function edit($timestamp, $user)
 {
     # Remove unwanted stuff!
     $_POST[article][content] = html2specialchars(sanitize_variables($_POST[article][content]));
     $_POST[article][title] = sanitize_variables($_POST[article][title]);
     $_POST[article][category] = sanitize_variables($_POST[article][category]);
     $_POST[article][views] = sanitize_variables($_POST[article][views]);
     $savecats = implode(", ", $_POST[article][category]);
     # Put the posted and santitized stuff into an array for saving
     $data = array("date" => stripslashes($_POST[article][date]), "content" => stripslashes($_POST[article][content]), "title" => stripslashes($_POST[article][title]), "author" => "", "lastedit" => stripslashes($user), "category" => stripslashes($savecats), "views" => stripslashes($_POST[article][views]));
     if (defined("KNIFESQL")) {
         $db = KArticles::connect();
         $oldarticle = KArticles::getarticle($timestamp);
         $data[author] = $oldarticle[author];
         foreach ($data as $key => $value) {
             $value = addslashes($value);
             $data[$key] = $value;
         }
         $sql = "UPDATE articles SET category='{$data['category']}', author='{$data['author']}', lastedit='{$data['lastedit']}', title='{$data['title']}', content='{$data['content']}', views='{$data['views']}' WHERE articleid = '{$timestamp}'";
         $result = mysql_query($sql) or die('Edit Query failed: ' . mysql_error());
         return "Article successfully edited!<br /><a href=\"javascript:history.go(-1);\">Go back</a>";
     } else {
         $dataclass = KArticles::connect();
         if ($article = KArticles::getarticle($timestamp)) {
             $data[author] = $article[author];
             $dataclass->settings['articles'][$timestamp] = $data;
             $dataclass->save();
             return "Article successfully edited!<br /><a href=\"javascript:history.go(-1);\">Go back</a>";
         } else {
             return "Invalid article.";
         }
     }
 }
Exemple #2
0
 public static function fromXMLattributes(&$attributes)
 {
     $instance = new Self();
     $instance->source = Source::fromXMLattributes($attributes);
     $instance->position = $attributes['POSITION'];
     if ($attributes['SHOWNITEMS'] != '' && is_numeric($attributes['SHOWNITEMS'])) {
         $instance->shownItems = $attributes['SHOWNITEMS'];
     }
     if ($attributes['TAGS'] != '') {
         $instance->tags = array_unique(explode(',', html2specialchars($attributes['TAGS'])));
         //print_r($this->tags);
     }
     $instance->isActive = $attributes['ISSUBSCRIBED'] == 'yes';
     return $instance;
 }
Exemple #3
0
 public static function fromXMLattributes(&$attributes)
 {
     $instance = new Self();
     if ($attributes['TITLE'] != '') {
         $instance->title = html2specialchars($attributes['TITLE']);
     }
     if ($attributes['HTMLURL'] != '') {
         $instance->link = html2specialchars($attributes['HTMLURL']);
     }
     if ($attributes['XMLURL'] != '') {
         $instance->xmlurl = html2specialchars($attributes['XMLURL']);
     }
     if ($attributes['DESCRIPTION'] != '') {
         $instance->description = html2specialchars($attributes['DESCRIPTION']);
     }
     $instance->id = (string) hash(ZF_HASHMETHOD, $instance->xmlurl);
     return $instance;
 }
 $match = $UserDB->indatabase($allusers);
 if ($Settings->co[comments][requireregister] == "yes" and !$match[match]) {
     $errors .= "<li><p>" . i18n("visible_comment_error_onlyregistered", $_POST[comment][name]) . "</p></li>";
 }
 if (!$errors && !$_POST[comment][preview]) {
     if ($match[match]) {
         $userverifymessage = "<li><p>" . i18n("visible_comment_error_registered") . "</p>\n\t\t\t<form method=\"post\" action=\"\"><p><input type=\"text\" name=\"comment[password]\" /></p>\n\t\t\t<p><!--hidden-->\n\t\t\t\t<input type=\"hidden\" value=\"" . $_POST[comment][parentcid] . "\" name=\"comment[parentcid]\" />\n\t\t\t\t<input type=\"hidden\" value=\"" . $_POST[comment][name] . "\" name=\"comment[name]\" />\n\t\t\t\t<input type=\"hidden\" value=\"" . $_POST[comment][email] . "\" name=\"comment[email]\" />\n\t\t\t\t<input type=\"hidden\" value=\"" . $_POST[comment][url] . "\" name=\"comment[url]\" />\n\t\t\t\t<input type=\"hidden\" value=\"" . htmlspecialchars($_POST[comment][content]) . "\" name=\"comment[content]\" />\n\t\t\t<!--endhidden--></p>\n\t\t\t<p><input type=\"submit\" value=\"" . i18n("generic_add") . "\" /></p></form></li>";
         if ($_POST[comment][password]) {
             if ($match[type] = "nick") {
                 $_POST[comment][name] = $match[user];
             }
             $null = $UserDB->verify();
             if ($UserDB->username) {
                 $_POST[comment][name] = $match[name];
                 # No error, we're good to go - but first - make sure the stuff we're saving is okay...
                 $_POST[comment][content] = html2specialchars($_POST[comment][content]);
             } else {
                 $errors .= $userverifymessage;
             }
         } else {
             $errors .= $userverifymessage;
         }
     }
 }
 # Save the comment if no errors occurred and we didnt request a preview
 if (!$errors and !$_POST[comment][preview]) {
     $ACDB->add($date);
     #FIXME: Redirect javascript doesn't work on all servers
     echo "<script type=\"text/javascript\">self.location.href='http://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}';</script>";
 }
 # Show the errors if any
    die(i18n("login_noaccess"));
}
include "options.php";
$moduletitle = i18n("templates_moduletitle");
function html2specialchars($str)
{
    $trans_table = array_flip(get_html_translation_table(HTML_SPECIALCHARS));
    return strtr($str, $trans_table);
}
#	Fetch and set up needed data
$settingclass = new SettingsStorage('settings');
$templates = $settingclass->settings['templates'];
if ($_POST[template] && !$_POST["switch"]) {
    $id = sanitize_variables(stripslashes($_POST[template][id]));
    $templateid = sanitize_variables(stripslashes($_POST[template][id]));
    $data = array("name" => html2specialchars(stripslashes($_POST[template][name])), "listing" => html2specialchars(stripslashes($_POST[template][listing])), "view" => html2specialchars(stripslashes($_POST[template][view])), "comment" => html2specialchars(stripslashes($_POST[template][comment])), "quote" => html2specialchars(stripslashes($_POST[template][quote])), "commentform" => html2specialchars(stripslashes($_POST[template][commentform])));
    $settingclass->settings['templates'][$id] = $data;
    $settingclass->save();
    $statusmessage = "Template &quot;{$data['name']}&quot; updated <br /><a href=\"javascript:history.go(-1);\">Go back</a>";
}
if ($_POST[changet]) {
    $chtdo = $_POST[changet];
    #
    #	Delete template
    #
    if ($chtdo["delete"]) {
        $id = $_POST[id];
        $moduletitle = "Delete Template";
        $deletedtplname = $templates[$id][name];
        if ($deletedtplname != "Default") {
            $settingclass->delete("templates", $id);