// Enabled
$syslog_message = T_('SMTP enabled.');
} elseif ($old_smtp_enabled && !$Settings->get('smtp_enabled')) {
// Disabled
$syslog_message = T_('SMTP disabled.') . (!empty($smtp_error) && is_string($smtp_error) ? ' ' . sprintf(T_('Reason: %s'), $smtp_error) : '');
}
break;
default:
// Invalid tab3
break 2;
}
if (!$Messages->has_errors()) {
if ($Settings->dbupdate()) {
if (!empty($syslog_message)) {
// Log system info into DB
syslog_insert($syslog_message, 'info', NULL);
}
$Messages->add(T_('Settings updated.'), 'success');
if ($Settings->get('smtp_enabled')) {
// Check if connection is available
global $smtp_connection_result;
// Test SMTP connection
$smtp_messages = smtp_connection_test();
// Init this var to display a result on the page
$smtp_test_output = is_array($smtp_messages) ? implode("<br />\n", $smtp_messages) : '';
if ($smtp_connection_result) {
// Success
$Messages->add(T_('The connection with this SMTP server has been tested successfully.'), 'success');
} else {
// Error
$Messages->add(T_('The connection with this SMTP server has failed.'), 'error');
/**
* Create links between users and image files from the users profile_pictures folder
*/
function create_profile_picture_links()
{
global $DB;
load_class('files/model/_filelist.class.php', 'Filelist');
load_class('files/model/_fileroot.class.php', 'FileRoot');
$path = 'profile_pictures';
$FileRootCache =& get_FileRootCache();
$UserCache =& get_UserCache();
// SQL query to get all users and limit by page below
$users_SQL = new SQL();
$users_SQL->SELECT('*');
$users_SQL->FROM('T_users');
$users_SQL->ORDER_BY('user_ID');
$page = 0;
$page_size = 100;
while (count($UserCache->cache) > 0 || $page == 0) {
// Load users by 100 at one time to avoid errors about memory exhausting
$users_SQL->LIMIT($page * $page_size . ', ' . $page_size);
$UserCache->clear();
$UserCache->load_by_sql($users_SQL);
while (($iterator_User =& $UserCache->get_next()) != NULL) {
// Iterate through UserCache)
$FileRootCache->clear();
$user_FileRoot =& $FileRootCache->get_by_type_and_ID('user', $iterator_User->ID);
if (!$user_FileRoot) {
// User FileRoot doesn't exist
continue;
}
$ads_list_path = get_canonical_path($user_FileRoot->ads_path . $path);
// Previously uploaded avatars
if (!is_dir($ads_list_path)) {
// profile_picture folder doesn't exists in the user root dir
continue;
}
$user_avatar_Filelist = new Filelist($user_FileRoot, $ads_list_path);
$user_avatar_Filelist->load();
if ($user_avatar_Filelist->count() > 0) {
// profile_pictures folder is not empty
$info_content = '';
$LinkOwner = new LinkUser($iterator_User);
while ($lFile =& $user_avatar_Filelist->get_next()) {
// Loop through all Files:
$fileName = $lFile->get_name();
if (process_filename($fileName)) {
// The file has invalid file name, don't create in the database
syslog_insert(sprintf('Invalid file name %s has been found in a user folder', '<b>' . $fileName . '</b>'), 'info', 'user', $iterator_User->ID);
// TODO: asimo> we should collect each invalid file name here, and send an email to the admin
continue;
}
$lFile->load_meta(true);
if ($lFile->is_image()) {
$lFile->link_to_Object($LinkOwner);
}
}
}
}
// Increase page number to get next portion of users
$page++;
}
// Clear cache data
$UserCache->clear();
$FileRootCache->clear();
}
/**
* metaWeblog.newMediaObject image upload
* wp.uploadFile
*
* Supplied image is encoded into the struct as bits
*
* @see http://www.xmlrpc.com/metaWeblogApi#metaweblognewmediaobject
* @see http://codex.wordpress.org/XML-RPC_wp#wp.uploadFile
*
* @param xmlrpcmsg XML-RPC Message
* 0 blogid (string): Unique identifier of the blog the post will be added to.
* Currently ignored in b2evo, in favor of the category.
* 1 username (string): Login for a Blogger user who has permission to edit the given
* post (either the user who originally created it or an admin of the blog).
* 2 password (string): Password for said username.
* 3 struct (struct)
* - name : filename
* - type : mimetype
* - bits : base64 encoded file
* @return xmlrpcresp XML-RPC Response
*/
function _wp_mw_newmediaobject($m)
{
global $Settings, $Plugins, $force_upload_forbiddenext;
// CHECK LOGIN:
/**
* @var User
*/
if (!($current_User =& xmlrpcs_login($m, 1, 2))) {
// Login failed, return (last) error:
return xmlrpcs_resperror();
}
// GET BLOG:
/**
* @var Blog
*/
if (!($Blog =& xmlrpcs_get_Blog($m, 0))) {
// Login failed, return (last) error:
return xmlrpcs_resperror();
}
// CHECK PERMISSION:
if (!$current_User->check_perm('files', 'add', false, $Blog->ID)) {
// Permission denied
return xmlrpcs_resperror(3);
// User error 3
}
logIO('Permission granted.');
if (!$Settings->get('upload_enabled')) {
return xmlrpcs_resperror(2, 'Object upload not allowed');
}
$xcontent = $m->getParam(3);
// Get the main data - and decode it properly for the image - sorry, binary object
logIO('Decoding content...');
$contentstruct = xmlrpc_decode_recurse($xcontent);
$data = $contentstruct['bits'];
$file_mimetype = isset($contentstruct['type']) ? $contentstruct['type'] : '(none)';
logIO('Received MIME type: ' . $file_mimetype);
$overwrite = false;
if (isset($contentstruct['overwrite'])) {
$overwrite = (bool) $contentstruct['overwrite'];
}
logIO('Overwrite if exists: ' . ($overwrite ? 'yes' : 'no'));
load_funcs('files/model/_file.funcs.php');
$filesize = evo_bytes($data);
if (($maxfilesize = $Settings->get('upload_maxkb') * 1024) && $filesize > $maxfilesize) {
return xmlrpcs_resperror(4, sprintf(T_('The file is too large: %s but the maximum allowed is %s.'), bytesreadable($filesize, false), bytesreadable($maxfilesize, false)));
}
logIO('File size is OK: ' . bytesreadable($filesize, false));
$FileRootCache =& get_FileRootCache();
$fm_FileRoot =& $FileRootCache->get_by_type_and_ID('collection', $Blog->ID, true);
if (!$fm_FileRoot) {
// fileRoot not found:
return xmlrpcs_resperror(14, 'File root not found');
}
$rf_filepath = $contentstruct['name'];
logIO('Received filepath: ' . $rf_filepath);
// Split into path + name:
$filepath_parts = explode('/', $rf_filepath);
$filename = array_pop($filepath_parts);
logIO('Original file name: ' . $filename);
// Validate and sanitize filename
if ($error_filename = process_filename($filename, true)) {
return xmlrpcs_resperror(5, $error_filename);
}
logIO('Sanitized file name: ' . $filename);
// Check valid path parts:
$rds_subpath = '';
foreach ($filepath_parts as $filepath_part) {
if (empty($filepath_part) || $filepath_part == '.') {
// self ref not useful
continue;
}
if ($error = validate_dirname($filepath_part)) {
// invalid relative path:
logIO($error);
syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $filepath_part . '</b>'), 'warning', 'file');
return xmlrpcs_resperror(6, $error);
}
$rds_subpath .= $filepath_part . '/';
}
logIO('Subpath: ' . $rds_subpath);
// Create temporary file and insert contents into it.
$tmpfile_name = tempnam(sys_get_temp_dir(), 'fmupload');
if ($tmpfile_name) {
if (save_to_file($data, $tmpfile_name, 'wb')) {
$image_info = @getimagesize($tmpfile_name);
} else {
return xmlrpcs_resperror(13, 'Error while writing to temp file.');
}
}
if (!empty($image_info)) {
// This is an image file, let's check mimetype and correct extension
if ($image_info['mime'] != $file_mimetype) {
// Invalid file type
$FiletypeCache =& get_FiletypeCache();
// Get correct file type based on mime type
$correct_Filetype = $FiletypeCache->get_by_mimetype($image_info['mime'], false, false);
$file_mimetype = $image_info['mime'];
// Check if file type is known by us, and if it is allowed for upload.
// If we don't know this file type or if it isn't allowed we don't change the extension! The current extension is allowed for sure.
if ($correct_Filetype && $correct_Filetype->is_allowed()) {
// A FileType with the given mime type exists in database and it is an allowed file type for current User
// The "correct" extension is a plausible one, proceed...
$correct_extension = array_shift($correct_Filetype->get_extensions());
$path_info = pathinfo($filename);
$current_extension = $path_info['extension'];
// change file extension to the correct extension, but only if the correct extension is not restricted, this is an extra security check!
if (strtolower($current_extension) != strtolower($correct_extension) && !in_array($correct_extension, $force_upload_forbiddenext)) {
// change the file extension to the correct extension
$old_filename = $filename;
$filename = $path_info['filename'] . '.' . $correct_extension;
}
}
}
}
// Get File object for requested target location:
$FileCache =& get_FileCache();
$newFile =& $FileCache->get_by_root_and_path($fm_FileRoot->type, $fm_FileRoot->in_type_ID, trailing_slash($rds_subpath) . $filename, true);
if ($newFile->exists()) {
if ($overwrite && $newFile->unlink()) {
// OK, file deleted
// Delete thumb caches from old location:
logIO('Old file deleted');
$newFile->rm_cache();
} else {
return xmlrpcs_resperror(8, sprintf(T_('The file «%s» already exists.'), $filename));
}
}
// Trigger plugin event
if ($Plugins->trigger_event_first_false('AfterFileUpload', array('File' => &$newFile, 'name' => &$filename, 'type' => &$file_mimetype, 'tmp_name' => &$tmpfile_name, 'size' => &$filesize))) {
// Plugin returned 'false'.
// Abort upload for this file:
@unlink($tmpfile_name);
return xmlrpcs_resperror(16, 'File upload aborted by a plugin.');
}
if (!mkdir_r($newFile->get_dir())) {
// Dir didn't already exist and could not be created
return xmlrpcs_resperror(9, 'Error creating sub directories: ' . $newFile->get_rdfs_rel_path());
}
if (!@rename($tmpfile_name, $newFile->get_full_path())) {
return xmlrpcs_resperror(13, 'Error while writing to file.');
}
// chmod the file
$newFile->chmod();
// Initializes file properties (type, size, perms...)
$newFile->load_properties();
// Load meta data AND MAKE SURE IT IS CREATED IN DB:
$newFile->meta == 'unknown';
$newFile->load_meta(true);
// Resize and rotate
logIO('Running file post-processing (resize and rotate)...');
prepare_uploaded_files(array($newFile));
logIO('Done');
$url = $newFile->get_url();
logIO('URL of new file: ' . $url);
$struct = new xmlrpcval(array('file' => new xmlrpcval($filename, 'string'), 'url' => new xmlrpcval($url, 'string'), 'type' => new xmlrpcval($file_mimetype, 'string')), 'struct');
logIO('OK.');
return new xmlrpcresp($struct);
}
/**
* Sends HTTP header to redirect to the previous location (which
* can be given as function parameter, GET parameter (redirect_to),
* is taken from {@link Hit::$referer} or {@link $baseurl}).
*
* {@link $Debuglog} and {@link $Messages} get stored in {@link $Session}, so they
* are available after the redirect.
*
* NOTE: This function {@link exit() exits} the php script execution.
*
* @todo fp> do NOT allow $redirect_to = NULL. This leads to spaghetti code and unpredictable behavior.
*
* @param string Destination URL to redirect to
* @param boolean|integer is this a permanent redirect? if true, send a 301; otherwise a 303 OR response code 301,302,303
* @param boolean is this a redirected post display? This param may be true only if we should redirect to a post url where the post status is 'redirected'!
*/
function header_redirect($redirect_to = NULL, $status = false, $redirected_post = false)
{
/**
* put your comment there...
*
* @var Hit
*/
global $Hit;
global $baseurl, $Blog, $htsrv_url_sensitive, $ReqHost, $ReqURL, $dispatcher;
global $Session, $Debuglog, $Messages;
global $http_response_code, $allow_redirects_to_different_domain;
// TODO: fp> get this out to the caller, make a helper func like get_returnto_url()
if (empty($redirect_to)) {
// see if there's a redirect_to request param given:
$redirect_to = param('redirect_to', 'url', '');
if (empty($redirect_to)) {
if (!empty($Hit->referer)) {
$redirect_to = $Hit->referer;
} elseif (isset($Blog) && is_object($Blog)) {
$redirect_to = $Blog->get('url');
} else {
$redirect_to = $baseurl;
}
} elseif ($redirect_to[0] == '/') {
// relative URL, prepend current host:
$redirect_to = $ReqHost . $redirect_to;
}
}
// <fp
$Debuglog->add('Preparing to redirect to: ' . $redirect_to, 'request');
// Determine if this is an external or internal redirect:
$external_redirect = true;
// Start with worst case, then whitelist:
if ($redirect_to[0] == '/' || $redirect_to[0] == '?') {
// We stay on the same domain or same page:
$external_redirect = false;
} elseif (strpos($redirect_to, $dispatcher) === 0) {
// $dispatcher is DEPRECATED and pages should use $admin_url URL instead, but at least we're staying on the same site:
$external_redirect = false;
} elseif (strpos($redirect_to, $baseurl) === 0) {
$Debuglog->add('Redirecting within $baseurl, all is fine.', 'request');
$external_redirect = false;
} elseif (strpos($redirect_to, $htsrv_url_sensitive) === 0) {
$Debuglog->add('Redirecting within $htsrv_url_sensitive, all is fine.', 'request');
$external_redirect = false;
} elseif (!empty($Blog) && strpos($redirect_to, $Blog->gen_baseurl()) === 0) {
$Debuglog->add('Redirecting within current collection URL, all is fine.', 'request');
$external_redirect = false;
}
// Remove login and pwd parameters from URL, so that they do not trigger the login screen again (and also as global security measure):
$redirect_to = preg_replace('~(?<=\\?|&) (login|pwd) = [^&]+ ~x', '', $redirect_to);
if ($external_redirect == false) {
// (blueyed>) Remove "confirm(ed)?" from redirect_to so it doesn't do the same thing twice
// TODO: fp> confirm should be normalized to confirmed
$redirect_to = preg_replace('~(?<=\\?|&) (confirm(ed)?) = [^&]+ ~x', '', $redirect_to);
}
$allow_collection_redirect = false;
if ($external_redirect && $allow_redirects_to_different_domain == 'all_collections_and_redirected_posts' && !$redirected_post) {
// If a redirect is external and we allow to redirect to all collection domains:
$BlogCache =& get_BlogCache();
$BlogCache->load_all();
$redirect_to_domain = preg_replace('~https?://([^/]+)/?.*~i', '$1', $redirect_to);
foreach ($BlogCache->cache as $url_Blog) {
$blog_domain = preg_replace('~https?://([^/]+)/?.*~i', '$1', $url_Blog->gen_baseurl());
if ($blog_domain == $redirect_to_domain) {
// We found current redirect goes to a collection domain, so it is not external
$allow_collection_redirect = true;
break;
}
}
}
// Check if we're trying to redirect to an external URL:
if ($external_redirect && $allow_redirects_to_different_domain != 'always' && !$allow_collection_redirect && !(in_array($allow_redirects_to_different_domain, array('all_collections_and_redirected_posts', 'only_redirected_posts')) && $redirected_post)) {
// Force header redirects into the same domain. Do not allow external URLs.
$Messages->add(T_('A redirection to an external URL was blocked for security reasons.'), 'error');
syslog_insert('A redirection to an external URL ' . $redirect_to . ' was blocked for security reasons.', 'error', NULL);
$redirect_to = $baseurl;
}
if (is_integer($status)) {
$http_response_code = $status;
} else {
$http_response_code = $status ? 301 : 303;
}
$Debuglog->add('***** REDIRECT TO ' . $redirect_to . ' (status ' . $http_response_code . ') *****', 'request');
if (!empty($Session)) {
// Session is required here
// Transfer of Debuglog to next page:
if ($Debuglog->count('all')) {
// Save Debuglog into Session, so that it's available after redirect (gets loaded by Session constructor):
$sess_Debuglogs = $Session->get('Debuglogs');
if (empty($sess_Debuglogs)) {
$sess_Debuglogs = array();
}
$sess_Debuglogs[] = $Debuglog;
$Session->set('Debuglogs', $sess_Debuglogs, 60);
// echo 'Passing Debuglog(s) to next page';
// pre_dump( $sess_Debuglogs );
}
// Transfer of Messages to next page:
if ($Messages->count()) {
// Set Messages into user's session, so they get restored on the next page (after redirect):
$Session->set('Messages', $Messages);
// echo 'Passing Messages to next page';
}
$Session->dbsave();
// If we don't save now, we run the risk that the redirect goes faster than the PHP script shutdown.
}
// see http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
switch ($http_response_code) {
case 301:
// This should be a permanent move redirect!
header_http_response('301 Moved Permanently');
break;
case 303:
// This should be a "follow up" redirect
// Note: Also see http://de3.php.net/manual/en/function.header.php#50588 and the other comments around
header_http_response('303 See Other');
break;
case 302:
default:
header_http_response('302 Found');
}
// debug_die($redirect_to);
if (headers_sent($filename, $line)) {
debug_die(sprintf('Headers have already been sent in %s on line %d.', basename($filename), $line) . '<br />Cannot <a href="' . htmlspecialchars($redirect_to) . '">redirect</a>.');
}
header('Location: ' . $redirect_to, true, $http_response_code);
// explictly setting the status is required for (fast)cgi
exit(0);
}
if (!empty($blog)) {
$blog_param = '&inskin=true&blog=' . $blog;
}
$subject = sprintf(T_('Password change request for %s'), $login);
$email_template_params = array('user_count' => $user_count, 'request_id' => $request_id, 'blog_param' => $blog_param);
if (!send_mail_to_User($forgetful_User->ID, $subject, 'account_password_reset', $email_template_params, true)) {
$Messages->add(T_('Sorry, the email with the link to reset your password could not be sent.') . '<br />' . T_('Possible reason: the PHP mail() function may have been disabled on the server.'), 'error');
} else {
$Session->set('core.changepwd.request_id', $request_id, 86400 * 2);
// expires in two days (or when clicked)
$Session->set('core.changepwd.request_ts_login', $servertimenow . '_' . $login, 360);
// request timestamp and login/email - expires in six minutes
$Session->dbsave();
// save immediately
$Messages->add(T_('If you correctly entered your login or email address, a link to change your password has been sent to your registered email address.'), 'success');
syslog_insert('User requested password reset', 'info', 'user', $forgetful_User->ID);
}
}
locale_restore_previous();
$action = 'req_login';
break;
case 'changepwd':
// Clicked "Change password request" link from a mail
param('reqID', 'string', '');
param('sessID', 'integer', '');
$UserCache =& get_UserCache();
$forgetful_User =& $UserCache->get_by_login($login);
locale_temp_switch($forgetful_User->locale);
if (!$forgetful_User || empty($reqID)) {
// This was not requested
$Messages->add(T_('Invalid password change request! Please try again...'), 'error');
/**
* Change file permissions on disk.
*
* @access public
* @param string chmod (octal three-digit-format, eg '777'), uses {@link $Settings} for NULL
* (fm_default_chmod_dir, fm_default_chmod_file)
* @return mixed new permissions on success (octal format), false on failure
*/
function chmod($chmod = NULL)
{
if ($chmod === NULL) {
global $Settings;
$chmod = $this->is_dir() ? $Settings->get('fm_default_chmod_dir') : $Settings->get('fm_default_chmod_file');
}
if (@chmod($this->_adfp_full_path, octdec($chmod))) {
clearstatcache();
// update current entry
$this->_perms = fileperms($this->_adfp_full_path);
syslog_insert(sprintf('The permissions of file %s were changed to %s', '<b>' . $this->get_name() . '</b>', $chmod), 'info', 'file', $this->ID);
return $this->_perms;
} else {
syslog_insert(sprintf('The permissions of file %s could not be changed to %s', '<b>' . $this->get_name() . '</b>', $chmod), 'info', 'file', $this->ID);
return false;
}
}
/**
* Check if the value is a file name
*
* @param string param name
* @param string error message
* @return boolean true if OK
*/
function param_check_filename($var, $err_msg)
{
if ($error_filename = validate_filename($GLOBALS[$var])) {
param_error($var, $error_filename);
syslog_insert(sprintf('File %s is invalid or has an unrecognized extension', '<b>' . $GLOBALS[$var] . '</b>'), 'warning', 'file');
return false;
}
return true;
}
switch ($action) {
case 'edit_links':
// Display link owner attachments
// Check permission:
$LinkOwner->check_perm('edit', true);
// Add JavaScript to handle links modifications.
require_js('links.js');
break;
case 'unlink':
// Delete a link:
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb("link");
// Check permission:
$LinkOwner->check_perm('edit', true);
if ($link_File =& $edited_Link->get_File()) {
syslog_insert(sprintf('File %s was unlinked from %s with ID=%s', '<b>' . $link_File->get_name() . '</b>', $LinkOwner->type, $LinkOwner->link_Object->ID), 'info', 'file', $link_File->ID);
}
// Unlink File from Item/Comment:
$deleted_link_ID = $edited_Link->ID;
$edited_Link->dbdelete();
unset($edited_Link);
$LinkOwner->after_unlink_action($deleted_link_ID);
$Messages->add($LinkOwner->translate('Link has been deleted from $xxx$.'), 'success');
header_redirect($redirect_to);
break;
case 'link_move_up':
case 'link_move_down':
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb("link");
// Check permission:
$LinkOwner->check_perm('edit', true);
/**
* Test connection to SMTP server by Swift Mailer
*
* @return array Result messages
*/
function smtp_connection_test()
{
global $smtp_connection_result;
$smtp_messages = array();
$smtp_connection_result = true;
// Check if Swift Mailer is enabled
$check_smtp_result = check_smtp_mailer();
$message = T_('Check SMTP settings... ');
if ($check_smtp_result === true) {
// Success
$smtp_messages[] = $message . '<span class="green">OK</span>';
syslog_insert($message . 'OK', 'info', NULL);
} else {
// Error
$smtp_messages[] = $message . '<span class="red">' . $check_smtp_result . '</span>';
syslog_insert($message . $check_smtp_result, 'warning', NULL);
$smtp_connection_result = false;
return $smtp_messages;
// EXIT
}
// Test a connection
$Swift_SmtpTransport =& get_Swift_SmtpTransport();
$connection_result = test_smtp_transport($Swift_SmtpTransport);
$message = T_('Test SMTP connection... ');
if ($connection_result === true) {
// Success
$smtp_messages[] = $message . '<span class="green">OK</span>';
syslog_insert($message . 'OK', 'info', NULL);
} else {
// Error
$smtp_messages[] = $message . '<span class="red">' . $connection_result . '</span>';
syslog_insert($message . $connection_result, 'warning', NULL);
$smtp_connection_result = false;
}
return $smtp_messages;
}
/**
* Exit when request is blocked
*
* @param string Block type: 'IP', 'Domain', 'Country'
* @param string Debug message
* @param string Syslog origin type: 'core', 'plugin'
* @param integer Syslog origin ID
*/
function exit_blocked_request($block_type, $debug_message, $syslog_origin_type = 'core', $syslog_origin_ID = NULL)
{
global $debug;
// Write system log for the request:
syslog_insert($debug_message, 'warning', NULL, NULL, $syslog_origin_type, $syslog_origin_ID);
// Print out this text to inform an user:
echo 'Blocked.';
if ($debug) {
// Display additional info on debug mode:
echo ' (' . $block_type . ')';
}
// EXIT:
exit(0);
}
/**
* Check for duplicate comments.
*/
function BeforeCommentFormInsert(&$params)
{
$comment_Item =& $params['Comment']->get_Item();
if ($this->is_duplicate_comment($params['Comment'])) {
$this->msg(T_('The comment seems to be a duplicate.'), 'error');
if ($comment_Item) {
syslog_insert('The comment seems to be a duplicate', 'info', 'item', $comment_Item->ID, 'plugin', $this->ID);
}
}
if ($this->Settings->get('block_common_spam') && preg_match_all('~\\[(link|url)=~', $params['Comment']->content, $m)) {
// Block common bbcode spam comments with both [url= and [link= tags
if (!empty($m[1]) && count($m[1]) > 1) {
$this->msg(T_('Your comment was rejected because it appeared to be spam.'), 'error');
if ($comment_Item) {
syslog_insert('The comment was rejected because it appeared to be spam', 'warning', 'item', $comment_Item->ID, 'plugin', $this->ID);
}
}
}
}
continue;
}
if (!isset($new_names[$loop_src_File->get_md5_ID()])) {
// We have not yet provided a name to rename to...
$confirm = 0;
$new_names[$loop_src_File->get_md5_ID()] = $loop_src_File->get('name');
continue;
}
// Check if provided name is okay:
$new_names[$loop_src_File->get_md5_ID()] = trim(strip_tags($new_names[$loop_src_File->get_md5_ID()]));
if (!$loop_src_File->is_dir()) {
if ($error_filename = validate_filename($new_names[$loop_src_File->get_md5_ID()])) {
// Not a file name or not an allowed extension
$confirm = 0;
$Messages->add($error_filename, 'error');
syslog_insert(sprintf('The copied file %s has an unrecognized extension', '<b>' . $new_names[$loop_src_File->get_md5_ID()] . '</b>'), 'warning', 'file', $loop_src_File->ID);
continue;
}
} elseif ($error_dirname = validate_dirname($new_names[$loop_src_File->get_md5_ID()])) {
// Not a directory name
$confirm = 0;
$Messages->add($error_dirname, 'error');
continue;
}
// If the source is a directory, then we must check if the target path length is allowed or not
$FileCache =& get_FileCache();
$dest_File =& $FileCache->get_by_root_and_path($fm_Filelist->get_root_type(), $fm_Filelist->get_root_ID(), $fm_Filelist->get_rds_list_path() . $new_names[$loop_src_File->get_md5_ID()]);
if ($loop_src_File->is_dir() && strlen($dest_File->get_full_path()) > $dirpath_max_length) {
// The path would be too long we can not allowe to move this folder
param_error('new_names[' . $loop_src_File->get_md5_ID() . ']', T_('The target path is too long for this folder.'));
$confirm = 0;
/**
* Load data from Request form fields.
*
* @param array groups of params to load
* @return boolean true if loaded data seems valid.
*/
function load_from_Request($groups = array())
{
global $Messages, $default_locale, $DB;
/**
* @var User
*/
global $current_User;
// Load collection settings and clear update cascade array
$this->load_CollectionSettings();
if (param('blog_name', 'string', NULL) !== NULL) {
// General params:
$this->set_from_Request('name');
$this->set('shortname', param('blog_shortname', 'string', true));
// Language / locale:
if (param('blog_locale', 'string', NULL) !== NULL) {
// These settings can be hidden when only one locale is enaled in the system
$this->set_from_Request('locale');
$this->set_setting('locale_source', param('blog_locale_source', 'string', 'blog'));
$this->set_setting('post_locale_source', param('blog_post_locale_source', 'string', 'post'));
}
// Collection permissions:
$this->set('advanced_perms', param('advanced_perms', 'integer', 0));
$this->set_setting('allow_access', param('blog_allow_access', 'string', ''));
if ($this->get_setting('allow_access') == 'users' || $this->get_setting('allow_access') == 'members') {
// Disable site maps, feeds and ping plugins when access is restricted on this blog
$this->set_setting('enable_sitemaps', 0);
$this->set_setting('feed_content', 'none');
$this->set_setting('ping_plugins', '');
}
// Lists of collections:
$this->set('order', param('blog_order', 'integer'));
$this->set('in_bloglist', param('blog_in_bloglist', 'string', 'public'));
$this->set('favorite', param('favorite', 'integer', 0));
}
if (param('archive_links', 'string', NULL) !== NULL) {
// Archive link type:
$this->set_setting('archive_links', get_param('archive_links'));
$this->set_setting('archive_posts_per_page', param('archive_posts_per_page', 'integer', NULL), true);
}
if (param('chapter_links', 'string', NULL) !== NULL) {
// Chapter link type:
$this->set_setting('chapter_links', get_param('chapter_links'));
}
if (param('category_prefix', 'string', NULL) !== NULL) {
$category_prefix = get_param('category_prefix');
if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $category_prefix)) {
param_error('category_prefix', T_('Invalid category prefix.'));
}
$this->set_setting('category_prefix', $category_prefix);
}
if (param('atom_redirect', 'string', NULL) !== NULL) {
param_check_url('atom_redirect', 'commenting');
$this->set_setting('atom_redirect', get_param('atom_redirect'));
param('rss2_redirect', 'string', NULL);
param_check_url('rss2_redirect', 'commenting');
$this->set_setting('rss2_redirect', get_param('rss2_redirect'));
}
if (param('image_size', 'string', NULL) !== NULL) {
$this->set_setting('image_size', get_param('image_size'));
}
if (param('tag_links', 'string', NULL) !== NULL) {
// Tag page link type:
$this->set_setting('tag_links', get_param('tag_links'));
}
if (param('tag_prefix', 'string', NULL) !== NULL) {
$tag_prefix = get_param('tag_prefix');
if (!preg_match('|^([A-Za-z0-9\\-_]+(/[A-Za-z0-9\\-_]+)*)?$|', $tag_prefix)) {
param_error('tag_prefix', T_('Invalid tag prefix.'));
}
$this->set_setting('tag_prefix', $tag_prefix);
}
// Default to "tag", if "prefix-only" is used, but no tag_prefix was provided.
if (get_param('tag_links') == 'prefix-only' && !strlen(param('tag_prefix', 'string', NULL))) {
$this->set_setting('tag_prefix', 'tag');
}
// Use rel="tag" attribute? (checkbox)
$this->set_setting('tag_rel_attib', param('tag_rel_attib', 'integer', 0));
if (param('chapter_content', 'string', NULL) !== NULL) {
// What kind of content on chapter pages?
$this->set_setting('chapter_content', get_param('chapter_content'));
}
if (param('tag_content', 'string', NULL) !== NULL) {
// What kind of content on tags pages?
$this->set_setting('tag_content', get_param('tag_content'));
}
if (param('archive_content', 'string', NULL) !== NULL) {
// What kind of content on archive pages?
$this->set_setting('archive_content', get_param('archive_content'));
}
if (param('filtered_content', 'string', NULL) !== NULL) {
// What kind of content on filtered pages?
$this->set_setting('filtered_content', get_param('filtered_content'));
}
if (param('main_content', 'string', NULL) !== NULL) {
// What kind of content on main pages?
$this->set_setting('main_content', get_param('main_content'));
}
// Chapter posts per page:
$this->set_setting('chapter_posts_per_page', param('chapter_posts_per_page', 'integer', NULL), true);
// Tag posts per page:
$this->set_setting('tag_posts_per_page', param('tag_posts_per_page', 'integer', NULL), true);
if (param('single_links', 'string', NULL) !== NULL) {
// Single post link type:
$this->set_setting('single_links', get_param('single_links'));
}
if (param('slug_limit', 'integer', NULL) !== NULL) {
// Limit slug length:
$this->set_setting('slug_limit', get_param('slug_limit'));
}
if (param('normal_skin_ID', 'integer', NULL) !== NULL) {
// Normal skin ID:
$this->set_setting('normal_skin_ID', get_param('normal_skin_ID'));
}
if (param('mobile_skin_ID', 'integer', NULL) !== NULL) {
// Mobile skin ID:
if (get_param('mobile_skin_ID') == 0) {
// Don't store this empty setting in DB
$this->delete_setting('mobile_skin_ID');
} else {
// Set mobile skin
$this->set_setting('mobile_skin_ID', get_param('mobile_skin_ID'));
}
}
if (param('tablet_skin_ID', 'integer', NULL) !== NULL) {
// Tablet skin ID:
if (get_param('tablet_skin_ID') == 0) {
// Don't store this empty setting in DB
$this->delete_setting('tablet_skin_ID');
} else {
// Set tablet skin
$this->set_setting('tablet_skin_ID', get_param('tablet_skin_ID'));
}
}
if (param('archives_sort_order', 'string', NULL) !== NULL) {
// Archive sorting
$this->set_setting('archives_sort_order', param('archives_sort_order', 'string', false));
}
if (param('download_delay', 'integer', NULL) !== NULL) {
// Download delay
param_check_range('download_delay', 0, 10, T_('Download delay must be numeric (0-10).'));
$this->set_setting('download_delay', get_param('download_delay'));
}
if (param('feed_content', 'string', NULL) !== NULL) {
// How much content in feeds?
$this->set_setting('feed_content', get_param('feed_content'));
param_integer_range('posts_per_feed', 1, 9999, T_('Items per feed must be between %d and %d.'));
$this->set_setting('posts_per_feed', get_param('posts_per_feed'));
}
if (param('comment_feed_content', 'string', NULL) !== NULL) {
// How much content in comment feeds?
$this->set_setting('comment_feed_content', get_param('comment_feed_content'));
param_integer_range('comments_per_feed', 1, 9999, T_('Comments per feed must be between %d and %d.'));
$this->set_setting('comments_per_feed', get_param('comments_per_feed'));
}
if (param('blog_shortdesc', 'string', NULL) !== NULL) {
// Description:
$this->set_from_Request('shortdesc');
}
if (param('blog_keywords', 'string', NULL) !== NULL) {
// Keywords:
$this->set_from_Request('keywords');
}
if (param('blog_tagline', 'html', NULL) !== NULL) {
// HTML tagline:
param_check_html('blog_tagline', T_('Invalid tagline'));
$this->set('tagline', get_param('blog_tagline'));
}
if (param('blog_longdesc', 'html', NULL) !== NULL) {
// HTML long description:
param_check_html('blog_longdesc', T_('Invalid long description'));
$this->set('longdesc', get_param('blog_longdesc'));
}
if (param('blog_footer_text', 'html', NULL) !== NULL) {
// Blog footer:
param_check_html('blog_footer_text', T_('Invalid blog footer'));
$this->set_setting('blog_footer_text', get_param('blog_footer_text'));
}
if (param('single_item_footer_text', 'html', NULL) !== NULL) {
// Blog footer:
param_check_html('single_item_footer_text', T_('Invalid single post footer'));
$this->set_setting('single_item_footer_text', get_param('single_item_footer_text'));
}
if (param('xml_item_footer_text', 'html', NULL) !== NULL) {
// Blog footer:
param_check_html('xml_item_footer_text', T_('Invalid RSS footer'));
$this->set_setting('xml_item_footer_text', get_param('xml_item_footer_text'));
}
if (param('blog_notes', 'html', NULL) !== NULL) {
// HTML notes:
param_check_html('blog_notes', T_('Invalid Blog Notes'));
$this->set('notes', get_param('blog_notes'));
param_integer_range('max_footer_credits', 0, 3, T_('Max credits must be between %d and %d.'));
$this->set_setting('max_footer_credits', get_param('max_footer_credits'));
}
if (in_array('pings', $groups)) {
// we want to load the ping checkboxes:
$blog_ping_plugins = param('blog_ping_plugins', 'array:string', array());
$blog_ping_plugins = array_unique($blog_ping_plugins);
$this->set_setting('ping_plugins', implode(',', $blog_ping_plugins));
}
if (in_array('authors', $groups)) {
// we want to load the workflow & permissions params
$this->set_setting('use_workflow', param('blog_use_workflow', 'integer', 0));
}
if (in_array('home', $groups)) {
// we want to load the front page params:
$front_disp = param('front_disp', 'string', '');
$this->set_setting('front_disp', $front_disp);
$front_post_ID = param('front_post_ID', 'integer', 0);
if ($front_disp == 'page') {
// Post ID must be required
param_check_not_empty('front_post_ID', T_('Please enter a specific post ID'));
}
$this->set_setting('front_post_ID', $front_post_ID);
}
if (in_array('features', $groups)) {
// we want to load the workflow checkboxes:
$this->set_setting('enable_goto_blog', param('enable_goto_blog', 'string', NULL));
$this->set_setting('editing_goto_blog', param('editing_goto_blog', 'string', NULL));
$this->set_setting('default_post_status', param('default_post_status', 'string', NULL));
$this->set_setting('post_categories', param('post_categories', 'string', NULL));
$this->set_setting('post_navigation', param('post_navigation', 'string', NULL));
// Show x days or x posts?:
$this->set_setting('what_to_show', param('what_to_show', 'string', ''));
param_integer_range('posts_per_page', 1, 9999, T_('Items/days per page must be between %d and %d.'));
$this->set_setting('posts_per_page', get_param('posts_per_page'));
$this->set_setting('orderby', param('orderby', 'string', true));
$this->set_setting('orderdir', param('orderdir', 'string', true));
// Front office statuses
$this->load_inskin_statuses('post');
// Time frame
$this->set_setting('timestamp_min', param('timestamp_min', 'string', ''));
$this->set_setting('timestamp_min_duration', param_duration('timestamp_min_duration'));
$this->set_setting('timestamp_max', param('timestamp_max', 'string', ''));
$this->set_setting('timestamp_max_duration', param_duration('timestamp_max_duration'));
// call modules update_collection_features on this blog
modules_call_method('update_collection_features', array('edited_Blog' => &$this));
// load post moderation statuses
$moderation_statuses = get_visibility_statuses('moderation');
$post_moderation_statuses = array();
foreach ($moderation_statuses as $status) {
if (param('post_notif_' . $status, 'integer', 0)) {
$post_moderation_statuses[] = $status;
}
}
$this->set_setting('post_moderation_statuses', implode(',', $post_moderation_statuses));
}
if (in_array('comments', $groups)) {
// we want to load the comments settings:
// load moderation statuses
$moderation_statuses = get_visibility_statuses('moderation');
$blog_moderation_statuses = array();
foreach ($moderation_statuses as $status) {
if (param('notif_' . $status, 'integer', 0)) {
$blog_moderation_statuses[] = $status;
}
}
$this->set_setting('moderation_statuses', implode(',', $blog_moderation_statuses));
$this->set_setting('comment_quick_moderation', param('comment_quick_moderation', 'string', 'expire'));
$this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
$this->set_setting('comments_detect_email', param('comments_detect_email', 'integer', 0));
$this->set_setting('comments_register', param('comments_register', 'integer', 0));
}
if (in_array('other', $groups)) {
// we want to load the other settings:
// Search results:
param_integer_range('search_per_page', 1, 9999, T_('Number of search results per page must be between %d and %d.'));
$this->set_setting('search_per_page', get_param('search_per_page'));
// Latest comments :
param_integer_range('latest_comments_num', 1, 9999, T_('Number of shown comments must be between %d and %d.'));
$this->set_setting('latest_comments_num', get_param('latest_comments_num'));
// User directory:
$this->set_setting('image_size_user_list', param('image_size_user_list', 'string'));
// Messaging pages:
$this->set_setting('image_size_messaging', param('image_size_messaging', 'string'));
// Archive pages:
$this->set_setting('archive_mode', param('archive_mode', 'string', true));
}
if (in_array('more', $groups)) {
// we want to load more settings:
// Tracking:
$this->set_setting('track_unread_content', param('track_unread_content', 'integer', 0));
// Subscriptions:
$this->set_setting('allow_subscriptions', param('allow_subscriptions', 'integer', 0));
$this->set_setting('allow_item_subscriptions', param('allow_item_subscriptions', 'integer', 0));
// Sitemaps:
$this->set_setting('enable_sitemaps', param('enable_sitemaps', 'integer', 0));
}
if (param('allow_comments', 'string', NULL) !== NULL) {
// Feedback options:
$this->set_setting('allow_comments', param('allow_comments', 'string', 'any'));
$this->set_setting('allow_view_comments', param('allow_view_comments', 'string', 'any'));
$new_feedback_status = param('new_feedback_status', 'string', 'draft');
if ($new_feedback_status != $this->get_setting('new_feedback_status') && ($new_feedback_status != 'published' || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
// Only admin can set this setting to 'Public'
$this->set_setting('new_feedback_status', $new_feedback_status);
}
$this->set_setting('allow_anon_url', param('allow_anon_url', 'string', '0'));
$this->set_setting('allow_html_comment', param('allow_html_comment', 'string', '0'));
$this->set_setting('allow_attachments', param('allow_attachments', 'string', 'registered'));
$this->set_setting('max_attachments', param('max_attachments', 'integer', ''));
$this->set_setting('autocomplete_usernames', param('autocomplete_usernames', 'integer', ''));
$this->set_setting('display_rating_summary', param('display_rating_summary', 'string', '0'));
$this->set_setting('allow_rating_items', param('allow_rating_items', 'string', 'never'));
$this->set_setting('rating_question', param('rating_question', 'text'));
$this->set_setting('allow_rating_comment_helpfulness', param('allow_rating_comment_helpfulness', 'string', '0'));
$blog_allowtrackbacks = param('blog_allowtrackbacks', 'integer', 0);
if ($blog_allowtrackbacks != $this->get('allowtrackbacks') && ($blog_allowtrackbacks == 0 || $current_User->check_perm('blog_admin', 'edit', false, $this->ID))) {
// Only admin can turn ON this setting
$this->set('allowtrackbacks', $blog_allowtrackbacks);
}
$this->set_setting('comments_orderdir', param('comments_orderdir', '/^(?:ASC|DESC)$/', 'ASC'));
// call modules update_collection_comments on this blog
modules_call_method('update_collection_comments', array('edited_Blog' => &$this));
$threaded_comments = param('threaded_comments', 'integer', 0);
$this->set_setting('threaded_comments', $threaded_comments);
$this->set_setting('paged_comments', $threaded_comments ? 0 : param('paged_comments', 'integer', 0));
param_integer_range('comments_per_page', 1, 9999, T_('Comments per page must be between %d and %d.'));
$this->set_setting('comments_per_page', get_param('comments_per_page'));
$this->set_setting('comments_avatars', param('comments_avatars', 'integer', 0));
$this->set_setting('comments_latest', param('comments_latest', 'integer', 0));
// load blog front office comment statuses
$this->load_inskin_statuses('comment');
}
if (in_array('seo', $groups)) {
// we want to load the workflow checkboxes:
$this->set_setting('canonical_homepage', param('canonical_homepage', 'integer', 0));
$this->set_setting('relcanonical_homepage', param('relcanonical_homepage', 'integer', 0));
$this->set_setting('canonical_item_urls', param('canonical_item_urls', 'integer', 0));
$this->set_setting('relcanonical_item_urls', param('relcanonical_item_urls', 'integer', 0));
$this->set_setting('canonical_archive_urls', param('canonical_archive_urls', 'integer', 0));
$this->set_setting('relcanonical_archive_urls', param('relcanonical_archive_urls', 'integer', 0));
$this->set_setting('canonical_cat_urls', param('canonical_cat_urls', 'integer', 0));
$this->set_setting('relcanonical_cat_urls', param('relcanonical_cat_urls', 'integer', 0));
$this->set_setting('canonical_tag_urls', param('canonical_tag_urls', 'integer', 0));
$this->set_setting('relcanonical_tag_urls', param('relcanonical_tag_urls', 'integer', 0));
$this->set_setting('default_noindex', param('default_noindex', 'integer', 0));
$this->set_setting('paged_noindex', param('paged_noindex', 'integer', 0));
$this->set_setting('paged_nofollowto', param('paged_nofollowto', 'integer', 0));
$this->set_setting('archive_noindex', param('archive_noindex', 'integer', 0));
$this->set_setting('archive_nofollowto', param('archive_nofollowto', 'integer', 0));
$this->set_setting('chapter_noindex', param('chapter_noindex', 'integer', 0));
$this->set_setting('tag_noindex', param('tag_noindex', 'integer', 0));
$this->set_setting('filtered_noindex', param('filtered_noindex', 'integer', 0));
$this->set_setting('arcdir_noindex', param('arcdir_noindex', 'integer', 0));
$this->set_setting('catdir_noindex', param('catdir_noindex', 'integer', 0));
$this->set_setting('feedback-popup_noindex', param('feedback-popup_noindex', 'integer', 0));
$this->set_setting('msgform_noindex', param('msgform_noindex', 'integer', 0));
$this->set_setting('special_noindex', param('special_noindex', 'integer', 0));
$this->set_setting('title_link_type', param('title_link_type', 'string', ''));
$this->set_setting('permalinks', param('permalinks', 'string', ''));
$this->set_setting('404_response', param('404_response', 'string', ''));
$this->set_setting('help_link', param('help_link', 'string', ''));
$this->set_setting('excerpts_meta_description', param('excerpts_meta_description', 'integer', 0));
$this->set_setting('categories_meta_description', param('categories_meta_description', 'integer', 0));
$this->set_setting('tags_meta_keywords', param('tags_meta_keywords', 'integer', 0));
$this->set_setting('tags_open_graph', param('tags_open_graph', 'integer', 0));
$this->set_setting('download_noindex', param('download_noindex', 'integer', 0));
$this->set_setting('download_nofollowto', param('download_nofollowto', 'integer', 0));
}
/*
* ADVANCED ADMIN SETTINGS
*/
if ($current_User->check_perm('blog_admin', 'edit', false, $this->ID)) {
// We have permission to edit advanced admin settings:
if (in_array('cache', $groups)) {
// we want to load the cache params:
$this->set_setting('ajax_form_enabled', param('ajax_form_enabled', 'integer', 0));
$this->set_setting('ajax_form_loggedin_enabled', param('ajax_form_loggedin_enabled', 'integer', 0));
$this->set_setting('cache_enabled_widgets', param('cache_enabled_widgets', 'integer', 0));
}
if (in_array('styles', $groups)) {
// we want to load the styles params:
$this->set('allowblogcss', param('blog_allowblogcss', 'integer', 0));
$this->set('allowusercss', param('blog_allowusercss', 'integer', 0));
}
if (in_array('login', $groups)) {
// we want to load the login params:
if (!get_setting_Blog('login_blog_ID')) {
// Update this only when no blog is defined for login/registration
$this->set_setting('in_skin_login', param('in_skin_login', 'integer', 0));
}
$this->set_setting('in_skin_editing', param('in_skin_editing', 'integer', 0));
}
if (param('blog_head_includes', 'html', NULL) !== NULL) {
// HTML header includes:
param_check_html('blog_head_includes', T_('Invalid Custom meta tag/css section.'), '#', 'head_extension');
$this->set_setting('head_includes', get_param('blog_head_includes'));
}
if (param('blog_footer_includes', 'html', NULL) !== NULL) {
// HTML header includes:
param_check_html('blog_footer_includes', T_('Invalid Custom javascript section'));
$this->set_setting('footer_includes', get_param('blog_footer_includes'));
}
if (param('owner_login', 'string', NULL) !== NULL) {
// Permissions:
$UserCache =& get_UserCache();
$owner_User =& $UserCache->get_by_login(get_param('owner_login'));
if (empty($owner_User)) {
param_error('owner_login', sprintf(T_('User «%s» does not exist!'), get_param('owner_login')));
} else {
$this->set('owner_user_ID', $owner_User->ID);
$this->owner_User =& $owner_User;
}
}
if (($blog_urlname = param('blog_urlname', 'string', NULL)) !== NULL) {
// check urlname
if (param_check_not_empty('blog_urlname', T_('You must provide an URL collection name!'))) {
if (!preg_match('|^[A-Za-z0-9\\-]+$|', $blog_urlname)) {
param_error('blog_urlname', sprintf(T_('The url name %s is invalid.'), "«{$blog_urlname}»"));
$blog_urlname = NULL;
}
if (isset($blog_urlname) && $DB->get_var('SELECT COUNT(*)
FROM T_blogs
WHERE blog_urlname = ' . $DB->quote($blog_urlname) . '
AND blog_ID <> ' . $this->ID)) {
// urlname is already in use
param_error('blog_urlname', sprintf(T_('The URL name %s is already in use by another collection. Please choose another name.'), "«{$blog_urlname}»"));
$blog_urlname = NULL;
}
if (isset($blog_urlname)) {
// Set new urlname and save old media dir in order to rename folder to new
$old_media_dir = $this->get_media_dir(false);
$this->set_from_Request('urlname');
}
}
}
if (($access_type = param('blog_access_type', 'string', NULL)) !== NULL) {
// Blog URL parameters:
// Note: We must avoid to set an invalid url, because the new blog url will be displayed in the evobar even if it was not saved
$allow_new_access_type = true;
if ($access_type == 'absolute') {
$blog_siteurl = param('blog_siteurl_absolute', 'string', true);
if (preg_match('#^https?://[^/]+/.*#', $blog_siteurl, $matches)) {
// It looks like valid absolute URL, so we may update the blog siteurl
$this->set('siteurl', $blog_siteurl);
} else {
// It is not valid absolute URL, don't update the blog 'siteurl' to avoid errors
$allow_new_access_type = false;
// If site url is not updated do not allow access_type update either
$Messages->add(T_('Collection Folder URL') . ': ' . sprintf(T_('%s is an invalid absolute URL'), '«' . htmlspecialchars($blog_siteurl) . '»') . '. ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>) and it must contain at least one \'/\' sign after the domain name!'), 'error');
}
} elseif ($access_type == 'relative') {
// relative siteurl
$blog_siteurl = param('blog_siteurl_relative', 'string', true);
if (preg_match('#^https?://#', $blog_siteurl)) {
$Messages->add(T_('Blog Folder URL') . ': ' . T_('You must provide a relative URL (without <code>http://</code> or <code>https://</code>)!'), 'error');
}
$this->set('siteurl', $blog_siteurl);
} else {
$this->set('siteurl', '');
}
if ($allow_new_access_type) {
// The received siteurl value was correct, may update the access_type value
$this->set('access_type', $access_type);
}
}
if (param('aggregate_coll_IDs', 'string', NULL) !== NULL) {
// Aggregate list: (can be '*')
$aggregate_coll_IDs = get_param('aggregate_coll_IDs');
if ($aggregate_coll_IDs != '*') {
// Sanitize the string
$aggregate_coll_IDs = sanitize_id_list($aggregate_coll_IDs);
}
// fp> TODO: check perms on each aggregated blog (if changed)
// fp> TODO: better interface
if ($aggregate_coll_IDs != '*' && !preg_match('#^([0-9]+(,[0-9]+)*)?$#', $aggregate_coll_IDs)) {
param_error('aggregate_coll_IDs', T_('Invalid aggregate collection ID list!'));
}
$this->set_setting('aggregate_coll_IDs', $aggregate_coll_IDs);
}
$media_location = param('blog_media_location', 'string', NULL);
if ($media_location !== NULL) {
// Media files location:
$old_media_dir = $this->get_media_dir(false);
$old_media_location = $this->get('media_location');
$this->set_from_Request('media_location');
$this->set_media_subdir(param('blog_media_subdir', 'string', ''));
$this->set_media_fullpath(param('blog_media_fullpath', 'string', ''));
$this->set_media_url(param('blog_media_url', 'string', ''));
// check params
switch ($this->get('media_location')) {
case 'custom':
// custom path and URL
global $demo_mode, $media_path;
if ($this->get('media_fullpath') == '') {
param_error('blog_media_fullpath', T_('Media dir location') . ': ' . T_('You must provide the full path of the media directory.'));
}
if (!preg_match('#^https?://#', $this->get('media_url'))) {
param_error('blog_media_url', T_('Media dir location') . ': ' . T_('You must provide an absolute URL (starting with <code>http://</code> or <code>https://</code>)!'));
}
if ($demo_mode) {
$canonical_fullpath = get_canonical_path($this->get('media_fullpath'));
if (!$canonical_fullpath || strpos($canonical_fullpath, $media_path) !== 0) {
param_error('blog_media_fullpath', T_('Media dir location') . ': in demo mode the path must be inside of $media_path.');
}
}
break;
case 'subdir':
global $media_path;
if ($this->get('media_subdir') == '') {
param_error('blog_media_subdir', T_('Media dir location') . ': ' . T_('You must provide the media subdirectory.'));
} else {
// Test if it's below $media_path (subdir!)
$canonical_path = get_canonical_path($media_path . $this->get('media_subdir'));
if (!$canonical_path || strpos($canonical_path, $media_path) !== 0) {
param_error('blog_media_subdir', T_('Media dir location') . ': ' . sprintf(T_('Invalid subdirectory «%s».'), format_to_output($this->get('media_subdir'))));
} else {
// Validate if it's a valid directory name:
$subdir = no_trailing_slash(substr($canonical_path, strlen($media_path)));
if ($error = validate_dirname($subdir)) {
param_error('blog_media_subdir', T_('Media dir location') . ': ' . $error);
syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $subdir . '</b>'), 'warning', 'file');
}
}
}
break;
}
}
if (!param_errors_detected() && !empty($old_media_dir)) {
// No error were detected before and possibly the media directory path was updated, check if it can be managed
$this->check_media_dir_change($old_media_dir, isset($old_media_location) ? $old_media_location : NULL);
}
}
return !param_errors_detected();
}
} else {
// Don't use the hidden field for this file because it is from another folder
$filename_hidden_field = '';
}
echo '<td class="fm_filename">' . $filename_hidden_field;
/************* Invalid filename warning: *************/
if (!$lFile->is_dir()) {
if ($error_filename = validate_filename($lFile->get_name())) {
// TODO: Warning icon with hint
echo get_icon('warning', 'imgtag', array('class' => 'filenameIcon', 'title' => $error_filename));
syslog_insert(sprintf('The unrecognized extension is detected for file %s', '<b>' . $lFile->get_name() . '</b>'), 'warning', 'file', $lFile->ID);
}
} elseif ($error_dirname = validate_dirname($lFile->get_name())) {
// TODO: Warning icon with hint
echo get_icon('warning', 'imgtag', array('class' => 'filenameIcon', 'title' => $error_dirname));
syslog_insert(sprintf('Invalid name is detected for folder %s', '<b>' . $lFile->get_name() . '</b>'), 'warning', 'file', $lFile->ID);
}
/**** Open in a new window (only directories) ****/
if ($lFile->is_dir()) {
// Directory
$browse_dir_url = $lFile->get_view_url();
$popup_url = url_add_param($browse_dir_url, 'mode=popup');
$target = 'evo_fm_' . $lFile->get_md5_ID();
echo '<a href="' . $browse_dir_url . '" target="' . $target . ' " class="pull-right"
title="' . T_('Open in a new window') . '" onclick="' . "return pop_up_window( '{$popup_url}', '{$target}' )" . '">' . get_icon('window_new') . '</a>';
}
// Only provide link/"chain" icons for files.
// TODO: dh> provide support for direcories (display included files).
// fp> here might not be the best place to put the perm check
if (isset($LinkOwner) && $LinkOwner->check_perm('edit')) {
// Offer option to link the file to an Item (or anything else):
if (empty($fm_FileRoot)) {
// Stop when this object is NULL, it can happens when media path has no rights to write
$message['text'] = sprintf(T_('We cannot open the folder %s. PHP needs execute permissions on this folder.'), '<b>' . $media_path . '</b>');
$message['status'] = 'error';
out_echo($message, $specialchars);
exit;
}
$newName = $file->getName();
$oldName = $newName;
// validate file name
if ($error_filename = process_filename($newName, true, true, $fm_FileRoot, $path)) {
// Not a file name or not an allowed extension
$message['text'] = $error_filename;
$message['status'] = 'error';
out_echo($message, $specialchars);
syslog_insert(sprintf('The uploaded file %s has an unrecognized extension', '<b>' . $newName . '</b>'), 'warning', 'file');
exit;
}
// Process a name of old name
process_filename($oldName, true);
list($newFile, $oldFile_thumb) = check_file_exists($fm_FileRoot, $path, $newName);
$newName = $newFile->get('name');
// If everything is ok, save the file somewhere
$file_content = $file->get_content();
if (is_array($file_content)) {
// Error on upload
$message = array_merge($message, $file_content);
out_echo($message, $specialchars);
exit;
}
if (!file_exists($newFile->get_dir())) {
$SQL->SELECT('ivc_source, ivc_grp_ID');
$SQL->FROM('T_users__invitation_code');
$SQL->WHERE('ivc_code = ' . $DB->quote($invitation));
$SQL->WHERE_and('ivc_expire_ts > ' . $DB->quote(date('Y-m-d H:i:s', $localtimenow)));
if ($invitation_code = $DB->get_row($SQL->get())) {
// Set source and group from invitation code
$new_User->set('source', $invitation_code->ivc_source);
$GroupCache =& get_GroupCache();
if ($new_user_Group =& $GroupCache->get_by_ID($invitation_code->ivc_grp_ID, false, false)) {
$new_User->set_Group($new_user_Group);
}
}
}
if ($new_User->dbinsert()) {
// Insert system log about user's registration
syslog_insert('User registration', 'info', 'user', $new_User->ID);
}
$new_user_ID = $new_User->ID;
// we need this to "rollback" user creation if there's no DB transaction support
// TODO: Optionally auto create a blog (handle this together with the LDAP plugin)
// TODO: Optionally auto assign rights
// Actions to be appended to the user registration transaction:
if ($Plugins->trigger_event_first_false('AppendUserRegistrTransact', array('User' => &$new_User))) {
// TODO: notify the plugins that have been called before about canceling of the event?!
$DB->rollback();
// Delete, in case there's no transaction support:
$new_User->dbdelete($Debuglog);
$Messages->add(T_('No user account has been created!'), 'error');
break;
// break out to _reg_form.php
}
/**
* process attachments by saving into media directory and optionally creating image tag in post
*
* @param string message content that is optionally manipulated by adding image tags (by reference)
* @param array $mailAttachments array containing path to attachment files
* @param string $mediadir path to media directory of blog as seen by file system
* @param string $media_url url to media directory as seen by user
* @param bool $add_img_tags should img tags be added to the post (instead of linking through the file manager)
* @param string $type defines attachment type: 'attach' or 'related'
* @param boolean TRUE if script is executed by cron
*/
function pbm_process_attachments(&$content, $mailAttachments, $mediadir, $media_url, $add_img_tags = true, $type = 'attach', $cron = false)
{
global $Settings, $pbm_item_files, $filename_max_length;
pbm_msg('<h4>' . T_('Processing attachments') . '</h4>', $cron);
foreach ($mailAttachments as $attachment) {
if (isset($attachment['FileName'])) {
$filename = trim(utf8_strtolower($attachment['FileName']));
} else {
// Related attachments may not have file name, we'll generate one below
$filename = '';
}
if ($filename == '') {
$filename = 'upload_' . uniqid() . '.' . $attachment['SubType'];
pbm_msg(sprintf(T_('Attachment without name. Using "%s".'), htmlspecialchars($filename)), $cron);
}
// Check valid filename/extension: (includes check for locked filenames)
if ($error_filename = process_filename($filename, true)) {
pbm_msg(T_('Invalid filename') . ': ' . $error_filename, $cron);
syslog_insert(sprintf('The posted by mail file %s has an unrecognized extension', '<b>' . $filename . '</b>'), 'warning', 'file');
continue;
}
// If file exists count up a number
$cnt = 0;
$prename = substr($filename, 0, strrpos($filename, '.')) . '-';
$sufname = strrchr($filename, '.');
$error_in_filename = false;
while (file_exists($mediadir . $filename)) {
$filename = $prename . $cnt . $sufname;
if (strlen($filename) > $filename_max_length) {
// This is a special case, when the filename is longer then the maximum allowed
// Cut as many characters as required before the counter on the file name
$filename = fix_filename_length($filename, strlen($prename) - 1);
if ($error_in_filename = process_filename($filename, true)) {
// The file name is not valid, this is an unexpected situation, because the file name was already validated before
pbm_msg(T_('Invalid filename') . ': ' . $error_filename, $cron);
syslog_insert(sprintf('The posted by mail file %s has an unrecognized extension', '<b>' . $filename . '</b>'), 'warning', 'file');
break;
}
}
++$cnt;
}
if ($error_in_filename) {
// Don't create file with invalid file name
continue;
}
pbm_msg(sprintf(T_('New file name is %s'), '<b>' . $filename . '</b>'), $cron);
$imginfo = NULL;
if (!$Settings->get('eblog_test_mode')) {
pbm_msg(sprintf(T_('Saving file to: %s'), htmlspecialchars($mediadir . $filename)), $cron);
if (!copy($attachment['DataFile'], $mediadir . $filename)) {
pbm_msg(sprintf(T_('Unable to copy uploaded file to %s'), htmlspecialchars($mediadir . $filename)), $cron);
continue;
}
// chmod uploaded file:
$chmod = $Settings->get('fm_default_chmod_file');
@chmod($mediadir . $filename, octdec($chmod));
$imginfo = @getimagesize($mediadir . $filename);
pbm_msg(sprintf(T_('Is this an image?: %s'), is_array($imginfo) ? 'yes' : 'no'), $cron);
}
if ($type == 'attach') {
$content .= "\n";
if (is_array($imginfo) && $add_img_tags) {
$content .= '<img src="' . $media_url . $filename . '" ' . $imginfo[3] . ' />';
} else {
pbm_msg(sprintf(T_('The file %s will be attached to the post later, after we save the post in the database.'), '<b>' . $filename . '</b>'), $cron);
$pbm_item_files[] = $filename;
}
$content .= "\n";
} elseif (!empty($attachment['ContentID'])) {
// Replace relative "cid:xxxxx" URIs with absolute URLs to media files
$content = str_replace('cid:' . $attachment['ContentID'], $media_url . $filename, $content);
}
}
}
/**
* Add new link to owner User
*
* @param integer file ID
* @param integer link position ( 'teaser', 'aftermore' )
* @param int order of the link
* @return integer|boolean Link ID on success, false otherwise
*/
function add_link($file_ID, $position = NULL, $order = 1)
{
global $current_User;
if (is_null($position)) {
// Use default link position
$position = $this->get_default_position($file_ID);
}
$edited_Link = new Link();
$edited_Link->set('usr_ID', $this->User->ID);
$edited_Link->set('file_ID', $file_ID);
$edited_Link->set('position', $position);
$edited_Link->set('order', $order);
if (empty($current_User)) {
// Current User not is set because probably we are creating links from upgrade script. Set the owner as creator and last editor.
$edited_Link->set('creator_user_ID', $this->User->ID);
$edited_Link->set('lastedit_user_ID', $this->User->ID);
}
if ($edited_Link->dbinsert()) {
if (!is_null($this->Links)) {
// If user Links were already loaded update its content
$this->Links[$edited_Link->ID] =& $edited_Link;
}
$FileCache =& get_FileCache();
$File = $FileCache->get_by_ID($file_ID, false, false);
$file_name = empty($File) ? '' : $File->get_name();
syslog_insert(sprintf('File %s was linked to %s with ID=%s', '<b>' . $file_name . '</b>', $this->type, $this->link_Object->ID), 'info', 'file', $file_ID);
return $edited_Link->ID;
}
return false;
}
/**
* Validate the given answer against our stored one.
*
* This event is provided for other plugins and gets used internally
* for other events we're hooking into.
*
* @param array Associative array of parameters.
* @param string Form type ( comment|register|message )
* @return boolean|NULL
*/
function CaptchaValidated(&$params, $form_type)
{
global $DB, $localtimenow, $Session;
if (!$this->does_apply($params, $form_type)) {
return;
}
$posted_answer = utf8_strtolower(param('captcha_qstn_' . $this->ID . '_answer', 'string', ''));
if (empty($posted_answer)) {
$this->debug_log('captcha_qstn_' . $this->ID . '_answer');
$params['validate_error'] = $this->T_('Please enter the captcha answer.');
if ($form_type == 'comment' && ($comment_Item =& $params['Comment']->get_Item())) {
syslog_insert('Comment captcha answer is not entered', 'warning', 'item', $comment_Item->ID, 'plugin', $this->ID);
}
return false;
}
$question = $this->CaptchaQuestion();
$posted_answer_is_correct = false;
$answers = explode('|', utf8_strtolower($question->cptq_answers));
foreach ($answers as $answer) {
if ($posted_answer == $answer) {
// Correct answer is found in DB
$posted_answer_is_correct = true;
break;
}
}
if (!$posted_answer_is_correct) {
$this->debug_log('Posted (' . $posted_answer . ') and saved (' . $question->cptq_answers . ') answer do not match!');
$params['validate_error'] = $this->T_('The entered answer is incorrect.');
if ($form_type == 'comment' && ($comment_Item =& $params['Comment']->get_Item())) {
syslog_insert('Comment captcha answer is incorrect', 'warning', 'item', $comment_Item->ID, 'plugin', $this->ID);
}
return false;
}
// If answer is correct:
// We should clean the question ID that was assigned for current session and IP address
// It gives to assign new question on the next captcha event
$this->CaptchaQuestionCleanup();
return true;
}
/**
* Add new link to owner Comment
*
* @param integer file ID
* @param integer link position ( 'teaser', 'aftermore' )
* @param int order of the link
* @param boolean true to update owner last touched timestamp after link was created, false otherwise
* @return integer|boolean Link ID on success, false otherwise
*/
function add_link($file_ID, $position = NULL, $order = 1, $update_owner = true)
{
if (is_null($position)) {
// Use default link position
$position = $this->get_default_position($file_ID);
}
$edited_Link = new Link();
$edited_Link->set('cmt_ID', $this->Comment->ID);
$edited_Link->set('file_ID', $file_ID);
$edited_Link->set('position', $position);
$edited_Link->set('order', $order);
if ($edited_Link->dbinsert()) {
$FileCache =& get_FileCache();
$File = $FileCache->get_by_ID($file_ID, false, false);
$file_name = empty($File) ? '' : $File->get_name();
syslog_insert(sprintf('File %s was linked to %s with ID=%s', '<b>' . $file_name . '</b>', $this->type, $this->link_Object->ID), 'info', 'file', $file_ID);
if ($update_owner) {
// Update last touched date of the Comment & Item
$this->update_last_touched_date();
}
return $edited_Link->ID;
}
return false;
}
/**
* Add new link to owner Item
*
* @param integer file ID
* @param integer link position ( 'teaser', 'teaserperm', 'teaserlink', 'aftermore', 'inline', 'fallback' )
* @param int order of the link
* @param boolean true to update owner last touched timestamp after link was created, false otherwise
* @return integer|boolean Link ID on success, false otherwise
*/
function add_link($file_ID, $position = NULL, $order = 1, $update_owner = true)
{
if (is_null($position)) {
// Use default link position
$position = $this->get_default_position($file_ID);
}
$edited_Link = new Link();
$edited_Link->set('itm_ID', $this->Item->ID);
$edited_Link->set('file_ID', $file_ID);
$edited_Link->set('position', $position);
$edited_Link->set('order', $order);
if ($edited_Link->dbinsert()) {
// New link was added to the item, invalidate blog's media BlockCache
BlockCache::invalidate_key('media_coll_ID', $this->Item->get_blog_ID());
$FileCache =& get_FileCache();
$File = $FileCache->get_by_ID($file_ID, false, false);
$file_name = empty($File) ? '' : $File->get_name();
syslog_insert(sprintf('File %s was linked to %s with ID=%s', '<b>' . $file_name . '</b>', $this->type, $this->link_Object->ID), 'info', 'file', $file_ID);
if ($update_owner) {
// Update last touched date of the Item
$this->update_last_touched_date();
}
// Reset the Links
$this->Links = NULL;
$this->load_Links();
return $edited_Link->ID;
}
return false;
}
