/** * Save topic to the database * * @param string $tid Topic ID * @param string $topic Name of topic (what the user sees) * @param int $inherit whether to inherit * @param int $hidden whether to hide * @param string $parent_id Parent ID * @param string $imageUrl (partial) URL to topic image * @param string $meta_description Topic meta description * @param string $meta_keywords Topic meta keywords * @param int $sortNum number for sort order in "Topics" block * @param int $limitNews number of stories per page for this topic * @param int $owner_id ID of owner * @param int $group_id ID of group topic belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @param string $is_default 'on' if this is the default topic * @param string $is_archive 'on' if this is the archive topic * @return string HTML redirect or error message */ function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive) { global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $tid = COM_sanitizeID($tid); // Check if tid is a restricted name $restricted_tid = false; if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) { $restricted_tid = true; } // Check if tid is used by another topic $duplicate_tid = false; $old_tid = ''; if (isset($_POST['old_tid'])) { $old_tid = COM_applyFilter($_POST['old_tid']); if (!empty($old_tid)) { $old_tid = COM_sanitizeID($old_tid); // See if new topic id if (strcasecmp($tid, $old_tid)) { if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) { $duplicate_tid = true; } } } else { if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) { $duplicate_tid = true; } } } // Make sure parent id exists $parent_id_found = false; if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) { $parent_id_found = true; } // Check if parent archive topic, if so bail $archive_parent = false; $archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1'); if ($parent_id == $archive_tid) { $archive_parent = true; } // If archive topic, make sure no child topics else bail $archive_child = false; $is_archive = $is_archive == 'on' ? 1 : 0; if ($is_archive) { if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) { $archive_child = true; } } if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}."); } else { // Now check access to parent topic if ($parent_id != TOPIC_ROOT) { if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } $in_Group = SEC_inGroup($A['group_id']); } else { $access = 3; $in_Group = true; } if ($access < 3 || !$in_Group) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}."); } elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) { if ($imageUrl === '/images/topics/') { $imageUrl = ''; } $topic = GLText::remove4byteUtf8Chars(strip_tags($topic)); $topic = DB_escapeString($topic); $meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description)); $meta_description = DB_escapeString($meta_description); $meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords)); $meta_keywords = DB_escapeString($meta_keywords); if ($is_default == 'on') { $is_default = 1; DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1"); } else { $is_default = 0; } if ($is_archive) { // $tid is the archive topic // - if it wasn't already, mark all its stories "archived" now if ($archive_tid != $tid) { $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid"; DB_query($sql); $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"; DB_query($sql); } // Set hidden and inherit to false since archive topic now $inherit = ''; $hidden = ''; } else { // $tid is not the archive topic // - if it was until now, reset the "archived" status of its stories if ($archive_tid == $tid) { $sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.statuscode = 0\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid"; DB_query($sql); $sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"; DB_query($sql); } } $inherit = $inherit == 'on' ? 1 : 0; $hidden = $hidden == 'on' ? 1 : 0; // Cannot hide root topics so switch if needed if ($parent_id == TOPIC_ROOT && $hidden == 1) { $hidden = 0; } // If not a new topic and id change then... if (!empty($old_tid)) { if ($tid != $old_tid) { changetopicid($tid, $old_tid); $old_tid = DB_escapeString($old_tid); DB_delete($_TABLES['topics'], 'tid', $old_tid); } } DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if ($old_tid != $tid) { PLG_itemSaved($tid, 'topic', $old_tid); } else { PLG_itemSaved($tid, 'topic'); } // Reorder Topics, Delete topic cache and reload topic tree reorderTopics(); // update feed(s) COM_rdfUpToDateCheck('article', $tid); COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13'); } elseif ($restricted_tid) { $retval .= COM_errorLog($LANG27[31], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } elseif ($duplicate_tid) { $retval .= COM_errorLog($LANG27[49], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } elseif ($archive_parent) { $retval .= COM_errorLog($LANG27[46], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } elseif ($archive_child) { $retval .= COM_errorLog($LANG27[47], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } elseif (!$parent_id_found) { $retval .= COM_errorLog($LANG27[48], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } else { $retval .= COM_errorLog($LANG27[7], 2); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1])); } } return $retval; }
/** * Save topic to the database * * @param string $tid Topic ID * @param string $topic Name of topic (what the user sees) * @param string $imageurl (partial) URL to topic image * @param string $meta_description Topic meta description * @param string $meta_keywords Topic meta keywords * @param int $sortnum number for sort order in "Topics" block * @param int $limitnews number of stories per page for this topic * @param int $owner_id ID of owner * @param int $group_id ID of group topic belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_member Permissions members have * @param int $perm_anon Permissions anonymous users have * @param string $is_default 'on' if this is the default topic * @param string $is_archive 'on' if this is the archive topic * @return string HTML redirect or error message */ function savetopic($tid, $topic, $imageurl, $meta_description, $meta_keywords, $sortnum, $limitnews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive) { global $_CONF, $_TABLES, $LANG27, $MESSAGE; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $tid = COM_sanitizeID($tid); $access = 0; if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}."); } elseif (!empty($tid) && !empty($topic)) { if ($imageurl == '/images/topics/') { $imageurl = ''; } $topic = addslashes($topic); $meta_description = addslashes(strip_tags($meta_description)); $meta_keywords = addslashes(strip_tags($meta_keywords)); if ($is_default == 'on') { $is_default = 1; DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1"); } else { $is_default = 0; } $is_archive = $is_archive == 'on' ? 1 : 0; $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1"); if ($is_archive) { // $tid is the archive topic // - if it wasn't already, mark all its stories "archived" now if ($archivetid != $tid) { DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'"); DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"); } } else { // $tid is not the archive topic // - if it was until now, reset the "archived" status of its stories if ($archivetid == $tid) { DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'"); DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1"); } } if (isset($_POST['old_tid'])) { $old_tid = COM_applyFilter($_POST['old_tid']); if (!empty($old_tid)) { $old_tid = COM_sanitizeID($old_tid); changetopicid($tid, $old_tid); $old_tid = addslashes($old_tid); DB_delete($_TABLES['topics'], 'tid', $old_tid); } } DB_save($_TABLES['topics'], 'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}', '{$meta_description}', '{$meta_keywords}','{$sortnum}','{$limitnews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if ($old_tid != $tid) { PLG_itemSaved($tid, 'topic', $old_tid); } else { PLG_itemSaved($tid, 'topic'); } // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article', $tid); COM_olderStuff(); $retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=13'); } else { $retval .= COM_siteHeader('menu', $LANG27[1]); $retval .= COM_errorLog($LANG27[7], 2); $retval .= COM_siteFooter(); } return $retval; }