function update() { if (User::is_admin()) { $item_id = EClassApi::getParam('item_id'); $info = EClassApi::getParam('id'); if ($info == 'description') { $value = Url::get('value'); if (get_magic_quotes_gpc()) { $value = stripslashes($value); } require_once ROOT_PATH . 'includes/htmLawed.php'; $config = array('safe' => 1, 'elements' => '*', 'deny_attribute' => 'class, id'); $spec = 'a = title, href;'; // The 'a' element can have only these attributes $value = htmLawed($value, $config, $spec); $value = EClassApi::clean_value($value); } else { /* $value = EClassApi::cleanHtml(EClassApi::filter_title(Url::get('value'))); $value = EClassApi::trimSpace(str_replace("\n"," ",$value)); */ $value = EClassApi::getParam('value'); mb_internal_encoding("UTF-8"); $value = mb_strtoupper(mb_substr($value, 0, 1)) . mb_substr($value, 1); } $info_array = array('name', 'description'); if (!in_array($info, $info_array)) { die("no_info"); } $row = Item::get_item($item_id); $item_memcache = $row; if ($info == 'description' && strlen(EClassApi::plainText(EClassApi::post_db_parse_html($value))) < 15) { echo "unsuccess"; exit; } /* if(!User::is_foodnet_team()){ $arr_badwords = EClassApi::checkBadWord($value,true); $value_badwords = $arr_badwords["bad"]."@enbac@".$arr_badwords["bad_key"]; if((strlen(trim($row['bad_words']))!=strlen(trim($value_badwords))) && strlen($arr_badwords["bad"])>0){ die('bad_content'); } } */ //if( $item_id && User::is_login()){ if ($item_id) { //if(($row["user_id"] == User::id() && !User::is_block()) || User::have_permit(ADMIN_ITEM) || User::have_cat_permit($row["category_id"])){ if ($info == 'name' && strlen($value) >= 5 && strlen($value) <= 150) { $input = array('name' => $value); $item_memcache['name'] = $value; $output = $value; if ($value != $row['name'] && $row['is_up_auto'] == 1) { //Nếu thay đổi tên thì cập nhật cho cả lịch up tin DB::query("UPDATE up_item_schedule SET des='{$value}' WHERE item_id=" . $row['id']); } } else { if ($info == 'description') { $sapo = EClassApi::word_limit(String::html2txt(EClassApi::post_db_parse_html($value)), 30, ''); $input = array('description' => $value, 'sapo' => $sapo); $item_memcache['description'] = $value; $output = preg_replace("/\\[([\\s]*[0-9]{1,2}[\\s]*)\\]/eis", "\$this->embeded('\$1','{$item_id}')", EClassApi::parseBBCode(Url::get('value'))); } else { $input = array(); } } $item_memcache['modify_user_name'] = User::user_name(); $item_memcache['filter_des'] = ""; $input['modify_user_name'] = User::user_name(); if ($row["status"] == 2) { $item_memcache['modify_time_user'] = TIME_NOW; $input['modify_time_user'] = TIME_NOW; } if ($input) { DB::Update('item', $input, "id='" . $item_id . "'"); ///update realtime if (SORL_FILTER_ON) { $solr = new Solr_Search(); $solr->doUpdateItem($item_id); } //----- if (MEMCACHE_ON) { eb_memcache::do_put("item:{$item_id}", $item_memcache); } } echo $output; exit; /* } else{ die("no_permission"); } */ } } die("no_perm"); }