$iloc = exponent_core_makeLocation($loc->mod, $loc->src, $resource->id); if (exponent_permissions_check('edit', $loc) || exponent_permissions_check('edit', $iloc)) { $directory = 'files/resourcesmodule/' . $loc->src; $file = file::update('file', $directory, null, time() . '_' . $_FILES['file']['name']); if (is_object($file)) { $id = $db->insertObject($file, 'file'); $resource->file_id = $id; $resource->editor = $user->id; $resource->edited = time(); if (isset($_POST['checkin']) && ($user->is_acting_admin == 1 || $user->id == $resource->flock_owner)) { $resource->flock_owner = 0; } if (!defined('SYS_WORKFLOW')) { include_once BASE . 'subsystems/workflow.php'; } exponent_workflow_post($resource, 'resourceitem', $loc); unset($_SESSION['resource_cache']); } else { // If file::update() returns a non-object, it should be a string. That string is the error message. $post = $_POST; $post['_formError'] = $file; exponent_sessions_set('last_POST', $post); unset($_SESSION['resource_cache']); header('Location: ' . $_SERVER['HTTP_REFERER']); } } else { echo SITE_403_HTML; } } else { echo SITE_404_HTML; }
# # This file is part of Exponent # # Exponent is free software; you can redistribute # it and/or modify it under the terms of the GNU # General Public License as published by the Free # Software Foundation; either version 2 of the # License, or (at your option) any later version. # # GPL: http://www.gnu.org/licenses/gpl.txt # ################################################## if (!defined('EXPONENT')) { exit(''); } if (isset($_POST['id'])) { $textitem = $db->selectObject('textitem', 'id=' . intval($_POST['id'])); if ($textitem) { $loc = unserialize($textitem->location_data); } } if (exponent_permissions_check('edit', $loc)) { $textitem = textitem::update($_POST, $textitem); $textitem->location_data = serialize($loc); if (!defined('SYS_WORKFLOW')) { include_once BASE . 'subsystems/workflow.php'; } exponent_workflow_post($textitem, 'textitem', $loc); } else { echo SITE_403_HTML; }
if (isset($_POST['id'])) { $news = $db->selectObject("newsitem", "id=" . intval($_POST['id'])); if ($news != null) { $loc = unserialize($news->location_data); $iloc = exponent_core_makeLocation($loc->mod, $loc->src, $news->id); } $news->editor = $user->id; $news->edited = time(); } else { $news->posted = time(); $news->poster = $user ? $user->id : 0; } if (isset($news->id) && exponent_permissions_check("edit_item", $loc) || !isset($news->id) && exponent_permissions_check("add_item", $loc) || $iloc != null && exponent_permissions_check("edit_item", $iloc)) { $news = newsitem::update($_POST, $news); //not sure why this is here - added by James? /*if (!isset($news->id) && $db->countObjects('newsitem',"internal_name='".$news->internal_name."'")) { unset($_POST['internal_name']); $_POST['_formError'] = 'That Internal Name is already taken'; exponent_sessions_set('last_POST',$_POST); header('Location: ' . $_SERVER['HTTP_REFERER']); exit(''); } */ $news->location_data = serialize($loc); if (!defined("SYS_WORKFLOW")) { require_once BASE . "subsystems/workflow.php"; } exponent_workflow_post($news, "newsitem", $loc); } else { echo SITE_403_HTML; }