require_once "config.php"; require_once "database.php"; $db = new Connector(); $db->connect($config); if (isset($_GET) && isset($_GET["reinit"]) && $_GET["reinit"] == "true") { // Reset database require_once "models/journal_definitions.php"; require_once "models/journals.php"; require_once "models/articles.php"; $definitions_model = new Journal_definitions(); $journal_model = new Journals(); $article_model = new Articles(); // Clear tables $definitions_model->clear($db); $journal_model->clear($db); $article_model->clear($db); } // Parsing the journal list csv file if ($config["journal_list_run"] === true) { require_once "parsers/parse_journal_list.php"; new Journal_list($config, $db); } // Parsing pubmed central XML if ($config["pubmed_central_run"] === true) { require_once "parsers/pubmed_central_xml.php"; new Pubmed_central_parser($config, $db); } // Parsing Ovid XML if ($config["ovid_run"] === true) { require_once "parsers/ovid_xml.php"; new Ovid_parser($config, $db);
// not found } elseif (!isset($item['id'])) { include '../error.php'; // publication is restricted } elseif (!$permitted) { // anonymous users are invited to log in if (!Surfer::is_logged()) { Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'users/login.php?url=' . urlencode(Articles::get_url($item['id'], 'unpublish'))); } // permission denied to authenticated user Safe::header('Status: 401 Unauthorized', TRUE, 401); Logger::error(i18n::s('You are not allowed to perform this operation.')); // update the database } elseif ($error = Articles::unpublish($item['id'])) { $context['text'] .= $error; } else { // clear the cache Articles::clear($item); // display the updated page Safe::redirect(Articles::get_permalink($item)); } // clear the tab we are in, if any if (is_object($anchor)) { $context['current_focus'] = $anchor->get_focus(); } // path to this page $context['path_bar'] = Surfer::get_path_bar($anchor); // page title $context['page_title'] = i18n::s('Draft'); // render the skin render_skin();
/** * change only some attributes * * @param array an array of fields * @return TRUE on success, or FALSE on error **/ public static function put_attributes(&$fields) { global $context; // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // set default values for this editor Surfer::check_default_editor($fields); // quey components $query = array(); // change access rights if (isset($fields['active_set'])) { // anchor cannot be empty if (!isset($fields['anchor']) || !$fields['anchor'] || !($anchor = Anchors::get($fields['anchor']))) { Logger::error(i18n::s('No anchor has been found.')); return FALSE; } // determine the actual right $fields['active'] = $anchor->ceil_rights($fields['active_set']); // remember these in this record $query[] = "active='" . SQL::escape($fields['active']) . "'"; $query[] = "active_set='" . SQL::escape($fields['active_set']) . "'"; // cascade anchor access rights Anchors::cascade('article:' . $fields['id'], $fields['active']); } // anchor this page to another place if (isset($fields['anchor'])) { $query[] = "anchor='" . SQL::escape($fields['anchor']) . "'"; $query[] = "anchor_type=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', 1)"; $query[] = "anchor_id=SUBSTRING_INDEX('" . SQL::escape($fields['anchor']) . "', ':', -1)"; } // other fields that can be modified individually if (isset($fields['behaviors'])) { $query[] = "behaviors='" . SQL::escape($fields['behaviors']) . "'"; } if (isset($fields['extra'])) { $query[] = "extra='" . SQL::escape($fields['extra']) . "'"; } if (isset($fields['description'])) { $query[] = "description='" . SQL::escape($fields['description']) . "'"; } if (isset($fields['file_overlay'])) { $query[] = "file_overlay='" . SQL::escape($fields['file_overlay']) . "'"; } if (isset($fields['handle']) && $fields['handle']) { $query[] = "handle='" . SQL::escape($fields['handle']) . "'"; } if (isset($fields['icon_url'])) { $query[] = "icon_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['icon_url'])) . "'"; } if (isset($fields['introduction'])) { $query[] = "introduction='" . SQL::escape($fields['introduction']) . "'"; } if (isset($fields['language'])) { $query[] = "language='" . SQL::escape($fields['language']) . "'"; } if (isset($fields['locked'])) { $query[] = "locked='" . SQL::escape($fields['locked']) . "'"; } if (isset($fields['meta'])) { $query[] = "meta='" . SQL::escape($fields['meta']) . "'"; } if (isset($fields['nick_name'])) { $query[] = "nick_name='" . SQL::escape($fields['nick_name']) . "'"; } if (isset($fields['options'])) { $query[] = "options='" . SQL::escape($fields['options']) . "'"; } if (isset($fields['overlay'])) { $query[] = "overlay='" . SQL::escape($fields['overlay']) . "'"; } if (isset($fields['overlay_id'])) { $query[] = "overlay_id='" . SQL::escape($fields['overlay_id']) . "'"; } if (isset($fields['owner_id'])) { $query[] = "owner_id=" . SQL::escape($fields['owner_id']); } if (isset($fields['publish_date'])) { $query[] = "publish_name='" . SQL::escape(isset($fields['publish_name']) ? $fields['publish_name'] : $fields['edit_name']) . "'"; $query[] = "publish_id=" . SQL::escape(isset($fields['publish_id']) ? $fields['publish_id'] : $fields['edit_id']); $query[] = "publish_address='" . SQL::escape(isset($fields['publish_address']) ? $fields['publish_address'] : $fields['edit_address']) . "'"; $query[] = "publish_date='" . SQL::escape($fields['publish_date']) . "'"; } if (isset($fields['prefix'])) { $query[] = "prefix='" . SQL::escape($fields['prefix']) . "'"; } if (isset($fields['rank'])) { $query[] = "rank='" . SQL::escape($fields['rank']) . "'"; } if (isset($fields['source'])) { $query[] = "source='" . SQL::escape($fields['source']) . "'"; } if (isset($fields['suffix'])) { $query[] = "suffix='" . SQL::escape($fields['suffix']) . "'"; } if (isset($fields['thumbnail_url'])) { $query[] = "thumbnail_url='" . SQL::escape(preg_replace('/[^\\w\\/\\.,:%&\\?=-]+/', '_', $fields['thumbnail_url'])) . "'"; } if (isset($fields['tags'])) { $query[] = "tags='" . SQL::escape($fields['tags']) . "'"; } if (isset($fields['title'])) { $fields['title'] = strip_tags($fields['title'], '<br>'); $query[] = "title='" . SQL::escape($fields['title']) . "'"; } if (isset($fields['trailer'])) { $query[] = "trailer='" . SQL::escape($fields['trailer']) . "'"; } if (isset($fields['rating_sum'])) { $query[] = "rating_sum='" . SQL::escape($fields['rating_sum']) . "'"; } // nothing to update if (!count($query)) { return TRUE; } // maybe a silent update if (!isset($fields['silent']) || $fields['silent'] != 'Y') { $query[] = "edit_name='" . SQL::escape($fields['edit_name']) . "'"; $query[] = "edit_id=" . SQL::escape($fields['edit_id']); $query[] = "edit_address='" . SQL::escape($fields['edit_address']) . "'"; $query[] = "edit_action='article:update'"; $query[] = "edit_date='" . SQL::escape($fields['edit_date']) . "'"; } // actual update query $query = "UPDATE " . SQL::table_name('articles') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']); if (!SQL::query($query)) { return FALSE; } // list the article in categories Categories::remember('article:' . $fields['id'], isset($fields['publish_date']) ? $fields['publish_date'] : NULL_DATE, isset($fields['tags']) ? $fields['tags'] : ''); // clear the cache Articles::clear($fields); // end of job return TRUE; }
/** * transcode some references * * @see images/images.php * * @param array of pairs of strings to be used in preg_replace() */ function transcode($transcoded) { global $context; // no item bound if (!isset($this->item['id'])) { return; } // prepare preg_replace() $from = array(); $to = array(); foreach ($transcoded as $pair) { $from[] = $pair[0]; $to[] = $pair[1]; } // transcode various fields $this->item['introduction'] = preg_replace($from, $to, $this->item['introduction']); $this->item['description'] = preg_replace($from, $to, $this->item['description']); // update the database $query = "UPDATE " . SQL::table_name('articles') . " SET " . " introduction = '" . SQL::escape($this->item['introduction']) . "'," . " description = '" . SQL::escape($this->item['description']) . "'" . " WHERE id = " . SQL::escape($this->item['id']); SQL::query($query); // always clear the cache Articles::clear($this->item); }
/** * change only some (minor) attributes */ public static function put_attributes(&$fields) { global $context; // id cannot be empty if (!isset($fields['id']) || !is_numeric($fields['id'])) { Logger::error(i18n::s('No item has the provided id.')); return FALSE; } // following fields are forbidden with this function if (isset($fields['password']) || isset($fields['nickname']) || isset($field['editor'])) { Logger::error(i18n::s('This action is forbidden with users::put_attributes function.')); return FALSE; } // remember who is changing this record Surfer::check_default_editor($fields); // query components $query = array(); // clean provided tags if (isset($fields['tags'])) { $fields['tags'] = trim($fields['tags'], " \t.:,!?"); } // protect from hackers if (isset($fields['avatar_url'])) { $fields['avatar_url'] = encode_link($fields['avatar_url']); } // build SET part of the query foreach ($fields as $key => $field) { if ($key == 'id') { continue; } $query[] = $key . "='" . SQL::escape($field) . "'"; } // nothing to update if (!count($query)) { return TRUE; } // actual update query $query = "UPDATE " . SQL::table_name('users') . " SET " . implode(', ', $query) . " WHERE id = " . SQL::escape($fields['id']); if (!SQL::query($query)) { return FALSE; } // list the user in categories if (isset($fields['tags']) && $fields['tags']) { Categories::remember('user:'******'id'], NULL_DATE, $fields['tags']); } // clear the cache Articles::clear($fields); // end of job return TRUE; }