function section_save() { global $txpcfg; $in = psa(array('name', 'title', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name')); extract(doSlash($in)); if (empty($title)) { $title = $name; } //Prevent non url chars on section names include_once $txpcfg['txpath'] . '/lib/classTextile.php'; $textile = new Textile(); $title = $textile->TextileThis($title, 1); $name = dumbDown($textile->TextileThis($name, 1)); $name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name)); if ($name == 'default') { safe_update("txp_section", "page='{$page}',css='{$css}'", "name='default'"); } else { if ($is_default) { // note this means 'selected by default' not 'default page' safe_update("txp_section", "is_default=0", "name!='{$old_name}'"); } safe_update("txp_section", "name = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = '{$is_default}',\n\t\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\t\tin_rss = '{$in_rss}',\n\t\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'"); safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'"); } sec_section_list(messenger('section', $name, 'updated')); }
function import_mt_item($item, $section, $status, $invite) { # Untested import code follows if (empty($item)) { return; } include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $title = $textile->TextileThis($item['TITLE'], 1); //nice non-english permlinks $url_title = stripSpace(dumbDown($title)); $body = $item['BODY'][0]['content'] . (isset($item['EXTENDED_BODY']) ? "\n<!--more-->\n" . $item['EXTENDED_BODY'][0]['content'] : ''); $body_html = $textile->textileThis($body); $excerpt = @$item['EXCERPT'][0]['content']; $excerpt_html = $textile->textileThis($excerpt); $date = strtotime($item['DATE']); $date = date('Y-m-d H:i:s', $date); if (isset($item['STATUS'])) { $post_status = $item['STATUS'] == 'Draft' ? 1 : 4; } else { $post_status = $status; } $category1 = @$item['PRIMARY CATEGORY']; if ($category1 and !safe_field("name", "txp_category", "name = '{$category1}'")) { safe_insert('txp_category', "name='" . doSlash($category1) . "', type='article', parent='root'"); } $keywords = @$item['KEYWORDS'][0]['content']; $authorid = safe_field('user_id', 'txp_users', "name = '" . doSlash($item['AUTHOR']) . "'"); if (!$authorid) { // $authorid = safe_field('user_id', 'txp_users', 'order by user_id asc limit 1'); //Add new authors safe_insert('txp_users', "name='" . doSlash($item['AUTHOR']) . "'"); } if (!safe_field("ID", "textpattern", "Title = '" . doSlash($title) . "' AND Posted = '" . doSlash($date) . "'")) { safe_insert('textpattern', "Posted='" . doSlash($date) . "'," . "LastMod='" . doSlash($date) . "'," . "AuthorID='" . doSlash($item['AUTHOR']) . "'," . "LastModID='" . doSlash($item['AUTHOR']) . "'," . "Title='" . doSlash($title) . "'," . "Body='" . doSlash($body) . "'," . "Body_html='" . doSlash($body_html) . "'," . "Excerpt='" . doSlash($excerpt) . "'," . "Excerpt_html='" . doSlash($excerpt_html) . "'," . "Category1='" . doSlash($category1) . "'," . "AnnotateInvite='" . doSlash($invite) . "'," . "Status='" . doSlash($post_status) . "'," . "Section='" . doSlash($section) . "'," . "Keywords='" . doSlash($keywords) . "'," . "uid='" . md5(uniqid(rand(), true)) . "'," . "feed_time='" . substr($date, 0, 10) . "'," . "url_title='" . doSlash($url_title) . "'"); $parentid = mysql_insert_id(); if (!empty($item['COMMENT'])) { foreach ($item['COMMENT'] as $comment) { $comment_date = date('Y-m-d H:i:s', strtotime(@$comment['DATE'])); $comment_content = $textile->TextileThis(nl2br(@$comment['content']), 1); if (!safe_field("discussid", "txp_discuss", "posted = '" . doSlash($comment_date) . "' AND message = '" . doSlash($comment_content) . "'")) { safe_insert('txp_discuss', "parentid='" . doSlash($parentid) . "'," . "name='" . doSlash(@$comment['AUTHOR']) . "'," . "email='" . doSlash(@$comment['EMAIL']) . "'," . "web='" . doSlash(@$comment['URL']) . "'," . "ip='" . doSlash(@$comment['IP']) . "'," . "posted='" . doSlash($comment_date) . "'," . "message='" . doSlash($comment_content) . "'," . "visible='1'"); } } } return $title; } return $title . ' already imported'; }
function section_update($id, $atts) { $old = safe_row('*', 'txp_section', "id='" . doSlash($id) . "'"); if (!$old) { return false; } $rec = array_merge($old, $atts); $default = section_default(); if (empty($rec['parent'])) { $rec['parent'] = $default['id']; } if (empty($rec['name'])) { $rec['name'] = dumbDown($rec['title']); } $res = safe_update_rec('txp_section', $rec, "id='" . doSlash($id) . "'"); if ($res) { section_resolve_inheritance($id); } return $res; }
function sanitizeForUrl($text) { // any overrides? $out = callback_event('sanitize_for_url', '', 0, $text); if ($out !== '') { return $out; } $in = $text; // Remove names entities and tags $text = preg_replace("/(^|&\\S+;)|(<[^>]*>)/U", "", dumbDown($text)); // Dashify high-order chars leftover from dumbDown() $text = preg_replace("/[€-ÿ]/", "-", $text); // Collapse spaces, minuses, (back-)slashes and non-words $text = preg_replace('/[\\s\\-\\/\\\\]+/', '-', trim(preg_replace('/[^\\w\\s\\-\\/\\\\]/', '', $text))); // Remove all non-whitelisted characters $text = preg_replace("/[^A-Za-z0-9\\-_]/", "", $text); // Sanitizing shouldn't leave us with plain nothing to show. // Fall back on percent-encoded URLs as a last resort for RFC 1738 conformance. if (empty($text) || $text == '-') { $text = rawurlencode($in); } return $text; }
function sanitizeForUrl($text) { // any overrides? $out = callback_event('sanitize_for_url', '', 0, $text); if ($out !== '') { return $out; } // Remove names entities and tags $text = preg_replace("/(^|&\\S+;)|(<[^>]*>)/U", "", dumbDown($text)); // Dashify high-order chars leftover from dumbDown() $text = preg_replace("/[€-ÿ]/", "-", $text); // Collapse spaces, minuses, (back-)slashes and non-words $text = preg_replace('/[\\s\\-\\/\\\\]+/', '-', trim(preg_replace('/[^\\w\\s\\-\\/\\\\]/', '', $text))); // Remove all non-whitelisted characters $text = preg_replace("/[^A-Za-z0-9\\-_]/", "", $text); return $text; }
function stripSpace($text, $force = 0) { global $prefs; if ($force or !empty($prefs['attach_titles_to_permalinks'])) { $text = dumbDown($text); $text = preg_replace("/(^|&\\S+;)|(<[^>]*>)/U", "", $text); if ($prefs['permalink_title_format']) { $text = strtolower(preg_replace('/[\\s\\-]+/', '-', trim(preg_replace('/[^\\w\\s\\-]/', '', $text)))); return preg_replace("/[^A-Za-z0-9\\-]/", "", $text); } else { return preg_replace("/[^A-Za-z0-9]/", "", $text); } } }
function sanitizeForUrl($text) { // Remove names entities and tags $text = preg_replace("/(^|&\\S+;)|(<[^>]*>)/U", "", dumbDown($text)); // Collapse spaces, minuses and non-words $text = preg_replace('/[\\s\\-]+/', '-', trim(preg_replace('/[^\\w\\s\\-]/', '', $text))); // Remove all non-whitelisted characters $text = preg_replace("/[^A-Za-z0-9\\-_]/", "", $text); return $text; }
function import_blogger_item($item, $section, $status, $invite) { # Untested import code follows if (empty($item)) { return; } include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $title = $textile->TextileThis($item['TITLE'], 1); $url_title = stripSpace(dumbDown($title)); $body = $item['BODY'][0]['content']; $body_html = $textile->textileThis($body, 1); $date = strtotime($item['DATE']); $date = date('Y-m-d H:i:s', $date); if (isset($item['STATUS'])) { $post_status = $item['STATUS'] == 'Draft' ? 1 : 4; } else { $post_status = $status; } //Bogger can use special chars on author names. Strip them and check for realname $authorid = safe_field('user_id', 'txp_users', "RealName = '" . doSlash($item['AUTHOR']) . "'"); if (!$authorid) { // $authorid = safe_field('user_id', 'txp_users', 'order by user_id asc limit 1'); //Add new authors safe_insert('txp_users', "name='" . doSlash(stripSpace(dumbDown($textile->TextileThis($item['AUTHOR'], 1)))) . "', RealName='" . doSlash($item['AUTHOR']) . "'"); } if (!safe_field("ID", "textpattern", "Title = '" . doSlash($title) . "' AND Posted = '" . doSlash($date) . "'")) { safe_insert('textpattern', "Posted='" . doSlash($date) . "'," . "LastMod='" . doSlash($date) . "'," . "AuthorID='" . doSlash($item['AUTHOR']) . "'," . "LastModID='" . doSlash($item['AUTHOR']) . "'," . "Title='" . doSlash($title) . "'," . "Body='" . doSlash($body) . "'," . "Body_html='" . doSlash($body_html) . "'," . "AnnotateInvite='" . doSlash($invite) . "'," . "Status='" . doSlash($post_status) . "'," . "Section='" . doSlash($section) . "'," . "uid='" . md5(uniqid(rand(), true)) . "'," . "feed_time='" . substr($date, 0, 10) . "'," . "url_title='" . doSlash($url_title) . "'"); $parentid = mysql_insert_id(); if (!empty($item['COMMENT'])) { foreach ($item['COMMENT'] as $comment) { $comment_date = date('Y-m-d H:i:s', strtotime(@$comment['DATE'])); $comment_content = $textile->TextileThis(nl2br(@$comment['content']), 1); //Check for Comments authors if (preg_match('/<a href="(.*)">(.*)<\\/a>/', @$comment['AUTHOR'], $match)) { @($comment['URL'] = $match[1]); @($comment['AUTHOR'] = $match[2]); } if (!safe_field("discussid", "txp_discuss", "posted = '" . doSlash($comment_date) . "' AND message = '" . doSlash($comment_content) . "'")) { safe_insert('txp_discuss', "parentid='" . doSlash($parentid) . "'," . "name='" . doSlash(strip_tags(@$comment['AUTHOR'])) . "'," . "web='" . doSlash(@$comment['URL']) . "'," . "posted='" . doSlash($comment_date) . "'," . "message='" . doSlash($comment_content) . "'," . "visible='1'"); } } } return $title; } return $title . ' already imported'; }
function cat_vendor_category_create($name) { global $txpcfg; //Prevent non url chars on category names include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); //$name = ps('name'); $title = doSlash($name); $name = dumbDown($textile->TextileThis(trim(doSlash($name)), 1)); $name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name)); $check = safe_field("name", "txp_category", "name='{$name}' and type='article'"); if (!$check) { if ($name) { $q = safe_insert("txp_category", "name='{$name}', title='{$title}', type='article', parent='Vendors'"); //rebuild_tree('Vendor', 2, "article"); rebuild_tree('root', 1, "article"); } } }
function event_category_save($evname, $table_name) { global $txpcfg; //Prevent non url chars on category names include_once $txpcfg['txpath'] . '/lib/classTextile.php'; $textile = new Textile(); $in = psa(array('id', 'name', 'old_name', 'parent', 'title')); extract(doSlash($in)); $title = $textile->TextileThis($title, 1); $name = dumbDown($textile->TextileThis($name, 1)); $name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name)); $parent = $parent ? $parent : 'root'; safe_update("txp_category", "name='{$name}',parent='{$parent}',title='{$title}'", "id={$id}"); rebuild_tree('root', 1, $evname); if ($evname == 'article') { safe_update("textpattern", "Category1='{$name}'", "Category1 = '{$old_name}'"); safe_update("textpattern", "Category2='{$name}'", "Category2 = '{$old_name}'"); } else { safe_update($table_name, "category='{$name}'", "category='{$old_name}'"); } category_list(messenger($evname . '_category', stripslashes($name), 'saved')); }
function encode_url($text) { return urlencode(trim(dumbDown(urldecode($text)))); }
/** * Sanitises a string for use in a URL. * * Be aware that you still have to urlencode the string when appropriate. * This function just makes the string look prettier and excludes some * unwanted characters, but leaves UTF-8 letters and digits intact. * * @param string $text The string * @return string * @package URL */ function sanitizeForUrl($text) { $out = callback_event('sanitize_for_url', '', 0, $text); if ($out !== '') { return $out; } $in = $text; // Remove names entities and tags. $text = preg_replace("/(^|&\\S+;)|(<[^>]*>)/U", "", dumbDown($text)); // Remove all characters except letter, number, dash, space and backslash $text = preg_replace('/[^\\p{L}\\p{N}\\-_\\s\\/\\\\]/u', '', $text); // Collapse spaces, minuses, (back-)slashes. $text = trim(preg_replace('/[\\s\\-\\/\\\\]+/', '-', $text), '-'); return $text; }
function product_import() { global $txp_user, $textile; define("TEMP_IMPATH", '../images/_import/'); if (isset($_FILES["thefile"])) { $thefile = $_FILES["thefile"]["tmp_name"]; move_uploaded_file($thefile, "../files/import.csv"); chmod("../files/import.csv", 0666); $data = parse_csv("../files/import.csv", true); foreach ($data as $row) { $title = implode(",", $row); $title = explode(",", $title); $title = $title[0]; extract($row); if ($row['STATUS'] == 'Live') { $status = 4; } else { if ($row['STATUS'] == 'Hidden') { $status = 2; } else { $status = 3; } } if (!empty($row['VENDOR'])) { include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $vendor = dumbDown($textile->TextileThis(trim(doSlash($row['VENDOR'])), 1)); $vendor = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $row['VENDOR'])); } if (!empty($CATEGORY_1)) { $CATEGORY_1 = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $CATEGORY_1)); } if (!empty($CATEGORY_2)) { $CATEGORY_2 = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $CATEGORY_2)); } safe_insert("textpattern", "Title = '{$title}',\r\n\t\t\t\t\tBody = '{$DESCRIPTION}',\r\n\t\t\t\t\tStatus = {$status},\r\n\t\t\t\t\tPosted = now(),\r\n\t\t\t\t\tLastMod = now(),\r\n\t\t\t\t\tAuthorID = '{$txp_user}',\r\n\t\t\t\t\tSection = 'store',\r\n\t\t\t\t\tCategory1 = '{$CATEGORY_1}',\r\n\t\t\t\t\tCategory2 = '{$CATEGORY_2}',\r\n\t\t\t\t\tcustom_1 = '{$PRICE}',\r\n\t\t\t\t\tcustom_2 = '{$WEIGHT}',\r\n\t\t\t\t\tcustom_3 = '{$SKU}',\r\n\t\t\t\t\tcustom_4 = '{$ITEMS_IN_STOCK}',\r\n\t\t\t\t\tcustom_5 = '{$vendor}',\r\n\t\t\t\t\tuid\t\t\t\t= '" . md5(uniqid(rand(), true)) . "',\r\n\t\t\t\t\tfeed_time\t\t= now()"); //echo mysql_error(); $ID = mysql_insert_id(); //echo $ID; print_r($product); die(); if (!empty($row['PRODUCT_IMAGE_1'])) { $img = TEMP_IMPATH . $row['PRODUCT_IMAGE_1']; upload_image($img, '1', $ID); } if (!empty($row['PRODUCT_IMAGE_2'])) { $img = TEMP_IMPATH . $row['PRODUCT_IMAGE_2']; upload_image($img, '2', $ID); } if (!empty($row['PRODUCT_IMAGE_3'])) { $img = TEMP_IMPATH . $row['PRODUCT_IMAGE_3']; upload_image($img, '3', $ID); } if (!empty($row['PRODUCT_IMAGE_4'])) { $img = TEMP_IMPATH . $row['PRODUCT_IMAGE_4']; upload_image($img, '4', $ID); } $customFields = ''; if (!empty($row['CUSTOM_FIELD_LABEL_1'])) { $field = array('label' => $row['CUSTOM_FIELD_LABEL_1'], 'value' => $row['CUSTOM_FIELD_VALUE_1']); $customFields[] = $field; } if (!empty($row['CUSTOM_FIELD_LABEL_2'])) { $field = array('label' => $row['CUSTOM_FIELD_LABEL_2'], 'value' => $row['CUSTOM_FIELD_VALUE_2']); $customFields[] = $field; } if (!empty($row['CUSTOM_FIELD_LABEL_3'])) { $field = array('label' => $row['CUSTOM_FIELD_LABEL_3'], 'value' => $row['CUSTOM_FIELD_VALUE_3']); $customFields[] = $field; } if (!empty($row['CUSTOM_FIELD_LABEL_4'])) { $field = array('label' => $row['CUSTOM_FIELD_LABEL_4'], 'value' => $row['CUSTOM_FIELD_VALUE_4']); $customFields[] = $field; } if (count($customFields) > 0) { save_custom_fields($customFields, $ID); } } products_list('', '', "Products Imported"); } else { products_list('', '', 'Error: Couldn\'t Find Uploaded File!'); } }
function insert_post() { global $txpcfg; $name = doSlash(ps('name')); // prevent non url chars on section names include_once txpath . '/lib/classTextile.php'; $textile = new Textile(); $title = $textile->TextileThis($name, 1); $name = dumbDown($textile->TextileThis(trim(doSlash($name)), 1)); $name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name)); // prevent duplicate section names // @todo: lose this for nested sections when parents differ $chk = fetch('name', 'txp_section', 'name', $name); if (!$chk) { if ($name) { $rs = safe_insert("txp_section", "name = '{$name}',\n\t\t\t\t\ttitle = '{$title}',\n\t\t\t\t\tpage = 'default',\n\t\t\t\t\tcss = 'default',\n\t\t\t\t\tis_default = 0,\n\t\t\t\t\tin_rss = 1,\n\t\t\t\t\ton_frontpage = 1"); if ($rs) { $message = gTxt('section_created', array('{name}' => $name)); $this->_message($message); $this->_set_view('list'); } else { $message = gTxt('section_not_created', array('{name}' => $name)); $this->_error($message); $this->_set_view('list'); // @todo: stay in detail view } } else { $this->_set_view('list'); } } else { $message = gTxt('section_name_already_exists', array('{name}' => $name)); $this->_error($message); $this->_set_view('list'); } }