Example #1
function tags_insert_string($link, $lang, $string, $date = 0)
    global $db;
    if (!is_numeric($link)) {
    $string = tags_normalize_string($string);
    if ($date == 0) {
        $date = time();
    $words = preg_split('/[,;]+/', $string);
    if ($words) {
        $db->query("delete from " . table_tags . " where tag_link_id = {$link}");
        foreach ($words as $word) {
            $word = trim($word);
            if (!$inserted[$word] && !empty($word)) {
                $db->query("insert IGNORE into " . table_tags . " (tag_link_id, tag_lang, tag_words, tag_date) values ({$link}, '{$lang}', '{$word}', from_unixtime({$date}))");
                $inserted[$word] = true;
        $db->query("TRUNCATE TABLE " . table_tag_cache);
        $db->query($sql = "INSERT INTO " . table_tag_cache . " select tag_words, count(DISTINCT link_id) as count FROM " . table_tags . ", " . table_links . " WHERE tag_lang='en' and link_id = tag_link_id and (link_status='published' OR link_status='new') GROUP BY tag_words order by count desc");
        return true;
    return false;
Example #2
function tags_insert_string($link, $lang, $string, $date = 0)
    global $db;
    if (!is_numeric($link)) {
    $string = tags_normalize_string($string);
    if ($date == 0) {
        $date = time();
    $words = preg_split('/[,;]+/', $string);
    if ($words) {
        $db->query("delete from " . table_tags . " where tag_link_id = {$link}");
        foreach ($words as $word) {
            $word = trim($word);
            if (!$inserted[$word] && !empty($word)) {
                $db->query("insert into " . table_tags . " (tag_link_id, tag_lang, tag_words, tag_date) values ({$link}, '{$lang}', '{$word}', from_unixtime({$date}))");
                $inserted[$word] = true;
        $db->query("DELETE FROM " . table_tag_cache);
        return true;
    return false;
Example #3
function tags_insert_string($link, $lang, $string, $date = 0) {
	global $db;

	$string = tags_normalize_string($string);
	if ($date == 0) $date=time();
	$words = preg_split('/[,;]+/', $string);
	if ($words) {
		$db->query("delete from tags where tag_link_id = $link");
		foreach ($words as $word) {
			if (!$inserted[$word] && !empty($word)) {
				$db->query("insert into tags (tag_link_id, tag_lang, tag_words, tag_date) values ($link, '$lang', '$word', from_unixtime($date))");
				$inserted[$word] = true;
		return true;
	return false;

Example #4
function tags_insert_string($link, $lang, $string, $date = 0)
    global $db;
    $string = tags_normalize_string($string);
    if ($date == 0) {
        $date = time();
    $words = preg_split('/[,]+/', $string);
    if ($words) {
        $db->query("delete from tags where tag_link_id = {$link}");
        foreach ($words as $word) {
            $word = $db->escape(trim($word));
            if (mb_strlen($word) >= 2 && !$inserted[$word] && !empty($word)) {
                $db->query("insert into tags (tag_link_id, tag_lang, tag_words, tag_date) values ({$link}, '{$lang}', '{$word}', from_unixtime({$date}))");
                $inserted[$word] = true;
        return true;
    return false;
function do_save() {
	global $linkres, $dblang;

	if (!empty($_POST['url'])) {
		$linkres->url = trim($_POST['url']);
	$linkres->title = stripslashes(clean_text($_POST['title']));
	$linkres->content = stripslashes(clean_text($_POST['bodytext']));
	$linkres->tags = tags_normalize_string(stripslashes(clean_text($_POST['tags'])));
	// change the status
	if ($linkres->status != 'published' && ($_POST['status'] == 'queued' || $_POST['status'] == 'discard')) {
		$linkres->status = $_POST['status'];
	if (!link_edit_errors($linkres)) {
		tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);
		echo '<div class="form-error-submit">&nbsp;&nbsp;'._("noticia actualizada").'</div>'."\n";
	} else {

	echo '<div class="formnotice">'."\n";
	echo '</div>'."\n";

	echo '<form id="genericform" method="GET" action="story.php" >';
	echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n";
	echo '<input class="genericsubmit" type="button" onclick="window.history.go(-1)" value="'._('&#171; modificar').'">&nbsp;&nbsp;'."\n";;
	echo '<input class="genericsubmit" type="submit" value="'._('ir a la noticia').'" />'."\n";
	echo '</form>'. "\n";

Example #6
function do_save()
    global $linkres, $dblang, $current_user;
    $linkres->category = intval($_POST['category']);
    if (!empty($_POST['url']) && ($current_user->user_level == 'admin' || $current_user->user_level == 'god')) {
        $linkres->url = clean_input_url($_POST['url']);
    $linkres->title = clean_text($_POST['title'], 40);
    $linkres->content = clean_text($_POST['bodytext']);
    $linkres->tags = tags_normalize_string($_POST['tags']);
    // change the status
    if (($current_user->user_level == 'god' || $linkres->status != 'published') && ($_POST['status'] == 'queued' || $_POST['status'] == 'discard' || $_POST['status'] == 'abuse' || $_POST['status'] == 'autodiscard')) {
        if (!$linkres->is_discarded() && ($_POST['status'] == 'discard' || $_POST['status'] == 'abuse' || $_POST['status'] == 'autodiscard')) {
            // Insert a log entry if the link has been manually discarded
            $insert_discard_log = true;
        $linkres->status = $_POST['status'];
    if (!link_edit_errors($linkres)) {
        if (empty($linkres->uri)) {
        tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);
        // Insert edit log/event
        require_once mnminclude . 'log.php';
        if ($insert_discard_log) {
            // Insert always a link and discard event if the status has been changed to discard
            log_insert('link_discard', $linkres->id, $current_user->user_id);
            log_insert('link_edit', $linkres->id, $current_user->user_id);
        } else {
            log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60);
        echo '<div class="form-error-submit">&nbsp;&nbsp;' . _("noticia actualizada") . '</div>' . "\n";
    echo '<div class="formnotice">' . "\n";
    echo '</div>' . "\n";
    echo '<form id="genericform" method="GET" action="story.php" >';
    echo '<input type="hidden" name="id" value="' . $linkres->id . '" />' . "\n";
    echo '<input class="genericsubmit" type="button" onclick="window.history.go(-1)" value="' . _('&#171; modificar') . '">&nbsp;&nbsp;' . "\n";
    echo '<input class="genericsubmit" type="submit" value="' . _('ir a la noticia') . '" />' . "\n";
    echo '</form>' . "\n";
Example #7
function do_submit2()
    global $db, $dblang;
    $linkres = new Link();
    $linkres->id = $link_id = intval($_POST['id']);
    $linkres->category = intval($_POST['category']);
    $linkres->title = clean_text($_POST['title'], 40);
    $linkres->tags = tags_normalize_string(clean_text($_POST['tags']));
    $linkres->content = clean_text($_POST['bodytext']);
    if (link_errors($linkres)) {
        echo '<form id="genericform">' . "\n";
        echo '<p><input class="genericsubmit" type=button onclick="window.history.go(-1)" value="' . _('&#171; retroceder') . '"></p>' . "\n";
        echo '</form>' . "\n";
        echo '</div>' . "\n";
        // opened in print_form_submit_error
    tags_insert_string($linkres->id, $dblang, $linkres->tags);
    $edit = true;
    $link_title = $linkres->title;
    $link_content = $linkres->content;
    do_navbar(_('enviar noticia ') . '&#187;' . _(' paso 3: control final'));
    echo '<div id="genericform-contents">' . "\n";
    echo '<h2>' . _('envío de una nueva noticia: paso 3 de 3') . '</h2>' . "\n";
    echo '<form action="submit.php" method="post" id="genericform">' . "\n";
    echo '<fieldset><legend><span class="sign">' . _('detalles de la noticia') . '</span></legend>' . "\n";
    echo '<div class="genericformtxt"><label>' . _('ATENCIÓN: esto es sólo una muestra!') . '</label>&nbsp;&nbsp;<br/>' . _('Ahora puedes 1) ') . '<label>' . _('retroceder') . '</label>' . _(' o 2)  ') . '<label>' . _('enviar a la cola y finalizar') . '</label>' . _('. Cualquier otro clic convertirá tu noticia en comida para <del>gatos</del> elefantes (o no).') . '</div>';
    echo '<div class="formnotice">' . "\n";
    echo '</div>' . "\n";
    echo '<input type="hidden" name="phase" value="3" />' . "\n";
    echo '<input type="hidden" name="randkey" value="' . intval($_POST['randkey']) . '" />' . "\n";
    echo '<input type="hidden" name="id" value="' . $linkres->id . '" />' . "\n";
    echo '<input type="hidden" name="trackback" value="' . htmlspecialchars(trim($_POST['trackback'])) . '" />' . "\n";
    echo '<br style="clear: both;" /><br style="clear: both;" />' . "\n";
    echo '<input class="genericsubmit" type="button" onclick="window.history.go(-1)" value="' . _('&#171; retroceder') . '">&nbsp;&nbsp;' . "\n";
    echo '<input class="genericsubmit" type="submit" value="' . _('enviar a la cola y finalizar &#187;') . '" />' . "\n";
    echo '</form>' . "\n";
    echo '</fieldset>' . "\n";
    echo '</div>' . "\n";
Example #8
function do_save() {
	global $linkres, $dblang, $current_user;


	if ($current_user->admin) {
		if (!empty($_POST['url'])) {
			$linkres->url = clean_input_url($_POST['url']);
		if ($_POST['thumb_delete']) {
		if ($_POST['thumb_get']) {
	$linkres->title = clean_text($_POST['title'], 40);
	$linkres->content = clean_text_with_tags($_POST['bodytext']);
	$linkres->tags = tags_normalize_string($_POST['tags']);
	// change the status
	if ($_POST['status'] != $linkres->status
		&& ($_POST['status'] == 'autodiscard' || $current_user->admin)
		&& preg_match('/^[a-z]{4,}$/', $_POST['status'])
		&& ( ! $linkres->is_discarded() || $current_user->admin)) {
		if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) {
			// Insert a log entry if the link has been manually discarded
			$insert_discard_log = true;
		$linkres->status = $_POST['status'];

  $d = $_POST["datepicker1"];
  $linkres->start_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);

  $d = $_POST["datepicker2"];
  $linkres->end_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);

	if (!link_edit_errors($linkres)) {
		if (empty($linkres->uri)) $linkres->get_uri();
		tags_insert_string($linkres->id, $dblang, $linkres->tags, $linkres->date);

		// Insert edit log/event if the link it's newer than 15 days
		if ($globals['now'] - $linkres->date < 86400*15) {
			if ($insert_discard_log) {
				// Insert always a link and discard event if the status has been changed to discard
				log_insert('link_discard', $linkres->id, $current_user->user_id);
				if ($linkres->author == $current_user->user_id) { // Don't save edit log if it's discarded by an admin
					log_insert('link_edit', $linkres->id, $current_user->user_id);
			} elseif ($linkres->votes > 0) {
				log_conditional_insert('link_edit', $linkres->id, $current_user->user_id, 60);

		echo '<div class="form-error-submit">&nbsp;&nbsp;'._("noticia actualizada").'</div>'."\n";


	echo '<div class="formnotice">'."\n";
	echo '</div>'."\n";

	echo '<form class="note" method="GET" action="story.php" >';
	echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n";
	echo '<input class="button" type="button" onclick="window.history.go(-1)" value="&#171; '._('modificar').'">&nbsp;&nbsp;'."\n";;
	echo '<input class="button" type="submit" value="'._('ir a la noticia').'" />'."\n";
	echo '</form>'. "\n";
Example #9
function do_save($link)
    global $dblang, $globals, $current_user, $db;
    $link->status = $link->sub_status;
    $site_properties = SitesMgr::get_extended_properties();
    // Store previous value for the log
    $link_old = new stdClass();
    $link_old->url = $link->url;
    $link_old->title = $link->title;
    $link_old->content = $link->content;
    $link_old->tags = $link->tags;
    $link_old->status = $link->status;
    $link_old->sub_id = $link->sub_id;
    $link->sub_id = intval($_POST['sub_id']);
    if ($link->sub_id != $link_old->sub_id) {
        $link->sub_changed = true;
        // To force to delete old statuses with another origin
    if ($current_user->admin || $current_user->user_level == 'blogger' || SitesMgr::is_owner()) {
        if (!empty($_POST['url'])) {
            $link->url = clean_input_url($_POST['url']);
        if ($_POST['thumb_delete']) {
        if ($_POST['uri_update']) {
        if ($_POST['thumb_get']) {
        } elseif (!empty($_POST['thumb_url'])) {
            $url = clean_input_url($_POST['thumb_url']);
            $link->get_thumb(false, $url);
    $link->title = $_POST['title'];
    $link->content = $_POST['bodytext'];
    $link->tags = tags_normalize_string($_POST['tags']);
    $errors = link_edit_errors($link);
    // change the status
    if ($_POST['status'] != $link->status && ($_POST['status'] == 'autodiscard' || $current_user->admin || SitesMgr::is_owner()) && preg_match('/^[a-z]{4,}$/', $_POST['status']) && (!$link->is_discarded() || $current_user->admin || SitesMgr::is_owner())) {
        if (preg_match('/discard|abuse|duplicated|autodiscard/', $_POST['status'])) {
            // Insert a log entry if the link has been manually discarded
            $insert_discard_log = true;
        $link->status = $_POST['status'];
    if (!$errors) {
        if (empty($link->uri)) {
        // Check the blog_id
        $blog_id = Blog::find_blog($link->url, $link->id);
        if ($blog_id > 0 && $blog_id != $link->blog) {
            $link->blog = $blog_id;
        // Disabled table tags
        // tags_insert_string($link->id, $dblang, $link->tags, $link->date);
        // Insert edit log/event if the link it's newer than 15 days
        if ($globals['now'] - $link->date < 86400 * 15) {
            if ($insert_discard_log) {
                // Insert always a link and discard event if the status has been changed to discard
                Log::insert('link_discard', $link->id, $current_user->user_id);
                if ($link->author == $current_user->user_id) {
                    // Don't save edit log if it's discarded by an admin
                    Log::insert('link_edit', $link->id, $current_user->user_id);
            } elseif ($link->votes > 0) {
                Log::conditional_insert('link_edit', $link->id, $current_user->user_id, 60, serialize($link_old));
        // Check this one is a draft, allows the user to save and send it to the queue
        if ($link->votes == 0 && $link->status != 'queued' && $link->author == $current_user->user_id) {
    $link->permalink = $link->get_permalink();
    Haanga::Load('link/edit_result.html', compact('link', 'errors'));
Example #10
function do_submit2() {
	global $db, $dblang, $globals;

	$linkres=new Link;
	$linkres->id=$link_id = intval($_POST['id']);

	if(report_dupe($linkres->url)) return;


	// Check if the title contains [IMG], [IMGs], (IMG)... and mark it as image

	if (preg_match('/[\(\[](IMG|PICT*)s*[\)\]]/i', $_POST['title'])) {
		$_POST['title'] = preg_replace('/[\(\[](IMG|PICT*)s*[\)\]]/i', ' ', $_POST['title']);
		$linkres->content_type = 'image';
	} elseif (preg_match('/[\(\[](VID|VIDEO|Vídeo*)s*[\)\]]/i', $_POST['title'])) {
		$_POST['title'] = preg_replace('/[\(\[](VID|VIDEO|Vídeo*)s*[\)\]]/i', ' ', $_POST['title']);
		$linkres->content_type = 'video';

	$linkres->title = clean_text(preg_replace('/(\w) *[;.,] *$/', "$1", $_POST['title']), 40);  // It also deletes punctuaction signs at the end
	$linkres->tags = tags_normalize_string($_POST['tags']);
	$linkres->content = clean_text_with_tags($_POST['bodytext']);
  $d = $_POST["datepicker1"];
  $linkres->start_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);

  $d = $_POST["datepicker2"];
  $linkres->end_date = substr($d,3,2).'-'.substr($d, 0, 2).'-'.substr($d,6,4);

	if (link_errors($linkres)) {
		echo '<form class="genericform">'."\n";
		echo '<p><input class="button" type=button onclick="window.history.go(-1)" value="&#171; '._('retroceder').'"/></p>'."\n";
		echo '</form>'."\n";
		echo '</div>'."\n"; // opened in print_form_submit_error

	tags_insert_string($linkres->id, $dblang, $linkres->tags);
	$edit = true;
	$link_title = $linkres->title;
	$link_content = $linkres->content;
	echo '<div class="genericform">'."\n";
	echo '<h2>'._('envío de una nueva noticia: paso 3 de 3').'</h2>'."\n";

	echo '<form action="submit.php" method="post" class="genericform" onSubmit="$(\'#working\').html(\''._('enviando trackbacks').'...&nbsp;<img src=\\\'\'+img_src1+\'\\\'/>\'); return true;">'."\n";
	echo '<fieldset><legend><span class="sign">'._('detalles de la noticia').'</span></legend>'."\n";

	echo '<div class="genericformtxt"><label>'._('ATENCIÓN: esto es sólo una muestra!').'</label>&nbsp;&nbsp;<br/>'._('Ahora puedes 1) ').'<label>'._('retroceder').'</label>'._(' o 2)  ').'<label>'._('enviar a la cola y finalizar').'</label>. '._('Cualquier otro clic convertirá tu noticia en comida para <del>gatos</del> elefantes (o no).').'</div>';	

	echo '<div class="formnotice">'."\n";
	echo '</div>'."\n";

	echo '<input type="hidden" name="phase" value="3" />'."\n";
	echo '<input type="hidden" name="randkey" value="'.intval($_POST['randkey']).'" />'."\n";
	echo '<input type="hidden" name="key" value="'.$_POST['key'].'" />'."\n";
	echo '<input type="hidden" name="id" value="'.$linkres->id.'" />'."\n";
	echo '<input type="hidden" name="trackback" value="'.htmlspecialchars(trim($_POST['trackback'])).'" />'."\n";

	echo '<br style="clear: both;" /><br style="clear: both;" />'."\n";
	echo '<input class="button" type="button" onclick="window.history.go(-1)" value="&#171; '._('retroceder').'"/>&nbsp;&nbsp;'."\n";
	echo '<input class="button" type="submit" value="'._('enviar a la cola y finalizar').' &#187;" ';
	echo '/>&nbsp;&nbsp;&nbsp;<span id="working">&nbsp;</span>';
	echo '</fieldset>'."\n";
	echo '</form>'."\n";
	echo '</div>'."\n";
Example #11
function do_submit2()
    global $db, $main_smarty, $dblang, $the_template, $linkres, $current_user, $Story_Content_Tags_To_Allow;
    $main_smarty->assign('auto_vote', auto_vote);
    $main_smarty->assign('Submit_Show_URL_Input', Submit_Show_URL_Input);
    $main_smarty->assign('Submit_Require_A_URL', Submit_Require_A_URL);
    $main_smarty->assign('link_id', sanitize($_POST['id'], 3));
    define('pagename', 'submit');
    $main_smarty->assign('pagename', pagename);
    if ($current_user->authenticated != TRUE) {
        $vars = array('username' => $current_user->user_login);
        check_actions('register_check_errors', $vars);
    check_actions('submit2_check_errors', $vars);
    if ($vars['error'] == true) {
        // No action
    $linkres = new Link();
    $linkres->id = sanitize($_POST['id'], 3);
    if ($_SESSION['step'] != 1) {
        die('Wrong step');
    if (!is_numeric($linkres->id)) {
    if (!$linkres->verify_ownership($current_user->user_id)) {
    if ($linkres->votes($current_user->user_id) == 0 && auto_vote == true) {
        $linkres->insert_vote($current_user->user_id, '10');
    if (is_array($_POST['category'])) {
        $linkres->category = sanitize($_POST['category'][0], 3);
        $linkres->additional_cats = array_slice($_POST['category'], 1);
    } else {
        $linkres->category = sanitize($_POST['category'], 3);
    $thecat = get_cached_category_data('category_id', $linkres->category);
    $main_smarty->assign('request_category_name', $thecat->category_name);
    $linkres->title = stripslashes(sanitize($_POST['title'], 3));
    $linkres->title_url = makeUrlFriendly($linkres->title, $linkres->id);
    $linkres->tags = tags_normalize_string(stripslashes(sanitize($_POST['tags'], 3)));
    $linkres->content = close_tags(stripslashes(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow)));
    //$linkres->content = str_replace("\n", "<br />", $linkres->content);
    if (isset($_POST['link_field1'])) {
        $linkres->link_field1 = sanitize($_POST['link_field1'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field2'])) {
        $linkres->link_field2 = sanitize($_POST['link_field2'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field3'])) {
        $linkres->link_field3 = sanitize($_POST['link_field3'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field4'])) {
        $linkres->link_field4 = sanitize($_POST['link_field4'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field5'])) {
        $linkres->link_field5 = sanitize($_POST['link_field5'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field6'])) {
        $linkres->link_field6 = sanitize($_POST['link_field6'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field7'])) {
        $linkres->link_field7 = sanitize($_POST['link_field7'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field8'])) {
        $linkres->link_field8 = sanitize($_POST['link_field8'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field9'])) {
        $linkres->link_field9 = sanitize($_POST['link_field9'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field10'])) {
        $linkres->link_field10 = sanitize($_POST['link_field10'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field11'])) {
        $linkres->link_field11 = sanitize($_POST['link_field11'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field12'])) {
        $linkres->link_field12 = sanitize($_POST['link_field12'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field13'])) {
        $linkres->link_field13 = sanitize($_POST['link_field13'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field14'])) {
        $linkres->link_field14 = sanitize($_POST['link_field14'], 4, $Story_Content_Tags_To_Allow);
    if (isset($_POST['link_field15'])) {
        $linkres->link_field15 = sanitize($_POST['link_field15'], 4, $Story_Content_Tags_To_Allow);
    if (!isset($_POST['summarytext'])) {
        $linkres->link_summary = utf8_substr(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow), 0, StorySummary_ContentTruncate - 1);
        //$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
    } else {
        $linkres->link_summary = sanitize($_POST['summarytext'], 4, $Story_Content_Tags_To_Allow);
        //$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
        if (utf8_strlen($linkres->link_summary) > StorySummary_ContentTruncate) {
            loghack('SubmitAStory-SummaryGreaterThanLimit', 'username: '******'|email: ' . sanitize($_POST["email"], 3), true);
            $linkres->link_summary = utf8_substr($linkres->link_summary, 0, StorySummary_ContentTruncate - 1);
            //$linkres->link_summary = close_tags(str_replace("\n", "<br />", $linkres->link_summary));
    //get link_group_id
    if (isset($_REQUEST['link_group_id']) && $_REQUEST['link_group_id'] != '') {
        $linkres->link_group_id = intval($_REQUEST['link_group_id']);
    } else {
        $linkres->link_group_id = 0;
    if (link_errors($linkres)) {
    //comment subscription
    if (isset($_POST['comment_subscription'])) {
        $vars = array('link_id' => $linkres->id);
        check_actions('comment_subscription_insert_function', $vars);
    //comment subscription
    if (isset($_POST['timestamp_date_day'])) {
        //open date
        $timestamp_date_day = $_POST['timestamp_date_day'];
        $timestamp_date_month = $_POST['timestamp_date_month'];
        $timestamp_date_year = $_POST['timestamp_date_year'];
        if (!is_numeric($timestamp_date_day) || !is_numeric($timestamp_date_month) || !is_numeric($timestamp_date_year)) {
            $timestamp_date = date("m-d-Y");
        } else {
            $timestamp_date = $timestamp_date_month . "-" . $timestamp_date_day . "-" . $timestamp_date_year;
        $vars = array('link_id' => $linkres->id);
        $vars = array('timestamp_date' => $timestamp_date, 'link_id' => $linkres->id);
        check_actions('comment_subscription_insert_function', $vars);
    $vars = '';
    check_actions('submit_step_3_after_first_store', $vars);
    if ($vars['error'] == true && link_catcha_errors('captcha_error')) {
    $edit = true;
    $link_title = $linkres->title;
    $link_content = $linkres->content;
    $link_title = stripslashes(sanitize($_POST['title'], 3));
    $main_smarty->assign('the_story', $linkres->print_summary('full', true));
    $main_smarty->assign('tags', $linkres->tags);
    if (!empty($linkres->tags)) {
        $tags_words = str_replace(",", ", ", $linkres->tags);
        $tags_url = urlencode($linkres->tags);
        $main_smarty->assign('tags_words', $tags_words);
        $main_smarty->assign('tags_url', $tags_url);
    if (isset($url)) {
        $main_smarty->assign('submit_url', $url);
    } else {
        $main_smarty->assign('submit_url', '');
    $data = parse_url($linkres->url);
    $main_smarty->assign('url_short', $data['host']);
    $main_smarty->assign('submit_url_title', $linkres->url_title);
    $main_smarty->assign('submit_id', $linkres->id);
    $main_smarty->assign('submit_type', $linkres->type());
    $main_smarty->assign('submit_title', str_replace('"', "&#034;", $link_title));
    $main_smarty->assign('submit_content', $link_content);
    if (isset($trackback)) {
        $main_smarty->assign('submit_trackback', $trackback);
    } else {
        $main_smarty->assign('submit_trackback', '');
    $main_smarty->assign('tpl_extra_fields', $the_template . '/submit_extra_fields');
    $main_smarty->assign('tpl_center', $the_template . '/submit_step_3_center');
    $vars = '';
    check_actions('do_submit2', $vars);
    $_SESSION['step'] = 2;
    if (Submit_Complete_Step2) {
    } else {
        $main_smarty->display($the_template . '/pligg.tpl');
Example #12
             echo '<br /><p class="l-top"><span class="error">' . _(PLIGG_PassEmail_SendFail) . '</span></p>';
 if ($canIhaveAccess == 1) {
     $url = htmlspecialchars(strip_tags(trim($_POST['url'])));
     $linkres->url = $url;
 $linkres->category = $_POST['category'];
 if ($linkres->title != strip_tags(trim($_POST['title']))) {
     $linkres->title = strip_tags(trim($_POST['title']));
     $linkres->title_url = makeUrlFriendly($linkres->title);
 $linkres->content = strip_tags(trim($_POST['bodytext']), Story_Content_Tags_To_Allow);
 $linkres->tags = tags_normalize_string(strip_tags(trim($_POST['tags'])));
 if ($_POST['summarytext'] == "") {
     $linkres->link_summary = utf8_substr(strip_tags(trim($_POST['bodytext']), Story_Content_Tags_To_Allow), 0, StorySummary_ContentTruncate - 1);
     $linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
 } else {
     $linkres->link_summary = $db->escape($_POST['summarytext']);
     $linkres->link_summary = strip_tags(trim($linkres->link_summary), Story_Content_Tags_To_Allow);
     $linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
     if (strlen($linkres->link_summary) > StorySummary_ContentTruncate) {
         loghack('SubmitAStory-SummaryGreaterThanLimit', 'username: '******'|email: ' . $_POST["email"], true);
         $linkres->link_summary = utf8_substr($linkres->link_summary, 0, StorySummary_ContentTruncate - 1);
         $linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
 $linkres->link_field1 = trim($_POST['link_field1']);
 $linkres->link_field2 = trim($_POST['link_field2']);
Example #13
function do_submit2()
    global $db, $dblang, $globals, $errors;
    $link = new Link();
    $link->id = $link_id = intval($_POST['id']);
    if (report_duplicated($link->url)) {
        return true;
    // Check if the title contains [IMG], [IMGs], (IMG)... and mark it as image
    if (preg_match('/[\\(\\[](IMG|PICT*)s*[\\)\\]]/i', $_POST['title'])) {
        $_POST['title'] = preg_replace('/[\\(\\[](IMG|PICT*)s*[\\)\\]]/i', ' ', $_POST['title']);
        $link->content_type = 'image';
    } elseif (preg_match('/[\\(\\[](VID|VIDEO|Vídeo*)s*[\\)\\]]/i', $_POST['title'])) {
        $_POST['title'] = preg_replace('/[\\(\\[](VID|VIDEO|Vídeo*)s*[\\)\\]]/i', ' ', $_POST['title']);
        $link->content_type = 'video';
    $link->category = intval($_POST['category']);
    $link->title = clean_text(preg_replace('/(\\w) *[;.,] *$/', "\$1", $_POST['title']), 40);
    // It also deletes punctuaction signs at the end
    $link->tags = tags_normalize_string($_POST['tags']);
    $link->key = $_POST['key'];
    $link->content = clean_text_with_tags($_POST['bodytext']);
    if (link_errors($link)) {
        // Show the edit form again
        $link->is_new = true;
        // Disable several options in the editing form
        Haanga::Load('link/submit1.html', compact('link', 'errors'));
        return true;
    // Disabled table tags
    // tags_insert_string($link->id, $dblang, $link->tags);
    $link->randkey = $_POST['randkey'];
    $related = $link->get_related(6);
    Haanga::Load('link/submit2.html', compact('link', 'errors', 'related'));
    return true;
Example #14
function do_submit2()
    global $db, $dblang, $globals, $errors, $site_properties;
    $link = new Link();
    $link->id = $link_id = intval($_POST['id']);
    if (!empty($link->url) || empty($site_properties['no_link'])) {
        if (report_duplicated($link->url)) {
            return true;
        // Check if the title contains [IMG], [IMGs], (IMG)... and mark it as image
        if (preg_match('/[\\(\\[](IMG|PICT*)s*[\\)\\]]/i', $_POST['title'])) {
            $_POST['title'] = preg_replace('/[\\(\\[](IMG|PICT*)s*[\\)\\]]/i', ' ', $_POST['title']);
            $link->content_type = 'image';
        } elseif (preg_match('/[\\(\\[](VID|VIDEO|Vídeo*)s*[\\)\\]]/i', $_POST['title'])) {
            $_POST['title'] = preg_replace('/[\\(\\[](VID|VIDEO|Vídeo*)s*[\\)\\]]/i', ' ', $_POST['title']);
            $link->content_type = 'video';
    $link->sub_id = intval($_POST['sub_id']);
    $link->title = $_POST['title'];
    // It also deletes punctuaction signs at the end
    $link->tags = tags_normalize_string($_POST['tags']);
    $link->key = $_POST['key'];
    $link->site_properties = $site_properties;
    $link->content = $_POST['bodytext'];
    // Warn, has to call $link->check_field_errors later
    if (link_errors($link)) {
        // Show the edit form again
        $link->is_new = true;
        // Disable several options in the editing form
        $link->chars_left = $site_properties['intro_max_len'] - mb_strlen(html_entity_decode($link->content, ENT_COMPAT, 'UTF-8'), 'UTF-8');
        Haanga::Load('link/submit1.html', compact('link', 'errors'));
        return true;
    // Check image upload or delete
    if ($_POST['image_delete']) {
    } else {
    $link->randkey = $_POST['randkey'];
    $related = $link->get_related(6);
    Haanga::Load('link/submit2.html', compact('link', 'errors', 'related'));
    return true;
Example #15
 if ($canIhaveAccess == 1) {
     $url = htmlspecialchars(sanitize($_POST['url'], 3));
     $url = str_replace('&amp;', '&', $url);
     $linkres->url = $url;
 $vars = '';
 check_actions('edit_link_hook', $vars);
 $linkres->category = sanitize($_POST['category'], 3);
 if ($linkres->title != sanitize($_POST['title'], 3)) {
     $linkres->title = sanitize($_POST['title'], 3);
     $linkres->title_url = makeUrlFriendly($linkres->title);
 $linkres->content = sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow);
 $linkres->tags = tags_normalize_string(sanitize($_POST['tags'], 3));
 if (sanitize($_POST['summarytext'], 3) == "") {
     $linkres->link_summary = utf8_substr(sanitize($_POST['bodytext'], 4, $Story_Content_Tags_To_Allow), 0, StorySummary_ContentTruncate - 1);
     $linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
 } else {
     $linkres->link_summary = sanitize($_POST['summarytext'], 4, $Story_Content_Tags_To_Allow);
     $linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
     if (strlen($linkres->link_summary) > StorySummary_ContentTruncate) {
         loghack('SubmitAStory-SummaryGreaterThanLimit', 'username: '******'|email: ' . sanitize($_POST["email"], 3), true);
         $linkres->link_summary = utf8_substr($linkres->link_summary, 0, StorySummary_ContentTruncate - 1);
         $linkres->link_summary = str_replace("\n", "<br />", $linkres->link_summary);
 // Steef 2k7-07 security fix start ----------------------------------------------------------
 $linkres->link_field1 = sanitize($_POST['link_field1'], 4, $Story_Content_Tags_To_Allow);
 $linkres->link_field2 = sanitize($_POST['link_field2'], 4, $Story_Content_Tags_To_Allow);