/** * cascade to children * * @param string referencing of the changed anchor * @param string rights to be cascaded (e.g., 'Y', 'R' or 'N') */ public static function cascade($reference, $active) { global $context; // only sections may have sub-sections if (strpos($reference, 'section:') === 0) { // cascade to sub-sections if ($items = Sections::list_for_anchor($reference, 'raw')) { // cascade to each section individually foreach ($items as $id => $item) { // limit actual rights $item['active'] = Anchors::ceil_rights($active, $item['active_set']); $query = "UPDATE " . SQL::table_name('sections') . " SET active='" . SQL::escape($item['active']) . "' WHERE id = " . SQL::escape($id); SQL::query($query); // cascade to children Anchors::cascade('section:' . $item['id'], $item['active']); } } } // only categories may have sub-categories if (strpos($reference, 'category:') === 0) { // cascade to sub-categories if ($items = Categories::list_for_anchor($reference, 'raw')) { // cascade to each section individually foreach ($items as $id => $item) { // limit actual rights $item['active'] = Anchors::ceil_rights($active, $item['active_set']); $query = "UPDATE " . SQL::table_name('categories') . " SET active='" . SQL::escape($item['active']) . "' WHERE id = " . SQL::escape($id); SQL::query($query); // cascade to children Anchors::cascade('category:' . $item['id'], $item['active']); } } } // only sections may have articles if (strpos($reference, 'section:') === 0) { // cascade to articles --up to 3000 if ($items =& Articles::list_for_anchor_by('edition', $reference, 0, 3000, 'raw')) { // cascade to each section individually foreach ($items as $id => $item) { // limit actual rights $item['active'] = Anchors::ceil_rights($active, $item['active_set']); $query = "UPDATE " . SQL::table_name('articles') . " SET active='" . SQL::escape($item['active']) . "' WHERE id = " . SQL::escape($id); SQL::query($query); // cascade to children Anchors::cascade('article:' . $item['id'], $item['active']); } } } // cascade to files --up to 3000 if ($items = Files::list_by_date_for_anchor($reference, 0, 3000, 'raw')) { // cascade to each section individually foreach ($items as $id => $item) { // limit actual rights $item['active'] = Anchors::ceil_rights($active, $item['active_set']); $query = "UPDATE " . SQL::table_name('files') . " SET active='" . SQL::escape($item['active']) . "' WHERE id = " . SQL::escape($id); SQL::query($query); } } }
if (isset($_REQUEST['id'])) { // remember the previous version if ($item['id'] && Versions::are_different($item, $_REQUEST)) { Versions::save($item, 'article:' . $item['id']); } // stop on error if (!Articles::put_attributes($_REQUEST) || is_object($overlay) && !$overlay->remember('update', $_REQUEST, 'article:' . $_REQUEST['id'])) { $item = $_REQUEST; $with_form = TRUE; // else display the updated page } else { // do whatever is necessary on page update Articles::finalize_update($anchor, $_REQUEST, $overlay, isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y', isset($_REQUEST['notify_watchers']) && $_REQUEST['notify_watchers'] == 'Y', isset($_REQUEST['notify_followers']) && $_REQUEST['notify_followers'] == 'Y'); // cascade changes on access rights if ($_REQUEST['active'] != $item['active']) { Anchors::cascade('article:' . $item['id'], $_REQUEST['active']); } // the page has been modified $context['text'] .= '<p>' . i18n::s('The page has been successfully updated.') . '</p>'; // display the updated page if (!($recipients = Mailer::build_recipients('article:' . $item['id']))) { Safe::redirect(Articles::get_permalink($item)); } // list persons that have been notified $context['text'] .= $recipients; // follow-up commands $follow_up = i18n::s('What do you want to do now?'); $menu = array(); $menu = array_merge($menu, array(Articles::get_permalink($_REQUEST) => i18n::s('View the page'))); if (Surfer::may_upload()) { $menu = array_merge($menu, array('files/edit.php?anchor=' . urlencode('article:' . $item['id']) => i18n::s('Add a file')));
/** * change only some attributes * * @param array an array of fields * @return TRUE on success, or FALSE on error **/ public static function put_attributes(&$fields) { global $context; // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); // quey components $query = array(); // change access rights if (isset($fields['active_set'])) { // cascade anchor access rights if (isset($fields['anchor']) && ($anchor = Anchors::get($fields['anchor']))) { $fields['active'] = $anchor->ceil_rights($fields['active_set']); } else { $fields['active'] = $fields['active_set']; } // remember these in this record $query[] = "active='" . SQL::escape($fields['active']) . "'"; $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'"; // cascade anchor access rights Anchors::cascade('section:' . $fields['id'], $fields['active']); } // other fields if (isset($fields['anchor'])) { $query[] = "anchor='" . SQL::escape($fields['anchor']) . "'"; } if (isset($fields['articles_canvas'])) { $query[] = "articles_canvas='" . SQL::escape($fields['articles_canvas']) . "'"; } if (isset($fields['articles_layout'])) { $query[] = "articles_layout='" . SQL::escape($fields['articles_layout']) . "'"; } if (isset($fields['articles_templates'])) { $query[] = "articles_templates='" . SQL::escape($fields['articles_templates']) . "'"; } if (isset($fields['behaviors'])) { $query[] = "behaviors='" . SQL::escape($fields['behaviors']) . "'"; } if (isset($fields['content_overlay'])) { $query[] = "content_overlay='" . SQL::escape($fields['content_overlay']) . "'"; } if (isset($fields['content_options'])) { $query[] = "content_options='" . SQL::escape($fields['content_options']) . "'"; } if (isset($fields['description'])) { $query[] = "description='" . SQL::escape($fields['description']) . "'"; } if (isset($fields['extra'])) { $query[] = "extra='" . SQL::escape($fields['extra']) . "'"; } if (isset($fields['file_overlay'])) { $query[] = "file_overlay='" . SQL::escape($fields['file_overlay']) . "'"; } if (isset($fields['handle']) && $fields['handle']) { $query[] = "handle='" . SQL::escape($fields['handle']) . "'"; } if (isset($fields['icon_url'])) { $query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'"; } if (isset($fields['home_panel'])) { $query[] = "home_panel='" . SQL::escape($fields['home_panel']) . "'"; } if (isset($fields['index_map'])) { $query[] = "index_map='" . SQL::escape($fields['index_map']) . "'"; } if (isset($fields['introduction'])) { $query[] = "introduction='" . SQL::escape($fields['introduction']) . "'"; } if (isset($fields['index_title'])) { $query[] = "index_title='" . SQL::escape($fields['index_title']) . "'"; } if (isset($fields['language'])) { $query[] = "language='" . SQL::escape($fields['language']) . "'"; } if (isset($fields['locked'])) { $query[] = "locked='" . SQL::escape($fields['locked']) . "'"; } if (isset($fields['maximum_items'])) { $query[] = "maximum_items='" . SQL::escape($fields['maximum_items']) . "'"; } if (isset($fields['meta'])) { $query[] = "meta='" . SQL::escape($fields['meta']) . "'"; } if (isset($fields['nick_name'])) { $query[] = "nick_name='" . SQL::escape($fields['nick_name']) . "'"; } if (isset($fields['options'])) { $query[] = "options='" . SQL::escape($fields['options']) . "'"; } if (isset($fields['overlay'])) { $query[] = "overlay='" . SQL::escape($fields['overlay']) . "'"; } if (isset($fields['overlay_id'])) { $query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'"; } if (isset($fields['owner_id'])) { $query[] = "owner_id=" . SQL::escape($fields['owner_id']); } if (isset($fields['prefix']) && Surfer::is_associate()) { $query[] = "prefix='" . SQL::escape($fields['prefix']) . "'"; } if (isset($fields['rank'])) { $query[] = "rank='" . SQL::escape($fields['rank']) . "'"; } if (isset($fields['sections_layout'])) { $query[] = "sections_layout='" . SQL::escape($fields['sections_layout']) . "'"; } if (isset($fields['suffix']) && Surfer::is_associate()) { $query[] = "suffix='" . SQL::escape($fields['suffix']) . "'"; } if (isset($fields['tags'])) { $query[] = "tags='" . SQL::escape($fields['tags']) . "'"; } if (isset($fields['thumbnail_url'])) { $query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'"; } if (isset($fields['title'])) { $fields['title'] = strip_tags($fields['title'], '<br>'); $query[] = "title='" . SQL::escape($fields['title']) . "'"; } if (isset($fields['trailer'])) { $query[] = "trailer='" . SQL::escape($fields['trailer']) . "'"; } // nothing to update if (!count($query)) { return TRUE; } // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'"; $query[] = "edit_id=" . SQL::escape($fields['edit_id']); $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'"; $query[] = "edit_action='article:update'"; $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query $query = "UPDATE " . SQL::table_name('sections') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']); if (!SQL::query($query)) { return FALSE; } // clear the cache Sections::clear($fields); // end of job return TRUE; }
/** * change only some attributes * * @param array an array of fields * @return TRUE on success, or FALSE on error **/ public static function put_attributes(&$fields) { global $context; // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); // quey components $query = array(); // change access rights if (isset($fields['active_set'])) { // anchor cannot be empty if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // determine the actual right $fields['active'] = $anchor->ceil_rights($fields['active_set']); // remember these in this record $query[] = "active='" . SQL::escape($fields['active']) . "'"; $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'"; // cascade anchor access rights Anchors::cascade('file:' . $fields['id'], $fields['active']); } // anchor this page to another place if (isset($fields['anchor'])) { $query[] = "anchor='" . SQL::escape($fields['anchor']) . "'"; $query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)"; $query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)"; } // other fields that can be modified individually if (isset($fields['behaviors'])) { $query[] = "behaviors='" . SQL::escape($fields['behaviors']) . "'"; } if (isset($fields['description'])) { $query[] = "description='" . SQL::escape($fields['description']) . "'"; } if (isset($fields['icon_url'])) { $query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'"; } if (isset($fields['overlay'])) { $query[] = "overlay='" . SQL::escape($fields['overlay']) . "'"; } if (isset($fields['overlay_id'])) { $query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'"; } if (isset($fields['rank'])) { $query[] = "rank='" . SQL::escape($fields['rank']) . "'"; } if (isset($fields['source'])) { $query[] = "source='" . SQL::escape($fields['source']) . "'"; } if (isset($fields['thumbnail_url'])) { $query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'"; } if (isset($fields['keywords'])) { $query[] = "keywords='" . SQL::escape($fields['keywords']) . "'"; } if (isset($fields['title'])) { $fields['title'] = strip_tags($fields['title'], '<br>'); $query[] = "title='" . SQL::escape($fields['title']) . "'"; } // nothing to update if (!count($query)) { return TRUE; } // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'"; $query[] = "edit_id=" . SQL::escape($fields['edit_id']); $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'"; $query[] = "edit_action='article:update'"; $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query $query = "UPDATE " . SQL::table_name('files') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']); if (!SQL::query($query)) { return FALSE; } // clear the cache Files::clear($fields); // end of job return TRUE; }
} // overlay has been inserted or updated if (isset($_REQUEST['overlay_type']) && $_REQUEST['overlay_type']) { $action = 'insert'; } else { $action = 'update'; } // stop on error if (!Sections::put($_REQUEST) || is_object($overlay) && !$overlay->remember($action, $_REQUEST, 'section:' . $_REQUEST['id'])) { $item = $_REQUEST; $with_form = TRUE; // else display the updated page } else { // cascade changes on access rights if ($_REQUEST['active'] != $item['active']) { Anchors::cascade('section:' . $item['id'], $_REQUEST['active']); } // notification to send by e-mail $mail = array(); $mail['subject'] = sprintf(i18n::c('%s: %s'), i18n::c('Contribution'), strip_tags($_REQUEST['title'])); $mail['notification'] = Sections::build_notification('update', $_REQUEST); $mail['headers'] = Mailer::set_thread('section:' . $_REQUEST['id']); // notify watchers of the updated section and of its parent if ($handle = new Section()) { $handle->load_by_content($_REQUEST, $anchor); // send to watchers of this anchor and upwards if (isset($_REQUEST['notify_watchers']) && $_REQUEST['notify_watchers'] == 'Y') { $handle->alert_watchers($mail, 'section:update', $_REQUEST['active'] == 'N'); } } // send to followers of this user
// update the overlay from form content $overlay->parse_fields($_REQUEST); // save content of the overlay in the category itself $_REQUEST['overlay'] = $overlay->save(); $_REQUEST['overlay_id'] = $overlay->get_id(); } // display the form on error if (($error = Categories::put($_REQUEST)) || is_object($overlay) && !$overlay->remember('update', $_REQUEST, 'category:' . $_REQUEST['id'])) { Logger::error($error); $item = $_REQUEST; $with_form = TRUE; // else display the updated page } else { // cascade changes on access rights if ($_REQUEST['active'] != $item['active']) { Anchors::cascade('category:' . $item['id'], $_REQUEST['active']); } // touch the related anchor if (is_object($anchor)) { $anchor->touch('category:update', $item['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y'); } // clear cache Categories::clear($_REQUEST); if (!$render_overlaid) { Safe::redirect(Categories::get_permalink($item)); } } // post a new category } elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') { // limit access rights based on parent heritage, if any if (is_object($anchor)) {
/** * change only some attributes * * @param array an array of fields * @return TRUE on success, or FALSE on error **/ public static function put_attributes(&$fields) { global $context; // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); // quey components $query = array(); // change access rights if (isset($fields['active_set'])) { // cascade anchor access rights Anchors::cascade('category:' . $fields['id'], $fields['active']); // remember these in this record $query[] = "active='" . SQL::escape($fields['active']) . "'"; $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'"; } // other fields if (isset($fields['anchor'])) { $query[] = "anchor='" . SQL::escape($fields['anchor']) . "'"; } if (isset($fields['articles_layout'])) { $query[] = "articles_layout='" . SQL::escape($fields['articles_layout']) . "'"; } if (isset($fields['description'])) { $query[] = "description='" . SQL::escape($fields['description']) . "'"; } if (isset($fields['extra'])) { $query[] = "extra='" . SQL::escape($fields['extra']) . "'"; } if (isset($fields['icon_url'])) { $query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'"; } if (isset($fields['introduction'])) { $query[] = "introduction='" . SQL::escape($fields['introduction']) . "'"; } if (isset($fields['options'])) { $query[] = "options='" . SQL::escape($fields['options']) . "'"; } if (isset($fields['overlay'])) { $query[] = "overlay='" . SQL::escape($fields['overlay']) . "'"; } if (isset($fields['overlay_id'])) { $query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'"; } if (isset($fields['prefix']) && Surfer::is_associate()) { $query[] = "prefix='" . SQL::escape($fields['prefix']) . "'"; } if (isset($fields['rank'])) { $query[] = "rank='" . SQL::escape($fields['rank']) . "'"; } if (isset($fields['sections_layout'])) { $query[] = "sections_layout='" . SQL::escape($fields['sections_layout']) . "'"; } if (isset($fields['suffix']) && Surfer::is_associate()) { $query[] = "suffix='" . SQL::escape($fields['suffix']) . "'"; } if (isset($fields['keywords'])) { $query[] = "keywords='" . SQL::escape($fields['keywords']) . "'"; } if (isset($fields['thumbnail_url'])) { $query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'"; } if (isset($fields['title'])) { $fields['title'] = strip_tags($fields['title'], '<br>'); $query[] = "title='" . SQL::escape($fields['title']) . "'"; } if (isset($fields['trailer'])) { $query[] = "trailer='" . SQL::escape($fields['trailer']) . "'"; } if (isset($fields['users_layout'])) { $query[] = "users_layout='" . SQL::escape($fields['users_layout']) . "'"; } if (isset($fields['categories_layout'])) { $query[] = "categories_layout='" . SQL::escape($fields['categories_layout']) . "'"; } if (isset($fields['display'])) { $query[] = "display='" . SQL::escape($fields['display']) . "'"; } if (isset($fields['background_color'])) { $query[] = "background_color='" . SQL::escape($fields['background_color']) . "'"; } if (isset($fields['categories_overlay'])) { $query[] = "categories_overlay='" . SQL::escape($fields['categories_overlay']) . "'"; } if (isset($fields['expiry_date'])) { $query[] = "expiry_date='" . SQL::escape($fields['expiry_date']) . "'"; } if (isset($fields['path'])) { $query[] = "path='" . SQL::escape($fields['path']) . "'"; } // nothing to update if (!count($query)) { return TRUE; } // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'"; $query[] = "edit_id=" . SQL::escape($fields['edit_id']); $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'"; $query[] = "edit_action='category:update'"; $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query $query = "UPDATE " . SQL::table_name('categories') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']); if (!SQL::query($query)) { return FALSE; } // clear the cache Categories::clear($fields); // end of job return TRUE; }