, 'yesnoradio')) { $log[] = mem_self_gTxt('log_added_pref', array('{name}' => 'mem_self_use_ign_db')); } else { $log[] = mem_self_gTxt('log_pref_failed', array('{name}' => 'mem_self_use_ign_db', '{error}' => mysql_error())); } } else { if ($rs['html'] != 'yesnoradio') { safe_update('txp_prefs', "html='yesnoradio'", "name='mem_self_use_ign_db'"); } $log[] = mem_self_gTxt('log_pref_exists', array('{name}' => 'mem_self_use_ign_db', '{value}' => $rs)); } $user_table = mem_get_user_table_name(); $xtra_columns = mem_get_extra_user_columns(); if ($add_address) { if (!in_array('address', $xtra_columns)) { if (safe_alter($user_table, "ADD `address` VARCHAR( 128 )")) { $log[] = mem_self_gTxt('log_col_added', array('{name}' => 'address', '{table}' => $user_table)); } else { $log[] = mem_self_gTxt('log_col_failed', array('{name}' => 'address', '{table}' => $user_table, '{error}' => mysql_error())); } } else { $log[] = mem_self_gTxt('log_col_exists', array('{name}' => 'address', '{table}' => $user_table)); } } if ($add_phone) { if (!in_array('phone', $xtra_columns)) { if (safe_alter($user_table, "ADD `phone` VARCHAR( 32 )")) { $log[] = mem_self_gTxt('log_col_added', array('{name}' => 'phone', '{table}' => $user_table)); } else { $log[] = mem_self_gTxt('log_col_failed', array('{name}' => 'phone', '{table}' => $user_table, '{error}' => mysql_error())); } } else { $log[] = mem_self_gTxt('log_col_exists', array('{name}' => 'phone', '{table}' => $user_table)); } } if (!($rs = safe_field('val', 'txp_prefs', "name='mem_self_admin_email'"))) { if (set_pref('mem_self_admin_email', $admin_email, 'self_reg', 1)) { $log[] = mem_self_gTxt('log_added_pref', array('{name}' => 'mem_self_admin_email')); } else { $log[] = mem_self_gTxt('log_pref_failed', array('{name}' => 'mem_self_admin_email', '{error}' => mysql_error())); } } else { $log[] = mem_self_gTxt('log_pref_exists', array('{name}' => 'mem_self_admin_email', '{value}' => $rs)); } if (!($rs = safe_field('val', 'txp_prefs', "name='mem_self_admin_name'"))) { if (set_pref('mem_self_admin_name', $admin_name, 'self_reg', 1)) { $log[] = mem_self_gTxt('log_added_pref', array('{name}' => 'mem_self_admin_name')); } else { $log[] = mem_self_gTxt('log_pref_failed', array('{name}' => 'mem_self_admin_name', '{error}' => mysql_error())); } } else { $log[] = mem_self_gTxt('log_pref_exists', array('{name}' => 'mem_self_admin_name', '{value}' => $rs)); } if (!($rs = safe_row('val,html', 'txp_prefs', "name='mem_self_new_user_priv'"))) { if (set_pref('mem_self_new_user_priv', $new_user_priv, 'self_reg', 1, 0, 'priv_levels')) { $log[] = mem_self_gTxt('log_added_pref', array('{name}' => 'mem_self_new_user_priv')); $mem_self['new_user_priv'] = $new_user_priv; } else { $log[] = mem_self_gTxt('log_pref_failed', array('{name}' => 'mem_self_newuser_priv', '{error}' => mysql_error())); } } else { safe_update('txp_prefs', "html='priv_levels'", "name='mem_self_new_user_priv'"); $log[] = mem_self_gTxt('log_pref_exists', array('{name}' => 'mem_self_new_user_priv', '{value}' => $rs)); } // create default registration form $form_html = <<<EOF \t<fieldset> \t<legend>Register</legend> \t\t<txp:mem_form_text name="RealName" label="Full Name" /><br /> \t\t<br /> \t\t \t\t<txp:mem_form_text name="name" label="Username" /><br /> \t\t<br /> \t\t \t\t<txp:mem_form_email name="email" label="E-Mail" /><br /> \t\t<br /> \t\t<txp:mem_form_submit /> \t</fieldset> EOF; $form = fetch('Form', 'txp_form', 'name', 'self_register_form'); if (!$form) { if (safe_insert('txp_form', "name='self_register_form',type='misc',Form='{$form_html}'")) { $log[] = mem_self_gTxt('log_form_added', array('{name}' => 'self_register_form')); } else { $log[] = mem_self_gTxt('log_form_failed', array('{name}' => 'self_register_form', '{error}' => mysql_error())) . br . '<textpattern style="width:300px;height:150px;">' . htmlspecialchars($form_html) . '</textarea>'; } } else { $log[] = mem_self_gTxt('log_form_found', array('{name}' => 'self_register_form')); } // create default successful registration form to show the user $form_html = <<<EOF <h3>Account Created</h3> <p>An email containing your password has been sent to <txp:mem_profile var="email" />.</p> EOF; $form = fetch('Form', 'txp_form', 'name', 'self_register_success'); if (!$form) { if (safe_insert('txp_form', "name='self_register_success',type='misc',Form='{$form_html}'")) { $log[] = mem_self_gTxt('log_form_added', array('{name}' => 'self_register_success')); } else { $log[] = mem_self_gTxt('log_form_failed', array('{name}' => 'self_register_success', '{error}' => mysql_error())) . br . '<textpattern style="width:300px;height:150px;">' . htmlspecialchars($form_html) . '</textarea>'; } } else { $log[] = mem_self_gTxt('log_form_found', array('{name}' => 'self_register_success')); } // create default successful registration email form $form_html = <<<EOF Dear <txp:mem_name />, Thank you for registering at <txp:mem_siteurl />. Your login name: <txp:mem_username /> Your password: <txp:mem_password /> If you have any questions please reply to this email address. Sincerely, <txp:mem_admin_name /> <txp:mem_admin_email /> EOF; $form = fetch('Form', 'txp_form', 'name', 'self_register_email'); if (!$form) { if (safe_insert('txp_form', "name='self_register_email',type='misc',Form='{$form_html}'")) { $log[] = mem_self_gTxt('log_form_added', array('{name}' => 'self_register_email')); } else { $log[] = mem_self_gTxt('log_form_failed', array('{name}' => 'self_register_email', '{error}' => mysql_error())) . br . '<textpattern style="width:300px;height:150px;">' . htmlspecialchars($form_html) . '</textarea>'; } } else { $log[] = mem_self_gTxt('log_form_found', array('{name}' => 'self_register_email')); } $tag_help = '<txp:mem_self_register_form form="self_register_form" />'; $log[] = mem_self_gTxt('log_xmpl_tag') . br . '<textarea style="width:400px;height:40px;">' . htmlspecialchars($tag_help) . '</textarea>'; return doWrap($log, 'ul', 'li'); }
function image_data($file, $meta = '', $id = '', $uploaded = true) { global $txpcfg, $txp_user, $prefs, $file_max_upload_size; $extensions = array(0, '.gif', '.jpg', '.png', '.swf'); extract($txpcfg); $name = $file['name']; $error = $file['error']; $file = $file['tmp_name']; if ($uploaded) { $file = get_uploaded_file($file); if ($file_max_upload_size < filesize($file)) { unlink($file); return upload_get_errormsg(UPLOAD_ERR_FORM_SIZE); } } list($w, $h, $extension) = @getimagesize($file); if ($file !== false && @$extensions[$extension]) { $ext = $extensions[$extension]; $name = doSlash(substr($name, 0, strrpos($name, '.')) . $ext); if ($meta == false) { $meta = array('category' => '', 'caption' => '', 'alt' => ''); } extract(doSlash($meta)); $q = "\n\t\t\tname = '{$name}',\n\t\t\text = '{$ext}',\n\t\t\tw = {$w},\n\t\t\th = {$h},\n\t\t\talt = '{$alt}',\n\t\t\tcaption = '{$caption}',\n\t\t\tcategory = '{$category}',\n\t\t\tdate = now(),\n\t\t\tauthor = '{$txp_user}'\n\t\t"; if (empty($id)) { $rs = safe_insert('txp_image', $q); $id = $GLOBALS['ID'] = mysql_insert_id(); } else { $id = assert_int($id); $rs = safe_update('txp_image', $q, "id = {$id}"); } if (!$rs) { return gTxt('image_save_error'); } else { $newpath = IMPATH . $id . $ext; if (shift_uploaded_file($file, $newpath) == false) { $id = assert_int($id); safe_delete('txp_image', "id = {$id}"); safe_alter('txp_image', "auto_increment = {$id}"); if (isset($GLOBALS['ID'])) { unset($GLOBALS['ID']); } return $newpath . sp . gTxt('upload_dir_perms'); } else { @chmod($newpath, 0644); // Auto-generate a thumbnail using the last settings if (isset($prefs['thumb_w'], $prefs['thumb_h'], $prefs['thumb_crop'])) { img_makethumb($id, $prefs['thumb_w'], $prefs['thumb_h'], $prefs['thumb_crop']); } update_lastmod(); $message = gTxt('image_uploaded', array('{name}' => $name)); return array($message, $id); } } } else { // missing or invalid file if ($file === false) { return upload_get_errormsg($error); } else { return gTxt('only_graphic_files_allowed'); } } }
if (!defined('TXP_UPDATE')) { exit("Nothing here. You can't access this file directly."); } $txpplugin = getThings('DESCRIBE `' . PFX . 'txp_plugin`'); if (!in_array('load_order', $txpplugin)) { safe_alter('txp_plugin', "ADD load_order TINYINT UNSIGNED NOT NULL DEFAULT 5"); } // Enable XML-RPC server? if (!safe_field("name", 'txp_prefs', "name = 'enable_xmlrpc_server'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'enable_xmlrpc_server', val = 0, type = 1, event = 'admin', html = 'yesnoradio', position = 130"); } if (!safe_field("name", 'txp_prefs', "name = 'smtp_from'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'smtp_from', val = '', type = 1, event = 'admin', position = 110"); } if (!safe_field("val", 'txp_prefs', "name = 'author_list_pageby'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'author_list_pageby', val = 25, type = 2"); } // Expiry datetime for articles. $txp = getThings("DESCRIBE `" . PFX . "textpattern`"); if (!in_array('Expires', $txp)) { safe_alter('textpattern', "ADD Expires DATETIME AFTER Posted"); } safe_create_index('textpattern', 'Expires', 'Expires_idx'); // Publish expired articles, or return 410? if (!safe_field("name", 'txp_prefs', "name = 'publish_expired_articles'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'publish_expired_articles', val = '0', type = '1', event = 'publish', html = 'yesnoradio', position = '130'"); } // Searchable article fields hidden preference. if (!safe_field("name", 'txp_prefs', "name = 'searchable_article_fields'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'searchable_article_fields', val = 'Title, Body', type = '2', event = 'publish', html = 'text_input', position = '0'"); }
function cleanup_4a_cb($table, $field, $attributes) { $langs = MLPLanguageHandler::get_site_langs(); foreach ($langs as $lang) { $f = _l10n_make_field_name($field, $lang); $sql = "DROP `{$f}`"; $ok = @safe_alter($table, $sql); $this->add_report_item(gTxt('l10n-drop_field', array('{field}' => $f, '{table}' => $table)), $ok, true); } }
function file_insert() { global $txpcfg, $extensions, $txp_user, $file_base_path; extract($txpcfg); extract(doSlash(gpsa(array('category', 'permissions', 'description')))); $name = file_get_uploaded_name(); $file = file_get_uploaded(); if ($file === false) { // could not get uploaded file file_list(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg($_FILES['file']['error'])); return; } if (!is_file(build_file_path($file_base_path, $name))) { $id = file_db_add($name, $category, $permissions, $description); if (!$id) { file_list(gTxt('file_upload_failed') . ' (db_add)'); } else { $newpath = build_file_path($file_base_path, trim($name)); if (!shift_uploaded_file($file, $newpath)) { safe_delete("txp_file", "id='{$id}'"); safe_alter("txp_file", "auto_increment={$id}"); file_list($newpath . ' ' . gTxt('upload_dir_perms')); // clean up file } else { file_set_perm($newpath); file_edit(messenger('file', $name, 'uploaded'), $id); } } } else { file_list(messenger(gTxt('file'), $name, gTxt('already_exists'))); } }
safe_alter('textpattern', "MODIFY LastMod DATETIME NOT NULL"); safe_alter('textpattern', "MODIFY feed_time DATE NOT NULL"); //0000-00-00 safe_alter('txp_discuss', "MODIFY posted DATETIME NOT NULL"); safe_alter('txp_discuss_nonce', "MODIFY issue_time DATETIME NOT NULL"); safe_alter('txp_file', "MODIFY created DATETIME NOT NULL"); safe_alter('txp_file', "MODIFY modified DATETIME NOT NULL"); safe_alter('txp_image', "MODIFY date DATETIME NOT NULL"); safe_alter('txp_link', "MODIFY date DATETIME NOT NULL"); safe_alter('txp_log', "MODIFY time DATETIME NOT NULL"); safe_alter('txp_users', "MODIFY last_access DATETIME NULL DEFAULT NULL"); // remove logs and nonces with zero dates. safe_delete('txp_discuss_nonce', "DATE(issue_time) = '0000-00-00'"); safe_delete('txp_log', "DATE(time) = '0000-00-00'"); // replace zero dates (which shouldn't exist, really) with somewhat sensible values safe_update('textpattern', "Posted = NOW()", "DATE(Posted) = '0000-00-00'"); safe_update('textpattern', "Expires = NULL", "DATE(Expires) = '0000-00-00'"); safe_update('textpattern', "LastMod = Posted", "DATE(LastMod) = '0000-00-00'"); safe_update('txp_discuss', "posted = NOW()", "DATE(posted) = '0000-00-00'"); safe_update('txp_file', "created = NOW()", "DATE(created) = '0000-00-00'"); safe_update('txp_file', "modified = created", "DATE(modified) = '0000-00-00'"); safe_update('txp_image', "date = NOW()", "DATE(date) = '0000-00-00'"); safe_update('txp_link', "date = NOW()", "DATE(date) = '0000-00-00'"); safe_update('txp_users', "last_access = NULL", "DATE(last_access) = '0000-00-00'"); safe_update('textpattern', "feed_time = DATE(Posted)", "feed_time = '0000-00-00'"); // category names are max 64 chars when created/edited, so don't pretend they can be longer safe_alter('textpattern', "MODIFY Category1 VARCHAR(64) NOT NULL DEFAULT ''"); safe_alter('textpattern', "MODIFY Category2 VARCHAR(64) NOT NULL DEFAULT ''"); safe_alter('txp_file', "MODIFY category VARCHAR(64) NOT NULL DEFAULT ''"); safe_alter('txp_image', "MODIFY category VARCHAR(64) NOT NULL DEFAULT ''");
*/ if (!defined('TXP_UPDATE')) { exit("Nothing here. You can't access this file directly."); } // Doctype prefs. if (!safe_field("name", 'txp_prefs', "name = 'doctype'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'doctype', val = 'xhtml', type = '0', event = 'publish', html = 'doctypes', position = '190'"); } // Publisher's email address. if (!safe_field("name", 'txp_prefs', "name = 'publisher_email'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'publisher_email', val = '', type = 1, event = 'admin', position = 115"); } // Goodbye raw ?php support. if (safe_field("name", 'txp_prefs', "name = 'allow_raw_php_scripting'")) { safe_delete('txp_prefs', "name = 'allow_raw_php_scripting'"); } safe_alter('txp_users', "\n MODIFY RealName VARCHAR(255) NOT NULL DEFAULT '',\n MODIFY email VARCHAR(254) NOT NULL DEFAULT ''"); // Remove any setup strings from lang table. safe_delete('txp_lang', "event = 'setup'"); safe_create_index('textpattern', 'url_title', 'url_title_idx'); // Remove is_default from txp_section table and make it a preference. if (!safe_field("name", 'txp_prefs', "name = 'default_section'")) { $current_default_section = safe_field("name", 'txp_section', "is_default = 1"); safe_insert('txp_prefs', "prefs_id = 1, name = 'default_section', val = '" . doSlash($current_default_section) . "', type = '2', event = 'section', html = 'text_input', position = '0'"); } $cols = getThings("DESCRIBE `" . PFX . "txp_section`"); if (in_array('is_default', $cols)) { safe_alter('txp_section', "DROP is_default"); } safe_alter('txp_css', "MODIFY css MEDIUMTEXT NOT NULL");
if (!in_array('nonce', $txpuser)) { safe_alter("txp_users", "add `nonce` varchar(64) not null"); } // 1.0rc: checking nonce in txp_users table $txpusers = safe_rows('name, nonce', 'txp_users', '1'); if ($txpusers) { foreach ($txpusers as $a) { extract($a); if (!$nonce) { $nonce = md5(uniqid(rand(), true)); safe_update('txp_users', "nonce='{$nonce}'", "name = '{$name}'"); } } } // 1.0rc: expanding password field in txp_users safe_alter('txp_users', "CHANGE `pass` `pass` VARCHAR( 128 ) NOT NULL"); $popcom = fetch("*", 'txp_form', 'name', "popup_comments"); if (!$popcom) { $popform = <<<eod <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> \t<meta http-equiv="content-type" content="text/html; charset=utf-8" /> \t<link rel="Stylesheet" href="<txp:css />" type="text/css" /> \t<title><txp:page_title /></title> </head> <body> <div style="text-align: left; padding: 1em; width:300px"> \t<txp:popup_comments />
break; case 'comments_require_name': case 'comments_require_email': $html = 'yesnoradio'; $evt = 'comments'; break; default: $html = 'yesnoradio'; $evt = 'publish'; break; } safe_insert('txp_prefs', "val = '{$val}', name = '{$key}' , prefs_id ='1', type='1', html='{$html}', event='{$evt}'"); } } } safe_alter('txp_prefs', "CHANGE `html` `html` VARCHAR( 64 ) DEFAULT 'text_input' NOT NULL"); safe_update('txp_prefs', "html='text_input'", "html=''"); if (!fetch('form', 'txp_form', 'name', 'search_results')) { $form = <<<EOF <h3><txp:permlink><txp:title /></txp:permlink></h3> <p><txp:search_result_excerpt /><br/> <small><txp:permlink><txp:permlink /></txp:permlink> · <txp:posted /></small></p> EOF; safe_insert('txp_form', "name='search_results', type='article', Form='{$form}'"); } if (!safe_query("SELECT 1 FROM `" . PFX . "txp_lang` LIMIT 0")) { // do install safe_query("CREATE TABLE `" . PFX . "txp_lang` (\n\t\t\t`id` INT( 9 ) NOT NULL AUTO_INCREMENT ,\n\t\t\t`lang` VARCHAR(16),\n\t\t\t`name` VARCHAR(64),\n\t\t\t`event` VARCHAR( 64 ) ,\n\t\t\t`data` TINYTEXT,\n\t\t\t`lastmod` timestamp,\n\t\t\tPRIMARY KEY ( `id` ),\n\t\t\tUNIQUE INDEX (`lang`,`name`),\n\t\t\tINDEX (`lang`, `event`)\n\t\t\t) {$tabletype};"); require_once txpath . '/lib/IXRClass.php'; $client = new IXR_Client('http://rpc.textpattern.com');
if (!safe_field("name", 'txp_prefs', "name = 'default_event'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'default_event', val = 'article', type = '1', event = 'admin', html = 'default_event', position = '150'"); } // Add columns for thumbnail dimensions. $cols = getThings("DESCRIBE `" . PFX . "txp_image`"); if (!in_array('thumb_w', $cols)) { safe_alter('txp_image', "\n ADD thumb_w int(8) NOT NULL DEFAULT 0,\n ADD thumb_h int(8) NOT NULL DEFAULT 0"); } // Plugin flags. $cols = getThings('DESCRIBE `' . PFX . 'txp_plugin`'); if (!in_array('flags', $cols)) { safe_alter('txp_plugin', "ADD flags SMALLINT UNSIGNED NOT NULL DEFAULT 0"); } // Default theme. if (!safe_field("name", 'txp_prefs', "name = 'theme_name'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'theme_name', val = 'classic', type = '1', event = 'admin', html = 'themename', position = '160'"); } safe_alter('txp_plugin', "\n CHANGE code code MEDIUMTEXT NOT NULL,\n CHANGE code_restore code_restore MEDIUMTEXT NOT NULL"); safe_alter('txp_prefs', "CHANGE val val TEXT NOT NULL"); // Add author column to files and links, boldy assuming that the publisher in // charge of updating this site is the author of any existing content items. foreach (array('txp_file', 'txp_link') as $table) { $cols = getThings("DESCRIBE `" . PFX . $table . "`"); if (!in_array('author', $cols)) { safe_alter($table, "\n ADD author varchar(64) NOT NULL DEFAULT '',\n ADD INDEX author_idx (author)"); safe_update($table, "author = '" . doSlash($txp_user) . "'", '1 = 1'); } } // Add indices on author columns. safe_create_index('textpattern', 'AuthorID', 'author_idx'); safe_create_index('txp_image', 'author', 'author_idx');
function file_insert() { global $txp_user, $file_base_path, $file_max_upload_size; if (!has_privs('file.edit.own')) { file_list(gTxt('restricted_area')); return; } extract(doSlash(gpsa(array('category', 'permissions', 'description')))); $name = file_get_uploaded_name(); $file = file_get_uploaded(); if ($file === false) { // could not get uploaded file file_list(array(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg($_FILES['thefile']['error']), E_ERROR)); return; } $size = filesize($file); if ($file_max_upload_size < $size) { unlink($file); file_list(array(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg(UPLOAD_ERR_FORM_SIZE), E_ERROR)); return; } $newname = sanitizeForFile($name); $newpath = build_file_path($file_base_path, $newname); if (!is_file($newname)) { $id = file_db_add($newname, $category, $permissions, $description, $size); if (!$id) { file_list(array(gTxt('file_upload_failed') . ' (db_add)', E_ERROR)); } else { $id = assert_int($id); if (!shift_uploaded_file($file, $newpath)) { safe_delete("txp_file", "id = {$id}"); safe_alter("txp_file", "auto_increment={$id}"); if (isset($GLOBALS['ID'])) { unset($GLOBALS['ID']); } file_list(array($newpath . ' ' . gTxt('upload_dir_perms'), E_ERROR)); // clean up file } else { file_set_perm($newpath); $message = gTxt('file_uploaded', array('{name}' => htmlspecialchars($newname))); file_edit($message, $id); } } } else { $message = gTxt('file_already_exists', array('{name}' => $newname)); file_list($message); } }
safe_alter('txp_css', "DROP INDEX name, ADD UNIQUE name (name(250))"); safe_alter('txp_file', "DROP INDEX filename, ADD UNIQUE filename (filename(250))"); safe_alter('txp_form', "DROP PRIMARY KEY, ADD PRIMARY KEY (name(250))"); safe_alter('txp_page', "DROP PRIMARY KEY, ADD PRIMARY KEY (name(250))"); safe_alter('txp_section', "DROP PRIMARY KEY, ADD PRIMARY KEY (name(250))"); safe_alter('txp_prefs', "DROP INDEX prefs_idx, ADD UNIQUE prefs_idx (prefs_id, name(185), user_name)"); safe_alter('txp_prefs', "DROP INDEX name, ADD INDEX name (name(250))"); safe_alter('textpattern', "DROP INDEX section_status_idx, ADD INDEX section_status_idx (Section(249), Status)"); safe_alter('textpattern', "DROP INDEX url_title_idx, ADD INDEX url_title_idx (url_title(250))"); // txp_discuss_nonce didn't have a primary key in 4.0.3, so we recreate its index in two steps safe_drop_index('txp_discuss_nonce', "PRIMARY"); safe_alter('txp_discuss_nonce', "ADD PRIMARY KEY (nonce(250))"); // Fix typo: textinput should be text_input safe_update('txp_prefs', "html = 'text_input'", "name = 'timezone_key'"); // Fix typo: position 40 should be 0 (because it's a hidden pref) safe_update('txp_prefs', "position = 0", "name = 'language'"); // Fix typo: position should be 60 instead of 30 (so it appears just below the site name) safe_update('txp_prefs', "position = 60", "name = 'site_slogan'"); // Enforce some table changes that happened after 4.0.3 but weren't part of update scripts until now safe_alter('txp_css', "MODIFY name VARCHAR(255) NOT NULL"); safe_alter('txp_lang', "MODIFY lang VARCHAR(16) NOT NULL"); safe_alter('txp_lang', "MODIFY name VARCHAR(64) NOT NULL"); safe_alter('txp_lang', "MODIFY event VARCHAR(64) NOT NULL"); safe_drop_index('txp_form', "name"); safe_drop_index('txp_page', "name"); safe_drop_index('txp_plugin', "name_2"); safe_drop_index('txp_section', "name"); // The txp_priv table was created for version 1.0, but never used nor created in later versions. safe_drop('txp_priv'); // Add generic token table. safe_create('txp_token', "\nid INT NOT NULL AUTO_INCREMENT,\nreference_id INT DEFAULT 0,\ntype VARCHAR(255) DEFAULT '',\nselector CHAR(12) DEFAULT '',\ntoken VARCHAR(255) DEFAULT '',\nexpires DATETIME DEFAULT '0000-00-00 00:00:00',\nPRIMARY KEY (id)\n");
function file_insert() { global $txpcfg, $extensions, $txp_user, $file_base_path, $file_max_upload_size; extract($txpcfg); extract(doSlash(gpsa(array('category', 'permissions', 'description')))); $name = file_get_uploaded_name(); $file = file_get_uploaded(); if ($file === false) { // could not get uploaded file file_list(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg($_FILES['thefile']['error'])); return; } $size = filesize($file); if ($file_max_upload_size < $size) { unlink($file); file_list(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg(UPLOAD_ERR_FORM_SIZE)); return; } // Remove control characters and " * \ : < > ? / | // Remove duplicate dots and any leading or trailing dots/spaces $newname = preg_replace('/[\\x00-\\x1f\\x22\\x2a\\x2f\\x3a\\x3c\\x3e\\x3f\\x5c\\x7c\\x7f]+/', '', $name); $newname = preg_replace('/[.]{2,}/', '.', trim($newname, '. ')); $newpath = build_file_path($file_base_path, $newname); if (!is_file($newname)) { $id = file_db_add($newname, $category, $permissions, $description, $size); if (!$id) { file_list(gTxt('file_upload_failed') . ' (db_add)'); } else { $id = assert_int($id); if (!shift_uploaded_file($file, $newpath)) { safe_delete("txp_file", "id = {$id}"); safe_alter("txp_file", "auto_increment={$id}"); if (isset($GLOBALS['ID'])) { unset($GLOBALS['ID']); } file_list($newpath . ' ' . gTxt('upload_dir_perms')); // clean up file } else { file_set_perm($newpath); $message = gTxt('file_uploaded', array('{name}' => htmlspecialchars($newname))); file_edit($message, $id); } } } else { $message = gTxt('file_already_exists', array('{name}' => $newname)); file_list($message); } }
function image_data($file, $meta = '', $id = '', $uploaded = true) { global $txpcfg, $extensions, $txp_user, $prefs, $file_max_upload_size, $event; extract($txpcfg); $name = $file['name']; $error = $file['error']; $file = $file['tmp_name']; if ($uploaded) { $file = get_uploaded_file($file); if ($file_max_upload_size < filesize($file)) { unlink($file); return upload_get_errormsg(UPLOAD_ERR_FORM_SIZE); } } if (empty($file)) { return upload_get_errormsg(UPLOAD_ERR_NO_FILE); } list($w, $h, $extension) = getimagesize($file); if ($file !== false && @$extensions[$extension]) { $ext = $extensions[$extension]; $name = substr($name, 0, strrpos($name, '.')) . $ext; $safename = doSlash($name); if ($meta == false) { $meta = array('category' => '', 'caption' => '', 'alt' => ''); } extract(doSlash($meta)); $q = "\n\t\t\t\tname = '{$safename}',\n\t\t\t\text = '{$ext}',\n\t\t\t\tw = {$w},\n\t\t\t\th = {$h},\n\t\t\t\talt = '{$alt}',\n\t\t\t\tcaption = '{$caption}',\n\t\t\t\tcategory = '{$category}',\n\t\t\t\tdate = now(),\n\t\t\t\tauthor = '" . doSlash($txp_user) . "'\n\t\t\t"; if (empty($id)) { $rs = safe_insert('txp_image', $q); $id = $GLOBALS['ID'] = mysql_insert_id(); } else { $id = assert_int($id); $rs = safe_update('txp_image', $q, "id = {$id}"); } if (!$rs) { return gTxt('image_save_error'); } else { $newpath = IMPATH . $id . $ext; if (shift_uploaded_file($file, $newpath) == false) { $id = assert_int($id); safe_delete('txp_image', "id = {$id}"); safe_alter('txp_image', "auto_increment = {$id}"); if (isset($GLOBALS['ID'])) { unset($GLOBALS['ID']); } return $newpath . sp . gTxt('upload_dir_perms'); } else { @chmod($newpath, 0644); // GD is supported if (check_gd($ext)) { // Auto-generate a thumbnail using the last settings if (isset($prefs['thumb_w'], $prefs['thumb_h'], $prefs['thumb_crop'])) { $width = intval($prefs['thumb_w']); $height = intval($prefs['thumb_h']); if ($width > 0 or $height > 0) { $t = new txp_thumb($id); $t->crop = $prefs['thumb_crop'] == '1'; $t->hint = '0'; $t->width = $width; $t->height = $height; $t->write(); } } } $message = gTxt('image_uploaded', array('{name}' => $name)); update_lastmod(); // call post-upload plugins with new image's $id callback_event('image_uploaded', $event, false, $id); return array($message, $id); } } } else { if ($file === false) { return upload_get_errormsg($error); } else { return gTxt('only_graphic_files_allowed'); } } }
safe_alter('txp_file', "add modified datetime NOT NULL default '0000-00-00 00:00:00'"); $update_files = 1; } if (!in_array('created', $txpfile)) { safe_alter('txp_file', "add created datetime NOT NULL default '0000-00-00 00:00:00'"); $update_files = 1; } if (!in_array('size', $txpfile)) { safe_alter('txp_file', "add size bigint"); $update_files = 1; } if (!in_array('downloads', $txpfile)) { safe_alter('txp_file', "ADD downloads INT DEFAULT '0' NOT NULL"); } if (array_intersect(array('modified', 'created'), $txpfile)) { safe_alter('txp_file', "MODIFY modified datetime NOT NULL default '0000-00-00 00:00:00', MODIFY created datetime NOT NULL default '0000-00-00 00:00:00'"); } // copy existing file timestamps into the new database columns if ($update_files) { $prefs = get_prefs(); $rs = safe_rows('*', 'txp_file', '1=1'); foreach ($rs as $row) { $path = build_file_path(@$prefs['file_base_path'], @$row['filename']); if ($path and $stat = @stat($path)) { safe_update('txp_file', "created='" . strftime('%Y-%m-%d %H:%M:%S', $stat['ctime']) . "', modified='" . strftime('%Y-%m-%d %H:%M:%S', $stat['mtime']) . "', size='" . doSlash(sprintf('%u', $stat['size'])) . "'", "id='" . doSlash($row['id']) . "'"); } } } safe_update('textpattern', "Keywords=TRIM(BOTH ',' FROM REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(Keywords,'\n',','),'\r',','),'\t',','),' ',' '),' ',' '),' ',' '),' ,',','),', ',','),',,,,',','),',,',','),',,',','))", "Keywords != ''"); // shift preferences to more intuitive spots // give positions, leave enough room for later additions
function image_data($file, $category = '', $id = '', $uploaded = true) { global $txpcfg, $extensions, $txp_user; extract($txpcfg); $name = $file['name']; $error = $file['error']; $file = $file['tmp_name']; if ($uploaded) { $file = get_uploaded_file($file); } list($w, $h, $extension) = getimagesize($file); if ($file !== false && @$extensions[$extension]) { $ext = $extensions[$extension]; $name = substr($name, 0, strrpos($name, '.')); $name .= $ext; $name2db = doSlash($name); $q = "w = '{$w}',\n\t\t\t\t h = '{$h}',\n\t\t\t\t ext = '{$ext}',\n\t\t\t\t name = '{$name2db}',\n\t\t\t\t date = now(),\n\t\t\t\t caption = '',\n\t\t\t\t author = '{$txp_user}'"; if (empty($id)) { $q .= ", category = '{$category}'"; $rs = safe_insert("txp_image", $q); $id = mysql_insert_id(); } else { $id = doSlash($id); $rs = safe_update('txp_image', $q, "id = {$id}"); } if (!$rs) { return gTxt('image_save_error'); } else { $newpath = IMPATH . $id . $ext; if (shift_uploaded_file($file, $newpath) == false) { safe_delete("txp_image", "id='{$id}'"); safe_alter("txp_image", "auto_increment={$id}"); return $newpath . sp . gTxt('upload_dir_perms'); } else { chmod($newpath, 0755); return array(messenger('image', $name, 'uploaded'), $id); } } } else { if ($file === false) { return upload_get_errormsg($error); } else { return gTxt('only_graphic_files_allowed'); } } }
$cols = getThings('describe `' . PFX . 'txp_plugin`'); if (!in_array('flags', $cols)) { safe_alter('txp_plugin', "ADD flags SMALLINT UNSIGNED NOT NULL DEFAULT 0"); } // Default theme. if (!safe_field('name', 'txp_prefs', "name = 'theme_name'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'theme_name', val = 'classic', type = '1', event = 'admin', html = 'themename', position = '160'"); } safe_alter('txp_plugin', 'CHANGE code code MEDIUMTEXT NOT NULL, CHANGE code_restore code_restore MEDIUMTEXT NOT NULL'); safe_alter('txp_prefs', 'CHANGE val val TEXT NOT NULL'); // Add author column to files and links, // Boldy assuming that the publisher in charge of updating this site is the author of any existing content items. foreach (array('txp_file', 'txp_link') as $table) { $cols = getThings('describe `' . PFX . $table . '`'); if (!in_array('author', $cols)) { safe_alter($table, "ADD author varchar(255) NOT NULL default '', ADD INDEX author_idx (author)"); safe_update($table, "author='" . doSlash($txp_user) . "'", '1=1'); } } // Add indices on author columns. foreach (array('textpattern' => 'AuthorID', 'txp_image' => 'author') as $table => $col) { $has_idx = 0; $rs = getRows('show index from `' . PFX . $table . '`'); foreach ($rs as $row) { if ($row['Key_name'] == 'author_idx') { $has_idx = 1; } } if (!$has_idx) { safe_query('ALTER IGNORE TABLE `' . PFX . $table . '` ADD INDEX author_idx(' . $col . ')'); }
function file_insert() { global $txp_user, $file_base_path, $file_max_upload_size; require_privs('file.edit.own'); extract(doSlash(array_map('assert_string', gpsa(array('category', 'title', 'permissions', 'description'))))); $name = file_get_uploaded_name(); $file = file_get_uploaded(); if ($file === false) { // Could not get uploaded file. file_list(array(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg($_FILES['thefile']['error']), E_ERROR)); return; } $size = filesize($file); if ($file_max_upload_size < $size) { unlink($file); file_list(array(gTxt('file_upload_failed') . " {$name} - " . upload_get_errormsg(UPLOAD_ERR_FORM_SIZE), E_ERROR)); return; } $newname = sanitizeForFile($name); $newpath = build_file_path($file_base_path, $newname); if (!is_file($newpath) && !safe_count('txp_file', "filename = '" . doSlash($newname) . "'")) { $id = file_db_add(doSlash($newname), $category, $permissions, $description, $size, $title); if (!$id) { file_list(array(gTxt('file_upload_failed') . ' (db_add)', E_ERROR)); } else { $id = assert_int($id); if (!shift_uploaded_file($file, $newpath)) { safe_delete("txp_file", "id = {$id}"); safe_alter("txp_file", "auto_increment={$id}"); if (isset($GLOBALS['ID'])) { unset($GLOBALS['ID']); } file_list(array($newpath . ' ' . gTxt('upload_dir_perms'), E_ERROR)); // Clean up file. } else { file_set_perm($newpath); update_lastmod('file_uploaded', compact('id', 'newname', 'title', 'category', 'description')); file_edit(gTxt('file_uploaded', array('{name}' => $newname)), $id); } } } else { file_list(array(gTxt('file_already_exists', array('{name}' => $newname)), E_ERROR)); } }
if (!safe_field('name', 'txp_prefs', "name = 'publisher_email'")) { safe_insert('txp_prefs', "prefs_id = 1, name = 'publisher_email', val = '', type = 1, event = 'admin', position = 115"); } // goodbye raw ?php support if (safe_field('name', 'txp_prefs', "name = 'allow_raw_php_scripting'")) { safe_delete('txp_prefs', "name = 'allow_raw_php_scripting'"); } safe_alter('txp_users', "MODIFY RealName VARCHAR(255) NOT NULL default '', MODIFY email VARCHAR(254) NOT NULL default ''"); // Remove any setup strings from lang table safe_delete('txp_lang', "event='setup'"); $has_idx = 0; $rs = getRows('show index from `' . PFX . 'textpattern`'); foreach ($rs as $row) { if ($row['Key_name'] == 'url_title_idx') { $has_idx = 1; } } if (!$has_idx) { safe_query('alter ignore table `' . PFX . 'textpattern` add index url_title_idx(`url_title`)'); } // Remove is_default from txp_section table and make it a preference if (!safe_field('name', 'txp_prefs', "name = 'default_section'")) { $current_default_section = safe_field('name', 'txp_section', 'is_default=1'); safe_insert('txp_prefs', "prefs_id = 1, name = 'default_section', val = '" . doSlash($current_default_section) . "', type = '2', event = 'section', html = 'text_input', position = '0'"); } $cols = getThings('describe `' . PFX . 'txp_section`'); if (in_array('is_default', $cols)) { safe_alter('txp_section', "DROP `is_default`"); } safe_alter('txp_css', 'MODIFY css MEDIUMTEXT NOT NULL');
* This file is part of Textpattern. * * Textpattern is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation, version 2. * * Textpattern is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with Textpattern. If not, see <http://www.gnu.org/licenses/>. */ if (!defined('TXP_UPDATE')) { exit("Nothing here. You can't access this file directly."); } // Raw CSS is now the only option. safe_delete('txp_prefs', "event = 'css' AND name = 'edit_raw_css_by_default'"); $rs = getRows("SELECT name, css FROM `" . PFX . "txp_css`"); foreach ($rs as $row) { if (preg_match('%^[a-zA-Z0-9/+]*={0,2}$%', $row['css'])) { // Data is still base64 encoded. safe_update('txp_css', "css = '" . doSlash(base64_decode($row['css'])) . "'", "name = '" . doSlash($row['name']) . "'"); } } // Add column for file title. $cols = getThings("DESCRIBE `" . PFX . "txp_file`"); if (!in_array('title', $cols)) { safe_alter('txp_file', "ADD title VARCHAR(255) NULL AFTER filename"); }