/**
* Return HTMLPurifier instance
*
* @return HTMLPurifier Returns instance
*/
public static function getPurifier()
{
if (!BaseModel::$html_purifier) {
BaseModel::$html_purifier = new HTMLPurifier();
}
return BaseModel::$html_purifier;
}
/**
* Sets value of user preference. Returns false if preference or value is invalid.
*
* @access public
* @param string $ps_pref Name of user preference
* @param mixed $ps_val Value of preference
* @return bool True if preference was set; false if it could not be set.
*/
public function setPreference($ps_pref, $ps_val)
{
if ($this->isValidPreference($ps_pref)) {
if ($this->purify()) {
if (!BaseModel::$html_purifier) {
BaseModel::$html_purifier = new HTMLPurifier();
}
$ps_val = BaseModel::$html_purifier->purify($ps_val);
}
if ($this->isValidPreferenceValue($ps_pref, $ps_val, 1)) {
$va_prefs = $this->getVar("_user_preferences");
$va_prefs[$ps_pref] = $ps_val;
$this->setVar("_user_preferences", $va_prefs);
return true;
} else {
return false;
}
} else {
$this->postError(920, _t("%1 is not a valid user preference", $ps_pref), "User->getPreference()");
return false;
}
}
/**
* Edits an existing comment as specified by $pn_comment_id. Will only edit comments that are attached to the
* currently loaded row. If called with no row loaded editComment() will return null. If you attempt to modify
* a comment not associated with the currently loaded row editComment() will return false and post an error.
* Note that all parameters are mandatory in the sense that the value passed (or the default value if not passed)
* will be written into the comment. For example, if you don't bother passing $ps_name then it will be set to null, even
* if there's an existing name value in the field. The only exception is $pn_locale_id; if set to null or omitted then
* editComment() will attempt to use the locale value in the global $g_ui_locale_id variable. If this is not set then
* an error will be posted and editComment() will return false.
*
* @param $pn_comment_id [integer] a valid comment_id to be edited; must be related to the currently loaded row (mandatory)
* @param $ps_comment [string] the text of the comment (mandatory)
* @param $pn_rating [integer] a number between 1 and 5 indicating the user's rating of the row; higher is better (optional - default is null)
* @param $pn_user_id [integer] A valid ca_users.user_id indicating the user who posted the comment; is null for comments from non-logged-in users (optional - default is null)
* @param $pn_locale_id [integer] A valid ca_locales.locale_id indicating the language of the comment. If omitted or left null then the value in the global $g_ui_locale_id variable is used. If $g_ui_locale_id is not set and $pn_locale_id is not set then an error will occur (optional - default is to use $g_ui_locale_id)
* @param $ps_name [string] Name of user posting comment. Only needs to be set if $pn_user_id is *not* set; used to identify comments posted by non-logged-in users (optional - default is null)
* @param $ps_email [string] E-mail address of user posting comment. Only needs to be set if $pn_user_id is *not* set; used to identify comments posted by non-logged-in users (optional - default is null)
* @param $pn_access [integer] Determines public visibility of comments; if set to 0 then comment is not visible to public; if set to 1 comment is visible (optional - default is 0)
* @param $pn_moderator [integer] A valid ca_users.user_id value indicating who moderated the comment; if omitted or set to null then moderation status will not be set (optional - default is null)
* @param array $pa_options Array of options. Supported options are:
* purify = if true, comment, name and email are run through HTMLPurifier before being stored in the database. Default is true.
* media1_original_filename = original file name to set for comment "media1"
* media2_original_filename = original file name to set for comment "media2"
* media3_original_filename = original file name to set for comment "media3"
* media4_original_filename = original file name to set for comment "media4"
*/
public function editComment($pn_comment_id, $ps_comment, $pn_rating = null, $pn_user_id = null, $pn_locale_id = null, $ps_name = null, $ps_email = null, $pn_access = null, $pn_moderator = null, $pa_options = null, $ps_media1 = null, $ps_media2 = null, $ps_media3 = null, $ps_media4 = null)
{
global $g_ui_locale_id;
if (!($vn_row_id = $this->getPrimaryKey())) {
return null;
}
if (!$pn_locale_id) {
$pn_locale_id = $g_ui_locale_id;
}
$t_comment = new ca_item_comments($pn_comment_id);
if (!$t_comment->getPrimaryKey()) {
$this->postError(2800, _t('Comment id is invalid'), 'BaseModel->editComment()', 'ca_item_comments');
return false;
}
if ($t_comment->get('table_num') != $this->tableNum() || $t_comment->get('row_id') != $vn_row_id) {
$this->postError(2810, _t('Comment is not part of the current row'), 'BaseModel->editComment()', 'ca_item_comments');
return false;
}
if (!isset($pa_options['purify'])) {
$pa_options['purify'] = true;
}
$t_comment->purify($this->purify() || $pa_options['purify']);
if ((bool) $pa_options['purify']) {
if (!BaseModel::$html_purifier) {
BaseModel::$html_purifier = new HTMLPurifier();
}
$ps_comment = BaseModel::$html_purifier->purify($ps_comment);
$ps_name = BaseModel::$html_purifier->purify($ps_name);
$ps_email = BaseModel::$html_purifier->purify($ps_email);
}
$t_comment->setMode(ACCESS_WRITE);
$t_comment->set('comment', $ps_comment);
$t_comment->set('rating', $pn_rating);
$t_comment->set('user_id', $pn_user_id);
$t_comment->set('name', $ps_name);
$t_comment->set('email', $ps_email);
$t_comment->set('media1', $ps_media1, array('original_filename' => $pa_options['media1_original_filename']));
$t_comment->set('media2', $ps_media2, array('original_filename' => $pa_options['media2_original_filename']));
$t_comment->set('media3', $ps_media3, array('original_filename' => $pa_options['media3_original_filename']));
$t_comment->set('media4', $ps_media4, array('original_filename' => $pa_options['media4_original_filename']));
if (!is_null($pn_moderator)) {
$t_comment->set('moderated_by_user_id', $pn_moderator);
$t_comment->set('moderated_on', 'now');
}
if (!is_null($pn_locale_id)) {
$t_comment->set('locale_id', $pn_locale_id);
}
$t_comment->update();
if ($t_comment->numErrors()) {
$this->errors = $t_comment->errors;
return false;
}
return true;
}
/**
* Set field value(s) for the table row represented by this object
*
* @param string|array string $pa_fields representation of a field name
* or array of string representations of field names
* @param mixed $pm_value value to set the given field(s) to
* @param array $pa_options associative array of options
* possible options (keys):
* when dealing with date/time fields:
* - SET_DIRECT_DATE
* - SET_DIRECT_TIME
* - SET_DIRECT_TIMES
*
* for media/files fields:
* - original_filename : (note that it is lower case) optional parameter which enables you to pass the original filename of a file, in addition to the representation in the temporary, global _FILES array;
*
* for text fields:
* - purify : if set then text input is run through HTML Purifier before being set
*/
public function set($pa_fields, $pm_value = "", $pa_options = null)
{
$this->errors = array();
if (!is_array($pa_fields)) {
$pa_fields = array($pa_fields => $pm_value);
}
foreach ($pa_fields as $vs_field => $vm_value) {
if (array_key_exists($vs_field, $this->FIELDS)) {
$pa_fields_type = $this->getFieldInfo($vs_field, "FIELD_TYPE");
$pb_need_reload = false;
if (!$this->verifyFieldValue($vs_field, $vm_value, $pb_need_reload)) {
return false;
}
if ($pb_need_reload) {
return true;
}
// was set to default
if ($vs_field == $this->primaryKey()) {
$vm_value = preg_replace("/[\"']/", "", $vm_value);
}
// what markup is supported for text fields?
$vs_markup_type = $this->getFieldInfo($vs_field, "MARKUP_TYPE");
// if markup is non-HTML then strip out HTML special chars for safety
if (!($vs_markup_type == __CA_MT_HTML__)) {
$vm_value = htmlspecialchars($vm_value, ENT_QUOTES, 'UTF-8');
}
$vs_cur_value = isset($this->_FIELD_VALUES[$vs_field]) ? $this->_FIELD_VALUES[$vs_field] : null;
switch ($pa_fields_type) {
case FT_NUMBER:
if ($vs_cur_value != $vm_value) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
if ($vm_value !== "" || $this->getFieldInfo($vs_field, "IS_NULL") && $vm_value == "") {
if ($vm_value) {
if (($vs_list_code = $this->getFieldInfo($vs_field, "LIST_CODE")) && !is_numeric($vm_value)) {
// translate ca_list_item idno's into item_ids if necessary
if ($vn_id = ca_lists::getItemID($vs_list_code, $vm_value)) {
$vm_value = $vn_id;
}
} else {
$vm_orig_value = $vm_value;
$vm_value = preg_replace("/[^\\d-.]+/", "", $vm_value);
# strip non-numeric characters
if (!preg_match("/^[\\-]{0,1}[\\d.]+\$/", $vm_value)) {
$this->postError(1100, _t("'%1' for %2 is not numeric", $vm_orig_value, $vs_field), "BaseModel->set()");
return "";
}
}
}
$this->_FIELD_VALUES[$vs_field] = $vm_value;
}
break;
case FT_BIT:
if ($vs_cur_value != $vm_value) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_field] = $vm_value ? 1 : 0;
break;
case FT_DATETIME:
case FT_HISTORIC_DATETIME:
case FT_DATE:
case FT_HISTORIC_DATE:
if ($this->DIRECT_DATETIMES || $pa_options["SET_DIRECT_DATE"]) {
$this->_FIELD_VALUES[$vs_field] = $vm_value;
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
} else {
if (!$vm_value && $this->FIELDS[$vs_field]["IS_NULL"]) {
if ($vs_cur_value) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_field] = null;
} else {
$o_tep = new TimeExpressionParser();
if ($pa_fields_type == FT_DATE || $pa_fields_type == FT_HISTORIC_DATE) {
$va_timestamps = $o_tep->parseDate($vm_value);
} else {
$va_timestamps = $o_tep->parseDatetime($vm_value);
}
if (!$va_timestamps) {
$this->postError(1805, $o_tep->getParseErrorMessage(), 'BaseModel->set()');
return false;
}
if ($pa_fields_type == FT_HISTORIC_DATETIME || $pa_fields_type == FT_HISTORIC_DATE) {
if ($vs_cur_value != $va_timestamps["start"]) {
$this->_FIELD_VALUES[$vs_field] = $va_timestamps["start"];
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
} else {
$va_timestamps = $o_tep->getUnixTimestamps();
if ($va_timestamps[0] == -1) {
$this->postError(1830, $o_tep->getParseErrorMessage(), 'BaseModel->set()');
return false;
}
if ($vs_cur_value != $va_timestamps["start"]) {
$this->_FIELD_VALUES[$vs_field] = $va_timestamps["start"];
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
}
}
}
break;
case FT_TIME:
if ($this->DIRECT_TIMES || $pa_options["SET_DIRECT_TIME"]) {
$this->_FIELD_VALUES[$vs_field] = $vm_value;
} else {
if (!$vm_value && $this->FIELDS[$vs_field]["IS_NULL"]) {
if ($vs_cur_value) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_field] = null;
} else {
$o_tep = new TimeExpressionParser();
if (!$o_tep->parseTime($vm_value)) {
$this->postError(1805, $o_tep->getParseErrorMessage(), 'BaseModel->set()');
return false;
}
$va_times = $o_tep->getTimes();
if ($vs_cur_value != $va_times['start']) {
$this->_FIELD_VALUES[$vs_field] = $va_times['start'];
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
}
}
break;
case FT_TIMESTAMP:
# can't set timestamp
break;
case FT_DATERANGE:
case FT_HISTORIC_DATERANGE:
$vs_start_field_name = $this->getFieldInfo($vs_field, "START");
$vs_end_field_name = $this->getFieldInfo($vs_field, "END");
$vn_start_date = isset($this->_FIELD_VALUES[$vs_start_field_name]) ? $this->_FIELD_VALUES[$vs_start_field_name] : null;
$vn_end_date = isset($this->_FIELD_VALUES[$vs_end_field_name]) ? $this->_FIELD_VALUES[$vs_end_field_name] : null;
if ($this->DIRECT_DATETIMES || $pa_options["SET_DIRECT_DATE"]) {
if (is_array($vm_value) && sizeof($vm_value) == 2 && $vm_value[0] <= $vm_value[1]) {
if ($vn_start_date != $vm_value[0]) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
$this->_FIELD_VALUES[$vs_start_field_name] = $vm_value[0];
}
if ($vn_end_date != $vm_value[1]) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
$this->_FIELD_VALUES[$vs_end_field_name] = $vm_value[1];
}
} else {
$this->postError(1100, _t("Invalid direct date values"), "BaseModel->set()");
}
} else {
if (!$vm_value && $this->FIELDS[$vs_field]["IS_NULL"]) {
if ($vn_start_date || $vn_end_date) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_start_field_name] = null;
$this->_FIELD_VALUES[$vs_end_field_name] = null;
} else {
$o_tep = new TimeExpressionParser();
if (!$o_tep->parseDatetime($vm_value)) {
$this->postError(1805, $o_tep->getParseErrorMessage(), 'BaseModel->set()');
return false;
}
if ($pa_fields_type == FT_HISTORIC_DATERANGE) {
$va_timestamps = $o_tep->getHistoricTimestamps();
} else {
$va_timestamps = $o_tep->getUnixTimestamps();
if ($va_timestamps[0] == -1) {
$this->postError(1830, $o_tep->getParseErrorMessage(), 'BaseModel->set()');
return false;
}
}
if ($vn_start_date != $va_timestamps["start"]) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
$this->_FIELD_VALUES[$vs_start_field_name] = $va_timestamps["start"];
}
if ($vn_end_date != $va_timestamps["end"]) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
$this->_FIELD_VALUES[$vs_end_field_name] = $va_timestamps["end"];
}
}
}
break;
case FT_TIMERANGE:
$vs_start_field_name = $this->getFieldInfo($vs_field, "START");
$vs_end_field_name = $this->getFieldInfo($vs_field, "END");
if ($this->DIRECT_TIMES || $pa_options["SET_DIRECT_TIMES"]) {
if (is_array($vm_value) && sizeof($vm_value) == 2 && $vm_value[0] <= $vm_value[1]) {
if ($this->_FIELD_VALUES[$vs_start_field_name] != $vm_value[0]) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
$this->_FIELD_VALUES[$vs_start_field_name] = $vm_value[0];
}
if ($this->_FIELD_VALUES[$vs_end_field_name] != $vm_value[1]) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
$this->_FIELD_VALUES[$vs_end_field_name] = $vm_value[1];
}
} else {
$this->postError(1100, _t("Invalid direct time values"), "BaseModel->set()");
}
} else {
if (!$vm_value && $this->FIELDS[$vs_field]["IS_NULL"]) {
if ($this->_FIELD_VALUES[$vs_start_field_name] || $this->_FIELD_VALUES[$vs_end_field_name]) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_start_field_name] = null;
$this->_FIELD_VALUES[$vs_end_field_name] = null;
} else {
$o_tep = new TimeExpressionParser();
if (!$o_tep->parseTime($vm_value)) {
$this->postError(1805, $o_tep->getParseErrorMessage(), 'BaseModel->set()');
return false;
}
$va_timestamps = $o_tep->getTimes();
if ($this->_FIELD_VALUES[$vs_start_field_name] != $va_timestamps["start"]) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
$this->_FIELD_VALUES[$vs_start_field_name] = $va_timestamps["start"];
}
if ($this->_FIELD_VALUES[$vs_end_field_name] != $va_timestamps["end"]) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
$this->_FIELD_VALUES[$vs_end_field_name] = $va_timestamps["end"];
}
}
}
break;
case FT_TIMECODE:
$o_tp = new TimecodeParser();
if ($o_tp->parse($vm_value)) {
if ($o_tp->getParsedValueInSeconds() != $vs_cur_value) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
$this->_FIELD_VALUES[$vs_field] = $o_tp->getParsedValueInSeconds();
}
}
break;
case FT_TEXT:
$vm_value = (string) $vm_value;
if (is_string($vm_value)) {
$vm_value = stripSlashes($vm_value);
}
if (isset($pa_options['purify']) && $pa_options['purify'] || (bool) $this->opb_purify_input || $this->getFieldInfo($vs_field, "PURIFY") || (bool) $this->getAppConfig()->get('useHTMLPurifier')) {
if (!BaseModel::$html_purifier) {
BaseModel::$html_purifier = new HTMLPurifier();
}
$vm_value = BaseModel::$html_purifier->purify((string) $vm_value);
}
if ($this->getFieldInfo($vs_field, "DISPLAY_TYPE") == DT_LIST_MULTIPLE) {
if (is_array($vm_value)) {
if (!($vs_list_multiple_delimiter = $this->getFieldInfo($vs_field, 'LIST_MULTIPLE_DELIMITER'))) {
$vs_list_multiple_delimiter = ';';
}
$vs_string_value = join($vs_list_multiple_delimiter, $vm_value);
$vs_string_value = str_replace("", '', $vs_string_value);
if ($vs_cur_value !== $vs_string_value) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_field] = $vs_string_value;
}
} else {
$vm_value = str_replace("", '', $vm_value);
if ($this->getFieldInfo($vs_field, "ENTITY_ENCODE_INPUT")) {
$vs_value_entity_encoded = htmlentities(html_entity_decode($vm_value));
if ($vs_cur_value !== $vs_value_entity_encoded) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_field] = $vs_value_entity_encoded;
} else {
if ($this->getFieldInfo($vs_field, "URL_ENCODE_INPUT")) {
$vs_value_url_encoded = urlencode($vm_value);
if ($vs_cur_value !== $vs_value_url_encoded) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_field] = $vs_value_url_encoded;
} else {
if ($vs_cur_value !== $vm_value) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_field] = $vm_value;
}
}
}
break;
case FT_PASSWORD:
if (!$vm_value) {
// store blank passwords as blank, not MD5 of blank
$this->_FIELD_VALUES[$vs_field] = $vs_crypt_pw = "";
} else {
if ($this->_CONFIG->get("use_old_style_passwords")) {
$vs_crypt_pw = crypt($vm_value, substr($vm_value, 0, 2));
} else {
$vs_crypt_pw = md5($vm_value);
}
if ($vs_cur_value != $vm_value && $vs_cur_value != $vs_crypt_pw) {
$this->_FIELD_VALUES[$vs_field] = $vs_crypt_pw;
}
if ($vs_cur_value != $vs_crypt_pw) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
}
break;
case FT_VARS:
if (md5(print_r($vs_cur_value, true)) != md5(print_r($vm_value, true))) {
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
}
$this->_FIELD_VALUES[$vs_field] = $vm_value;
break;
case FT_MEDIA:
case FT_FILE:
$vb_allow_fetching_of_urls = (bool) $this->_CONFIG->get('allow_fetching_of_media_from_remote_urls');
# if there's a tmp_name is the global _FILES array
# then we'll process it in insert()/update()...
$this->_SET_FILES[$vs_field]['options'] = $pa_options;
if (caGetOSFamily() == OS_WIN32) {
// fix for paths using backslashes on Windows failing in processing
$vm_value = str_replace('\\', '/', $vm_value);
}
$va_matches = null;
if (is_string($vm_value) && (file_exists($vm_value) || $vb_allow_fetching_of_urls && isURL($vm_value))) {
$this->_SET_FILES[$vs_field]['original_filename'] = $pa_options["original_filename"];
$this->_SET_FILES[$vs_field]['tmp_name'] = $vm_value;
$this->_FIELD_VALUE_CHANGED[$vs_field] = true;
} else {
# only return error when file name is not 'none'
# 'none' is PHP's stupid way of telling you there
# isn't a file...
if ($vm_value != "none" && $vm_value) {
//$this->postError(1500,_t("%1 does not exist", $vm_value),"BaseModel->set()");
}
return false;
}
break;
default:
die("Invalid field type in BaseModel->set()");
break;
}
} else {
$this->postError(710, _t("'%1' does not exist in this object", $vs_field), "BaseModel->set()");
return false;
}
}
return true;
}
